• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.7
• /
• pp.183-194
• /
• 2018

With the rapid development of IoT(Internet of Things) technology, various convenient services such as smart home and smart city have been realized. However, IoT devices in unmanned environments are exposed to various security threats including eavesdropping and data forgery, information leakage due to unauthorized access. To build a secure IoT environment, it is necessary to use proper cryptographic technologies to IoT devices. But, it is impossible to apply the technologies applied in the existing IT environment, due to the limited resources of the IoT devices. In this paper, we survey the classification of IoT devices according to the performance and analyze the security requirements for IoT devices. Also we survey and analyze the use of cryptographic technologies in the current status of IoT open standard platform such as AllJoyn, oneM2M, IoTivity. Based on the research of cryptographic usage, we examine whether each platform satisfies security requirements. Each IoT open platform provides cryptographic technology for supporting security services such as confidentiality, integrity, authentication an authorization. However, resource constrained IoT devices such as blood pressure monitoring sensors are difficult to apply existing cryptographic techniques. Thus, it is necessary to study cryptographic technologies for power-limited and resource constrained IoT devices in unattended environments.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.11
• /
• pp.295-302
• /
• 2018

Face recognition (FR) has been widely used in various applications, such as smart surveillance systems, immigration control in airports, user authentication in smart devices, and so on. FR in well-controlled conditions has been extensively studied and is relatively mature. However, in unconstrained conditions, FR performance could degrade due to undesired characteristics of the input face image (such as irregular facial pose variations). To overcome this problem, this paper proposes a new method for determining if an input image is suitable for FR. In the proposed method, for an input face image, reconstruction error is computed by using a predefined set of reference face images. Then, suitability can be determined by comparing the reconstruction error with a threshold value. In order to reduce the effect of illumination changes on the determination of suitability, a preprocessing algorithm is applied to the input and reference face images before the reconstruction. Experimental results show that the proposed method is able to accurately discriminate non-frontal and/or incorrectly aligned face images from correctly aligned frontal face images. In addition, only 3 ms is required to process a face image of $64{\times}64$ pixels, which further demonstrates the efficiency of the proposed method.

• Journal of the Korea Convergence Society
• /
• v.12 no.2
• /
• pp.45-50
• /
• 2021

In this paper, we propose the development of a smart space security device that can be opened and closed remotely using IoT. Existing space security devices can control opening and closing by breaking hardware or only using button devices or replicated keys. The recent COVID-19 crisis has created several applications for non-contact devices. In this study, we propose the development of a small space security device that has the function of unlocking through an app without touching the device. By transferring the control authority to a smartphone, device that cannot be opened or closed by only operating hardware at the user's option. It is convenient and hygienic because it can be opened and closed using an app without touching the locking device. Multiple security is possible because security can be released using an app after user authentication by fingerprint recognition and pattern input on a smartphone. If the user wishes, after using the app security, the security is released by directly touching a button installed in the safe or space or opening it with a key. In addition, by adding an inactive function to the app, it is designed so that the door of the safe cannot be opened when the key is lost or the small safe is lost. This study is expected to be able to effectively expand the security system by applying variously to objects that require security.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.49-58
• /
• 2018

A certificate is a means to certify users by conducting the identification of the users, the prevention of forgery and alteration, and non-repudiation. Most people use an accredited certificate when they perform a task using online banking, and it is often used for the purpose of proving one's identity in issuing various certificates and making electronic payments in addition to online banking. At this time, the issued certificate exists in a file form on the disk, and it is possible to use the certificate issued in an existing device in a new device only if one copies it from the existing device. However, most certificate duplication methods are a method of duplication, entering an 8-16 digit verification code. This is inconvenient because one should enter the verification code and has a weakness that it is vulnerable to security issues. To solve this weakness, this study proposes a method for enhancing security certificate duplication in a multi-channel using TCP and BLE. The proposed method: 1) shares data can be mutually authenticated, using BLE Advertising data; and 2) encrypts the certificate with a symmetric key algorithm and delivers it after the certification of the device through an ECC-based electronic signature algorithm. As a result of the implementation of the proposed method in a mobile environment, it could defend against sniffing attacks, the area of security vulnerabilities in the existing methods and it was proven that it could increase security strength about $10^{41}$ times in an attempt of decoding through the method of substitution of brute force attack existing method.

• The Journal of the Korea Contents Association
• /
• v.15 no.10
• /
• pp.607-615
• /
• 2015

Mosts user of internet and smart phone has certificate, and uses it when money transfer, stock trading, on-line shopping, etc. Mosts user stores certificate in a hard disk drive of PC, or the external storage medium. In particular, the certification agencies are encouraged for user to store certificate in external storage media such as USB memory rather than a hard disk drive. User think that the external storage medium is safe, but when it is connect to a PC, certificate may be copied easily, and can be exposed to hackers through malware or pharming site. Moreover, if a hacker knows the user's password, he can use user's certificate without restrictions. In this paper, we suggest secure management scheme of the private key file using a password of the encrypted private key file, and a USB Memory's hardware information. The private key file is protected safely even if the encrypted private key file is copied or exposed by a hacker. Also, if the password of the private key file is exposed, USB Memory's container ID, additional authentication factor keeps the private key file safe. Therefore, suggested scheme can improve the security of the external storage media for certificate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1243-1257
• /
• 2019

With the emergence of the IoT environment, various smart devices provide consumers with the convenience and various services. However, as security threats such as invasion of privacy have been reported, the importance of security issues in the IoT environment has emerged, and in particular, the security problem of key management has been discussed, and the PUF has been discussed as a countermeasure. In relation to the key management problem, a protocol using MIPUF has been proposed for the security problem of the group key management system. The system can be applied to lightweight IoT environments and the safety of the PUF ensures the safety of the entire system. However, in some processes, it shows vulnerabilities in terms of safety and efficiency of operation. This paper improves the existing protocol by adding authentication for members, ensuring data independence, reducing unnecessary operations, and increasing the efficiency of database searches. Safety analysis is performed for a specific attack and efficiency analysis results are presented by comparing the computational quantities. Through this, this paper shows that the reliability of data can be improved and our proposed method is lighter than existing protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.23-36
• /
• 2010

Signcryption is a cryptographic primitive which offers authentication and confidentiality simultaneously with a cost lower than signing and encrypting the message independently. We propose a new cryptographic notion called Identity-based online/offline signcryption. The notion of online/offline scheme can be divided into two phases, the first phase is performed offline prior to the arrival of a message to be signed or encrypted and the second phase is performed online phase after knowing the message and the public key of recipient. The Online phase does not require any heavy computations such as pairings or exponents. It is particularly suitable for power-constrained devices such as smart cards. In this paper, we propose ID-based signcryption scheme and ID-based online/offline signcryption scheme where the confidentiality and authenticity are simultaneously required to enable a secure and trustable communication environment. To our best knowledge, this is the first ID-based online/offline signcryption scheme that can be proven secure in the standard model.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.2
• /
• pp.15-26
• /
• 2021

Recently, as the introduction of cloud, mobile, and IoT has become active, there is a growing need for technology development that can supplement the limitations of traditional security solutions based on fixed perimeters such as firewalls and Network Access Control (NAC). In response to this, SDP (Software Defined Perimeter) has recently emerged as a new base technology. Unlike existing security technologies, SDP can sets security boundaries (install Gateway S/W) regardless of the location of the protected resources (servers, IoT gateways, etc.) and neutralize most of the network-based hacking attacks that are becoming increasingly sofiscated. In particular, SDP is regarded as a security technology suitable for the cloud and IoT fields. In this study, a new access control system was proposed by combining SDP and hash tree-based large-scale data high-speed signature technology. Through the process authentication function using large-scale data high-speed signature technology, it prevents the threat of unknown malware intruding into the endpoint in advance, and implements a kernel-level security technology that makes it impossible for user-level attacks during the backup and recovery of major data. As a result, endpoint security, which is a weak part of SDP, has been strengthened. The proposed system was developed as a prototype, and the performance test was completed through a test of an authorized testing agency (TTA V&V Test). The SDP-based access control solution is a technology with high potential that can be used in smart car security.

• Journal of Intelligence and Information Systems
• /
• v.18 no.3
• /
• pp.97-117
• /
• 2012

Nowadays, Internet users tend to do a variety of actions at the same time such as web browsing, social networking and multimedia consumption. While watching a video, once a user is interested in any product, the user has to do information searches to get to know more about the product. With a conventional approach, user has to search it separately with search engines like Bing or Google, which might be inconvenient and time-consuming. For this reason, a video annotation platform has been developed in order to provide users more convenient and more interactive ways with video content. In the future of smart TV environment, users can follow annotated information, for example, a link to a vendor to buy the product of interest. It is even better to enable users to search for information by directly discussing with friends. Users can effectively get useful and relevant information about the product from friends who share common interests or might have experienced it before, which is more reliable than the results from search engines. Social networking services provide an appropriate environment for people to share products so that they can show new things to their friends and to share their personal experiences on any specific product. Meanwhile, they can also absorb the most relevant information about the product that they are interested in by either comments or discussion amongst friends. However, within a very huge graph of friends, determining the most appropriate persons to ask for information about a specific product has still a limitation within the existing conventional approach. Once users want to share or discuss a product, they simply share it to all friends as new feeds. This means a newly posted article is blindly spread to all friends without considering their background interests or knowledge. In this way, the number of responses back will be huge. Users cannot easily absorb the relevant and useful responses from friends, since they are from various fields of interest and knowledge. In order to overcome this limitation, we propose a method to filter a user's friends for information search, which leverages semantic video annotation and social networking services. Our method filters and brings out who can give user useful information about a specific product. By examining the existing Facebook information regarding users and their social graph, we construct a user profile of product interest. With user's permission and authentication, user's particular activities are enriched with the domain-specific ontology such as GoodRelations and BestBuy Data sources. Besides, we assume that the object in the video is already annotated using Linked Data. Thus, the detail information of the product that user would like to ask for more information is retrieved via product URI. Our system calculates the similarities among them in order to identify the most suitable friends for seeking information about the mentioned product. The system filters a user's friends according to their score which tells the order of whom can highly likely give the user useful information about a specific product of interest. We have conducted an experiment with a group of respondents in order to verify and evaluate our system. First, the user profile accuracy evaluation is conducted to demonstrate how much our system constructed user profile of product interest represents user's interest correctly. Then, the evaluation on filtering method is made by inspecting the ranked results with human judgment. The results show that our method works effectively and efficiently in filtering. Our system fulfills user needs by supporting user to select appropriate friends for seeking useful information about a specific product that user is curious about. As a result, it helps to influence and convince user in purchase decisions.