• Journal of the Korea Society of Computer and Information
• /
• v.13 no.7
• /
• pp.181-188
• /
• 2008

Nowadays, WiMAX which provides internet service with a middle and low speed serves more function and is wider than Wi-Fi. While they solve the security risks as subscribers do handover by subscriber's re-certification procedure as the Network range is getting wider, there are more security problems making the problems of electric-power consumption and delay. This paper suggests a handover mechanism which simplify the subscriber's re-certification procedure and prevents a security problem as doing handover for solving the problem of delay and the rate of processing. The mechanism can cooperate with PKI structure to increase flexibility and security and minimize network re-entry procedure or re-certification procedure by providing continual service. As a result. the mechanism's throughput as the number of subscribers is lower than IEEE 802.16e and the mechanism proves that it is secure from the attack of man-in-the-middle and reply as doing handover.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.10
• /
• pp.1875-1882
• /
• 2008

Nowadays, usage of mobile unit which has a characteristic of low cost and high efficiency is being generalized because of frequent use of internet-based variable service and application in IEEE 802.16 WiMAX. A study for handling a security problem of high speed internet service is rising while the use of a mobile is being generalized. This paper suggests a security mechanism which provides safety from certification load of SS and a security attack as well as a basic function which is provided from IEEE 802.16e standard to satisfy security demand of IEEE802.16 WiMAX. The proposed mechanism exchangeskey material information for TEK and data code by using 난수(?) and secret value created by SS and BS, also reduces capacity load of BS not to perform an additional certificate procedure of BS by using the early certification information and certificate of SS.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.10
• /
• pp.1269-1284
• /
• 2001

The Secure Sockets Layer is a protocol for encryption TCP/IP traffic that provides confidentiality, authentication and data integrity. Also the SSL is intended to provide the widely applicable connection-oriented mechanism which is applicable for various application-layer, for Internet client/server communication security. SSL, designed by Netscape is supported by all clients' browsers and server supporting security services. Now the version of SSL is 3.0. The first official TLS vl.0 specification was released by IETF Transport Layer Security working group in January 1999. As the version of SSL has had upgraded, a lot of vulnerabilities were revealed. SSL and TLS generate the private key with parameters exchange method in handshake protocol, a lot of attacks may be caused on this exchange mechanism, also the same thing may be come about in record protocol. In this paper, we analyze SSL protocol, compare the difference between TLS and SSL protocol, and suggest what developers should pay attention to implementation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.12
• /
• pp.2811-2817
• /
• 2010

In this paper we propose the QAC-MAC that supports Quality of Service(QoS) and saves energy resources of the sensor node, and hence prolonging the lifetime of the sensor network with multiple sink nodes. Generally, the nodes nearest to the sink node often experience heavy congestion since all data is forwarded toward the sink through those nodes. So this critically effects on the delay-constraint data traffics. QAC-MAC uses a hybrid mechanism that adapts scheduled scheme for medium access and scheduling and unscheduled scheme based on TDMA for no data collision transmission. Generally speaking, characteristics of the real-time traffic with higher priority tends to be bursty and has same destination. QAC-MAC adapts cross-layer concept to rearrange the data transmission order in each sensor node's queue, saves energy consumption by allowing few nodes in data transmission, and prolongs the network lifetime.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.439-446
• /
• 2004

In the Internet, user authentication is the most important service in secure communications. Although password-based mechanism is the most widely used method of the user authentication in the network, people are used to choose easy-to-remember passwords, and thus suffers from some Innate weaknesses. Therefore, using a memorable password it vulnerable to the dictionary attacks. The techniques used to prevent dictionary attacks bring about a heavy computational workload. In this paper, we describe a recent solution, the Optimal Strong-Password Authentication (OSPA) protocol, and that it is vulnerable to the stolen-verifier attack and an impersonation attack. Then, we propose an Improved Optimal Strong-Password Authentication (I-OSPA) protocol, which is secure against stolen-verifier attack and impersonation attack. Also, since the cryptographic operations are computed by the processor in the smart card, the proposed I-OSPA needs relatively low computational workload and communicational workload for user.

• The Journal of the Korea Contents Association
• /
• v.4 no.4
• /
• pp.71-78
• /
• 2004

Dedicated Short Range Communications(DSRC) as a prominent communications candidate for Intelligent Transportation Systems(ITS) have been developed to support ITS applications such as value-added information service, e-commerce, electronic toll payment, etc. These various applications associated with electronic payment through unsecure communication channel of DSRC suffer from security threats. To ensure secure payment, we have adopted appropriate cryptographic mechanisms including encipherment, authentication exchange and digital signature. The cryptographic mechanisms require to use cryptographic keys established between two communication entities. In this paper, we propose a secure electronic payment system which is designed to have some functions for strong authentication, encryption, key agreement, etc. Especially, we adopt domestic developed cryptographic algorithms such as EC-KCDSA and SEED for digital signature and block cipher, respectively. We can show those mechanisms are appropriate for the secure electronic payment system for ITS services under the DSRC wireless environment in aspects of constrained computational resource use and processing speed.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.4B
• /
• pp.333-343
• /
• 2006

MANET and P2P applications have a common nature that they don't have any fixed infrastructures that might maintain network topologies. With such common characteristics, a P2P application can be a killer application over MANET. Due to absence of reliable node which serves indexing services in MANET, fully distributed P2P applications are more suitable for MANET. By using DHT like Chord, we can save network bandwidth and avoid a point of failure of a directory server. However, since MANET allows nodes to depart from network freely, P2P file sharing applications using Chord lookup protocol should address how to recover the keys stored at the departed node. In this paper, we propose BU-Chord in order to detect and recover the departure of nodes by creating and storing backup file information in distributed manner. Our BU-Chord shows off better performance than existing Chord especially in case of high departure rate of nodes.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1257-1260
• /
• 2005

인증서 상태 확인은 해당 거래에 사용되는 인증서에 대해 유효한 인증서임을 판별하기 위한 과정으로 인증서 표준이 제정된 이후로 계속적으로 연구되고 있는 분야이다. 현재 가장 보편적으로 이용되는 인증서 상태 확인 기법은 인증서폐지목록(CRL : Certificate Revocation List)을 이용하는 기법이다. 이 기법은 방법 자체가 가지고 있는 시간격차 문제와 물리적 파일 처리의 과부하로 인하여 사용에 많은 제약이 따른다. 이를 해결하기 위해 온라인 인증서 상태 프로토콜(OCSP : OnLine Certificate Status Protocol) 기법이 제시되었다. 이 기법은 CRL 기법의 비 실시간성 문제를 해결한다. 하지만 서비스 요청 서버의 과부하 문제와 구조적 집중화 문제로 인하여 인증서 상태를 확인 하는데 소요되는 시간이 다소 오래 걸린다는 문제가 있다. 본 논문에서는 검증 요청자의 신원정보에 대한 해쉬값을 이용하여 인증서 상태 확인 요청을 하고 이를 통해 인증서 상태 확인 과정을 진행함으로써 통신 부하를 감소시키고 실시간으로 인증서 상태를 확인 할 수 있는 검증 요청자 신원 정보를 이용한 인증서 상태 확인 메커니즘을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1405-1408
• /
• 2005

이동성 관리 기술은 인터넷의 주요 접속 수단이 고정 접속 환경에서 이동 접속 환경으로 빠르게 변화함에 따라 그 중요성이 점차 커지고 있다. 특히 IP 기반의 차세대 유무선 통합망은 기지국마다 라우터가 구현되는 형태를 가정하고 있으므로 IP 를 기반으로 한 이동성 관리 기술의 제공은 필수적인 요소이다. 현재의 Mobile IP 는 빠른 이동성의 지원이 미약하여 차후 다양한 IP 멀티미디어 서비스 지원을 위한 신속한 핸드오버 시에는 많은 문제점을 가지고 있다. 따라서 본 논문에서는 SIP 를 기반으로 한 계층적 이동성 및 세션 관리 메커니즘에 대해서 제안한다. SIP 는 다양한 무선 액세스망에 상관없이 이동성 관리를 제공해 줄 수 있을 뿐만 아니라 세션 관리 기능까지 제공해 줄 수 있다. SIP 서버의 기능을 분산화 시킨 계층적 구조로서 이동성 및 세션 관리 기술을 제시하고 시뮬레이션을 통해 현재 제안된 이동성 관리 프로토콜인 Mobile IP 와의 비교를 함으로서 성능을 측정, 분석한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.11a
• /
• pp.605-609
• /
• 2002

Reliable multicast data transmission in a 1:N environment needs more sophisticated error control mechanism than that of in 1:1 environment due to ACK implosion and duplicated retransmission. Although there have been many related research on error control in reliable multicast, real implemented protocols are rare. As one of the reliable multicast transport protocols, ECTP is selected as an international standard reliable multicast protocol by ITU-T and ISO and implemented on RedHat 7.2 machine by us. In this paper, we evaluate the performance of the error control mechanism in the respect of throughput and generated control packet numbers with a real implementation code. From the results, it is concluded that the suitable values of error control parameters can be obtained from the local group size and network environments.