• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.119-131
• /
• 2009

The world's widely used key exchange protocols are open cryptographic communication protocols, such as TLS/SSL, whereas in the financial field in Korea, key exchange protocols developed by industrial classification group have been used that are based on PKI(Public Key Infrastructure) which is suitable for the financial environments of Korea. However, the key exchange protocols are not only vulnerable to client impersonation attacks and known-key attacks, but also do not provide forward secrecy. Especially, an attacker with the private keys of the financial security server can easily get an old session-key that can decrypt the encrypted messages between the clients and the server. The exposure of the server's private keys by internal management problems, etc, results in a huge problem, such as exposure of a lot of private information and financial information of clients. In this paper, we analyze the weaknesses of the cryptographic communication protocols in use in Korea. We then propose two key exchange protocols which reduce the replacement cost of protocols and are also secure against client impersonation attacks and session-key and private key reveal attacks. The forward secrecy of the second protocol is reduced to the HDH(Hash Diffie-Hellman) problem.

• Smart Media Journal
• /
• v.12 no.2
• /
• pp.27-35
• /
• 2023

Currently, online user authentication is perform using joint certificates issued by accredited certification authorities and simple certificates issued by private agency. In such a PKI(Public Key Infrastructure) system, various cryptographic technologies are used, and in particular, digital signatures are used as a core technology. The digital signature scheme is equally used in DID(Decentralized Identity), which is attracting attention to replace the existing centralized system. As such, the digital signature-based user authentication used in current online services is also applied in the metaverse, which is attracting attention as the next-generation online world. Metaverse, a compound word of "meta," which means virtual and transcendent, and "universe," means a virtual world that includes the existing online world. Due to various developments of the metaverse, it is expted that new authentication technologies including biometric authentication will be used, but existing authentication technologies are still being used. Therefore, in this study, we study digital signature scheme that can be efficiently used for user authentication in the developing metaverse. In particular, we experimentally analyze the effectiveness of ECDSA, which is currently used as a standard for digital signatures, and Schnorr signatures, which can quickly verify a large amount of signatures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.71-79
• /
• 2003

Existing web-based system management software solutions show some limitations in time and space. Moreover, hey possess such as shortcomings unreliable error message announcements and difficulties with real-time assistance supports and emergency measures. In order to solve these deficiencies, Wireless Remote Control System(W-RCS) was designed and implemented. W-RCS is able to manage and monitor remote systems by using mobile communication devices for instantaneous control. The implementation of W-RCS leads to these security problems as well as solutions to aforementioned issues with existing web-based system management software solutions. Therefore, this paper has focused on the security matters related to W-RCS. The security functions based on public key infrastructure include mobile device user authentication and target system access control. The W-RCS allows real-time user authentication, increases the flexibility of resource administrators and mobile device non, and provides not only uninterrupted services, but also safe mobile office environments.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.439-446
• /
• 2008

Recently, the importance of EPCglobal Network and brisk researches on the RFID technologies and application have been increasing, also a number of industries including distribution and logistics are proposing various systems of the application. The Standard for EPCglobal Network, as now being in the process of its legislation, stipulates X.509 only for the method of encryption, without accurate specifications. This paper is, thus, to suggest the way of sending safely messages for the web-based service constituting EPCglobal Network, of verifying whether the received messages are effective, of encoding the messages for safer sending and of certifying between systems, and then to implement the way.

• Proceedings of the KIEE Conference
• /
• 2006.10c
• /
• pp.518-520
• /
• 2006

Due to the rapid popularization of mobile multimedia devices and the Internet as well as the realization of high-speed data transmission and large-volume data recording media, high quality content distribution and ubiquitous information services are making progress and a new type of information distribution and network sharing service has gradually emerged into the market. It is capable of utilizing terabyte sized home servers also in private homes. Under these circumstances, in distribution of content over shared networks, it is crucial to establish DRM (Digital Rights Management) technologies to protect the content from illegal copying and usage. A truly successful DRM system must be built on open worldwide specifications and provide maximum interoperability and user acceptance. An open interoperability of DRM is able to construct highly expandable PKI based DRM, targeting usage between systems, considering the expansion of recent content distribution services and clients This document gives protocol specifications for the exchange of rights information between the DRM module, description of specifications for rights information and encrypted content formats.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2008.02a
• /
• pp.95-98
• /
• 2008

센서네트워크는 넓은 지역에 무선 인프라로 묶여 설치된 센서들을 사용하여 상황 인지로 감지된 데이터를 응용서비스 서버와 연동하는 기술이다. 이는 환경 감시, 대상 추적, 환자 모니터링, 군사적 목적 등 매우 다양한 분야에 사용될 수 있다. 센서네트워크 역시 기존 네트워크에서 필요로 하는 보안 기능을 요구한다. 그러나 센서네트워크에 사용되는 노드들이 사용할 수 있는 자원에 제약이 있어, 기존의 암호기술을 그대로 적용하는데 어려움이 있다. 이러한 센서네트워크에서의 키 분배 문제를 해결하기 위하여 인증센터를 사용하는 기법, 랜덤 키 사전 분배 기법, q-합성수 랜덤 키 사전 분배 기법, Blom 스킴, 위치 기반 키 사전 분배 기법 등이 제안되어 있다. 한편, 공개키 연산의 많은 부하로 인하여 공개키 기법을 센서네트워크에 적용하기에 적합하지 않으리라 여겨져 왔으나, 최근의 연구결과들에 의하면 PKI처럼 복잡한 시스템을 구현하는 것은 부적합할지라도 공개키를 이용한 키 분배 기법을 센서네트워크에 적용하는 것이 실효성이 있다는 것을 보여준다. 본 논문에서는 TinyOS 플랫폼에서 공개키를 이용하여 센서 노드 간 상호 인증 및 세션키를 생성하여 암호 데이터 통신을 수행하는 센서네트워크 플랫폼을 구현한 결과를 제시한다.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.05a
• /
• pp.301-306
• /
• 2004

The Grid VO(Virtual Organization) is temporary VO where gather indivisual, authority, or system resource, differ from previous VO concept that controled by internal principal and policy set. It have many problems in case of indivisuals, authorities, or system resources that became member\ulcorner of some Grid VO at same time and combination followed changing condition of system resource for building Grid VO. This paper propose lightweighted Grid VO authentication system based on XML security to solve the authentication of the problems occuring in building Grid VO. In this paper, Grid VO authentication system is including Grid VO authentication module that is intermediate management system in PH to previous authentication service structure and provide effective authentication service to Grid VO.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1229-1232
• /
• 2005

국내 공공기관에서는 사이버 행정환경의 기밀성, 무결성, 신원확인, 부인방지등을 보장하기 위하여 행정전자서명인증체계(GPKI:Government Public Key Infrastructure)의 구축과 함께 모든 문서를 XML형태로 표준화하여 공공기관간의 문서를 통합하기 위한 시도를 하고 있다. 하지만 행정전자서명인증체계에서 사용하는 공개키기반(PKI)을 연동한 인증체계는 단순한 사용자 인증만을 제공하여, 공공기관의 응용업무 환경에서 요구되는 다양한 사용자의 직위, 직무, 역할정보 등의 관리가 어려우며 XML형태의 공공문서에 대한 상세한 접근제어를 지원하지 못하는 한계점이 있다. 이러한 한계점을 해결하기 위하여 본 논문에서는 공공기관에서 사용하는 인증 및 접근제어 시스템의 가상시나리오를 통하여 보안문제점을 도출하고 분석한 후에 이를 근거로 공공기관의 보안 문제점을 해결할 수 있는 보안기술인 PMI(Privilege Management Infrastructure)와 XACML(eXtensible Access Control Markup Language)을 연동한 접근제어모델을 제안하였다..

• Journal of Digital Convergence
• /
• v.10 no.4
• /
• pp.243-250
• /
• 2012

This study proposes new protocol protecting patients' personal record more safely as well as solving medical dispute smoothly by storing the record not into a computer server in hospitals but into the National Health Insurance Corporation computer server. The new protocol for electronic medical record is designed using RSA public key algorithm and DSA digital signature. In addition, electronic medical record systems are built up with more safety and reliability through certificate authority. The proposed medical information systems can strengthen trust between doctors and patients. If medical malpractice occurs, the systems can also provide evidence. Furthermore, the systems can be helpful to reduce medical accidents. The systems could be also utilized efficiently in various applied areas.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.12
• /
• pp.90-96
• /
• 2010

IT environment is rapidly changed, thus security threats such as worms and viruses have increased. Especially company's internal network requires to be inherently protected against these threats. In this respect, NAC(Network Access Control) has attracted attention as new network security techniques. The NAC implements the endpoint access decision based on the collected endpoint security status information and platform measurement information. In this paper, we describe the design and implementation of unauthorized NAC which protect against such as a worm, virus, malware-infected PC, and mobile device to connect to company's internal networks.