Jeonil Kang

RFID authentication protocol with strong resistance against traceability and denial of service attacks

Even if there are many authentication protocols for RFID system, only a few protocols support location privacy. Because of tag’s hardware limitation, these protocols suffer from many security threats, especially from the DoS (Denial of Service) attacks. In this paper, we discuss location privacy problem and show vulnerabilities of RFID authentication protocols. And then, we will suggest a strong authentication protocol against location tracing, spoofing attack, and DoS attack.

Proactive code verification protocol in wireless sensor network

For WSN(Wireless Sensor Network) to provide reliable service, authentication is one of the most important requirements. The authentication usually means the entity authentication, but owing to the data centric nature of sensor network, much more importance must be put on the authentication(or attestation) for code of sensor nodes. The naive approach to the attestation is for the verifier to compare the previously known memory contents of the target node with the actual memory contents in the target node, but it has a significant drawback. In this paper, we show what the drawback is and propose a countermeasure. The basic idea of our countermeasure is not to give the malicious code any memory space to reside by cleaning the target nodes memory space where the malicious code can reside. This scheme can verify the whole memory space of the target node and provides extremely low probability of malicious codes concealment without depending on accurate timing information unlike SWATT[1]. We provide this verification method and show the performance estimation in various environments.

Two factor face authentication scheme with cancelable feature

Though authentication using biometric techniques has conveniences for people, security problems like the leakage of personal bio-information would be serious. Even if cancelable biometric is a good solution for the problems, only a few biometric authentication scheme with cancelable feature has been published. In this paper, we suggest a face authentication scheme with two security factors: password and face image. Using matching algorithm in the permuted domain, our scheme is designed to be cancelable in the sense that templates that is composed of permutation and weight vector can be changed freely.

A Method of Enhancing Security of Internet Banking Service using Contents-Based CAPTCHA

ABSTRACT Internet banking service has a advantage that is unrestricted b y time. If automated programs are able to attack Internet banking services, a number of accounts can be attacked at the same time and as a result, damage will be considerably increased. To cope with such attacks, two methods, VPS and MS w atermark, were introduced by Arcot and MS respectively. The methods use text-based CAPTCHAs in the process of transfer approval to distinguish automated programs from legal human users. In this paper, we point out the security threats of the methods when those are applied to Internet banking services. Especially, we consider the attack that are performed by extract specific string from text-based CAPTCHAs and its countermeasure. Also we suggest a method of enhancing security of internet banking services. Our method is based on contents-based CAPTCHAs that are consist of known transfer info rmation between user and server.Keywords: CAPTCHA, Internet banking, MITB, secure card, OTP접수일(2013년 1월 14일), 수정일(1차: 2013년 3월 27일, 2차: 2013년 5월 20일), 게재확정일(2013년 6월 13일)* 이 논문은 인하대학교의 지원에 의하여 연구되었음.†주저자, 181cm76kg245@gmail.com ‡교신저자, khlee@suwon.ac.kr (Corresponding author)

Rogue Access Point Detector Using Characteristics of Channel Overlapping in 802.11n

In this work, we introduce a powerful hardware-based rogue access point (PrAP), which can relay traffic between a legitimate AP and a wireless station back and forth, and act as a man-in-the-middle attacker. Our PrAP is built of two dedicated wireless routers interconnected physically, and can relay traffic rapidly between a station and a legitimate AP. Through extensive experiments, we demonstrate that the state-of-the-art time-based rogue AP (rAP) detectors cannot detect our PrAP, although effective against software-based rAP. To defend against PrAPs, we propose PrAP-Hunter based on intentional channel interference. PrAP-Hunter is highly accurate, even under heavy traffic scenarios. Using a high-performance (desktop) and low-performance (mobile) experimental setups of our PrAP-Hunter in various deployment scenarios, we demonstrate close to 100% of detection rate, compared to 60% detection rate by the state-of-the-art. We show that PrAP-Hunter is fast (takes 5-10 sec), does not require any prior knowledge, and can be deployed in the wild by real world experiments at 10 coffee shops.

A Privacy-Preserving Mobile Payment System for Mass Transit

In the near future, mobile payment systems based on smartphones are expected to be widely applied in various environments, including transit services. When passengers use mass transit, their private information, such as their identity and route, may be made available to some related organizations, such as transit agencies, financial institutions, mobile carriers, and providers of smart cards, among others, even when the passengers may not want their information to be revealed. To protect passenger privacy, this paper proposes a privacy-preserving transit payment system based on traceable signatures, identity-based signatures, and anonymous signatures. In addition to passenger privacy, the proposed system facilitates the proactive blocking of misbehaving passengers, free-transfer services (or transfer discount), and postpaid programs. We demonstrate that the performance of this system is good enough for immediate deployment based on various experiments.

Highly-accurate rogue access point detection using intentional channel interference: poster

In this work, we introduce a powerful hardware-based rogue access point (PrAP), which can relay traffic between a legitimate AP and a wireless station, and act as a man-in-the-middle attacker. To defend against PrAPs, we propose PrAP-Hunter based on intentional channel interference. We demonstrate close to 100% of detection rate, compared to 60% detection rate by the state-of-the-art.

Matchmaker : Fuzzy Vault Scheme for Weighted Preference

Juels와 Sudan의 퍼지 볼트 기법은 기법이 갖는 오류 내성 때문에 많은 연구에 사용 되어오고 있다. 그러나 이들의 퍼지 볼트 기법은 그들의 논문에서 영화 애호가 문제를 예를 들었음에도 불구하고, 사람들이 일반적으로 갖는 선호도(preference)의 차이에 대한 고려가 존재하지 않는다. 한편, Nyang과 Lee는 안전하고 성능이 좋은 얼굴인증 시스템을 만들기 위해서, 얼굴 특징이 서로 다른 가중치를 갖도록 얼굴 특징과 퍼지 볼트(vault) 사이에 특별한 연관 구조를 갖는 얼굴 인증 시스템(이른바, 퍼지 얼굴 볼트)을 소개하였다. 그러나 그들의 기법은 일반적인 특징 추출 기법들이 클래스 내부/간 차이를 최적화하려는 특성이 있기 때문에 인증 실패율을 성공적으로 낮추지 못할 것으로 쉽게 예상할 수 있다. 이 논문에서는 퍼지 볼트의 유연성을 제공해주기 위하여 Nyang과 Lee의 퍼지 볼트기반의 얼굴 인증 시스템에서 가중치 아이디어를 다른 방식으로 구현한 버킷(bucket) 구조와 사용자 선호도와 시스템 구현 간 관계를 공식화하는 세 가지 분포 함수에 대해서 소개한다. 또한 이를 바탕으로 선호도 매치메이커(preference matchmaker) 기법을 제안하며, 영화 데이터베이스를 이용하여 이러한 매치메이커의 연산 성능을 확인해본다.

Study of Operating μTESLA in Multi-hop Unattended WSN

ABSTRACT μTESLA is well known as the most representative energy-efficient broadcast authentication method. Until now, there are many researches that figure out the problems or limitation of μTESLA and mitigate or solve them, but most researches have been verified in the environment far from the real world. We co nsider the necessity of verifying what the real efficiency of μTESLA is. In this paper, we assume that sensors that continuous ly repeat hibernation and activity perform communication under the UWSN(Unattended WSN), which BS does not stay in the network. In this environment, we newly inspect the performance of μTESLA by performing various simulations.Keywords: Unattended Wireless Sensor Network, broadcast message authent ication, μTESLA, NS-2 I.서 론 WSN(Wireless Sensor Network)은 작은 크기의 무선 센서 노드들로 구성된 네트워크로 각각의 센서 노드는 무선 통신이 가능한 통신 모듈과 작은 크기의 메모리, 저 전력으로 운영되는 마이크로 컨트롤러를 가지고 있다. 또한 주변의 데이터를 수집할 센서 접수일(2013년 2월 18일), 수정일(2013년 4월 8일), 게재확정일(2013년 4월 18일)* 이 논문은 인하대학교의 지원에 의하여 연구되었음.†주저자, noodlejin@isrl.kr‡교신저자, khlee@suwon.ac.kr(Corresponding author)

On Message Length Efficiency of Two Security Schemes using Bloom Filter

Recent two security schemes showed that a bloom filter can reduce a message length required for representing multiple MACs. The schemes, however, made message length comparison without considering security level. Since the MAC is intended for security, it is important to let multiple MACs and the bloom filter have the same level of security for making message length comparison. In this paper, we analyze the message length efficiency of bloom filter, compressed bloom filter and multiple MACs, letting them have the same security level.