Woongryul Jeon

A practical analysis of smartphone security

Recent developments in mobile technologies have produced a new kind of device, a programmable mobile phone, the smartphone. Generally, smartphone users can program any application which is customized for needs. Furthermore, they can share these applications in online market. Therefore, smartphone and its application are now most popular keywords in mobile technology. However, to provide these customized services, smartphone needs more private information and this can cause security vulnerabilities. Therefore, in this work, we analyze security of smartphone based on its environments and describe countermeasures.

Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme

In 1981, Lamport proposed a password authentication scheme to provide authentication between single user and single remote server. In a smart card based password authentication scheme, the smart card takes password as input, makes a login message and sends it to the server. Many smart card based password authentication schemes with a single server have already been constructed. However it is impossible to apply the authentication methods in single server environment to multi-server environment. Therefore, some smart card based password authentication schemes for the multi-server environment are proposed. In 2010, Yoon et al. proposed a robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. In this paper, however, we show that scheme of Yoon et al. is vulnerable to off-line password guessing attack and propose an improved scheme to prevent the attack.

The Vulnerabilities Analysis of Fuzzy Vault Using Password

Fingerprint is immutable and unchangeable. Thus, if it is disclosed, owner of fingerprint cannot use his fingerprint any longer. Fuzzy vault is a cryptographic framework that makes secure template storage to bind the template with a uniformly random key. In order to keep fuzzy vault secure, various schemes are studied using special data like password. K.Nandakumar proposed a scheme for hardening a fingerprint minutiae-based fuzzy vault using password. However, that scheme has vulnerabilities against several attacks. In this paper, we analyze vulnerabilities of K.Nandakumar¿s scheme and propose a new scheme which is secure against various attacks to fuzzy vaults.

Cryptanalysis of Encrypted Remote User Authentication Scheme by Using Smart Card

Remote user authentication scheme is one of the most convenient authentication schemes to deal with secret data over insecure channels. In 2012, Yassin et al. proposed encrypted remote user authentication scheme by using smart card. They claimed that their scheme is secure against various attacks. In this paper, we demonstrate that their scheme is insecure and vulnerable to outsider attack, smart card stolen attack, offline password guessing attack, and masquerade attack.

Key Management Scheme Using Dynamic Identity-Based Broadcast Encryption for Social Network Services

Recently, Social Network Service market is getting bigger and bigger. Then there are many security threats by malicious users. In addition, because sensitive data is concentrated on the central server, privacy can be exposed to SNS provider as well as malicious users. To overcome this problem, many previous researches suggest decentralized systems for SNS. In these systems, sensitive data may not be stored in central server. When a user transmits a message, the server does not interfere with the process. Thus, the user who transmits a message needs way to manage the keys that are used for message encryption scheme. In this paper, we suggest the efficient key management scheme using Dynamic Identity-Based Broadcast Encryption. Using this scheme, it is possible to communicate securely between users in decentralized social network.

Design of a Simple User Authentication Scheme Using QR-Code for Mobile Device

Recently, Liao et al. proposed a user authentication scheme suited for mobile device environment, in which users can be authenticated using a QR-Code. This work reviews Liao et al.’s scheme and provides a security analysis on the scheme. Our analysis shows that Liao et al.’s scheme does not achieve its fundamental goal of authentication, user-to-server authentication. The contribution of the current work is to demonstrate this by mounting a user impersonation attack on Liao et al.’s scheme. In addition, we also proposed a much more secure authentication scheme that repairs the security vulnerabilities in Liao et al.’s scheme.

Security Analysis of Authentication Scheme for Wireless Communications with User Anonymity

Recently, with the growth of the smartphone, wireless communi-cations using mobile device are growing rapidly around the world. The most advantage of the wireless communication is that a mobile user can communicate various data to anywhere at any time. However, to ensure the security of the communications, the authentication is being magnified as an important issue in wireless communication. After Zhu and Ma, various studies are announced, and in 2008, Wang et al. pointed out that Wu et al.’s scheme is failed to provide user anonymity and proposed an improved scheme. However, in this paper, we discuss that Wang et al.’s scheme is still vulnerable to a malicious adversary and does not provide user anonymity.

An enhanced remote user authentication scheme using smart card

Remote User authentication scheme is widely used for communication between authorized remote users over insecure network. In 2010, Manoj Kumar proposed a new secure remote user authentication scheme with smart cards. He claimed that the protocol was secure against replay attack, stolen verifier attack. However, we show that the protocol is vulnerable to stolen smart-cards attack and password guessing attack. In this paper, we will address detailed analysis of the flaw in Kumars scheme and resolve aforementioned problems.

Analysis of content filtering software

The openness of web allows any user to easily get information anytime and anywhere. However, as well as the advantage of easy access to useful information, the web has disadvantages of providing users with harmful information indiscriminately. Some information, such as adult content, is not appropriate for children. To protect children from adult contents, many types of filtering software have been distributed. However, filtering software cannot entirely block adult contents, because it has some functional limitations. In this paper, we analyze several filtering software and discuss their limitations. Furthermore, we propose the essential functionalities for filtering software.

Password-based single-file encryption and secure data deletion for solid-state drive

Recently, SSD sales are on the steady rise. The reason of sales is that SSD is faster and smaller than HDD. Therefore SSD serves as a typical alternative to HDD. In fact, SSD considerably emulates the technology of HDD such as the communication protocol and hardware interfaces. So, the technology of HDD can quickly be adapted to SSD. However, SSD slightly differ from HDD in the way of storing, managing and accessing the data. Because of the difference between SSD and HDD, it is possible that technology and command of HDD are not accurately operated on SSD. So various problems on the technology of SSD have occurred gradually including encryption and deletion. To solve this problem, we have to analyze the method of data encryption and secure data deletion suitable for SSD. In this paper, we research significant technology and security problem relevant to SSD. On the basis of analysis about SSD problems, we propose the password-based single-file encryption and secure data deletion for SSD and compare the previous researches with proposed method.