• Journal of the Korea Convergence Society
• /
• v.7 no.4
• /
• pp.33-38
• /
• 2016

DDoS attack has been continuously utilized that caused the excessively large amount of traffic that network bandwidth or server was unable to deal with paralyzing the service. Most of the people regard NTP as the biggest cause of DDoS. However, according to recently executed DDoS attack, there have been many SSDP attack in the use of amplified technique. According to characteristics of SSDP, there is no connection for making a forgery of source IP address and amplified resources feasible. Therefore, it is frequently used for attack. Especially, as it is mostly used as a protocol for causing DDoS attack on IoT devices that constitute smart home including a wireless router, media server, webcam, smart TV, and network printer. Hereupon, it is anticipated for servers of attacks to gradually increase. This might cause a serious threat to major information of human lives, major government bodies, and company system as well as on IoT devices. This study is intended to identify DDoS attack techniques in the use of weakness of SSDP protocol occurring in IoT devices and attacking scenario and counter-measures on them.

• The Journal of the Korea Contents Association
• /
• v.11 no.7
• /
• pp.60-69
• /
• 2011

As the mobile industry has developed, people have become to pursue more delicate information exchange and close relationships between individuals through it. According to such a request, Social Networking Services have been activated based on short messages. Moreover, in combination with smart phones, the needs for adding location information is recently increasing more and more. Security and Privacy problems, however, are raised because such location information is so sensitive and may be used maliciously by someone else. Especially, storing location information of family members in a public server may become a negative factor to hinder people from utilizing such services. Therefore, this paper proposes a location based SNS service using smart phones for home community that runs on a home server in a house so that relationships between family members at home may be closer and improved through utilizing the service.

• Journal of Korea Multimedia Society
• /
• v.13 no.4
• /
• pp.575-581
• /
• 2010

With widespread use of the Internet and improvements in streaming media and compression technology, digital music, video, and image can be distributed instantaneously across the Internet to end-users. However, most conventional Digital Right Management are often not secure and not fast enough to process the vast amount of data generated by the multimedia applications to meet the real-time constraints. The SVC offers temporal, spatial, and SNR scalability to varying network bandwidth and different application needs. Meanwhile, for many multimedia services, security is an important component to restrict unauthorized content access and distribution. This suggests the need for new cryptography system implementations that can operate at SVC. In this paper, we propose a new scrambling encryption for reserving the characteristic of scalability in MPEG4-SVC. In the base layer, the proposed algorithm is applied and performed the selective scambling. And it encrypts various MVS and intra-mode scrambling in the enhancement layer. In the decryption, it decrypts each encrypted layers by using another encrypted keys. Throughout the experimental results, the proposed algorithms have low complexity in encryption and the robustness of communication errors.

• Journal of Korea Multimedia Society
• /
• v.12 no.5
• /
• pp.644-652
• /
• 2009

New communication environments such as USN, WiBro and RFID have been realized nowadays. Thus, in order to ensure security and privacy protection, various light-weight block ciphers, e.g., mCrypton, HIGHT, SEA and PRESENT, have been proposed. The block cipher mCrypton, which is a light-weight version of Crypton, is a 64-bit block cipher with three key size options (64 bits, 96 bits, 128 bits). In this paper we show that 8-round mCrypton with 128-bit key is vulnerable to related-key rectangle attack. It is the first known cryptanalytic result on mCrypton. We first describe how to construct two related-key truncated differentials on which 7-round related-key rectangle distinguisher is based and then exploit it to attack 8-round mCrypton. This attack requires $2^{45.5}$dada and $2^{45.5}$time complexities which is faster than exhaustive key search.

• Journal of KIISE:Information Networking
• /
• v.35 no.4
• /
• pp.311-317
• /
• 2008

This paper proposes a session key exchange scheme for providing secure communication between Vehicles and Infrastructure in VANET. In the current VANET environment, IEEE 802.11i or PKI based mechanism is used to provide secure communication between V2I. However, since the vehicles and the frequent changes of network topology, VANET nodes have some difficulties to exchange the session key using IEEE 802.11i or PKI method. In the proposed scheme, Local Router is newly defined for exchanging the session key between moving vehicles and infrastructure. A session key is generated by XOR operation based on the random values between Local Router and OBU. As a result, the proposed scheme has a noticeable advantage on the fastness of key exchange by exchanging session keys between LR and OBU.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.5C
• /
• pp.737-749
• /
• 2004

Kerberos authenticates clients using symmetric-key cryptography, and supposed to Oust other systems of the realm in distributed network environment. But, authentication and authorization are essential elements for the security. In this paper, we design an efficient and secure authentication/authorization mechanism by introducing the public/private-key and installing the proxy privilege server to Kerberos. In the proposed mechanism, to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we reduce the number of keys by simplifying authentication steps. Proxy privilege server certifies privilege request of client and issues a privilege attribute certificate. Application server executes privilege request of client which is included a privilege attribute certificate. Also, a privilege attribute certificate is used in delegation. We design an efficient and secure authentication/authorization algorithm with Kerberos.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.41 no.4
• /
• pp.1-10
• /
• 2004

In NGNs(Next Generation Networks), It is necessary for Integrated management of resource and information to satisfy high-quality users'demands, such as stable speed, guarantee of high level service and service requirement in various fields. In relation to this, technology for efficiently using limited resources is becoming interesting things more and more. Therefore policy of network service is dealt essentially. Recently, DEN(Directory Enabled Network)-based personalization service is user-dependent services in NGNs, and integrated management and efficient use of limited resources. Also, PBNM(Policy-Based Network Management) is new technology defined and applied by policies of communication service environments and users on demand. Subsequently to study on how to optimizing the PBNM is of great importance. In this paper, we propose a technology of the PBNM based on DEN standardized in DMTF(Distributed Management Task Force).

• Journal of IKEEE
• /
• v.19 no.1
• /
• pp.45-51
• /
• 2015

Recently, as WPAN (Wireless Personal Area Network) becomes the necessary feature in IoT (Internet of Things) devices, the importance of data security also hugely increases. In this paper, we present the low-complexity 128-bit AES-$CCM^*$ hardware IP for IEEE 802.15.4 standard. For low-cost and low-power implementation which is essentially required in IoT devices, we propose two optimization methods. First, the folded AES(Advanced Encryption Standard) processing core with 8-bit datapath is presented where composite field arithmetic is adopted for reduced hardware complexity. In addition, to support $CCM^*$ mode defined in IEEE 802.15.4, we propose the mode-toggling architecture which requires less hardware resources and processing time. With the proposed methods, the gate count of the proposed AES-$CCM^*$ IP can be lowered up to 57% compared to the conventional architecture.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.1
• /
• pp.130-140
• /
• 2010

SIP (Session Initiation Protocol) is a signaling protocol to provide IP-based VoIP (Voice over IP) service. However, many security vulnerabilities exist as the SIP protocol utilizes the existing IP based network. The SIP Malformed message attacks may cause malfunction on VoIP services by changing the transmitted SIP header information. Additionally, there are several threats such that an attacker can extract personal information on SIP client system by inserting malicious code into SIP header. Therefore, the alternative measures should be required. In this study, we analyzed the existing research on the SIP anomaly message detection mechanism against SIP attack. And then, we proposed a Co-occurrence based SIP packet analysis mechanism, which has been used on language processing techniques. We proposed a association rule generation and an attack detection technique by using the actual SIP session state. Experimental results showed that the average detection rate was 87% on SIP attacks in case of using the proposed technique.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.2
• /
• pp.209-216
• /
• 2002

World Wide Web has potential possibility of infrastructure for parallel computing environment connecting massive computing resources, not just platform to provide and share information via browser. The approach of Web-based parallel computing has many advantages of the ease of accessibility, scalability, cost-effectiveness, and utilization of existing networks. Applet has the possibility of decomposing the independent/parallel task, moving over network, and executing in computers connected in Web, but it lacks in the flexibility due to strict security semantic model. Therefore, in this paper, Web-based parallel computing environment using mobile agent, Aglet (Agile applet) was designed and possible implementation technologies and architecture were analyzed. And simple simulation and analysis was done compared with applet-based approach.