Jangseong Kim

Untraceable and Serverless RFID Authentication and Search Protocols

So far, conventional RFID protocols provide the security and privacy protections by utilizing the central database model where readers should maintain the persistent connection between the readers and the central database. Recently, severless RFID protocols [4], [5] have been proposed to provide more flexible RFID service by removing the need of this connection. In this paper, we first point out the tracing vulnerability of the existing serverless RFID protocols. To address this vulnerability, we suggest a novel method which generates a unique access list for each reader based on groups of tags and multiple pseudonyms. We then propose untraceable and serverless RFID authentication and search protocols with this method. In comparison with [4], our protocols provide more resilient protection to the tracing vulnerability. Moreover, our protocols show less computation overhead than [4].

An efficient and scalable re-authentication protocol over wireless sensor network

Although wireless sensor network is considered as one of promising technologies for ubiquitous computing environment, more researches for re-authentication of mobile nodes in wireless sensor network are required due to user mobility, one of important properties in ubiquitous computing environment. As the citizens in a city can be mobile user in wireless sensor network and the resource of the sensor nodes is limited, scalability of re-authentication is important. In other words, re-authentication with less communication cost should be proposed. In this paper, we suggest an efficient method of membership verification for re-authentication of mobile node and show the performance analysis of our membership verification. Using this method, we propose an efficient and scalable reauthentication protocol over wireless sensor network. Also, we provide performance and security analysis of our protocol.

A lightweight privacy preserving authentication and access control scheme for ubiquitous computing environment

In Ubiquitous Computing Environment (UCE), service provider wants to provide its service to only legitimate users. Some users who belong to same service provider do not want to reveal their identities while using some privacy-related services such as location information, printing, browsing web pages, etc. In addition, we should consider lightweight cryptographic protocols because UCE can be constructed by lots of resource and energy constrained devices. In this paper we propose a lightweight privacy-preserving authentication and access control scheme for UCE. Compared to the previous schemes [13,14], our proposed scheme which was designed to reduce the number of public key operations and to improve non-linkability feature is found to be more secure and requires less memory on the users device. Moreover the proposed scheme provides mutual authentication, accountability and differentiated access control.

Three-round abuse-free optimistic contract signing with everlasting secrecy

We introduce the novel notion of Verifiable Encryption of Chameleon Signatures (VECS), and then use it to design a three-round abuse-free optimistic contract signing protocol.

A privacy-preserving secure service discovery protocol for ubiquitous computing environments

Recently, numerous service discovery protocols have been introduced in the open literature. Unfortunately, many of them did not consider security issues, and for those that did, many security and privacy problems still remain. One important issue is to protect the privacy of a service provider while enabling an end-user to search an alternative service using multiple keywords. To deal with this issue, the existing protocols assumed that a directory server should be trusted or owned by each service provider. However, an adversary may compromise the directory server due to its openness property. In this paper, we suggest an efficient method of membership verification to resolve this issue and analyze its performance. Using this method, we propose a privacy-preserving secure service discovery protocol protecting the privacy of a service provider while providing multiple keywords search to an end-user. Also, we provide performance and security analysis of our protocol.

A novel secure key paring protocol for RF4CE ubiquitous smart home systems

The Radio Frequency for Consumer Electronics (RF4CE) is developed to support the rapid increasing demand of bi-directional communication and remote control functionalities in CE market such as TV, home theater . However, current security model in RF4CE standard has potential weakness that transmission of initial key seeds is operated via unencrypted air interface. In this paper, we propose a secure key agreement protocol that uses pre-shared information between consumer devices and manufacturers and controllers receive the information by communication with manufacturers.

A scalable and privacy-preserving child-care and safety service in a ubiquitous computing environment

Abstract Recently, the technologies for child care and safety have been developing rapidly, together with the various IT convergence services. In particular, several mobile operators (e.g., SKT, KTF, and LGT) in Korea and Gangnam province in Seoul provide their own child-care services. However, some problems such as incorrect location information, privacy violation, and difficulty of an end-user to control the child-care service still exist. In this paper, we derive the security requirements of a child-care and safety service and establish a conceptual model satisfying the requirements. Based on the system model, we propose a privacy-preserving location supporting protocol for a child-care and safety service using wireless sensor networks. While addressing the above problems, our protocol can be operated over various networks (e.g., Wi-Fi and UWB) providing an RSSI (received signal strength indication) without any modification. Through performance and security analysis of our protocol, we show that our protocol is efficient and secure. More precisely, our protocol reduces the computation and communication overhead of the existing infrastructures to support better scalability.

Efficient sensor node authentication via 3GPP mobile communication networks

Energy efficiency is one of important issues in the resource constrained wireless sensor network. In this paper, we propose the authentication and key agreement protocol that efficiently reduces the overall computational and communication costs in the next generation converged network. The enhanced security procedures are operated through the mobile network in order to maximize the lifetime of the sensor networks and to apply the combined capabilities of both networks.

A scalable and robust hierarchical key establishment for mission-critical applications over sensor networks

The previous schemes of key establishment in the wireless sensor networks may not be employed for the mission-critical application due to several limitations: lightweightness and scalability from the point of performance, vulnerabilities against node compromise and various existing attacks from the point of security. In this paper, after identifying security requirements of mission-critical applications over sensor networks, we propose a scalable and robust hierarchical key establishment scheme which enhances resilience against node capture, traffic analysis attack and acknowledgment spoofing attack. In addition, our scheme provides periodic key updates without communication costs for key transport. We verified that our scheme requires less storage, computation and communication cost compared with the previous scheme in the open literature. When AES-256 is used for symmetric encryption and one cluster consists of 50 sensor nodes, we can reduce 93.4% storage requirement and 17.2%∼51.3% communication cost of the authentication request for the cluster. Since the reduced communication and computation costs enable the time of authentication process to be short, our scheme can support relatively fast initialization and fault recovery. Moreover, our scheme prolongs the lifetime of the wireless sensor networks.

Traceable Anonymous Authentication Scheme for Vehicular Ad-hoc Networks

In this paper, we proposed a novel anonymous authentication scheme in VANETs. Our scheme provides message authentication, anonymity, unlink ability, and trace ability of an end-user simultaneously. The unlink ability which enables privacy preservation and the trace ability which enables conditional tracking are contradictory. Compared with the existing work, we claim that our scheme has better performance in terms of storage, computation, and communication overhead.