• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.3
• /
• pp.131-137
• /
• 2010

UMSN (Ubiquitous Medical Sensor Network) is being used in u-Healthcare system of various medical facilities to identify objects and get information from sensors in real-time. RFID using radio frequency determines objects using Reader, which reads Tags attached to patients. However, there is a security vulnerability wherein Tag send its ID to illegal Reader because Tags always response to Readers request regarding of its Tag ID. In this paper, we propose Tag ID Classification Scheme to reduce Back-end Server traffic that caused by requests to authenticate between Readers and Tags that are attached to medical devices, patients, and sensors; To reduce security threats like eavesdropping and spoofing that sometimes occurred during authentication procedure. The proposed scheme specifies the patient category as a group based on patients Tag ID string. Only allowed Reader can perform authentication procedure with Back-end Server. As a result, we can reduce Back-end Server traffic and security threats.

• The KIPS Transactions:PartC
• /
• v.16C no.2
• /
• pp.189-198
• /
• 2009

Mobile RFID system is a next generation technology which combines the existing RFID systems with mobile systems. It is newly expected to provide additional services and will be broadly used in everyday life; however, it sometimes causes the privacy or security problems generated by existing RFID systems and the additional privacy or security problems. Moreover, even if many methods have been proposed to solve those problems, it is still difficult to adapt to reality or to guarantee the security perfectly. Therefore, in this paper, we propose the secure and practicable privacy protection mechanism suitable to mobile RFID systems. proposing mechanism is applicable the mechanism to Private Zone of mobile RFID systems which require to protect the privacy. This mechanism suggests that own tagging-products needed to protect privacy using mobile reader of personal don't provide any information to other readers except their own reader. In addition to, proposing mechanism is the efficient mechanism which largely reduces the process to maintain the synchronization when happen to the DoS attack or system error.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.5
• /
• pp.1070-1075
• /
• 2013

In this research, we describe a security robot system and ongoing research results to control human's wrong direction in order to forbid human to enter security zone. Proposed robot system surveils a security area with equipped laserscanner sensor usually. When it detect walking human who is for the area, robot calculates his velocity vector, plans own path to forestall and interrupts him who want to head restricted area and starts to move along the estimated trajectory. The walking human is assumed to be a point-object and projected onto an scanning plane to form a geometrical constraint equation that provides position data of the human based on the kinematics of the mobile robot. While moving the robot continues these processes for adapting change of situation. After arriving at an opposite position human's walking direction, the robot advises him not to be headed more and change his course. The experimental results of estimating and tracking of the human in the wrong direction with the mobile robot are presented.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.330-334
• /
• 2017

Container-based virtualization reduces performance overhead compared with other virtualization technologies and guarantees an isolation of each virtual execution environment. So, it is being studied to block access to host resources or container resources for sandboxing in restricted system resource like embedded devices. However, because security threats which are caused by security vulnerabilities of the host OS or the security issues of the host environment exist, the needs of the technology to prevent an illegal accesses and unauthorized behaviors by malware has to be increased. In this paper, we define additional access permissions to access a virtual execution environment newly and control them in kernel space to protect attacks from illegal access and unauthorized behaviors by malware and suggest the Container Access Control to control them. Also, we suggest a way to block a loading of unauthenticated kernel driver to disable the Container Access Control running in host OS by malware. We implement and verify proposed technologies on Linux Kernel.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.1
• /
• pp.51-61
• /
• 2010

Koinonia system is designed to fully utilize the advantage of Binary CDMA so as to guarantee QoS in wireless networks. In this paper, we propose the new network structure based on this system and refer to it as BLAN(Binary CDMA LAN). Although BLAN is similar structure to IEEE 802.11 WLAN, it will ensure the fast handover and QoS. We also propose the AKA(Authentication and Key Agreement) protocol and Reauthentication protocol to be used for communication in BLAN. These protocols are securely and efficiently designed using the user identity module to support the more powerful authentication. Hence, BLAN, including the proposed protocols, will support the high mobility and security. In conclusion, we expect that BLAN can be applied to future infrastructure on special environment, and it can be helpful showing the new network model which alternate WLAN.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.264-284
• /
• 2021

As the next-generation network architecture, software-defined networking (SDN) has great potential. But how to forward data packets safely is a big challenge today. In SDN, packets are transferred according to flow rules which are made and delivered by the controller. Once flow rules are modified, the packets might be redirected or dropped. According to related research, we believe that the key to forward data flows safely is keeping the consistency of flow rules. However, existing solutions place little emphasis on the safety of flow rules. After summarizing the shortcomings of the existing solutions, we propose FRChain to ensure the security of SDN data forwarding. FRChain is a novel scheme that uses blockchain to secure flow rules in SDN and to detect compromised nodes in the network when the proportion of malicious nodes is less than one-third. The scheme places the flow strategies into blockchain in form of transactions. Once an unmatched flow rule is detected, the system will issue the problem by initiating a vote and possible attacks will be deduced based on the results. To simulate the scheme, we utilize BigchainDB, which has good performance in data processing, to handle transactions. The experimental results show that the scheme is feasible, and the additional overhead for network performance and system performance is less than similar solutions. Overall, FRChain can detect suspicious behaviors and deduce malicious nodes to keep the consistency of flow rules in SDN.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.827-835
• /
• 2022

In order to use online financial services, user authentication technology is necessary. Password check through keyboard typing is the most common technique. However, since it became known that key stokes on the keyboard can be intercepted easily, many Internet banking services and easy payment services have adopted the virtual keyboard. However, contrary to the expectation that the virtual keyboard will be safe, there is a risk that key strokes on the virtual keyboard can be leaked. In this paper, we analyzed the possibility of password leaking on the virtual keyboard and presented a password leaking method using mouse event hooking and screen capture in PC operating system. In addition, we inspected the possibility of password leak attacks on several famous Korea Internet banking websites and simple payment services, and as a result, we verified that the password input method through the virtual keyboard in the PC operating system is not secure.

• Journal of the Society of Disaster Information
• /
• v.17 no.1
• /
• pp.176-183
• /
• 2021

Purpose: The introduction of smart factories that reflect the 4th industrial revolution technologies such as AI, IoT, and VR, has been actively promoted in Korea. However, in order to solve various problems arising from existing file-based operating systems, this research will focus on identifying and verifying non-file system-based data protection technology. Method: The research will measure security storage that cannot be identified or controlled by the operating system. How to activate secure storage based on the input of digital key values. Establish a control unit that provides input and output information based on BIOS activation. Observe non-file-type structure so that mapping behavior using second meta-data can be performed according to the activation of the secure storage. Result: First, the creation of non-file system-based secure storage's data input/output were found to match the hash function value of the sample data with the hash function value of the normal storage and data. Second, the data protection performance experiments in secure storage were compared to the hash function value of the original file with the hash function value of the secure storage after ransomware activity to verify data protection performance against malicious ransomware. Conclusion: Smart factory technology is a nationally promoted technology that is being introduced to the public and this research implemented and experimented on a new concept of data protection technology to protect crucial data within the information system. In order to protect sensitive data, implementation of non-file-type secure storage technology that is non-dependent on file system is highly recommended. This research has proven the security and safety of such technology and verified its purpose.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10b
• /
• pp.691-693
• /
• 2004

비디오 시퀀스에서의 객체 추적은 보안 및 감시 시스템(Security and surveillance system), 비디오 원격 회의(Video teleconferencing)등과 같이 컴퓨터 비전 응용 분야에 널리 이용되어, 정정 그 중요성이 증가하고 있다 여러 가지 이유로 인친 카메라 덜(View)로부터 객체의 가시 상태가 변하는 경우, 하나의 뷰만을 이용해서는 좋은 결과를 가지기 어렵기 때문에 본 논문에서는 객체가 가장 잘 나타나는 뷰를 선택해서 객체를 추적하는 방법을 제안한다. 각각의 카메라 뷰에서 객체를 추적하기 위해 본 논문에서는 다중 후보가 결합된 Mean-shift 알고리즘을 이용한다. 제안된 시스템의 경우, 복잡한 환경으로 인해 객체의 가시 상태가 변하는 환경에서 단일 뷰를 이용하는 경우와 비교해 더 나은 성능을 가질 수 있었다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.493-495
• /
• 2005

유비쿼터스 네트워크는 기존의 네트워크와 같이 네트워크 인프라가 구축된 상태에서 통신을 수행하는 것이 아닌 인프라가 존재하지 않은 상태에서 각 단말들 상호간의 라우팅으로 데이터 송$\cdot$수신 등의 통신 기능을 수행할 수 있는 형태의 네트워크 구조를 가지므로 유비쿼터스 컴퓨팅 환경에서 보안성을 제공한다는 것은 많은 어려움이 따른다. 본 논문에서는 프로토콜에서 기본적으로 보안성을 제공하기 위한 2가지 형태의 패킷 형태를 제시하였고, 이러한 구조를 통한 데이터 전송은 보다 빠른 데이터 처리를 수행할 수 있다.