• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.117-128
• /
• 2008

Compared with the existing bar code system, RFID system has lots of advantages such as it identifies automatically massive objects. We might anticipate RFID technology will be a substitution for an optical bar code system in the near future. However, their feature that uses radio waves may cause various security problems. Many kinds of solutions have been researched to overcome these security problems. In this paper, we analyze the previous proposed protocols. And then, we categorize RFID authentication into two types according to the synchronization requirement between a Back-end Database and a Tag. In addition, we introduce the previous proposed approaches to tag search problem in RFID authentication. And we propose an efficient method which provides fast tag search by using membership test algorithm, a Bloom filter.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.119-128
• /
• 2002

In case certification between user and service provider is achieved, problem that user's identity is revealed is occurring by social issue, so it was presented identity escrow scheme to solve these problem. In identity escrow scheme, the issuer who have correct user's identity transmits securely anonymity authentication information to user, and user achieves authentication phase with service provider keeping oneself anonymity using this. In this paper, we present requirement for security and trusty of identity escrow scheme and propose new mechanism that can security this. Also, propose method that service provider can deliver securely contents to user and propose mechanism that improve that support ky recovery at encryption communication that using secret key that it was generated by key agreement between users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.75-86
• /
• 2014

Demand for the femtocell is largely credited to the surge in a more always best connected communication conscious public. 3GPP defines new architecture and security requirement for Release 9 to deal with femtocell, Home eNode B referred as HeNB. In this paper, we analyze the HeNB security with respect to mutual authentication, access control, and secure key agreement. Our analysis pointed out that a number of security vulnerabilities have still not been addressed and solved by 3GPP technical specification. These include eavesdropping, man-in-the-middle attack, compromising subscriber access list, and masquerading as valid HeNB. To the best of our knowledge, any related research studying HeNB security was not published before. Towards this end, this paper proposes an improved authentication and key agreement mechanism for HeNB which adopts proxy-signature and proxy-signed proxy-signature. Through our elaborate analysis, we conclude that the proposed not only prevents the various security threats but also accomplishes minimum distance from use-tolerable authentication delay.

• Journal of the Korea Convergence Society
• /
• v.8 no.10
• /
• pp.61-66
• /
• 2017

Recently, IoT technology is rapidly developing with the keyword "Anytime, Anywhere, Convenient". In addition, security problems in IoT systems are exploding and the damage is increasing as well. In this paper, we propose a method to develop IoT system safely by using internationally recognized CC evaluation in ICT by identifying the standardization and security technology development status defining IoT system security requirements. For this purpose, IoT system and service security aspects are analyzed. Based on this, it is possible to design the security functional requirements and to demonstrate the rationale of the security objective through the correspondence relation, and it is possible to design the protection profile for the IoT system. This is a sufficient basis for the development methodology to be presented in this paper because it is used as a means of referring to the set of security requirements of administrators, developers, and users.

• Korean Security Journal
• /
• no.12
• /
• pp.117-147
• /
• 2006

This study aims to propose efficient way to operate the security guarding system from the perspective of administration, policy, law, institution and operation as to the private security guarding system as the Korean security guarding system needs multifaced analysis and measure to ensure efficient operation. The growth strategy has to be restructured and segmentation market needs to be driven in order to cope with the changing conditions of company from the perspective of administration. And private security guarding service companies must refrain from excessive competition while improving the contracting method such as minimum price bidding, etc. From the perspective of policy, the functions of relevant organizations such as the National Police Agency, security association, etc, and mutual cooperation must expand. Also, the profit generation event needs to be privatized and the more positive perception toward the private security guarding service is necessary. In addition, security exhibition and seminar can be expanded to lay the groundwork for the advancement of private security system. From the legal and institutional perspective, the security guarding service related law must be revised and the certification system must b introduced to cope with the changing requirement. The security guarding instructor system must be strengthened to ensure a faithful and earnest implementation of duty to instruct, supervise and educate security guarding personnel. From the perspective of security guarding system's operation, professional security technique must be introduced and applied, and the volunteer application system must be established. In addition, standard 'security guarding manual' must be crafted, and the equipment for security guarding must be modernized to ensure an efficient operation of private security guarding services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.513-528
• /
• 2018

In a smart home environment that integrates IoT technology into a residential environment, the smart home hub provides convenience functions to users by connecting various IoT devices to the network. The smart home hub plays a role as a gateway to and from various data in the process of connecting and using IoT devices. This data can be abused as personal information because it is closely related to the living environment of the user. Such abuse of personal information may cause damage such as exposure of the user's identity. Therefore, this thesis analyzed the threat by using LINDDUN, which is a threat modeling technique for personal information protection which was not used in domestic for Smart Home Hub. We present evaluation criteria for smart home hubs using the Common Criteria, which is an international standard, against threats analyzed and corresponding security requirements.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.97-105
• /
• 2019

With the possibility of wireless control of the aircraft by Nicola Tesla, Unmanned Aerial Vehicle(UAV) was mainly used for military and defense purposes with the rapid development through World War I and II. As civilian applications of unmanned aerial vehicles have expanded, they have been used with various services, and attempts have been made to control various environmental changes and risk factors of unmanned aerial vehicles. However, GPS spoofing, Jamming attack and security accidents are occurring due to the communication in the unmaned aerial vehicle system or the security vulnerability of the unmanned aerial vehicle itself. In order to secure introduction of Unmanned aerial vehicle, South Korea has established Unmanned Aerial Vehicle verification system called Airworthiness Certification. However, the existing cerfication system is more focused on test flight, design and structure's safety and reliability. In this paper, we propose a unmanned aerial vehicle system model and propose security functional requirements on unmanned aerial vehicle system in the corresponding system model for secure-introduction of Unmanned Aerial Vehicle. We suggest the development direction of verification technology. From this proposal, future development directions of evaluation and verification technology of Unmanned Aerial Vehicle will be presented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.213-230
• /
• 2020

As smart TVs have recently emerged as the center of the IoT ecosystem, their importance is increasing. If a vulnerability occurs within a smart TV, there is a possibility that it will cause financial damage, not just in terms of privacy invasion and personal information leakage due to sniffing and theft. Therefore, in this paper, to enhance the completeness of smart TV vulnerability analysis, STRIDE threat classification are used to systematically identify threats. In addition, through the manufacture of the Attack Tree and the actual vulnerability analysis, the effectiveness of the checklist was verified and security requirements were derived for the safe smart TV use environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.255-266
• /
• 2022

Messenger applications applied end-to-end encryption on their own to prevent message exposure to servers. Standardization of a group messaging protocol called Message Layer Security (MLS) with end-to-end encryption is being discussed for secure and efficient message communication. This paper performs safety checks based on the operation process and security requirements of MLS. Confidentiality to a middleman server, which is an essential security requirement in messenger communication, can be easily violated by a server administrator. We define a server administrator who is curious about the group's communication content as a curious admin and present an attack in which the admin obtains a group key from MLS. Reminds messenger application users that the server can view your communication content at any time. We discuss ways to authenticate between users without going through the server to prevent curious admin attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.1-9
• /
• 2024

Multivariate Quadratic (MQ)-based digital signature schemes have advantages such as ease of implementation and small signature sizes, making them promising candidates for post-quantum cryptography. To enhance the efficiency of such MQ-based digital signature schemes, utilizing sparse matrices have been proposed, including HiMQ, which has been standardized by Korean Telecommunications Technology Association standard. However, HiMQ shares a similar key structure with Rainbow, which is a representative MQ-based digital signature scheme and was broken by the MinRank attack proposed in 2022. While HiMQ was standardized by a TTA and recommended parameters were provided, these parameters were based on cryptanalysis as of 2020, without considering recent attacks. In this paper, we examine attacks applicable to MQ-based digital signatures, specifically targeting HiMQ, and perform a security analysis. The most effective attack against HiMQ is the combined attack, an improved version of the MinRank attack proposed in 2022, and none of the three recommended parameters satisfy the desired security strength. Furthermore, HiMQ-128 and HiMQ-160 do not meet the minimum security strength requirement of 128-bit security level.