Soo-Hyun Oh

RFID system with fairness within the framework of security and privacy

Radio Frequency Identification (RFID) systems are expected to be widely deployed in automated identification and supply-chain applications. Although RFID systems have several advantages, the technology may also create new threats to user privacy. In this paper, we propose the Fair RFID system. This involves improving the security and privacy of existing RFID systems while keeping in line with procedures already accepted by the industrial world. The proposed system enables the protection of users’ privacy from unwanted scanning, and, when necessary, is conditionally traceable to the tag by authorized administrators.

An Efficient Authentication Mechanism Strengthen the Privacy Protection in 3G Network

Abstract As communication technologies are developed and variety of services to mobile devices are provided, mobile users is rapidly increasing every year. However, mobile services running on wireless network environment are exposed to various security threats, such as illegal tampering, eavesdropping, and disguising identity. Accordingly, the secure mobile communications services to 3GPP were established that the standard for 3GPP-AKA specified authentication and key agreement. But in the standard, sequence number synchronization problem using false base station attack and privacy problem were discovered through related researches. In this paper, we propose an efficient authentication mechanism for enhanced privacy protection in the 3G network. We solve the sequence number synchronization existing 3GPP authentication scheme using timestamp and strengthen a privacy problem using secret token. In addition, the proposed scheme can improve the bandwidth consumption between serving network and home network and the problem of authentication data overhead for the serving network because it uses only one authentication vector.Key Words : 3GPP-AKA, Authentication, Privacy, IMSI, Security token

Detection Mechanism against Code Re-use Attack in Stack region

Vulnerabilities related to memory have been known as major threats to the security of a computer system. Actually, the number of attacks using memory vulnerability has been increased. Accordingly, various memory protection mechanisms have been studied and implemented on operating system while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as Return-Oriented Programing(ROP) and Jump-Oriented Programming(JOP) called Code Re-used attack to bypass the memory protection mechanism. Thus, in this paper, I analyzed code re-use attack techniques emerged recently among attacks related to memory, as well as analyzed various detection mechanisms proposed previously. Based on the results of the analyses, a mechanism that could detect various code re-use attacks on a binary level was proposed. In addition, it was verified through experiments that the proposed mechanism could detect code re-use attacks effectively.

A Secure Mobile Payment System for Near Field Communication System

Diverse application service such as mobile payment, access control or smart poster have been provided by using smart devices with built-in Near Field Communication technology. Especially, a mobile payment system can provide convenience to its users, but it also can poses including data disclosure while transmitting. There are vulnerabilities while generating session keys used to encrypt data in transaction processes as proposed in KS X 6928, the standard for mobile payment system. Therefore, in this thesis, I analyzed weaknesses of session keys used to encrypt transaction data and proposed a more secure mobile payment system based on NFC to enhance security. The proposed system will provide security functionalities such as key freshness, mutual authentication and key confirmation.

Remote user Access control Mechanism in Smart Grid environments

Smart grid is the next generation intelligent power grid that combines the existing electric power infrastructure and information infrastructure. It can optimize the energy efficiency in both directions, suppliers and power consumers to exchange information in real time. In smart grid environments, with existing network security threats due to the smart grid characteristics, there are additional security threats. In this paper, we propose a security mechanism that provides mutual authentication and key agreement between a remote user and the device. The proposed mechanism has some advantages that provides secure mutual authentication and key agreement and secure against a replay attack and impersonation attacks.

Efficient key distribution protocol for electronic commerce in mobile communications

Recently, the development of mobile communication technology, the mobile terminal users are increasing. In the mobile environment, the security service is very important to provide secure mobile communication, such as mobile electronic-commerce. The security of information is significant to provide secure electronic commerce in mobile communications. Therefore, the security services must be provided in a mobile communication environment. However, the mobile communication environment has some disadvantages, because it has low capacity of power, low performance of CPU and limited memory, etc. In this paper, we propose an efficient key distribution protocol for mobile communications.

Security Enhanced WTLS Handshake Protocol

WAP is the protocol that is a secure data communication for the wireless environments developed by the WAP Forum. WTLS(Wireless Transport Layer Security) is the proposed protocol for secure communication in the WAP. The purpose of WTLS is to provide secure and efficient services in the wireless Internet environment. However, the existing WTLS handshake protocol has some security problems in several active attacks. Therefore, in this paper, we analyze the securities of the existing protocol, and then propose a security enhanced WTLS Handshake protocol.

A Case Study on Program Outcomes Assessment of Information Security Program for Engineering Education Accreditation

Engineering education accreditation addresses evaluation for program outcomes according to educational objectives and assessment process, which students are expected to obtain by the time of graduation in order to train international competitive engineers with continuous quality improvement in engineering programs. This paper shows a case study of a program outcomes assessment system including performance criteria, evaluation process, document system and continuous quality improvement process and an achievement evaluation by the assessment system for program outcomes in Information Security Program of Hoseo university.