• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.575-584
• /
• 2003

Due to hardware resource limit and system incompatibility of the mobile device, and low bandwidth of wireless communication, there are a few difficulties in introducing the digital contract system based on wired communication to M-Commerce. To get over the difficulties, this paper defines a digital contract based upon XML and then addresses the design and implementation of M-XContract, a digital contract system for the mobile environment. M-XContract system has been constructed with the digital contract server, M-ESign module which contracts with the customer on the PDA and transfers the contract digitally signed to the server, M-EDecoder module which shows the contract to the customer from the server, and X-Auth which is a contract authoring tool. To evaluate the run-time performance of the M-XContract, we measured the digital signature generation time and transfer time to the server. The evaluation results show that the M-Xcontract is an efficient model for the mobile contract system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.975-985
• /
• 2018

ICN architecture, one of future Internet technologies, proposes that content request packets toward a content source can be responded by several distributed nodes. So, ICN can solve network congestion which is happened around content sources and provide a seamless content distribution service regardless of the network and system statuses of content sources. Especially, CCN implements content caching functionality in network nodes so that such intermediated network nodes can themselves respond to content requests. However, when receiving content from distributed nodes, users receiving content cannot authenticate the nodes providing the content. So CCN is vulnerable to various attacks such as an impersonation attack, a data pollution attack, and so on. This paper first describes CCN content authentication and its weakness. Then it proposes an improved content authentication scheme based on a blockchain and evaluates the performance of the proposed scheme.

• Journal of Internet Computing and Services
• /
• v.15 no.2
• /
• pp.129-142
• /
• 2014

Latest in Smart Grid projects are emerging as the biggest issue that smart meter should meet the security goal and the SW upgrade for compliance with future standard. However, unlike regular equipment, Smart meters should be designed in accordance with the regulation of legal metrology instrument in order to establish a fair trade-based business and unauthorized changes, it is not allowed and it is strictly limited by law. Therefore, this paper propose a new scheme of certification regarding type approval and verification for legal smart meter as analyzing the requirements of a smart meter regarding upgrade and security. This analysis shows that the proposed scheme comply with the regulation and the specification of smart meter by applying it to smart meter with smart card.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.75-90
• /
• 2004

At Asiacrypt 2003, Shin et al., have proposed a new class for Authenticated Key Establishment (AKE) protocol named Leakage-Resilient AKE ${(LR-AKE)}^{[1]}$. The authenticity of LR-AKE is based on a user's password and his/her stored secrets in both client side and server side. In their LR-AKE protocol, no TRM(Tamper Resistant Modules) is required and leakage of the stored secrets from $.$my side does not reveal my critical information on the password. This property is useful when the following situation is considered :(1) Stored secrets may leak out ;(2) A user communicates with a lot of servers ;(3) A user remembers only one password. The other AKE protocols, such as SSL/TLS and SSH (based or PKI), Password-Authenticated Key Exchange (PAKE) and Threshold-PAKE (T-PAKE), do not satisfy that property under the above-mentioned situation since their stored secrets (or, verification data on password) in either the client or the servers contain enough information to succeed in retrieving the relatively short password with off-line exhaustive search. As of now, the LR-AKE protocol is the currently horn solution. In this paper, we prove its security of the LR-AKE protocol in the standard model. Our security analysis shows that the LR-AKE Protocol is provably secure under the assumptions that DDH (Decisional Diffie-Hellman) problem is hard and MACs are selectively unforgeable against partially chosen message attacks (which is a weaker notion than being existentially unforgeable against chosen message attacks).

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.4
• /
• pp.1926-1934
• /
• 2013

M2M (Machine-to-Machine Communication) refers to technologies that allow wired and wireless systems to communicate with other devices with similar capabilities. M2M has special features which consist of low electricity consumption, cheap expenses, WAN, WLAN and others. Therefore, it can communicate via a network. Also, it can handle itself without a person's management. However, it has a wireless-communicate weakness because of the machine-communicate request, and also it is difficult to administrate and control each other. So In this Paper, It suggests the safety protocol between Device, Gateway and Network Domain in M2M environment. Proposed protocol is based on ID-Based encryption's certificate and creates session key between the Access Server and the Core Server in the Network Domain. It uses that session key for sending and receiving data in mutual, and adds key renewal protocol so it will automatically update discern result. a comparative analysis of the existing M2M communication technologies and PKI-based certificate technology is compared with the proposed protocol efficiency and safety.

• Journal of Korea Multimedia Society
• /
• v.8 no.7
• /
• pp.988-999
• /
• 2005

As the Internet continues to have the commercial trade changed, the method of payment is one of critical components to conduct successful businesses through the internet. An electronic cash has all of the characteristics of a traditional commodity cash and ensures the security for all transactions. Accordingly an internet billing system based on the electronic cash is expected as the secure and efficient payment method for the future electronic commerces. The digital contents such as digital merchandise and services have the characteristic that both the delivery of merchandise and the payment of money can be accomplished on the same network and are helpful to idealize the design of the electronic commerce system. In this paper, Anonymity got to be possible by using a virtual ID in the process of payment, the payment steps were decreased by being processed on the same network, and the efficiency and the security were guaranteed by decreasing the frequency of the coding and communication.

• Journal of KIISE:Information Networking
• /
• v.28 no.4
• /
• pp.641-650
• /
• 2001

In recent years, e-Commerce is very active on the Internet, especially the World Wide Web along with the popularization of Internet using high-speed networks. Especially, Electronic Software Distribution(ESD) is widely being focused as one of the popular researches. However, the existing models of ESD lack substantial illegal copy protection or copyright protection as they have the shortcomings of guaranteeing anonymity of users. This study suggests an ESD protocol that guarantees substantial copyright protection and anonymity based on the Public Key Infrastrncture(PKl). The suggested method does not give the information of a buyer who doesn't want to reveal to a seller, and protects illegal copy and distribution as well. When it happens that illegal copies are in circulation, this method provides a device to trace back its original distributor so that it helps protect the copyright. In addition, it provides more convenient environment to the user by not using the methods of serial number input and extra installation to use.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.9
• /
• pp.1573-1581
• /
• 2006

To utilize actively the agent which is one of the elements of revitalization of Agro-Foods Mobile I-commerce, an essential prerequisite is agent security. IF using partial PKI(Public Key Infrastructure)-based confirmation mechanism providing security for the agent, the size of agent is becoming larger, the result of the transmission speed is slow, and the confirmation speed is tardy as well because of performing calculation of public keys such as RSA and needing linkage with the CA for the valid examination of certificates. This paper suggests a mechanism that can cross certification and data encryption of each host in the side of improving the problems of key distribution on agent by shaping key chain relationship. This mechanism can guarantee the problem of ky distribution by using agent cipher key(ACK) module and generating random number to fit mobile surroundings and to keep the secret of the agent. Suggested mechanism is a thing that takes into consideration security and efficiency to secure agent for the revitalization of M-Commerce, and is a code skill to make the agent solid and is a safe mechanism minimizing the problems of memory overflow.

• Journal of Internet Computing and Services
• /
• v.5 no.3
• /
• pp.1-9
• /
• 2004

The growth of Internet is the main factor that activates the Digital Contents Market and gives the convenience, efficiency and usefulness to the users. However the Digital Contents Market could be shrunk by an illegal reprinting and imprudent using. As a result, recently we can see that using the contents illegally through Internet makes the troubles between providers and customers and finally they are at law. Therefore we urgently need a new technology which can prevent the contents from illegal using, illegal reprinting and imprudent using, We developed the system prohibits a imprudent using in order to activate the Digital Contents Market, We developed the system protects the contents safely by removing the dangerous for the illegal reprinting with providing the encoded contents and the system removes the contents according to the number of usage and the user authentication through network.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.9
• /
• pp.1983-1989
• /
• 2012

The IEEE 802.1x standard provides an architectural framework which can be used various authentication methods. But, IEEE 802.1x also has vulnerabilities about the DoS(Denial of Service), the session hijacking and the MiM(Man in the Middle) attack due to caused by structural of authentication protocol. In this paper, we propose a WLAN system which can offer safety communication by complement of IEEE 802.1x vulnerabilities. The WLAN system accomplishes mutual authentications between authentication servers, clients and the AP using PKI and prevents an illegal user from intervening in communication to disguise oneself as a client, the AP or authentication servers. Also, we guarantee the safety of the communication by the Dynamic WEP key distribution between clients and the AP.