• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.12
• /
• pp.2563-2568
• /
• 2009

Although a symmetric cryptographic system has many advantages in speed of encryption decryption, the security problems with the distribution method of secret keys have been still raised. Especially, the distribution method of secret keys for unspecified individuals who want secret communication is becoming a core issue. As a simple solution to this issue, Diffie-Hellman key exchange methods were proposed, but proved to be insufficient in depending MITM(Main In The Middle) attacks. To find effective solution to problems mentioned above, this paper proposes the strengthened Diffie-Hellman key exchange methods applied for the mobile-phone channel which are widely used. This paper emphasizes the way to distribute the synthesized session keys to the sender and the receiver, which are created with authentication numbers exchanged between the mobile-phones and Diffie-Hellman key. Using proposed ways, MITMattacks can be effectively defended.

• The KIPS Transactions:PartC
• /
• v.16C no.2
• /
• pp.199-208
• /
• 2009

Recently,IP-based broadcasting systems,such as Mobile-TV and IP-TV, have been widely deployed. These systems require a security system to allow only authorized subscribers access to broadcasting services. We analyzed the Conditional Access System, which is a security system used in the IP-based Pay-TV systems. A weakness of the system is that it does not scale well when the system experiences frequent membership changes. In this paper, we propose a group key distribution protocol which overcomes the scalability problem by reducing communication and computation overheads without loss of security strength. Our experimental results show that computation delay of the proposed protocol is smaller than one of the Conditional Access System. This is attributed to the fact that the proposed protocol replaces expensive encryption and decryption with relatively inexpensive arithmetic operations. In addition, the proposed protocol can help to set up a secure channel between a server and a client with the minimum additional overhead.

• The KIPS Transactions:PartC
• /
• v.13C no.7 s.110
• /
• pp.843-850
• /
• 2006

This is devoted to first, to propose a hash chain algorithm that generates more secure key than conventional encryption method. Secondly, we proposes encryption method that is more secure than conventional system using a encryption method that encrypts each block with each key generated by a hash chain algorithm. Thirdly, After identifying the user via wired and wireless network using a user authentication method. We propose a divided session key method so that Although a client key is disclosed, Attackers cannot catch a complete key and method to safely transfer the key using a divided key method. We make an experiment using various size of digital contents files for performance analysis after performing the design and implementation of system. Proposed system can distribute key securely than conventional system and encrypt data to prevent attacker from decrypting complete data although key may be disclosed. The encryption and decryption time that client system takes to replay video data fie is analogous to the conventional method.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.8
• /
• pp.1977-1985
• /
• 2009

An e-Seal is an active RFID device that was set on the door of a container. e-Seal provides both the state of the seal and the remote control of the device automatically. But it has vulnerabilities like eavesdrop and impersonate because of using RFID system. A secure e-Seal authentication protocol must use PRF for encryption/decryption of reader and e-Seal. The existing PRF uses simple hash function such as MD5 or SHA which is not available for e-Seal. It is required to use strong hash functions. The hash function is a essential technique used for data integrity, message authentication and encryption in the mechanism of information security. Therefore, in this paper, we propose more secure and effective hash function based on polynomial for e-Seal authentication protocol.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.11
• /
• pp.351-356
• /
• 2020

With the spread of COVID-19 infections, the need for next-generation learning management system for undact education is rapidly increasing, and the Ministry of Education is planning future education through the establishment of fourth-generation NEIS. If the fourth-generation NEIS System is well utilized, there are advantages such as providing personalized education services and activating the use of educational data, but a solution to the illegal access problem in an access control environment where strict authorization is difficult due to various user rights. In this paper, we propose a blockchain-based access control audit system for next-generation learning management. Sensitive personal information is encrypted and stored using the proposed system, and when the auditor performs an audit later, a secret key for decryption is issued to ensure auditing. In addition, in order to prevent modification and deletion of stored log information, log information was stored in the blockchain to ensure stability. In this paper, a hierarchical ID-based encryption and a private blockchain are used so that higher-level institutions such as the Ministry of Education can hierarchically manage the access rights of each institution.

• The KIPS Transactions:PartC
• /
• v.13C no.4 s.107
• /
• pp.435-440
• /
• 2006

XML encryption is to provide confidentiality service, though not limited to, for web contents. XML encryption can be applied to entire data files as opaque objects, or more frequently to various parts of XML documents, supporting various encryption granularity. It is this characteristic that makes XML encryption a more efficient alternative for data confidentiality in various web applications than is possible with SSL/TLS, IPsec, PGP, or S/MIME. It is essential for successful deployment of XML encryption to achieve interoperability among the products implementing this technology, which requires the products to implement the XML encryption standards correctly. Conformance testing is to test if products implement the relevant standard correctly. In this paper we present a conformance testing method for XML encryption products and implement it. We will first look at XML encryption standards developed by W3C, and extract test criteria. Then we propose a testing method in which the encryption capability and the decryption capability of a product are tested separately. The proposed methody is actually implemented as a GUI-based testing tool and some test results are presented.

• The KIPS Transactions:PartC
• /
• v.9C no.2
• /
• pp.189-196
• /
• 2002

IPSec is a protocol which provides data encryption, message authentication and data integrity on public and open network transmission. In IPSec, ESP protocol is used when it needs to Provide data encryption, authentication and integrity in real transmission Packets. ESP protocol uses DES-CBC encryption mode when sender encrypts packets and receiver decrypts data through this mode IV is used at that tome. This vague has many risks of attack during transmission by attacker because it is transferred clean and opened. If IV value is modified, then decryption of ESP data is impossible and higher level information is changed. In this paper we propose a new algorithm that it encrpty IV values using DES-ECB mode for preventing IV attack and checks integrity of whole ESP data using message authentication function. Therefore, we will protect attacks of IV and data, and guarantee more safe transmission on the public network.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.12
• /
• pp.3597-3605
• /
• 1999

We introduce a new satellite Conditional Access System(CAS) that a subscriber could watch a pay-TV knowing only his or her identity and password, without using a smart card. For this new system, two password-based protocols are presented which not only share a session key and authenticate each other but also download an authorization key. This system has some merits: First, compared with current systems, it reduces the amount of computations by eliminating the AK-encryption module in SMS(Subscriber Management System) and simplifying the receiver's CW-decryption process. Second, since this system does not need an expensive Card Adaptive Device(CAD), it can reduce costs. finally it provides descrambler independence allowing it to be used through any TV set-top box that includes a descrambler, unlike the current system that a descrambler is linked with a smart card.

• Journal of the Korean Society of Industry Convergence
• /
• v.20 no.2
• /
• pp.177-186
• /
• 2017

With the latest developments in ICT(Information Communication Technology) technology, research on Intelligent Car, Connected Car that support autonomous driving or services is actively underway. It is true that the number of inputs linked to external connections is likely to be exposed to a malicious intrusion. I studied possible security issues that may occur within the Connected Car. A variety of security issues may arise in the use of CAN, the most typical internal network of vehicles. The data can be encrypted by encrypting the entire data within the CAN network system to resolve the security issues, but can be time-consuming and time-consuming, and can cause the authentication process to be carried out in the event of a certification procedure. To resolve this problem, CAN network system can be used to authenticate nodes in the network to perform a unique authentication of nodes using nodes in the network to authenticate nodes in the nodes and By encoding the ID, identifying the identity of the data, changing the identity of the ID and decryption algorithm, and identifying the cipher and certification techniques of the external invader, the encryption and authentication techniques could be detected by detecting and verifying the external intruder. Add a monitoring node to the CAN network to resolve this. Share a unique ID that can be authenticated using the server that performs the initial certification of nodes within the network and encrypt IDs to secure data. By detecting external invaders, designing encryption and authentication techniques was designed to detect external intrusion and certification techniques, enabling them to detect external intrusions.

• Journal of KIISE
• /
• v.42 no.8
• /
• pp.979-989
• /
• 2015

Machine to Machine (M2M) technology has gained attention due to the fast diffusion of Internet of Things (IoT) technologies and smart devices. Most wireless network experts believe that Bluetooth Low Energy (BLE) Communications technology in an iBeacon network has amazing advantages in terms of providing communication services at a low cost in smartphone applications. Specifically, BLE does not require any pairing process during its communication phases, so it is possible to send a message to any node without incurring additional transmissions costs if they are within the BLE communication range. However, BLE does not require any security verification during communication, so it has weak security. Therefore, a security authorization process would be necessary to obtain customer confidence. To provide security functions for iBeacon, we think that the iBeacon Message Encryption process and a Decryption (Authorization) process should be designed and implemented. We therefore propose the BLE message Authorization Mechanism based on a One Time Password Algorithm (BLE-OTP). The effectiveness of our mechanism is evaluated by conducting a performance test on an attendance system based on BLE-OTP.