• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.8
• /
• pp.2827-2848
• /
• 2021

Mobile Crowdsourcing (MCS) has become an emerging paradigm evolved from crowdsourcing by employing advanced features of mobile devices such as smartphones to perform more complicated, especially spatial tasks. One of the key procedures in MCS is to collect answers from mobile users (workers), which may face several security issues. First, authentication is required to ensure that answers are from authorized workers. In addition, MCS tasks are usually location-dependent, so the collected answers could disclose workers' location privacy, which may discourage workers to participate in the tasks. Finally, the overhead occurred by authentication and privacy protection should be minimized since mobile devices are resource-constrained. Considering all the above concerns, in this paper, we propose a lightweight and privacy-preserving answer collection scheme for MCS. In the proposed scheme, we achieve anonymous authentication based on traceable ring signature, which provides authentication, anonymity, as well as traceability by enabling malicious workers tracing. In order to balance user location privacy and data availability, we propose a new concept named current location privacy, which means the location of the worker cannot be disclosed to anyone until a specified time. Since the leakage of current location will seriously threaten workers' personal safety, causing such as absence or presence disclosure attacks, it is necessary to pay attention to the current location privacy of workers in MCS. We encrypt the collected answers based on timed-release encryption, ensuring the secure transmission and high availability of data, as well as preserving the current location privacy of workers. Finally, we analyze the security and performance of the proposed scheme. The experimental results show that the computation costs of a worker depend on the number of ring signature members, which indicates the flexibility for a worker to choose an appropriate size of the group under considerations of privacy and efficiency.

• Journal of KIISE:Information Networking
• /
• v.28 no.3
• /
• pp.321-335
• /
• 2001

The explosive growth in wireless networking increasingly urges the demand to support mobility within the Internet which is what Mobile-IP aims to provide. Because the transmission of signals through open-air s easy to be attacked, it is important to provide secure transmission for mobile users and make them responsible for what they have done in networks. Although IETF provides a secret-key based security mechanism, those mechanisms suffer from scalability, efficiency and non-repudiation service problem. The proposed mechanism uses public-key based authentication optimizing the performance. It includes non-repudiation service on the side of mobile for airtight security in wireless network. The simulation results show that the proposed authentication reduces the total registration time. It especially minimizes the computation cost on the side of the mobile node and solves the power problem. In practice, the proposed authentication is feasible with reasonable performance and security service in macro mobility that Mobile-IP is intended to solve.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.8B
• /
• pp.939-946
• /
• 2011

The Internet banking service provides convenience than the traditional offline services. However, it still causes a number of security problems including hacking. In order to strengthen security, the financial institutions have provided such authentication methods as the official authentication certificate, the security token, the security card and OTP. However, the incidents related to hacking have continuously occurred. Especially, various weak points have been suggested for the authentication methods in regard to such types of hacking as the memory hacking or the MITM attack. So I needed was a new authentication method. In this study, the two-channel authentication method which provide two-way authentication on the user's PC and mobile device when executing the electronic financial transactions in the Internet banking environment is suggested. Also, by analyzing it in comparison with other existing methods, it is possible to check that the prospects of safety and credibility are strengthened.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.11-24
• /
• 2012

Without a proper protection mechanism for the signaling messages to be used for the mobility support in the Proxy Mobile IPv6 (PMIPv6), it is also vulnerable to several security attacks such as redirect attack, MITM (Man-In-The-Middle) attack, replay attack and DoS (Denial of Service) attack as in Mobile IPv6. In this paper, we point out some problems of previous authentication mechanisms associated with PMIPv6, and also propose a new fast and secure authentication mechanism applicable to PMIPv6. In addition, it is also shown that the proposed one is more efficient and secure than the previous ones.

• Journal of Korea Multimedia Society
• /
• v.24 no.8
• /
• pp.1076-1089
• /
• 2021

Among the currently used knowledge-based authentication methods for smartphones, text and graphic-based authentication methods, such as PIN and pattern methods, use a display unit and a touch function of the display unit for input/output of secret information. Recently released smartphone form factors are trying to transform into various forms, away from the conventional bar and slate types because of the material change of the display unit used in the existing smartphone and the increased flexibility of the display unit. However, as mentioned in the study of D. Choi [1], the structural change of the display unit may directly or indirectly affect the authentication method using the display unit as the main input/output device for confidential information, resulting in unexpected security vulnerabilities. In this paper, we analyze the security vulnerabilities of the current mobile user authentication methods that is applied atypical form factor. According to the analysis results, it seems that the existing display-dependent mobile user authentication methods do not consider emerging security threats at all. Furthermore, it is easily affected by changes in the form factor of smartphones. Finally, we propose countermeasures for security vulnerabilities expected when applying conventional authentication methods to atypical form factor-based smartphones.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.331-340
• /
• 2007

Mobile network environments are the environments where mobile devices are distributed invisible in our daily lives so that we can conventionally use mobile services at my time and place. The fact that we can work with mobile devices regardless of time and place, however, means that we are also in security threat of leaking or forging the information. In particular, without solving privacy concern, the mobile network environments which serve convenience to use, harmonized without daily lives, on the contrary, will cause a serious malfunction of establishing mobile network surveillance infrastructure. On the other hand, as the mobile devices with various sizes and figures, public key cryptography techniques requiring heavy computation are difficult to be applied to the computational constrained mobile devices. In this paper, we propose efficient PKI-based user authentication and java-based cryptography module for the privacy-preserving in mobile network environments. Proposed system is support a authentication and digital signature to minimize encrypting and decrypting operation by compounding session key and public key based on Korean standard cryptography algorithm(SEED, KCDSA, HAS160) and certificate in mobile network environment. Also, it has been found that session key distribution and user authentication is safety done on PDA.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.1
• /
• pp.7-18
• /
• 2016

Several authentication methods have been developed to make use of tokens in the mobile networks and smart payment systems. Token used in smart payment system is genearated in place of Primary Account Number. The use of token in each payment transaction is advantageous because the token authentication prevents enemy from intercepting credit card number over the network. Existing token authentication methods work together with the cryptogram, which is computed using the shared key that is provisioned by the token service provider. Long lifetime and repeated use of shared key cause potential brawback related to its vulnerability against the brute-force attack. This paper proposes a per-transaction shared key mechanism, where the per-transaction key is agreed between the mobile device and token service provider for each smart payment transaction. From server viewpoint, per-transaction key list is easy to handle because the per-transaction key has short lifetime below a couple of seconds and the server does not need to maintain the state for the mobile device. We analyze the optimum size of the per-transaction shared key which satisfy the requirements for transaction latency and security strength for secure payment transactions.

• Journal of Convergence for Information Technology
• /
• v.9 no.6
• /
• pp.13-18
• /
• 2019

This paper proposes efficient and secure two-way authentication protocol for binding update messages between mobile devices and home agents / correspondent nodes in IoT and Mobile IPv6 (MIPv6) environments with limited computing power and resources. Based on the MIPv6 message exchange, the proposed protocol satisfies both the authentication and the public key exchange optimized for both sides of the communication with minimum modification. In the future, we will carry out a performance analysis study by implementing the proposed protocol in detail.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.8
• /
• pp.2930-2947
• /
• 2014

With the rapid growth of the communication technology, intelligent terminals (i.e. PDAs and smartphones) are widely used in many mobile applications. To provide secure communication in mobile environment, in recent years, many user authentication schemes have been proposed. However, most of these authentication schemes suffer from various attacks and cannot provide provable security. In this paper, we propose a novel remote user mutual authentication scheme for multi-server environments using elliptic curve cryptography (ECC). Unlike other ECC-based schemes, the proposed scheme uses ECC in combination with a secure hash function to protect the secure communication among the users, the servers and the registration center (RC). Through this method, the proposed scheme requires less ECC-based operations than the related schemes, and makes it possible to significantly reduce the computational cost. Security and performance analyses demonstrate that the proposed scheme can solve various types of security problems and can meet the requirements of computational complexity for low-power mobile devices.

• Journal of Korea Multimedia Society
• /
• v.12 no.4
• /
• pp.540-549
• /
• 2009

An arbitrary mobile device configures Ad-hoc network to provide the transmission of a data and services using wireless communications. A mobile device requires authentication and encryption key management to securely communicate in the Ad-hoc network. This paper examines the trend of the authentication in the Ad-hoc network and the group key management and suggests the plan for ID-based mutual authentication and group key establishment. ID-based mutual authentication in proposed scheme uses zero knowledge in the absence of shared information and is applied to establish a session key and group key. In addition, the proposed scheme is applied to Ad-hoc network to increase the efficiency and the safety of security technology.