• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.119-127
• /
• 2019

This paper proposes a new authentication model to solve the problem of personal information takeover and personal information theft by service providers using centralized servers for user authentication and management of personal information. The centralization issue is resolved by providing user authentication and information storage space through a decentralize platform, blockchain, and ensuring confidentiality of information through user-specific symmetric key encryption. The proposed model was implemented using the public-blockchain Ethereum and the web-based wallet extension MetaMask, and users access the Ethereum main network through the MetaMask on their browser and store their encrypted personal information in the Smart Contract. In the future, users will provide their personal information to the service provider through their Ethereum Account for the use of the new service, which will provide user authentication and personal information without subscription or a new authentication process. Service providers can reduce the costs of storing personal information and separate authentication methods, and prevent problems caused by personal information leakage.

• 한국정보컨버전스학회:학술대회논문집
• /
• 2008.06a
• /
• pp.47-52
• /
• 2008

A radio-frequency identification(RFID) tag is a small, inexpensive microchip that emits an identifier in response to a query from a nearby reader. The price of these tags promises to drop to the range of $0.05 per unit in the next several years, offering a viable and powerful replacement for barcodes. The challenge in providing security for low-cost RFID tags is that they are computationally weak devices, unable to perform even basic symmetric-key cryptographic operations. Security researchers often therefore assume that good privacy protection in RFID tags is unattainable. In this paper, we explore a notion of minimalist cryptography suitable for RFID tags. We consider the type of security obtainable in RFID devices with a small amount of rewritable memory, but very limited computing capability. Our aim is to show that standard cryptography is not necessary as a starting point for improving security of very weak RFID devices. Our contribution is threefold: 1. We propose a new formal security model for authentication and privacy in RFID tags. This model takes into account the natural computational limitations and the likely attack scenarios for RFID tags in real-world settings. It represents a useful divergence from standard cryptographic security modeling, and thus a new view of practical formalization of minimal security requirements for low-cost RFID-tag security. 2. We describe protocol that provably achieves the properties of authentication and privacy in RFID tags in our proposed model, and in a good practical sense. Our proposed protocol involves no computationally intensive cryptographic operations, and relatively little storage. 3. Of particular practical interest, we describe some reduced-functionality variants of our protocol. We show, for instance, how static pseudonyms may considerably enhance security against eavesdropping in low-cost RFID tags. Our most basic static-pseudonym proposals require virtually no increase in existing RFID tag resources.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.2
• /
• pp.112-121
• /
• 2003

Information Protection and cryptography technology is developed with if but solved problem of real time processing and secret maintain. Therefore this paper is Proposed new PRN-SEED(Pseudo-Random Number-SEED) for the increasing secret rate and processing rate perform performance analysis with existed other cryptography algorithms. Proposed new PRN-SEED crypto-algorithm increase in the processing rate than existed algorithms use bit and byte mixed operation with RNG(Random Number Generator). PRN-SEED that performs simultaneous operations have higher 1.03 in the processing rate and 2 in the cryptosystem performance than existed cryptosystems. Implementation for PRN-SEED use Synopsys Design Analyser Ver. 1999.10, samsung KG75 library and Synopsys VHDL Debegger. As a simulation result, symmetric cryptosystem DES operate 416Mbps at the 40MHz and Rijndael operate 612Mbps at the 50MHz. PRN-SEED cryptosystem have gate counting 10K and operate 430Mbps at the 40MHz and 630Mbps at the 50MHz.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1443-1454
• /
• 2016

Balanced encoding method that implement Dual-rail logic style based on hardware technique to software is efficient countermeasure against side-channel analysis without additional memory. Since balanced encoding keep Hamming weight and/or Hamming distance of intermediate values constantly, using this method can be effective as countermeasure against side channel analysis due to elimination of intermediate values having HW and/or HD relating to secret key. However, former studies were presented for Constant XOR operation, which can only be applied to crypto algorithm that can be constructed XOR operation, such as PRINCE. Therefore, our first proposal of new Constant ADD, Shift operations can be applied to various symmetric crypto algorithms based on ARX. Moreover, we did not used look-up table to obtain efficiency in memory usage. Also, we confirmed security of proposed Constant operations with Mutual Information Analysis.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.7
• /
• pp.1634-1642
• /
• 2014

Mobile RFID system, that consists of the existing RFID reader mounted on the mobile devices such as smartphones, is able to provide the users a variety of services and convenience. But security of mobile RFID system is too weak like the existing RFID system. In this paper, the mobile RFID mutual authentication protocol with high level of security is proposed to overcome the troubles such as cryptographic protocols in the existing RFID system responding with the same value in every authentication procedure and the exposure in the exchange of messages. The proposed protocol exchanges messages unexposed by using the random numbers generated in the mutual authentication between the tag and the reader and making numbers coded with the symmetric key. Besides, the protocol uses the mutual authentication utilizing OTP by considering the characteristics of the reader embedded in mobile devices in the mutual authentication process between the reader and the server. Because changed message in every authentication, which produces safe from spoofing attacks and replay attacks, etc.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.8 no.6
• /
• pp.528-533
• /
• 2015

In the construction of USN environment, the implementation of a safe sensor network using wireless communications can be said to be the most important factor in the entire system. Although USN communication uses wireless communications to enhance accessability and non-contact capability, this results in the security vulnerability, thus endangering the system. In this regard, we propose a security protocol that can be effectively applied to USN, a multi-sensor network. The proposed protocol is a method using an individual chaotic system, and it is a security protocol to synchronize the main chaotic system mounted on each sensor and prepared key values into the initial values, and to communicate with the use of the synchronized values as symmetric keys. The communication protocol proposed in this paper is expected to yield good results as a new method to resolve security problems of USN and program capacity limitations of sensor nodes if subsequent studies continue to be carried out.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.337-347
• /
• 2020

In CRYPTO 2019, Gohr presents that Deep-learning can be used for cryptanalysis. In this paper, we verify whether Deep-learning can identify the structures of S-box. To this end, we conducted two experiments. First, we use DDT and LAT of S-boxes as the learning data, whose structure is one of mainly used S-box structures including Feistel, MISTY, SPN, and multiplicative inverse. Surprisingly, our Deep-learning algorithms can identify not only the structures but also the number of used rounds. The second application verifies the pseudo-randomness of and structures by increasing the nuber of rounds in each structure. Our Deep-learning algorithms outperform the theoretical distinguisher in terms of the number of rounds. In general, the design rationale of ciphers used for high level of confidentiality, such as for military purposes, tends to be concealed in order to interfere cryptanalysis. The methods presented in this paper show that Deep-learning can be utilized as a tool for analyzing such undisclosed design rationale.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.481-490
• /
• 2016

Bluetooth utilizes a symmetric key that is exchanged at the first pairing to establish a secure channel. There are four authentication modes which enables device authentication, Just work, Passkey Entry, Out of Band, and Numeric Comparison. Up to now, Just work has been considered as the authentication mode that is vulnerable to Man-In-The-Middle (MITM) Attack. In addition, it is possible to intentionally change any authentication mode to Just work mode, in order to succeed in MITM Attack under Just work mode. However, this kind of attacks have just worked under the assumption that users should not notice that authentication mode was changed. In this paper, We analyze the specification of Secure Simple Pairing, LE Legacy Pairing and LE Secure Connection Pairing. When using Passkey Entry mode on each approach, it seems the MITM attack is possible. Also it offers Passkey Entry MITM attack that does not require assumptions about the user's fault, because it isn't change verification process of the authentication mode unlike traditional attacks. We implement the proposed MITM attacks. Also we presents a scenario in which an attack can be exploited and a countermeasure.

• Archives of Plastic Surgery
• /
• v.37 no.4
• /
• pp.443-446
• /
• 2010

Purpose: Tragus is one of the key structure of the normal shape of auricle. We experienced several cases of hypoplastic tragus with preauricular appendage. This article describes the methods of reconstruction of atypical tragus using accessory tragus or macrotragus to make better aesthetic results rather than simple excision. Methods: From April, 2004 to March, 2009, 21 patients got operations by our method. Seven patients had bilateral deformity of tragus. Mean age was 12.7 years. For 17 cases of accessory tragus, simple excision, z-plasty and interpolation flap was performed. For 11 cases of macrotragus, debulking and z-plasty was performed. Mean follow-up period was 9.4 months. Results: Reconstructed tragus looked symmetric with the opposite side in contour, size, direction and partial coverage of auditory meatus. There was no enlargement of remnant appendage for the follow up period and there was no complication such as hematoma, infection and chondritis. Conclusion: In cases of small and deformed tragus, preauricular tissue such as accessory tragus and macrotragus could be a good source of tragal reconstruction.

• Journal of Advanced Navigation Technology
• /
• v.17 no.6
• /
• pp.712-719
• /
• 2013

This paper studies the security module for the reliable transmission of the meter reading and the control data between the remote terminals and the upper server-side in smart water grid. The proposed security module was implemented to make it attachable to the remote terminal without security function. In particular, unlike the smart grid of electric field, the low power is considered due to the use of battery power in the smart water grid, and the ARIA-GCM-128 symmetric key method is adopted taking into the account that the damp and constrictive environments by the installed meter location in the underground occur a communication obstacle on building of the large-scale network system. The encryption module of this paper was devised to ensure the safety between the reading data on the terminal and the control data from the upper server, and secure the stability of the remote meter reading system by taking protection against an arbitrary alteration or modification.