• Journal of Internet Computing and Services
• /
• v.14 no.5
• /
• pp.11-26
• /
• 2013

In the wireless Internet, it is so restrictive to use the IPSec. The MIPv4 IPSec's path cannot include wireless links. That is, the IPSec of the wireless Internet cannot protect an entire path of Host-to-Host connection. Also wireless circumstance keeps a path static during the shorter time, nevertheless, the IKE for IPSec SA agreement requires relatively long delay. The certificate management of IPSec PKI security needs too much burden. This means that IPSec of the wireless Internet is so disadvantageous. Our paper is to construct the Mobile IPSec proper to the wireless Internet which provides the host-to-host transport mode service to protect even wireless links as applying excellent WP-IBE scheme. For this, Mobile IPSec requires a dynamic routing over a path with wireless links. FA Forwarding is a routing method for FA to extend the path to a newly formed wireless link. The FA IPSec SA for FA Forwarding is updated to comply the dynamically extended path using Source Routing based Bind Update. To improve the performance of IPSec, we apply efficient and strong future Identity based Weil Pairing Bilinear Elliptic Curve Cryptography called as WP-IBE scheme. Our paper proposes the modified protocols to apply 6 security-related algorithms of WP-IBE into the Mobile IPSec. Particularly we focus on the protocols to be applied to construct ESP Datagram.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.22 no.9
• /
• pp.1916-1932
• /
• 1997

The synchronous stream cipher which require absoulte clock synchronization has the problem of synchronization loss by cycle slip. Synchronization loss makes the state which sender and receiver can't communicate with each other and it may break the receiving system. To lessen the risk, we usually use a continuous resynchronization method which achieve resynchronization at fixed timesteps by inserting synchronization pattern and session key. While we can get resynchronization effectively by continuous resynchroniation, there are some problems. In this paper, we proposed an adaptive resynchronization algorithm for cipher system using HDLC protocol. It is able to solve the problem of the continuous resynchronization. The proposed adaptive algorithm make resynchronization only in the case that the resynchronization is occurred by analyzing the address field of HDLC. It measures the receiving rate of theaddress field in the decision duration. Because it make resynchronization only when the receiving rate is greateer than the threshold value, it is able to solve the problems of continuous resynchronization method. When the proposed adaptive algorithm is applied to the synchronous stream cipher system in packet netork, it has addvance the result in R_e and D_e.

• Journal of KIISE:Computer Systems and Theory
• /
• v.26 no.8
• /
• pp.918-929
• /
• 1999

동기식 스트림 암호통신 방식을 사용하는 암호통신에서는 암/복호화 과정 수행시 암호통신 과정에서 발생하는 사이클슬립으로 인해 키수열의 동기이탈 현상이 발생되고 이로 인해 오복호된 데이타를 얻게된다. 이러한 위험성을 감소하기 위한 방안으로 현재까지 암호문에 동기신호와 세션키를 주기적으로 삽입하여 동기를 이루는 주기적인 동기암호 통신방식을 사용하여 왔다. 본 논문에서는 CDMA(Cellular Division Multiple Access) 이동망에서 데이타서비스를 제공할 때 사용되는 점대점 프로토콜의 주소영역의 특성을 이용하여 단위 측정시간 동안 측정된 주소비트 정보와 플래그 패턴의 수신률을 이용하여 문턱 값보다 작은경우 동기신호와 세션키를 전송하는 비주기적인 동기방식을 사용하므로써 종래의 주기적인 동기방식으로 인한 전송효율성 저하와 주기적인 상이한 세션키 발생 및 다음 주기까지의 동기이탈 상태의 지속으로 인한 오류확산 등의 단점을 해결하였다. 제안된 알고리즘을 링크계층의 점대점 프로토콜(Point to Point Protocol)을 사용하는 CDMA 이동망에서 동기식 스트림 암호 통신방식에 적용시 동기이탈율 10-7의 환경에서 주기가 1sec인 주기적인 동기방식에서 요구되는 6.45x107비트에 비해 3.84x105비트가 소요됨으로써 전송율측면에서의 성능향상과 오복호율과 오복호 데이타 비트측면에서 성능향상을 얻었다. Abstract In the cipher system using the synchronous stream cipher system, encryption / decryption cause the synchronization loss (of key arrangement) by cycle slip, then it makes incorrect decrypted data. To lessen the risk, we have used a periodic synchronous cipher system which achieve synchronization at fixed timesteps by inserting synchronization signal and session key. In this paper, we solved the problem(fault) like the transfer efficiency drops by a periodic synchronous method, the periodic generations of different session key, and the incorrectness increases by continuing synchronization loss in next time step. They are achieved by the transfer of a non-periodic synchronous signal which carries synchronous signal and session key when it is less than the threshold value, analyzing the address field of point-to-point protocol, using the receiving rate of address bits information and flag patterns in the decision duration, in providing data services by CDMA mobile network. When the proposed algorithm is applied to the synchronous stream cipher system using point-to-point protocol, which is used data link level in CDMA mobile network, it has advanced the result in Rerror and Derror and in transmission rate, by the use of 3.84$\times$105bits, not 6.45$\times$107bits required in periodic synchronous method, having lsec time step, in slip rate 10-7.

• Proceedings of the KAIS Fall Conference
• /
• 2007.05a
• /
• pp.203-207
• /
• 2007

NEMO 기본 지원 (NEMO-BS, NEMO Basic Support) 프로토콜에서 MNN(Mobile Network Node)가 CN(Correspondent Node) 과 통신을 하기 위해서는 항상 MR(Mobile Router)과 HA(Home Agent) 사이의 양방향 터널을 이용해야 한다. 그러나 NEMO-BS 방식은 노드 간 데이터 전송 지연과 부분 구간에 대한 공격 가능성이 존재한다. 따라서 본 논문에서는 NEMO를 위한 인증된 경로 최적화(ATRO) 프로토콜을 제안한다. MR은 홈 링크로부터 멀어졌다고 판단되면 MNN으로부터 위임 권한을 얻기 위해 권한 위임 프로토콜을 수행한다. 그런 후에 MR과 CN은 공개키 암호 방식을 이용하여 자신의 의탁주소(CoA, Care-of Address)를 MNN의 홈 주소(HoA, Home-of Address)와 매핑하기 위한 등록 과정을 수행한다. 이때 각 노드의 주소 소유권 증명을 위해 암호학적으로 생성한 주소(CGA, Cryptographically Generated Address)를 이용한다. 성능분석에서는 구간별 안전성과 종단간 패킷 전송 지연 시간을 통해 프로토콜을 분석한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.2
• /
• pp.382-389
• /
• 2009

As the use of mobile device is popularized, the needs of variable services of WiMAX technique and the importance of security is increasing. There is a problem that can be easily attacked from a malicious attack because the action is achieved connectionlessly between neighbor link establishing procedure and TEK exchange procedure in mobile WiMAX even though typical 1 hop network security technique is adapted to WiMAX for satisfying these security requirement. In this paper, security connected mechanism which safely connects neighbor link establishing procedure of WiMAX and TEK exchange procedure additional to the basic function provided by IEEE 802.16e standard to satisfy security requirement of mobile WiMAX is proposed. The proposed mechanism strengthens the function of security about SS and BS by application random number and private value which generated by SS and BS to public key of neighbor link establishing procedure and TEK exchange procedure. Also, we can prevent from inside attack like man-in-the-middle which can occur in the request of TEK through cryptographic connection of neighbor link establishing procedure and TEK exchange procedure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.3-10
• /
• 2010

Unlinkability and traceability are basic security requirements of a group signature scheme. In this paper, we analyze two recent group signature schemes, Lee et al.'s scheme and Zhu et al.'s scheme. We show that Lee et al,'s scheme does not work correctly. Further, it fails to meet unlinkability, that is, anyone who intercepts or receives group signatures are able to check if they are from the same signer. We also show that Zhu et al.'s scheme is unable to satisfy traceability, that is, a malicious group member can generate valid group signatures that cannot be opened. Moreover, once becoming group member, the malicious group member will never be revoked from group. Besides, Zhu et al.'s scheme fails to satisfy forward security, a requirement claimed by authors.

• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.29-35
• /
• 2015

The network security encryption type is divided into two, one is point-to-point, second method is link type. The level of security quality attributes are a system security quality requirements in a networked environment. Quality attributes can be observed and should be able to be measured. If the quality requirements can be presented as exact figures, quality requirements are defined specifically setting quality objectives. Functional requirements in the quality attribute is a requirement for a service function which can be obtained through the encryption. Non-functional requirements are requirements of the service quality that can be obtained through the encryption. Encryption quality evaluation system proposed in this study is to derive functional requirements and non-functional requirements 2 groups. Of the calculating measure of the evaluation index in the same category, the associated indication of the quality measure of each surface should be created. The quality matrix uses 2-factor analysis of the evaluation for the associated surface quality measurements. The quality requirements are calculated based on two different functional requirements and non-functional requirements. The results are calculated by analyzing the trend of the average value assessment. When used this way, it is possible to configure the network security encryption based on quality management.