• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.109-120
• /
• 2008

VoIP utilizes the Internet for the services, and therefore it is vulnerable to intrusions and attacks. Because provided services deal with information related to privacy of users, it requires high level security including authentication and the confidentiality/integrity of signaling messages and media streams. However, when such a protocol is implemented in a VoIP phone, the implementation can have limitations due to the limited resources. The present study purposed to implement VoIP security protocols and to evaluate their performance in terms of connection quality and voice quality by applying them to SIP proxy and UA (User Agent). In the result of performance evaluation, the application of the security protocols did not lower voice quality, but connection quality was high in the DTLS based security protocol. As the protocol was applicable to signaling and media paths based on DTLS, we found that it can be a solution for the limited resources of VoIP phone.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.103-109
• /
• 2008

Many Internet application provide the PKI(public key infrastructure)-based service to provide authentication and message integrity. Several researchers proposed PKI-based p2p network framework. However, in the real world, the use of PKI is not suitable for peer to peer network, because the peer-to-peer network is an open and dynamic network. Moreover, currently there is no nation-to-nation interoperable certificate. In this paper, we designed reliable p2p file sharing application without public key infrastructure. To do this we propose reliable public key distribution mechanism to distribute public key safely without PKI infrastructure for two-tier super-peer architecture. In our system, each peer generates and distributes its public/private key pairs, and the public key is securely distributed without PKI. The proposed mechanism is safe against MITM attack. This mechanism can be applied various P2P applications such as file sharing, IPTV, distributed resource sharing and so on

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.81-91
• /
• 2009

Recently, Chein et al proposed the ultralightweight strong authentication and strong integrity (SASI)protocol, where the tag requrires only simple bitwise operations. Since the tag does not support random number generator to generate a challenge nonce, an attacker can replay old messages and impersonate reader. However, all of the previous ultralightweight authentication schemes are vlunerable to various attacks: de-synk, eavesdropping, impersonating, tracking, DoS, disclosure etc. we analyze the problems of previous proposed ultrlightweight protocols, to overcome these security problems by using PRNG on the tag. Therefore, in this paper we propose a new lightweight RFID mutual authentication protocol that provides random number generator and bitwise operations, a security and an efficiency of the proposed schme analyze.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.4
• /
• pp.975-983
• /
• 1998

In these days, information communication systems are based on both open distributed computing technologies and object-oriented techniques like inheritance, encapsulation and object reuse to support various system configuration and application. As information systems are interconnected through unsecure networks, the need for the secure information exchange is more critical than before. In this paper, we have designed and implemented a transparent CORBA-basce Security infrastructure with authentication, security context association, access control and security information management to support a secure applications in distributed object environment. SESAME Ver. 4 was adopted as an external security service to manage user privilege attributes and to distribute keys for data encryption, decryption and integrity. Using filter and transformer with an interface to Object Request Broker, it provides a transparent security service to applications. The filter objects are special classes that allow additional parameters to be inserted into messages before they are sent and removed just after they are received. The transformer objects are special classes that allow direct access to the byte stream of every messages for encryption and decryption before it is sent and just after it is received. This study is to implement the access control interceptor(ACI) and the secure invocation interceptor(SII) of secure ORB defined in CORBA using filter and transformer.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.811-815
• /
• 2005

IPSec(Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPSec is providing authentication, integrity and confidentiality security services. The specifications for Internet Key Exchange(IKEv1) were released to the world. Some criticisms of IKEv1 were that it was too complex and endeavored to define too much functionality in one place. Multiple options for multiple scenarios were built into the specification. The problem is that some of the included scenarios are rarely if ever encountered. For IPsec to work, the sending and receiving devices must chare a Public Key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley(ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates. This thesis is a study on the performance improvement of the security transmission using the SSFNet(Scalable Simulation Framework Network Models)

• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.13-19
• /
• 2019

This paper analyzed the SCMS and pilot policy, which is pursued by the U.S. government in connected vehicles. SCMS ensures authentication, integrity, privacy and interoperability. The SCMS Support Committee of U.S. government has established the National Unit SCMS and is responsible for system-wide control. Of course, it introduces security policy, procedures and training programs making. In this paper, the need for SCMS to be applied to C-ITS was discussed. The structure of the SCMS was analyzed and the U.S. government's filot policy for connected vehicles was discussed. The discussion of the need for SCMS highlighted the importance of the role and responsibilities of SCMS between vehicles and vehicles. The security certificate management system looked at the structure and analyzed the type of certificate used in the vehicle or road side unit (RSU). The functions and characteristics of the certificates were reviewed. In addition, the functions of basic safety messages were analyzed with consideration of the detection and warning functions of abnormal behavior in SCMS. Finally, the status of the pilot project for connected vehicles currently being pursued by the U.S. government was analyzed. In addition to the environment used for the test, the relevant messages were also discussed. We also looked at some of the issues that arise in the course of the pilot project.

• Journal of Advanced Navigation Technology
• /
• v.20 no.1
• /
• pp.8-14
• /
• 2016

High-level conceptual design analysis results of satellite communication system for Korea augmentation satellite system (KASS) satellite communication system, which is a part of KASS and consisted of KASS uplink Stations and two leased GEO is presented in this paper. We present major functions such as receiving correction and integrity message from central processing system, taking forward error correction for the message, modulating and up converting signal and conceptual design analysis for concepts for design process, GEO precise orbit determination for GEO ranging that is additional function, and clock steering for synchronization of clocks between GEO and GPS satellites. In addition to these, KASS requires 2.2 MHz for SBAS Augmentation service and 18.5 MHz for Geo-ranging service as minimum bandwidths as a results of service performance analysis of GEO ranging with respect to navigation payload(transponder) RF bandwidth is presented. These analysis results will be fed into KASS communication system design by carrying out final analysis after determining two GEOs and sites of KASS uplink stations.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.3
• /
• pp.179-186
• /
• 2013

PACS is a medical system for digital medical images, and PACS expand to web-based service using public network, DICOM files should be protected from the man-in-the-middle attack because they have personal medical record. To solve the problem, we designed flexible secure transmission system using IPSec and adopted to a web-based three-dimensional medical image system. And next, we performed the performance evaluation changing integrity and encryption algorithm using DICOM volume dataset. At that time, combinations of the algorithm was 'DES-MD5', 'DES-SHA1', '3DES-MD5', and '3DES-SHA1, and the experiment was performed on our test-bed. In experimental result, the overall performance was affected by encryption algorithms than integrity algorithms, DES was approximately 50% of throughput degradation and 3DES was about to 65% of throughput degradation. Also when DICOM volume dataset was transmitted using secure transmission system, the network performance degradation had shown because of increased packet overhead. As a result, server and network performance degradation occurs for secure transmission system by ensuring the secure exchange of messages. Thus, if the secure transmission system adopted to the medical images that should be protected, it could solve server performance gradation and compose secure web PACS.