• ETRI Journal
• /
• v.36 no.1
• /
• pp.141-150
• /
• 2014

A fully integrated CMOS security-enhanced passive (SEP) tag that compensates the security weakness of ISO/IEC 18000-6C is presented in this paper. For this purpose, we propose a security-enhanced protocol that provides mutual authentication between tag and reader. We show that the proposed protocol meets the security demands of the ongoing international standard for RFID secure systems, ISO/IEC 29167-6. This paper fabricates the SEP tag with a 0.18-${\mu}m$ CMOS technology and suggests the optimal operating frequency of the CMOS SEP tag to comply with ISO/IEC 18000-6C. Furthermore, we measure the SEP tag under a wireless environment. The measured results show that communications between the SEP tag and reader are successfully executed in both conventional passive and SEP modes, which follow ISO/IEC 18000-6C and the proposed security enhanced protocol, respectively. In particular, this paper shows that the SEP tag satisfies the timing link requirement specified in ISO/IEC 18000-6C.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.9
• /
• pp.2546-2563
• /
• 2024

The Internet of Things (IoT) is facing growing security challenges due to its vulnerability. It is imperative to address the security issues using lightweight and efficient encryption schemes in resource-limited IoT. In this paper, we propose an enhanced message authentication encryption (MAE) scheme based on physical-layer key generation (PKG), which uses the random nature of wireless channels to generate and negotiate keys, and simultaneously encrypts the messages and authenticates the source. The proposed enhanced MAE scheme can greatly improve the security performance via dynamic keyed primitives construction while consuming very few resources. The enhanced MAE scheme is an efficient and lightweight secure communication solution, which is very suitable for resource-limited IoT. Theoretical analysis and simulations are carried out to confirm the security of the enhanced MAE scheme and evaluate its performance. A one-bit flipping in the session key or plain texts will result in a 50%-bit change in the ciphertext or message authentication code. The numerical results demonstrate the good performance of the proposed scheme in terms of diffusion and confusion. With respect to the typical advanced encryption standard (AES)-based scheme, the performance of the proposed scheme improves by 80.5% in terms of algorithm execution efficiency.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.63-68
• /
• 2023

In this study, in relation to blockchain protocol and network security, we study the configuration of blockchain and encryption key management methods on smart contracts so that we can have a strong level of response to MITM attacks and DoS/DDoS attacks. It is expected that the use of blockchain technology with enhanced security can be activated through respond to data security threats such as MITM through encryption communication protocols and enhanced authentication, node load balancing and distributed DDoS attack response, secure coding and vulnerability scanning, strengthen smart contract security with secure consensus algorithms, access control and authentication through enhanced user authentication and authorization, strengthen the security of cores and nodes, and monitoring system to update other blockchain protocols and enhance security.

• Journal of Internet Computing and Services
• /
• v.17 no.4
• /
• pp.79-86
• /
• 2016

Under the influence of software security-enhanced development guidelines announced in 2012, secure coding practices become widely applicable in developing information systems aiming to enhance security capabilities. Although continuous enhancement activities for code security is important, management issues for code security have been less addressed in the guidelines. This paper analyses limitation of secure coding practices from the viewpoint of quality management. In particular this paper suggests structures and the use of software metrics from coding to maintenance phases so that it can be of help in the future by extending the use of security metrics.

• Convergence Security Journal
• /
• v.14 no.1
• /
• pp.33-41
• /
• 2014

The purpose of this study is to establish the relationship of empowerment and organization attachment with the organization culture of security organization. This study is based by setting the security organization employed in security firms in the capital area(Seoul) in 2012 as the parent population and using the purposive sampling method to analyze a total amount of 280 examples. The frequency analysis, analysis on primary factors, reliability analysis, multiple regression analysis, path analysis methods using SPSSWIN 18.0 were used in analysis. The reliability of the survey showed a Cronbach's ${\alpha}$ value of over 0.690. The results are like the following. First, the organization culture of security organization affect empowerment. Thus, the more a practical development culture is settled, the more the capability of self-determinism, meaningfulness, and effect is amplified. Moreover, the more a consensual culture is established, the more the capability of self-determinism is enhanced, and the more a hierarchical culture is established, the more the meaningfulness is enhanced. Second, the organization culture of security organization affect organization attachment. Thus, the continuous normative attachment is enhanced when a more hierarchical culture is established. Moreover, emotional attachment is enhanced when a more practical development culture is established. Third, the empowerment of security organization affects organization attachment. Thus, the continuous normative attachment is decreased when one's capability of self-determinism is more lacking. However, the continuous normative attachment is higher when the meaningfulness and effect is enhanced. Moreover, emotional attachment is enhanced when meaningfulness is increased. Fourth, the organization culture of security organization directly/indirectly affects empowerment and organization attachment. Thus, empowerment is an important mediating factor between organization culture and organization attachment.

• International Journal of Contents
• /
• v.6 no.3
• /
• pp.15-18
• /
• 2010

Grid system is based on the Grid Security Infrastructure (GSI). GSI uses user's proxy to guarantee availability among multi-trust domains. Since grid system has been developed focusing on availability, GSI provides authentication and authorization performed by systems, but there are lacks of privacy consideration. For this reason, some researchers decide to use their own cluster system and do not want to use public grid systems. In this paper, we introduce a new privacy enhanced security mechanism for grid systems. With this mechanism, user can participate in resource allocation and authorization to user's contents more actively. This mechanism does not need to change previous middleware and minimize the computational overheads.

• Journal of Information Technology Services
• /
• v.8 no.1
• /
• pp.47-58
• /
• 2009

The information protection security diagnosis institution was applied services since 2004, for the leveling up of public information protection and the establishment of the stability and reliability of information communication. And this security diagnosis was implemented actually on the 142 firms in 2005, the 160 firms in 2006 and the 205 firms in 2007. But this is recognized by the some firms as one of the unnecessary regulations. And there are some difficulties with collecting the subjective and reliable source data for establishing the information protection security diagnosis target. In this research, the enhanced model on the selection of information protection security diagnosis target firms was suggested by the interview with some expert and the analysis for the related actual data. By the model which are introduced from the statistical analysis of the related data and the summary of some expert's suggestions, information protection security diagnosis target can include the information telecommunication service providers taking 5 billion won as sales in a year, and web service providers like as shopping mall site, with the personal records of 2 million subscribers.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.6 no.4
• /
• pp.255-261
• /
• 2011

In this paper, we propose a security-enhanced storing method for the voice data obtained during the flight. When an emergency occurs during flight, the flight data in the storage device such as DTS or Blackbox can be exposed to antagonist or enemy. Currently, zeroize function is embedded in these devices in order to prevent this situation. However, this could not be operated if the system is malfunctioned or the pilot is wounded in the emergency. In order to solve this problem, the voice data compressed by the ADPCM is encrypted in the proposed method composed of the AES algorithm and a reordering method. The simulation results show that the security for the voice date is further enhanced due to the proposed method.

• International Journal of Contents
• /
• v.7 no.3
• /
• pp.71-81
• /
• 2011

This paper is mainly associated with setting out an agenda for the transformation of security by creating a new framework for a security system, which can maximise its effectiveness. Noticeably, this research shows empirically that crimes are getting a major cost to organisations, which if reduced by security and investigations could reap substantial rewards to the finances of an organisation. However, the problem is that the delivery of security is frequently delegated to personnel (e.g. security guards) with limited training, inadequate education, and no real commitment to professionalism - 'sub-prime' security, finally causing security failures. Therefore, if security can be enhanced to reduce the crime cost, this will produce financial benefits to business, and consequently could produce a competitive advantage. For this, the paper basically draws upon Luke's theoretical framework for deconstructing 'power' into three dimensions. Using this three-dimensional approach, the paper further sets out a model of how security can be enhanced, utilising a new Security Risk Management (SRM) model, and how can this SRM model create competitive advantage in business. Finally, this paper ends with the six strategies needed to enhance the quality of security: refiguring as SRM, Professional Staff, Accurate Measurement, Prevention, Cultural Change, and Metrics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.161-168
• /
• 2011

In 2009, Jeon et al proposed the lightweight strong authentication and strong privacy protocol, where the tag requrires only simple bitwise operations and random number generator. JK-RFID authentication protocol provides strong security: eavesdropping, replay, spoofing, Location tracking, DoS attack and forward security. Nevertheless, this paper points out the vulnerability of the forward security and improve the process of key updating. As a result, proposes an enhanced JK-RFID authentication protocol providing forward security and verify its satisfaction. In addition, a security and an efficiency of the proposed scheme analyze. Since partial adjustments of the key updating operation in JK-RFID authentication protocol, our protocol improve the forward security.