• The KIPS Transactions:PartC
• /
• v.16C no.4
• /
• pp.439-448
• /
• 2009

The development of wireless communications provides mobility and accessibility to the wire communication users. Wireless sensor network is one of the leading wireless communication techniques. The security mechanism for wired network communication cannot be applied to wireless sensor network because of the limited resource and computing capability of nodes. Furthermore, communication errors frequently occur and the speed is low. Thus, efficient key management scheme is required in low-speed environment. In this paper, we proposed an efficient and secured master key-based scheme compared to the existing scheme. The advantage of our scheme is that establishing and renewing the pair-wise key is possible. In addition, it provides functions such as establishing group keys and renewing it. Furthermore, adding nodes is enabled through our scheme. The master key-based scheme can be applied to military operations and to radio communications for confidential communications.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.11
• /
• pp.163-171
• /
• 2010

RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. Delegation is a mechanism of assigning access rights to a user. RBDM0 and RDM2000 models deal with user-to-user delegation. The unit of delegation in them is a role. However, RBAC does not process delegation of Role or Permission effectively that occurs frequently in the real world. This paper proposes a Time Constraints Permission-Based Delegation Model(TCPBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. TCPBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation with time constraints. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

• Smart Media Journal
• /
• v.5 no.4
• /
• pp.9-17
• /
• 2016

Over the next 20 years it will begin the exodus from the Internet and smart phones to the Internet of Things. The heart of IoT gives new utility and value with connectivity among things around people to the human. In future, Industrial environment will be intimately connect all among machines and machines or factories and factories in all processing, and by digitizing of all goods and production life-cycle, which is a combination of virtual world and real world, the digital factory will become reality eventually. The proposed IoT or IIoT based Download OTA (Over-the-Air) provides a flexible mechanism for downloading Media objects of any type and size from a network. Moreover, proposed IoT based DLOTA provides a part of security by lightweight encryption, OTP, and CapBAC technique.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.4C
• /
• pp.441-450
• /
• 2006

WiBro(Portable Internet Service) is service being capable to provide a high data rate wireless internet access with Personal Subscriber Station under the stationary or mobile environment, anytime and any where. It will fill the gap between very high data rate wireless local area networks and very high mobility cellular systems. The security is an important point of WiBro providing high data and mobile wireless services. This paper proposes user authentication mechanism of WiBro wireless networks applied EAP-AKA authentication protocol. As a result of Wireless authentication based on EAP-AKA, this mechanism is capable to be used in WiBro-WLAN-3GPP interworking scenario as well as the WiBro authentication mechanism.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.3C
• /
• pp.426-435
• /
• 2004

The DIAMETER protocol provides Authentication, Authorization, and Accounting (AAA) transactions across the Internet. SIP(Session Initiation Protocol) will be used for new types of signaling, such as instant messaging and application level mobility across networks. And SIP will be a major signaling protocol for next generation wireless networks. But the Digest authentication scheme is not using a secure method of user authentication in SIP, and it is vulnerable to man-in-the-middle attacks or dictionary attacks. This study focused on designing a SIP proxy for interworking with AAA server with respect to user authentication and security analysis. We compared and analyzed the security aspects of the scenarios and propose two proposals that a response which include the user address and password-based mutual authentication and key agreement protocol. It is claimed to be more secure against common attacks than current scenarios.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.27-35
• /
• 2008

With the proliferation of wireless devices, mobile ad-hoc networking (MANETS) has become a very exciting and important technology. However, MANET is more vulnerable than wired networking. Existing security mechanisms designed for wired networks have to be redesigned in this new environment. In this paper, we discuss the problem of anomaly detection in MANET. The focus of our research is on techniques for automatically constructing anomaly detection models that are capable of detecting new or unseen attacks. We propose a new anomaly detection method for MANETs. The proposed method performs cross-feature analysis on the basis of Rough sets to capture the inter-feature correlation patterns in normal traffic. The performance of the proposed method is evaluated through a simulation. The results show that the performance of the proposed method is superior to the performance of Huang method that uses cross-feature based on the probability of feature attribute value. Accordingly, we know that the proposed method effectively detects anomalies.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.37-48
• /
• 2008

VoIP service is a transmission of voice data using SIP protocol on IP based network, The SIP protocol has many advantages such as providing IP based voice communication and multimedia service with cheap communication cost and so on. Therefore the SIP protocol spread out very quickly. But, SIP protocol exposes new forms of vulnerabilities on malicious attacks such as Message Flooding attack and protocol parsing attack. And it also suffers threats from many existing vulnerabilities like on IP based protocol. In this paper, we propose a new Virtual Proxy Server system in front of the existed Proxy Server for anomaly detection of SIP attack and stateful management of SIP session with enhanced security. Based on stateful virtual proxy server, out solution shows promising SIP Message Flooding attack verification and detection performance with minimized latency on SIP packet transmission.

• Proceedings of the Korean Vacuum Society Conference
• /
• 2011.08a
• /
• pp.284-284
• /
• 2011

Ion sensitive field effect transistor (ISFET)는 용액 중의 각종 이온 농도를 측정하는 반도체 이온 센서이다. ISFET는 작은 소자 크기, 견고한 구조, 즉각적인 반응속도, 기존의 CMOS공정과 호환이 가능하다는 장점이 있다. ISFET의 기본 구조는 기존의 metal oxide semiconductor field effect transistor (MOSFET)에서 고안되었으며, ISFET는 기존의 MOSFET의 게이트 전극 부분이 기준전극과 전해질로 대체되어진 구조를 가지고 있다. ISFET소자의 pH 감지 메커니즘은 감지막의 표면에서 pH용액의 수소이온이 막의 표면에 속박되어 표면전위의 변화를 유발하는 것에 기인한다. 그 결과, 수소이온의 농도에 따라 ISFET의 문턱전압의 변화를 일으키게 되고 드레인 전류의 양 또한 달라지게 된다. 한편, ISFET의 좋은 pH감지특성과 높은 출력특성을 얻기 위하여 high-k물질들이 감지막으로써 지속적으로 연구되어져 왔다. 그 중 Al2O3와 HfO2는 높은 유전상수와 좋은 pH 감지능력으로 인하여 많은 연구가 이루어져온 물질이다. 하지만 HfO2는 높은 유전상수를 갖음에도 불구하고 화학용액에 대한 non-ideal 효과에 취약하다는 보고가 있다. 반면에 Al2O3의 유전상수는 HfO2보다 작지만 화학용액으로 인한 손상에 대하여 강한 immunity가 있는 재료이다. 본 연구에서는, 이러한 각각의 high-k 물질들의 단점을 보안하기 위하여 SiO2/HfO2/Al2O3(OHA) 적층막을 이용한 ISFET pH 센서를 제작하였으며 SOI 기판에서 구현되었다. SOI기판에서 OHA 적층막을 이용한 ISFET 제작이 이루어짐에 따라서 소자의 signal to noise 비율을 증대 시킬것으로 기대된다. 실제로 SOI-ISFET와 같이 제작된 SOI-MOSFET는 1.8${\times}$1010의 높은 on/off 전류 비율을을 보였으며 65 mV/dec의 subthreshold swing 값을 갖음으로써, 우수한 전기적 특성을 보이는 ISFET가 제작이 되었음을 확인 하였다. OHA 감지 적층막의 각 층은 양호한 계면상태, 높은 출력특성, 화학용액에 대한non-ideal 효과에 강한 immunity을 위하여 적층되었다. 결론적으로 SOI과 OHA 적층감지막을 이용하여 우수한 pH 감지 특성을 보이는 pH 센서가 제작되었다.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.5 s.43
• /
• pp.127-137
• /
• 2006

We propose two phase filtering scheme to develop an efficient mechanism for XML databases to control query-based access. An access control environment for XML documents and some techniques to deal with fine-grained authorization priorities and conflict resolution issues are proposed. Despite this, relatively little work has been done to enforce access controls particularly for XML databases in the case of query-based access. The basic idea utilized is that a user query interaction with only necessary access control rules is modified to an alternative form through a query optimization technique, which is guaranteed to have no access violations using tree-aware metadata of XML schemas. The scheme can be applied to any XML database management system and has several advantages such as small execution time overhead, fine-grained controls, and safe and correct query modification. The experimental results clearly demonstrate the efficiency of the approach.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.305-308
• /
• 2017

EAP is an extensible authentication protocol that supports EAP methods with various authentication mechanisms. Since EAP itself is designed as a protocol for authentication only, it is not used for general data transmission after authentication between peer and authenticator. EAP itself is a protocol that can operate lightly in terms of the simple communication structure of EAP, but the procedure may become more complicated depending on which EAP method is selected and used. In particular, the IoT market has recently become established, and frequent authentication environments arise due to data loss, modulation, and repeated connections in a wireless environment. In this case, some highly secure EAP methods are not suitable for some IoT environments that require lighter and faster communications than complex procedures. In this paper, we design a lightweight authentication EAP method that is suitable for IoT environment that does not touch the existing EAP framework and requires frequent authentication and fast communication.