• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.4
• /
• pp.781-787
• /
• 2007

Network Mobility (NEMO) basic support protocol doesn't execute the process of route optimization and has not presented the particular security mechanism in other blocks except hi-directional tunnel between Mobile Router (MR) and its Home Agent (HA). Therefore in this paper we process secure route optimization courses through authenticated binding update protocol between MR and its Correspondent Node (CN) and the protocol of the competency of mandate between MR and its Mobile Network Node (MNN); its block also uses an bi-directional tunnel as the block between MR and its HA. The address of each node are generated by the way of Cryptographically Generated Address (CGA) for proving the ownership of address. Finally we analyze the robustness of proposed protocol using security requirements of MIPv6 and existing attacks and the efficiency of this protocol using the connectivity recovery and end-to-end packet transmission delay time.

• Journal of Internet Computing and Services
• /
• v.15 no.2
• /
• pp.129-142
• /
• 2014

Latest in Smart Grid projects are emerging as the biggest issue that smart meter should meet the security goal and the SW upgrade for compliance with future standard. However, unlike regular equipment, Smart meters should be designed in accordance with the regulation of legal metrology instrument in order to establish a fair trade-based business and unauthorized changes, it is not allowed and it is strictly limited by law. Therefore, this paper propose a new scheme of certification regarding type approval and verification for legal smart meter as analyzing the requirements of a smart meter regarding upgrade and security. This analysis shows that the proposed scheme comply with the regulation and the specification of smart meter by applying it to smart meter with smart card.

• Journal of KIISE
• /
• v.42 no.8
• /
• pp.979-989
• /
• 2015

Machine to Machine (M2M) technology has gained attention due to the fast diffusion of Internet of Things (IoT) technologies and smart devices. Most wireless network experts believe that Bluetooth Low Energy (BLE) Communications technology in an iBeacon network has amazing advantages in terms of providing communication services at a low cost in smartphone applications. Specifically, BLE does not require any pairing process during its communication phases, so it is possible to send a message to any node without incurring additional transmissions costs if they are within the BLE communication range. However, BLE does not require any security verification during communication, so it has weak security. Therefore, a security authorization process would be necessary to obtain customer confidence. To provide security functions for iBeacon, we think that the iBeacon Message Encryption process and a Decryption (Authorization) process should be designed and implemented. We therefore propose the BLE message Authorization Mechanism based on a One Time Password Algorithm (BLE-OTP). The effectiveness of our mechanism is evaluated by conducting a performance test on an attendance system based on BLE-OTP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1293-1300
• /
• 2012

With the rapid evolution of mobile devices and the development of wireless networks, users of mobile social network service on smartphone have been increasing. Also the security of personal information as a result of real-time communication and information-sharing are becoming a serious social issue. In this paper, a framework that can be linked with a social network services platform is designed using OpenAPI. In addition, we propose an authentication and detection mechanism to enhance the level of personal information security. The authentication scheme is based on an user ID and password, while the detection scheme analyzes user-designated input patterns to verify in advance whether personal information protection guidelines are met, enhancing the level of personal information security in a social network service environment. The effectiveness and validity of this study were confirmed through performance evaluations at the end.

• The KIPS Transactions:PartC
• /
• v.14C no.3 s.113
• /
• pp.229-238
• /
• 2007

Sensor networks consist of many tiny sensor nodes that collaborate among themselves to collect, process, analyze, and disseminate data. In sensor networks, sensor nodes are typically powered by batteries, and have limited computing resources. Moreover, the redeployment of nodes by energy exhaustion or their movement makes network topology change dynamically. These features incur problems that do not appear in traditional, wired networks. Security in sensor networks is challenging problem due to the nature of wireless communication and the lack of resources. Several efforts are underway to provide security services in sensor networks, but most of them are preventive approaches based on cryptography. However, sensor nodes are extremely vulnerable to capture or key compromise. To ensure the security of the network, it is critical to develop suity mechanisms that can survive malicious attacks from "insiders" who have access to the keying materials or the full control of some nodes. In order to protect against insider attacks, it is necessary to understand how an insider can attack a sensor network. Several attacks have been discussed in the literature. However, insider attacks in general have not been thoroughly studied and verified. In this paper, we study the insider attacks against routing protocols in sensor networks using the Ad-hoc On-Demand Distance Vector (AODV) protocol. We identify the goals of attack, and then study how to achieve these goals by modifying of the routing messages. Finally, with the simulation we study how an attacker affects the sensor networks. After we understand the features of inside attacker, we propose a detect mechanism using hop count information.

• Journal of Advanced Navigation Technology
• /
• v.15 no.6
• /
• pp.1118-1125
• /
• 2011

This paper is researched the methods of design instruction which can improve students' creativeness through the subject of creative engineering design as a required subject for the accredited engineering program. After studying the preference and problems of design tasks for the students of engineering college, a new education development plan for design process was suggested, which uses the existing design tasks in which creativeness improvement class was focused through the completion of structures. This was through the completion of structures that 'operating the most simple operation with the most complex mechanical mechanism', which uses Rube-Goldberg, the crystal of mechanical mechanism in the union of multi-disciplinary convergence curriculum.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.10d
• /
• pp.62-65
• /
• 2007

3GPP(3rd Generation Partnership Project) 주도의 유럽형 3세대 이동통신인 UMTS 시스템에서 제공하는 멀티미디어 방송 서비스(Multimedia Broadcast/Multicast Service)는 무선 네트워크상에서 동일한 정보를 하나의 링크를 통해 다수의 사용자에게 제공하는 point-to-multipoint 서비스이다. 콘텐츠가 무료로 제공되면 임의의 사용자들이 콘텐츠가 제공되는 채널에 액세스할 수 있다. 그러나 채널 액세스가 가입(subscription)기반이면, 가입하지 않은 사용자들은 콘텐츠를 이용할 수 없어야 한다. 이를 위해 사용자를 인증하고 안전한 방법으로 콘텐츠를 전송할 수 있는 보안 서비스가 필요하다. 본 논문은 MBMS의 전반적인 개요를 설명하여 앞으로 논의될 내용인 MBMS 보안구조에 대한 배경지식을 제공한다. 또한 브로드캐스트와 멀티캐스트 모드 각각에 대한 MBMS 구조를 설명하고, 멀티캐스트 모드에서의 보안 기능과 키관리 기법, 콘텐츠 보호 기술에 대해 상세히 분석한다.

• The KIPS Transactions:PartC
• /
• v.9C no.3
• /
• pp.367-374
• /
• 2002

IPsec offers not odd Internet security service such as Internet secure communication and authentication but also the safe key exchange and anti-replay attack mechanism. Recently IPsec is implemented on the various operating systems. But there is no existing tool that checks the servers, which provide IPsec services, work properly and provide their network security services well. In this paper, we design and implement the rule based security evaluation system for IPsec engine. This system operated on Windows and UNX platform. We developed the system using Java and C language.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.7B
• /
• pp.403-410
• /
• 2007

Neighbor Discovery (ND) protocol was proposed to discover neighboring hosts and routers in IPv6 wire/wireless local networks. ND protocol, however, has a problem that it is vulnerable to network attacks because ND protocol allows malicious users to impersonate other legitimate hosts or routers by forging ND protocol messages. To address the security problem, Secure Neighbor Discovery (SEND) protocol was proposed. SEND protocol provides address ownership proof mechanism, ND protocol message protection mechanism, reply attack prevention mechanism, and router authentication mechanism to protect ND protocol. In this paper, we design and implement SEND protocol in IPv6 local networks. And also, we evaluate and analyze the security vulnerability and performance of SEND protocol by experimenting the implemented SEND protocol on IPv6 networks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1103-1106
• /
• 2005

IPv4 프로토콜의 주소 고갈 문제를 해결하기 위하여 IPv6 프로토콜이 제안되었고 한국전산원의 발표에 의하면 2010년 이후에는 IPv6 프로토콜이 광범위하게 사용될 것이라고 한다. 이러한 IPv6 프로토콜은 IPv4 프로토콜의 단점들을 해결하기 위하여 ND(Neighbor Discovery) 메커니즘, 주소자동설정, IPsec 등의 기술을 지원하며, 특히 IPv6 프로토콜은 보안 문제를 해결하기 위해서 인증, 데이터 무결성 보호를 위한 IPsec 기술을 사용한다. 이러한 IPsec 기술은 패킷 정보를 보호하기 위한 목적으로 사용되기 때문에 불특정 다수의 사용자를 대상으로 하는 네트워크에 행해지는 분산 서비스 거부 공격과 같은 비정상 대용량 트래픽에 대한 탐지 및 차단에 어려움이 있다. 현재 IPv6 프로토콜을 지원하는 네트워크 공격 대응 기술로 IPv6 네트워크용 방화벽/침입탐지 시스템이 개발되어 제품으로 판매되고 있지만, 대용량의 비정상 트래픽 대응 기술을 탐지하고 차단하기에는 한계가 있다. 본 논문에서는 IPv6 네트워크 환경에서 이러한 대용량의 비정상 트래픽을 제어할 수 있는 프레임워크를 제시한다.