• Journal of Advanced Navigation Technology
• /
• v.14 no.4
• /
• pp.504-511
• /
• 2010

The personal bio-information supplied from the PHD(Personal Health Device) for personal health management is very sensitive in relation to a personal living body in an aspect of privacy protection. On the assumption thai the information is about a patient, it is more serious problem if it is revealed to a third party. However. the established ISO (International Organizations for Standardization) standard protocol[1] in October 2009 has just considered a transmission part for mutual exchange of bio-information between individuals, but has never actually considered security elements. Accordingly, this paper is to show all sorts of security threats according to personal health management in the u-health environment and security requirements newly.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.65 no.12
• /
• pp.2240-2250
• /
• 2016

MIFARE Classic is the most popular contactless smart card, which is primarily used in the management of access control and public transport payment systems. It has several security features such as the proprietary stream cipher Crypto 1, a challenge-response mutual authentication protocol, and a random number generator. Unfortunately, multiple studies have reported structural flaws in its security features. Furthermore, various attack methods that target genuine MIFARE Classic cards or readers have been proposed to crack the card. From a practical perspective, these attacks can be partitioned according to the attacker's ability. However, this measure is insufficient to determine the optimal attack flow due to the refined random number generator. Most card-only attack methods assume a predicted or fixed random number, whereas several commercial cards use unpredictable and unfixable random numbers. In this paper, we propose optimal MIFARE Classic attack procedures with regards to the type of random number generator, as well as an adversary's ability. In addition, we show actual attack results from our portable experimental setup, which is comprised of a commercially developed attack device, a smartphone, and our own application retrieving secret data and sector key.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.2
• /
• pp.978-1002
• /
• 2019

With the rapid development of the Internet of Things, the problem of privacy protection has been paid great attention. Recently, Nikooghadam et al. pointed out that Kumari et al.'s protocol can neither resist off-line guessing attack nor preserve user anonymity. Moreover, the authors also proposed an authentication supportive session initial protocol, claiming to resist various vulnerability attacks. Unfortunately, this paper proves that the authentication protocols of Kumari et al. and Nikooghadam et al. have neither the ability to preserve perfect forward secrecy nor the ability to resist key-compromise impersonation attack. In order to remedy such flaws in their protocols, we design a lightweight authentication protocol using elliptic curve cryptography. By way of informal security analysis, it is shown that the proposed protocol can both resist a variety of attacks and provide more security. Afterward, it is also proved that the protocol is resistant against active and passive attacks under Dolev-Yao model by means of Burrows-Abadi-Needham logic (BAN-Logic), and fulfills mutual authentication using Automated Validation of Internet Security Protocols and Applications (AVISPA) software. Subsequently, we compare the protocol with the related scheme in terms of computational complexity and security. The comparative analytics witness that the proposed protocol is more suitable for practical application scenarios.

• Convergence Security Journal
• /
• v.16 no.6_2
• /
• pp.3-22
• /
• 2016

The purpose of this paper is to study ways to improve the welfare of private security guards. For this reason, it was analyzed the actual situation of the private security guards' wage and welfare system. As a result of the analysis, the most important factors that affect the wages and welfare system of private security guards was such as contracting costs, the minimum wage level, professional duties. In particular, a private security guards have been recognized as the most low-level professionalism sorted by the simple laborers standard classification. Wages of guards in accordance with this recognition is only about 47% of major company on average, about 80% of the small business average. If the proposed future improvements include: First, we need to improve the professionalism of a private security. Second, It is established a mutual-aid project about private security guards. Third, It shall regulate the wage of private security guards on Private Security Industry Act. Fourth, we should adopt a selective welfare system.

• IEIE Transactions on Smart Processing and Computing
• /
• v.1 no.2
• /
• pp.95-105
• /
• 2012

The widespread implementation of RFID in ubiquitous computing is constrained considerably by privacy and security unreliability of the wireless communication channel. This failure to satisfy the basic, security needs of the technology has a direct impact of the limited computational capability of the tags, which are essential for the implementation of RFID. Because the universal application of RFID means the use of low cost tags, their security is limited to lightweight cryptographic primitives. Therefore, EPCGen2, which is a class of low cost tags, has the enabling properties to support their communication protocols. This means that satisfying the security needs of EPCGen2 could ensure low cost security because EPCGen2 is a class of low cost, passive tags. In that way, a solution to the hindrance of low cost tags lies in the security of EPCGen2. To this effect, many lightweight authentication protocols have been proposed to improve the privacy and security of communication protocols suitable for low cost tags. Although many EPCgen2 compliant protocols have been proposed to ensure the security of low cost tags, the optimum security has not been guaranteed because many protocols are prone to well-known attacks or fall short of acceptable computational load. This paper proposes a remedy protocol to the flyweight RFID authentication protocol proposed by Burmester and Munilla against a desynchronization attack. Based on shared pseudorandom number generator, this protocol provides mutual authentication, anonymity, session unlinkability and forward security in addition to security against a desynchronization attack. The desirable features of this protocol are efficiency and security.

• Journal of National Security and Military Science
• /
• s.1
• /
• pp.35-70
• /
• 2003

President Lee, Syngman was ROK supreme commander at the Korean war. But, it is doubt that he executed his authority and responsibility by the ROK constitution and law. At the phase of the Korean War conduct, his role may be divided into 'military operation execution one' and 'political-diplomacy one'. He appointed unqualified person to the important position of the national defence, didn't make war execution system, and was not make to meet the war. And, after transferring the ROK force operation commanding authority to the Commander in Chief, UN Command, his role was extremely trivial at the military operation execution phase. Any way, he intended to recover the inferior national strength and military capacity with USA aid, and concentrated his effort toward diplomacy with USA. At last, he succeeded in making a mutual defence treaty and gained a big result to harden Korea national security after war. In sum, president Lee was shrewd politician and diplomat than military leader. And, it can be evaluated that he supplemented the lost part of military affairs side with diplomat one.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.193-200
• /
• 2006

RFID technology has been gradually expanding its application areas however studies on personal space infringement along with security are insufficient. This paper proposes a new security protocol access time interval scheme and RSA algorithm to analyze existing RFID security protocol and attempts to solve the problem of lightweight protocol. Information protection for two-way channels can be enforced through the proposed protocol and other issues of sniffing and man-in-the-middle attacks can be solved by applying a mutual certification technique application among tag readers.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.12
• /
• pp.6188-6204
• /
• 2017

Over the years, more password-based authentication key agreement schemes using chaotic maps were susceptible to attack by off-line password guess attack. This work approaches this problem by a new method--new theorem of chaotic maps: $T_{a+b}(X)+T_{a-b}(X)=2T_a(X)T_b(X)$,(a>b). In fact, this method can be used to design two-party, three-party, even in N-party intelligently. For the sake of brevity and readability, only a two-party instance: a novel Two-party Password-Authenticated Key Agreement Protocol is proposed for resisting password guess attack in this work. Compared with the related literatures recently, our proposed scheme can be not only own high efficiency and unique functionality, but is also robust to various attacks and achieves perfect forward secrecy. For capturing improved ratio of security and efficiency intuitively, the paper firstly proposes a new parameter called security/efficiency ratio(S/E Ratio). The higher the value of the S/E Ratio, the better it is. Finally, we give the security proof and the efficiency analysis of our proposed scheme.

• Journal of Korea Society of Industrial Information Systems
• /
• v.6 no.1
• /
• pp.56-60
• /
• 2001

An authentication protocol for wireless mobile communication systems is proposed. The protocol employs the keyed hash function to provide mutual authentication and session key distribution. This makes the low computation power of mobile stations. To provide the security architecture with minimal assumption about the security of intermediate transport networks, this protocol has no assumptions about the security of the intermediate, fixed networks.

• Journal of Internet Computing and Services
• /
• v.12 no.6
• /
• pp.139-147
• /
• 2011

We proposed the secure and efficient passive RFID protocol which is based on one-way hash based low-cost authentication protocol (OHLCAP). The paper introduces OHLCAP and the vulnerabilities of OHLCAP and suggests security solutions by analyzing them. Afterwards, The paper presents the proposed protocol and demonstrates computational performance and security of the protocol. This protocol not only has the resistances against eavesdropping attack, impersonation attack, desynchronization attack, and replay attack but also provides untraceability and forward secrecy.