• International Journal of Computer Science & Network Security
• /
• v.23 no.3
• /
• pp.169-176
• /
• 2023

The vehicular ad hoc network (VANET) is currently an important approach to improve personal safety and driving comfort. ANEL is a MAC-based authentication scheme that offers all the advantages of MAC-based authentication schemes and overcomes all their limitations at the same time. In addition, the given scheme, ANEL, can achieve the security objectives such as authentication, privacy preservation, non-repudiation, etc. In addition, our scheme provides effective bio-password login, system key update, bio-password update, and other security services. Additionally, in the proposed scheme, the Trusted Authority (TA) can disclose the source driver and vehicle of each malicious message. The heavy traffic congestion increases the number of messages transmitted, some of which need to be secretly transmitted between vehicles. Therefore, ANEL requires lightweight mechanisms to overcome security challenges. To ensure security in our ANEL scheme we can use cryptographic techniques such as elliptic curve technique, session key technique, shared key technique and message authentication code technique. This article proposes a new efficient and light authentication scheme (ANEL) which consists in the protection of texts transmitted between vehicles in order not to allow a third party to know the context of the information. A detail of the mapping from text passing to elliptic curve cryptography (ECC) to the inverse mapping operation is covered in detail. Finally, an example of application of the proposed steps with an illustration

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.11
• /
• pp.6849-6855
• /
• 2014

Recently, with the increasing use of smart phones, security issues, such as safety and reliability of the use of the Android application has become a topic to provide services in various forms. An Android application is performed using several important files in the form of an apk file. On the other hand, they may be subject to unauthorized use, such as the loss of rights and privileges due to the insertion of malicious source code of these apk files. This paper examines the Android environment to study ways to define the threats related to the unauthorized use of the application source code, and based on the results of the analysis, to prevent unauthorized use of the application source code. In this paper, a system is provided using a third body to prevent and detect applications that have been counterfeited or forged illegally and installed on Android devices. The application provides services to existing systems that are configured with only the service server that provides users and applications general, This paper proposes the use of a trusted third party for user registration and to verify the integrity of the application, add an institution, and provide a safe application.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.11
• /
• pp.5496-5505
• /
• 2012

As the IT industry develops, the smart-phone technology and functions which are actively being studied at the moment greatly influence the entire living environment. With the smart-phone technology and functions, people's interest for the wireless LAN which can be used to get access to the Internet anytime anywhere is gradually increasing. However, since the malicious attacker can easily carry out hacking or approach the contents due to the characteristics of the wireless radio wave, the personal information with a high level of importance for data security is easily exposed due to Spoofing, Denial of Service attack and Man in the Middle attack. Therefore, the demand for security is gradually increasing. In this paper, the safe wireless network service environment is provided by supplementing the vulnerability in regard to Spoofing, Session Hijacking and Man in the Middle attack after executing the client's authentication process, the AP authentication process and the Mobile Agency authentication process with the client's information in the USIM, the AP information and the Mobile Agency information when the client uses the wireless Internet through the Mobile Agency AP access in the smart phone environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.319-328
• /
• 2013

Considerable number of major countries have put great efforts to leverage the efficiency of power consumption using Smart Grid in order to resolve the critical issues with drastical growing demands regarding electricity, the crisis of environmental pollution and so on. There has been increasing number of researches to construct Smart Grid in Korea as well. The threats of cyber terror attacks which might cause national crisises in terms of economy and society have been climbing up because of the fact that Smart Grid employs bi-directional communications embedding the cyber threats from existing/legacy communication networks. Consequently, it is required to build concrete response processes including investigation and analysis on cyber breaches into Smart Grid. However, the digital evidence acquisition techniques do not suffice to be deployed in Smart Grid systems despite of the fact that the techniques, against cyber breaches into well-known networks, have been studied in plenty of time. This work proposes a novel digital evidence acquisition scheme appropriate to Smart Grid systems through intensive investigation of the evidence acquisition requirements in Smart Grid and the historical evidence acquisition methods.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.129-141
• /
• 2010

In digital computing environment, for the mal functions in appliances and system errors, the unaccepted intrusion should be occurred. The evidence collecting technology uses the system which was damaged by intruders and that system is used as evidence materials in the court of justice. However the collected evidences are easily modified and damaged in the gathering evidence process, the evidence analysis process and in the court. That’s why we have to prove the evidence’s integrity to be valuably used in the court. In this paper, we propose a mechanism for securing the reliability and the integrity of digital evidence that can properly support the Computer Forensics. The proposed mechanism shares and manages the digital evidence through mutual authenticating the damaged system, evidence collecting system, evidence managing system and the court(TTP: Trusted Third Party) and provides a secure access control model to establish the secure evidence management policy which assures that the collected evidence has the corresponded legal effect.

• Journal of Internet Computing and Services
• /
• v.20 no.4
• /
• pp.1-11
• /
• 2019

A Blockchain-based access control technology is one of the various use cases of blockchain and is used in many areas to transparently transfer and manage ownership of data between users without the trusted third party. The characteristics of transparency, Irreversibility, and decentralization provided by the public blockchain help to offer new benefits that existing access control technologies did not offer. However, various security issues facing the current blockchain are raising the issue of the safety of the technology. Therefore, in this paper, we analyze an overview of the blockchain-based access control technology and solutions of the security challenges faced. Moreover, we further present solutions that are not affected by the blockchain trilemma and models of access control technology based on them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.11-18
• /
• 2003

As the Internet moves to mobile environment, one of the most serious problems for the security is to required a new security Protocol with safety and efficiency. To solve the problem. we Propose a new Protocol that reduces the communication franc and solves the problem associated with the private security keys supplied by the trusted third party. The protocol is a non-Interactive oblivious transfer protocol, based on the EIGamal public-key algorithm. Due to its Non-Interactive oblivious transfer protocol, it can effectively reduce communication traffic in server-client environment. And it is also possible to increase the efficiency of protocol through the mechanism that authentication probability becomes lower utilizing a challenge selection bit. The protocol complexity becomes higher because it utilizes double exponentiation. This means that the protocol is difficult rather than the existing discrete logarithm or factorization in prime factors. Therefore this can raise the stability of protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.49-61
• /
• 2003

Electronic voting schemes must provide universal verifiability and receipt-freeness, as well as basic properties such as privacy, eligibility, to make the election fair and transparent. But it is difficult to provide both universal verifiability and receipt-freeness because they are mutually contradictory in their objective. To date, most electronic voting schemes provide only one of these properties and those few that provide both properties are not practical due to heavy computational load. In this paper, we present an efficient electronic voting scheme that provides both properties. The proposed scheme uses a trusted third party called HR(Honest Randomizer) and requires only one-way untappable channels from HRs to voters. Among the schemes that assume only one-way untappable channel this scheme requires the least amount of computation. Among the schemes that provide both properties, this scheme uses the weakest physical assumption. We also discuss the security of the system and compare our scheme with other related schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.69-80
• /
• 2003

Verifiable encryption is an encryption technique with which one can verify what has been encrypted even if one can not decrypt the ciphertext. This technique can be used in fair exchange to convince the counterpart of his or her receiving an item by presenting an encrypted form in advance. In this paper, a method that can guarantee the payment atomicity is proposed by applying verifiable encryption to an electronic cash system based on the representation problem. With the new method, the process of dispute settlement is improved in the fact that the trusted third party do not have to interact with the bank to resolve disputes. This method is also flexible in a sense that clients and shops can request for dispute settlement regardless of any deadline constraint. However, additional proof is necessary to apply verifiable encryption during payment. We discuss the security and the atomicity of our method, and compare ours with others.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1283-1292
• /
• 2012

As delivery services market has grown the damage cases are also continuously increased. When using delivery services, Customers would not be compensated in any way. Perhaps worse, losing a cargo would create a great deal of trouble. Because the lack of evidence, they takes a lot of time to clarify who is responsible. To prevent these things, we must create, collect, maintain and confirm. In this paper, we introduce new delivery system with a trusted third party for non-repudiation services. Moreover, in damage case, we show that the proposed system is efficient and provide non-repudiation. Using sending and receiving codes, the proposed system identifies a responsible subject with quickness and clearness.