• Journal of KIISE:Information Networking
• /
• v.34 no.1
• /
• pp.62-72
• /
• 2007

Mobile Virtual Private Network (MVPN) provides VPN services without geographical restriction to mobile workers using mobile devices. Coexistence of Mobile IP (MIP) protocol for mobility and IPsec-based VPN technology are necessary in order to provide continuous VPN service to mobile users. However, Problems like registration failure or frequent IPsec tunnel re-negotiation occur when IPsec-based VPN Gateway (GW) and MIP are used together. In order to solve these problems, IETF proposes a mechanism which uses external home agent (x-HA) located external to the corporate VPN GW. In addition, based on the IETF proposal, a mechanism that assigns x-HA dynamically in the networks where MN is currently located was also proposed with the purpose to reduce handover latency as well as end-to-end delay. However, this mechanism has problems such as exposure of a session key for dynamic Mobility Security Association (MSA) or a long latency in case of the handover between different networks. In this paper, we propose a new MVPN protocol in order to minimize handover latency, enhance the security in key exchange, and to reduce data losses cause by handover. Through a course of simulation, the performance of proposed protocol is compared with the existing mechanism.

• Journal of Korea Multimedia Society
• /
• v.20 no.8
• /
• pp.1439-1446
• /
• 2017

Steady exercise or walking exercise is helpful for the treatment of chronic diseases or cancers. In this paper, I presented a smart poster to enable the patients to exercise while moving between the smart posters, dynamically, in order to provide better exercise effect to them. It can be a new form of exercise prescription that combines exercise with walking using smart posters. The personalized exercise prescription is downloaded from the management server in real time when the patient approaches, and induces the patient's exercise and walking. In addition, the smart poster helps patient to move to other posters in order to induce more walking exercise. To achieve this, I proposed a transfer protocol that autonomously exchanges session information between smart posters in this paper. Moreover, the smart poster based on Raspberry was implemented to verify validity of this protocol, and an experiment was conducted to measure the request and response time between smart posters in the implemented environment. In the experiment, when the other poster sent the message requesting the exercise session 100 times and received the response message, the 95 percentage of received messages had the response time within 0.05 seconds.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.595-598
• /
• 2006

무선 센서네트워크에서의 브로드캐스트 인증은 중요한 문제이다. 이를 위해 ${\mu}-TESLA$와 이를 개선한 멀티레벨 ${\mu}-TESLA$ 방법 등이 제안되었다. 이들 모두는 인증을 성공적으로 수행하기 위해 브로드캐스트 메시지를 보내고자 하는 당사자의 해시체인 commitment를 인증 받으려는 상대방에게 안전하게 전달해야만 했다. 하지만, 센서들이 랜덤하게 배치될 경우 각 노드는 인증을 위해 전체 노드 수만큼의 commitment를 저장해야만 하는 문제점을 지니고 있다. 이를 해결하기 위해 Chen 등은 브로드 캐스트 인증에 사용되는 해시 체인 commitment를 안전하고 효율적인 방법으로 전달하는 방안을 제안하였다. 그러나 불행이도 이들의 방법은 노드 추가가 원천적으로 불가능하고, 초기화 과정에서 부득이하게 참여하지 못한 노드를 구제할 방법이 전혀 없어 큰 비용 낭비를 초래한다. 뿐만 아니라 베이스 스테이션이 비밀 값을 재사용 할 경우 안전성에도 큰 문제가 발생한다. 제안하는 스킴은 멀티 세션을 적용하고 비밀 값에 대한 해시 체인을 구성하여 앞서 열거된 모든 문제점을 해결함으로써 안전하고 효율적인 commitment 전달 방법을 제시한다. 아울러 주고받는 메시지에 대한 무결성 검증을 제공한다.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.27-43
• /
• 2005

EAP provides authentication for each entity based on IEEE Std 802.1x Wireless lAN and RADIUS/DIAMETER protocol, and it uses certificate, dual scheme(e.g., password and token) with the authentication method. The password-based authentication scheme for authenticated key exchange is the most widely-used user authentication method due to various advantages, such as human-memorable simplicity, convenience, mobility, A specific hardware device is also unnecessary, This paper discusses user authentication via public networks and proposes the Split Password-based Authenticated Key Exchange (SPAKE), which is ideal for both authenticating users and exchanging session keys when using a subsequent secure communication over untrusted network, And then we provides EAP authentication framework EAP-SPAKE by using it.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.1 no.2
• /
• pp.73-81
• /
• 2006

The home network is generally separated from the Internet, as it is made up of a private network due to security issues and the lack of IPv4 addresses space. Also, a user may want to move from a terminal to another terminal connected in the home network during communicating with people outside the home. In this case, people connected in the Internet, or another home network could not communicate the user at the home. These limitations prevent a SIP-capable device connected in the home network from communicating with another SIP-capable device connected in the Internet or the outside of the home network. To overcome the limitations, This paper proposes the Adaptive SIP Application Server System as a software architecture that a user inside of the home can communicate with people outside of the home when the home is composed of a private IP-based network. Moreover, the proposed architecture provides the session mobility that allows the user to maintain a media session even if changing the terminal inside of the home during the session established. The proposed system was implemented over a home server device which acts functionality as a connection point for transmitting IP packets between a home network and the Internet.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.10d
• /
• pp.225-229
• /
• 2007

센서 망에서 비어 있는 공간(홀)은 현실의 다양한 지리적인 환경 때문에 회피하는 것이 쉽지 않다. 일반적으로 데이터 패킷이 홀 경계에 마주쳤을 경우, 목적지까지의 다른 길을 찾기 위해 라이트 핸드 법칙(right hand rule) 또는 푸쉬드 백(pushed back)을 이용하여 홀 경계를 따라 패킷을 전달한다. 한편, 라이트 핸드 룰은 홀 경계에 있는 노드들의 에너지를 더 많이 소모하므로 홀이 확장될 것이다. 또한 동시에 여러 통신 세션이 같은 홀의 경계를 공유한다면 데이터 충돌을 초래할 것이다. 이 논문에서 우리는 무선센서 망에서의 홀 문제를 해결하기 위해 라우팅 홀 우회 방안을 제안한다. 우리의 라우팅 홀 우회 방안은 두 가지 목표를 갖는다: 하나는 데이터 패킷이 홀의 경계를 따라 이동하는 것을 방지하는 것이고, 다른 하나는 로컬 미니멈(local minimum) 문제를 피하는 것이다. 시뮬레이션 결과는 우리의 방안이 다른 프로토콜들에 비해 제어 부하와 에너지 소비 면에서 우수하다는 것을 보여준다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.8
• /
• pp.1732-1742
• /
• 2003

WPP protocol based a Credit card payment in mobile Internet uses WTLS which is security protocol of WAP. WTLS can't provide End­to­End security in network. In this paper, we propose a protocol both independent in mobile Internet platform and allow a security between user and VASP using Mobile Gateway in AIP. In particular, our proposed protocol is suitable in mobile Internet, since session key for authentication and initial payment process is generated using Weil Diffie­Hellman key exchange method that use additive group algorithm on elliptic curve.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.59-69
• /
• 2004

Password-based authenticated group key exchange protocols provide a group of user, communicating over a public(insecure) channel and holding a common human-memorable password, with a session key to be used to construct secure multicast sessions for data integrity and confidentiality. In this paper, we present a password-based authenticated group key exchange protocol and prove the security in the random oracle model and the ideal cipher model under the intractability of the decisional Diffie-Hellman(DH) problem and computational DH problem. The protocol is scalable, i.e. constant round and with O(1) exponentiations per user, and provides forward secrecy.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.1167-1170
• /
• 2008

Ad-Hoc 네트워크는 임의 디바이스들이 무선 통신을 통해서 임의 네트워크 망을 구성하여 통신 서비스를 제공받는 것을 말한다. 특히 유비쿼터스 환경에서의 언제 어디서나 통신을 하기 위해서는 이동성과 자유로운 네트워크의 조인 및 탈퇴가 이루어져야 한다. 또한 통신에서 제 3자의 위장이나 정보의 도청 그리고 안전성을 제공하기 위해서 암호화 통신이 필수적으로 요구된다. 특히 Ad-Hoc 네트워크의 디바이스간의 라우팅 구성이 유동적이라서 구성하는 디바이스간의 인증 및 키 생성과정이 필요하며, 라우팅에 대한 보안 기술의 연구는 국내/외에서 진행되어져 왔다. 본 논문에서는 기존의 안전한 라우팅 방안에 대하여 알아보고 디바이스 인증 및 키 설립을 제공하는 방식에 대하여 제안한다. 본 방식은 세션키를 설립을 위해서 키 생성 및 아이디를 기반으로 한 인증 방안을 이용한다. 그로 인해 인증서를 이용하거나 디바이스간의 인증 정보 및 상호 공유된 비밀 정보가 필요하지 않는 장점을 가지고 있다. 이와 같은 방식을 이용하므로 임의 네트워크에 조인하더라도 보안 기술을 제공할 수 있는 방안이다. 본 연구를 이용하므로 유비쿼터스 환경에서의 안전한 서비스를 제공할 수 있는 기술로 활용할 수 있다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.5B
• /
• pp.253-263
• /
• 2005

This paper proposed a mobile multicast technique to satisfy end-to-end QoS for various user requirements in mobile network environment. In order to provide seamless mobility, fast handoff technique was applied. By using L2 mobile trigger, it was possible to minimize remarkable amount of packet loss by delay occurred during handoff. To provide efficient multicast, concept of hierarchy was introduced to Xcast++, which results in a creation of HXcast++. HXcast++ optimized transfer path of multicast and reduced expensive multicast maintenance costs caused by frequent handoff. Suggestion of GMA (Group Management Agent) mechanism allows joining to group immediately without waiting IGMP Membership query during handoff. GMA mechanism will minimize the delay for group registration process and the resource usage due to delay of withdrawal process. And also use of buffering & forwarding technique minimized packet loss during generation of multicast tree. IntServ/RSVP was used to provide End-to-End QoS in local domain and DiffServ was used in global domain. To minimize reestablishment of RSVP session delay, extended HXcast++ control messages ware designed to require PATH message. HXcast++ proposed in this thesis is defined as multicast technique to provide end-to-end QoS and also to satisfy various user requirements in mobile network environment.