• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.1
• /
• pp.31-36
• /
• 2015

As web accessibility has been easier, security issue becomes much more important in web applications demanding user authentication. Cookie is used to reduce the load of the server from the session in web applications and manage the user information efficiently. However, the cookie containing user information can be sniffed by an attacker. With this sniffed cookie, the attacker can retain the web application session of the lawful user as if the attacker is the lawful user. This kind of attack are called cookie replay attack and it causes serious security problems in web applications. In this paper, we have introduced a mechanism to detect cookie replay attacks and defend them, and verified effectiveness of the mechanism.

• Journal of Digital Convergence
• /
• v.10 no.10
• /
• pp.325-332
• /
• 2012

Due to its communication vulnerability resulting in a range of problems, e.g. eavesdropping, information exposure, traffic analysis and spoofing, RFID system becomes the target of attackers. Accordingly, many investigators have proposed various protocols to the extent of theorem proving or verification as the implementation is challenging. This paper thus proposes a safe RFID security protocol using public keys, session keys, hashes, XORs, and random numbers. Timestamps and hashes are applied to the most vulnerable section between readers and tags to detect attacks in attack signals with time difference. Also, to prevent tag information from being exposed in the last session, hash operation is adopted before communication. Finally, in this paper, we designed a RFID security protocol using public and session keys applicable to real systems and verified the security of the proposed protocol with a differentiated formal verification technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.941-950
• /
• 2021

Single Sign-On (SSO) service manages user's account passwords from multiple websites so that security in a high level is required. Users who use the SSO service are authenticated through the Identity Provider (IdP) when logging into the website. We present the security requirements that IdP can take in order to minimize the user's risk whose IdP account is compromised. We describe the security threats that arise when the security requirements are not satisfied. Through evaluation, we prove that the attacker's session cannot be canceled even if the user recognizes the attack if the IdP does not satisfy the security requirements.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.7C
• /
• pp.971-984
• /
• 2004

In the coming age of information warfare, information security patterns need to be changed such as to the active approach using offensive security mechanisms rather than traditional passive approach just protecting the intrusions. In an active security environment, it is essential that, when detecting an intrusion, the immediate confrontation such as analysing the intrusion situation in realtime, protecting information from the attacks, and even tracing the intruder. This paper presents an active intrusion-confronting system using a fake session and a honeypot. Through the fake session, the attacks like Dos(Denial of Service) and port scan can be intercepted. By monitoring honeypot system, in which the intruders are migrated from the protected system and an intrusion rule manager is being activated, new intrusion rules are created and activated for confronting the next intrusions.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.169-180
• /
• 2009

Generally home networks are based on wired network and wireless network. This makes customers be capable of using electric home appliances and full-duplex multimedia services and controlling the machines without any restrictions of place or time. Now that the scope of home security is being extended, the home networks can be formed with not only personal computer but also home automation, electric home appliances, and etc. But this causes many of attacks of invasion and damages. Therefore in this paper we suggest the SSIP(Secure Session Initiate protocol) model for solving those problems. The SSIP model is able to provide an efficient authentication and reduce the time of session re-establishment and set-up by adding ability of SIP authentication to Cluster-to-Cluster environment performed on home gateway.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.99-101
• /
• 2002

At ACISP'02, H.J. Kim et al.[1] proposed a new traitor tracing scheme. However, this paper show that the proposed scheme is to be insecure by presenting a conspiracy attack. Using our attack, any two subscribers can collaborate to derive the secret key of the data supplier and tell or sell it to any body. Thus, the unauthorized user can always decrypt the encrypted session key with the decrypted session key. Also the two subscribers cannot be traced by the data supplier

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06d
• /
• pp.183-185
• /
• 2011

차세대 이동통신은 고품질의 멀티미디어 서비스가 요구되고, 이중 서비스간의 호환이 주요한 특징이 된다. 이러한 이동통신의 과도기적인 위치에 IMS가 서비스 된다. IMS는 기존의 통신망을 토대로 다양한 망과 연계를 한다. 하지만 AS(Application Server)의 서비스가 다양해지면서 S-CSCF(Serving-Call Session Control Function)는 역할 과중이 발생한다. 따라서 S-CSCF와 AS 사이에 Gateway를 설계하여 S-CSCF의 기능을 분담한다. 그리고 사용자 서비스 기반의 로드 밸런싱을 통하여 속도를 향상한다. 논문은 IMS 모델에서 S-CSCF의 역할을 분석한 후, Gateway의 구조와 설계 모델을 제시한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.3
• /
• pp.801-825
• /
• 2024

For Internet of Things, it is more preferred to have immediate access to environment information from sensor nodes (SNs) rather than from gateway nodes (GWNs). To fulfill the goal, mutual authentication scheme between user and SNs with session key (SK) negotiation is more suitable. However, this is a challenging task due to the constrained power, computation, communication and storage resources of SNs. Though lots of authentication schemes with SK negotiation have been designed to deal with it, they are still insufficiently secure and/or efficient, and some even have serious vulnerabilities. Therefore, we design an efficient secure authentication scheme with session key negotiation (eSAS2KN) for wireless sensor networks (WSNs) utilizing fuzzy extractor technique, hash function and bitwise exclusive-or lightweight operations. In the eSAS2KN, user and SNs are mutually authenticated with anonymity, and an SK is negotiated for their direct and instant communications subsequently. To prove the security of eSAS2KN, we give detailed informal security analysis, carry out logical verification by applying BAN logic, present formal security proof by employing Real-Or-Random (ROR) model, and implement formal security verification by using AVISPA tool. Finally, computation and communication costs comparison show the eSAS2kN is more efficient and secure for practical application.

• International Journal of Internet, Broadcasting and Communication
• /
• v.9 no.3
• /
• pp.35-43
• /
• 2017

In 2013, Lee-Lie proposed secure smart card based authentication scheme of Zhu's authentication for TMIS which is secure against the various attacks and efficient password change. In this paper, we discuss the security of Lee-Lie's smart card-based authentication scheme, and we have shown that Lee-Lie's authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to overcome these security problems of Lee-Lie's authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved smart card based user authentication scheme for TMIS is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack, the session key generation attack and provides mutual authentication between the user and the telecare system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.3
• /
• pp.181-196
• /
• 2014

Cloud computer technology currently provides diverse services based on a comprehensive environment ranging from hardware to solution, network and service. While the target of services has been extended from institutions and corporations to personal infrastructure and issues were made about security problems involved with protection of private information, measures on additional security demands for such service characteristics are insufficient. This paper proposes a multi-session authentication technique based on the characteristics of SaaS (Software as a Service) among cloud services. With no reliable authentication authority, the proposed technique reinforced communication sessions by performing key agreement protocol safe against key exposure and multi-channel session authentication, providing high efficiency of performance through key renewal using optimzied key table. Each formed sessions have resistance against deprivation of individual confirmation and service authority. Suggested confirmation technique that uses these features is expected to provide safe computing service in clouding environment.