• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.10
• /
• pp.1912-1918
• /
• 2016

MPTCP(Multipath Transmission Control Protocol) is able to compose many TCP paths when two hosts connect and the data is able to be transported through these paths simultaneously. When a new path is added, the authentication between both hosts is necessary to check the validity of host. So, MPTCP exchanges a key when initiating an connection and makes a token by using this key for authentication. However the original MPTCP is vulnerable to MITM(Man In The Middle) attacks because the key is transported in clear text. Therefore, we applied a ECDH(Elliptic Curve Diffie-Hellman) key exchange algorithm to original MPTCP and replaced the original key to the ECDH public key. And, by generating the secret key after the public key exchanges, only two hosts is able to make the token using the secret key to add new subflow. Also, we designed and implemented a method supporting encryption and decryption of data using a shared secret key to apply confidentiality to original MPTCP.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.33-39
• /
• 2022

Recently, cyberattacks on infrastructure have been continuously occurring with the starting of neutralizing the user authentication function of information systems. Accordingly, the vulnerabilities of system are increasing day by day, such as the increase in the vulnerabilities of the encryption system. In this paper, an alternative technique for the symmetric key algorithm has been developed in order to build the encryption algorithm that is not easy for beginners to understand and apply. Vigenere Cipher is a method of encrypting alphabetic text and it uses a simple form of polyalphabetic substitution. The encryption application system proposed in this study uses the simple form of polyalphabetic substitution method to present an application model that integrates the three steps of encryption table creation, encryption and decryption as a framework. The encryption of the original text is done using the Vigenère square or Vigenère table. When applying to the automatic generation of secret keys on the information system this model is expected that integrated authentication work, and analysis will be possible on target system. ubstitution alphabets[3].

• Journal of KIISE:Computing Practices and Letters
• /
• v.12 no.6
• /
• pp.367-378
• /
• 2006

A mobile phone has became as a payment tool in e-commerce and on-line banking areas. This trend of a payment system using various types of mobile devices is rapidly growing, especially in the Internet transaction and small-money payment. Hence, there will be a need to define its standard for secure and safe payment technology. In this thesis, we consider the service types of the current mobile payments and the authentication method, investigate the disadvantages, problems and their solutions for smart and secure payment. Also, we propose a novel authentication method which is easily adopted without modification and addition of the existed mobile hardware platform. Also, we present a simple implementation as a demonstration version. Based on virtual machine (VM) approach, the proposed model is to use a pseudo-random number which is confirmed by the VM in a user's mobile phone and then is sent to the authentication site. This is more secure and safe rather than use of a random number received by the previous SMS. For this payment operation, a user should register the serial number at the first step after downloading the VM software, by which can prevent the illegal payment use by a mobile copy-phone. Compared with the previous SMS approach, the proposed method can reduce the amount of packet size to 30% as well as the time. Therefore, the VM-based method is superior to the previous approaches in the viewpoint of security, packet size and transaction time.

• Journal of Digital Convergence
• /
• v.11 no.4
• /
• pp.221-227
• /
• 2013

RFID is an automatic identification technology that can control a range of information via IC chips and radio communication. Also known as electronic tags, smart tags or electronic labels, RFID technology enables embedding the overall process from production to sales in an ultra-small IC chip and tracking down such information using radio frequencies. Currently, RFID-based application and development is in progress in such fields as health care, national defense, logistics and security. RFID structure consists of a reader that reads tag information, a tag that provides information and the database that manages data. Yet, the wireless section between the reader and the tag is vulnerable to security issues. To sort out the vulnerability, studies on security protocols have been conducted actively. However, due to difficulties in implementation, most suggestions are concerned with theorem proving, which is prone to vulnerability found by other investigators later on, ending up in many troubles with applicability in practice. To experimentally test the security of the protocol proposed here, the formal verification tool, CasperFDR was used. To sum up, the proposed protocol was found to be secure against diverse attacks. That is, the proposed protocol meets the safety standard against new types of attacks and ensures security when applied to real tags in the future.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.26 no.1
• /
• pp.82-86
• /
• 2016

This paper proposes a method for the immobilization of motorbike brakes in conjunction with near-field communication (NFC) technology in order to meet the increasing demand for security and convenience of motorbike drivers. We thought about the concept of wireless key, NFC security devices and automatic solenoid valve for setting the lock and unlock module. This paper propose the design and development of an innovative anti-theft alarm system for motorcycles using NFC smart devices based on RFID system, the basis of IoT and AES(advanced encryption standard) encryption Algorithm. The design concept is based on NFC communication strategy between the vehicle and owner. To do this concept, we designed motorcycle smart key system with general-purpose NFC system and the automatic solenoid valve for setting the lock and unlock module. First, we designed control unit and NFC card reader for motorcycle smart key system. Then we propose an AES encryption algorithm and prove that the motorcycle key system is controllable by showing the result of implementing and testing, after installing.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2014-2020
• /
• 2016

In general, automatic access control management system using smart door-lock must be always exposed to security vulnerability during wireless communication based on Bluetooth. In particular, important information such as a secrete key can be exposed to the attacker when the authentication protocol has been operating in the wireless section. Therefore important information exchanged in the radio section needs to be properly encrypted. In order to analyze security vulnerability for automatic access control management system of public facilities such as subway vent, GNU Radio platform and HackRF device will be considered and experimented. Proposed experimental system to perform software based power analysis attack could be very effectively applied. As a result, important information such as packet type, CRC, length of data, and data value can be easily decoded from wireless packet obtained from HackRF device on GNU Radio platform. Constructed experimental system will be applied to avoid some security problems.

• International Commerce and Information Review
• /
• v.8 no.2
• /
• pp.101-117
• /
• 2006

"Online Alternative Dispute Resolution" can refer to the use of online methods of dispute resolution to resolve disputes arising either online or offline. The range of disputes covered by online ADR has been broad : from family law to internet domain name disputes : from small transaction to insurance disputes. Online and offline consumer disputes have been a major focus of online ADR sites. This article propsed that the mediator should explain the process and the mediator's role so as to forestall misunderstanding on that score. And mediators should consider including in either usual mediation agreements additional provisions applicable to communications by email. Online ADR sites should be designed 1) to provide a simple, easily understandable process, 2) to provide detailed information on process, cost and speed, 3) to enable users to move between online and offline processes, 4) to have authentication processes for parties and documents, 5) to have automatic translation system for language barriers. And Government should play an important role in assisting people to adapt technically and emotionally to new technology through information, training and ongoing support. The days of live online television-quality videoconferencing have not yet arrived. Until then, we must hone our skills with the written word.

• Proceedings of the KAIS Fall Conference
• /
• 2010.11a
• /
• pp.267-271
• /
• 2010

Zigbee는 단말에 대한 경제성이 뛰어나고 저 전력통신을 이용하기 때문에 수명이 길다. Mesh, Tree, Star 등 다양한 방식의 토플리지 구조를 지원 하며 확장성이 뛰어나 군사적인 용도, 환경 모니터링 시스템 등 많은 분야에 사용되고 있다. 최근 스마트그리드환경을 구축함에 있어 Zigbee는 HAN(Home Area Network)에 표준으로 사용될 예정이며 현재는 Zigbee를 이용한 AMR(Automatic Meter Reading)을 시범 중에 있다. 일반적으로 ZIgbee Network은 ZC(Zigbee Coordinator), ZCH(Zigbee Cluster Head), ZE(Zigbee End Device) 3가지로 구성되며, Zigbee Network에서 발생할 수 있는 취약점은 허가되지 않은 디바이스의 접근, 라우터의 흐름을 조작하는 방법, ZC(Zigbee Coordinator)와 ZE(Zigbee End Device)사이의 키 전송 시 안전하지 않은 채널을 이용하여 전송되는 문제가 발생된다. 본 논문에서는, TCP(Third Party Center)를 이용함으로써, ZE와 ZC간의 키 생성 시 발생하는 취약점을 보완하였다. 또한 인증절차를 강화함으로써 ZE(Zigbee End Device)에서 발생 할 수 있는 취약점을 보완하고자 하였으며 RS(Register Server)를 이용하여 HAN에 존재하는 디바이스에 대하여 실시간 모니터링이 가능하게 하였다.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.12
• /
• pp.1775-1784
• /
• 2002

Fingerprint recognition technology is used in many biometrics field accordingly essential feature of fingerprint image and the study is progressing. However development is not perfect in performance of the fingerprint recognition and application of the usual life. In the paper, we study various necessity of preprocessing according to algorithm and circumstances of authentication system in automatic information machine. We prove that system circumstance and optation of fingerprints image effectively is the important factor by using optical fingerprint input device and scanning the fingerprint in ID card. And then we present correct and fast computation method for improving image and feature extraction of fingerprint. Also we study effective algorithm implementation of total system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1007-1015
• /
• 2013

The automatic payment process of mobile phone micropayment system has not checked user's authentication. That is the structural vulnerability of mobile phone micropayment system. The malicious contents provider can cheat users and payment gateway through abusing the structural vulnerability. The payment gateway applies standard payment module after August, 2012 in order to solve the problem. But the standard payment module also has the vulnerability that makes damage of users. So the purpose of this paper is to suggest efficient improvement of standard payment module for user protection.