• Journal of Platform Technology
• /
• v.6 no.3
• /
• pp.17-22
• /
• 2018

Smart home is a technology for monitoring and controlling all the information about a house by integrating various home applications like cooling, heating, lighting, kitchen and security systems into a network. Although home appliances have become more convenient to use due to the development of smart home technology, they are also more vulnerable to information security hazards. Unauthorized visitors may have access to any of home appliance to arbitrarily control it or acquire information. This causes serious privacy and security problems, which should be solved to further smart home technology. This present paper proposed a dynamic user access control system for privacy protection in smart homes. The proposed system defines the role of a user of smart home services by automatically identifying the status information of the user and dynamically controls the access range for the service. In this way, the privacy of a user can be protected and the inter-smart device service is effectively provided. Consequently, the proposed dynamic user access control for smart home will improve the security service for protecting privacy in smart home devices.

• International Journal of Computer Science & Network Security
• /
• v.24 no.8
• /
• pp.32-42
• /
• 2024

The Internet of Things (IoT) is set to transform patient care by enhancing data collection, analysis, and management through medical sensors and wearable devices. However, the convergence of IoT device vulnerabilities and the sensitivity of healthcare data raises significant data integrity and privacy concerns. In response, this research introduces the Smart-Coord system, a practical and affordable solution for securing healthcare IoT. Smart-Coord leverages blockchain technology and coordinate-based access management to fortify healthcare IoT. It employs IPFS for immutable data storage and intelligent Solidity Ethereum contracts for data integrity and confidentiality, creating a hierarchical, AES-CBC-secured data transmission protocol from IoT devices to blockchain repositories. Our technique uses a unique coordinate system to embed confidentiality and integrity regulations into a single access control model, dictating data access and transfer based on subject-object pairings in a coordinate plane. This dual enforcement technique governs and secures the flow of healthcare IoT information. With its implementation on the Matic network, the Smart-Coord system's computational efficiency and cost-effectiveness are unparalleled. Smart-Coord boasts significantly lower transaction costs and data operation processing times than other blockchain networks, making it a practical and affordable solution. Smart-Coord holds the promise of enhancing IoT-based healthcare system security by managing sensitive health data in a scalable, efficient, and secure manner. The Smart-Coord framework heralds a new era in healthcare IoT adoption, expertly managing data integrity, confidentiality, and accessibility to ensure a secure, reliable digital environment for patient data management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.313-323
• /
• 2020

With the development of smart grid technologies, a user can use the secure and reliable power services in smart gird environments. However, the users are not secure against various potential attacks because the smart gird services are provided through the public channel. Therefore, a secure and lightweight authentication and key agreement scheme has become a very important security issue in smart grid in order to guarantee user's privacy. In 2019, Zhang et al. proposed a lightweight authentication scheme for smart gird communications. In this paper, we demonstrate that Zhang et al.'s scheme is vulnerable to impersonation and session key disclosure attacks, and then we propose a secure authentication and key agreement scheme for smart grid environments without tamper-resistant devices. Moreover, we perform the informal security and the BAN logic analysis to prove that our scheme is secure various attacks and provides secure mutual authentication, respectively. We also perform the performance analysis compared with related schemes. Therefore, the proposed scheme is efficiently applicable to practical smart gird environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.49-60
• /
• 2015

Smart Grid devices are the major components of the Smart Grid. They collect and process a variety informations relating power services and support intelligent power services by exchanging informations with other SG devices or systems. However, If a SG device is attacked, the device can provide attack route to attacker and attacker can attack other SG devices or systems using the route. It may cause problem in power services. So, when cyber incident is happened, we need to acquire and examine digital evidence of SG device quickly to secure availability of SG. In this paper, we designed remote evidence acquisition system to acquire digital evidences from SG devices to response quickly to incidents of SG devices. To achieve this, we analyzed operating environment of SG devices and thought remote digital evidence acquisition system of SG devices will be more effective than remote digital evidence acquisition system targeted general IT devices. So, we introduce design method for SG devices remote evidence acquisition system considered operating environment of SG devices.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.49-54
• /
• 2012

Special applications designed for smart phone, so called "Apps" are rapidly emerging as unique and effective sources of environmental monitoring tools. Using the advantages of Information and Communication Technology (ICT), this paper propose an application that provides Indoor Gas Monitoring System. In this paper, use four wireless gas sensor modules to acquire sensors data wirelessly coupled with the advantages of existing portable smart device based on Android platform to display the real-time data from the sensor modules. Additionally, this paper adapts a simple gas classification algorithm to inform in-door Gas for users real-time based.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.205-210
• /
• 2021

In this paper, the possibility of using a contactless smart card as a cache for geocaching is analyzed. Geocaching is an outdoor game in which players search for hidden boxes, or caches based on geographical coordinates. The problems with this game are the possibility of players cheating and the need to maintain the caches. And then there is the problem of the ignorant public accidentally discovering a cache and considering it an explosive device. This paper proposes a concept for a possible solution to the above problems by replacing the boxes with conventional contactless smart cards. Also, this concept makes geocaching more attractive by using various games. This paper proposes a system architecture as well as the cryptographic protocol required for secure communication between the player's smartphone and the card.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1243-1252
• /
• 2012

Due to the widespread use of smart devices, threats of direct observation attacks such as shoulder surfing and recording attacks, by which user secrets can be stolen at user interfaces, are increasing greatly. Although formal security models are necessary to evaluate the possibility of and security against those attacks, such a model does not exist. In this paper, based on the previous work in which a HCI cognitive model was firstly utilized for analyzing security, we propose STM-GOMS model as an improvement of GOMS-based model with regard to memory limitations. We then apply STM-GOMS model for analyzing usability and security of a password entry scheme commonly used in smart devices and show the scheme is vulnerable to the shoulder-surfing attack. We finally conduct user experiments to show the results that support the validity of STM-GOMS modeling and analysis.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.99-107
• /
• 2022

The use of smart home appliances and Internet of Things (IoT) devices is growing, enabling new interactions and automation in the home. This technology relies heavily on mobile services which leaves it vulnerable to the increasing threat of hacking, identity theft, information leakage, serious infringement of personal privacy, abnormal access, and erroneous operation. Confirming or proving such security breaches have occurred is also currently insufficient. Furthermore, due to the restricted nature of IoT devices, such as their specifications and operating environments, it is difficult to provide the same level of internet security as personal computers. Therefore, to increase the security on smart home IoT devices, attention is needed on (1) preventing hacking and user authority theft; (2) disabling abnormal manipulation; and (3) strengthening audit records for device operation. In response to this, we present a plan to build a cloud security authentication platform which features security authentication management functionality between mobile terminals and IoT devices.

• Journal of Korea Multimedia Society
• /
• v.10 no.12
• /
• pp.1655-1662
• /
• 2007

Although the PKl-based user authentication solution has been widely used, the security of it can be deteriorated by a simple password. This is because a long and random private key may be protected by a short and easy-to-remember password. To handle this problem, many biometric-based user authentication solutions have been proposed. However, protecting biometric data is another research issue because the compromise of the biometric data will be permanent. In this paper, we present an implementation to improve the security of the typical PKI-based authentication by protecting the private key with a fingerprint. Compared to the unilateral authentication provided by the typical biometric-based authentication, the proposed solution can provide the mutual authentication. In addition to the increased security, this solution can alleviate the privacy issue of the fingerprint data by conglomerating the fingerprint data with the private key and storing the conglomerated data in a user-carry device such as a smart card. With a 32-bit ARM7-based smart card and a Pentium 4 PC, the proposed fingerprint-based PKI authentication can be executed within 1.3second.

• International journal of advanced smart convergence
• /
• v.8 no.2
• /
• pp.77-87
• /
• 2019

One of important concerns in information security is to control information flow. It is whether to protect confidential information from being leaked, or to protect trusted information from being tainted. In this paper, we present Piosk (Physical blockage of Information flow Kiosk) that addresses both the problems practically. Piosk can forestall and prevent the leakage of information, and defend inner tangible assets against a variety of malwares as well. When a visitor who carries a re-writable portable storage device, must insert the device into Piosk installed next to the security gate. Then, Piosk scans the device at the very moment, and detects & repairs malicious codes that might be exist. After that, Piosk writes the contents (including sanitized ones) on a new read-only portable device such as a compact disk. By doing so, the leakage of internal information through both insiders and outsiders can be prevented physically. We have designed and prototyped Piosk. The experimental verification of the Piosk prototype implementation reveals that, Piosk can accurately detect every malware at the same detection level as Virus Total and effectively prevent the leakage of internal information. In addition, we compare Piosk with the state-of-the-art methods and describe the special advantages of Piosk over existing methods.