• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.11
• /
• pp.7541-7548
• /
• 2015

Wireless Sensor Networks is the technology which is used in explore role for military purposes, as well as various fields such as industrial equipment management, process management, and leverage available technologies by distributing node into various areas. but there are some limitations about energy, processing power, and memory storage capacity in wireless sensor networks environment, because of tiny hardware, so various routing protocols are proposed to overcome it. however existing routing protocols are very vulnerable in the intercommunication, because they focus on energy efficiency, and they can't use existing encryption for it, Because of sensor's limitations such like processing power and memory. Therefore, this paper propose mutual authentication scheme that prevent various security threats by using mutual authentication techniques and, Key generation and updating system as taking into account energy efficiency.

• The Journal of Society for e-Business Studies
• /
• v.8 no.3
• /
• pp.241-257
• /
• 2003

XML is a global standard for the Internet and e-business, and its use is growing in proportion to the spreading speed of e-Commerce. Thus, a policy for providing more safe security service for exchanging e-documents within e-Commerce is necessary. XKMS, one of XML security specification, defines the protocol for distributing and registering public keys for verifying electronic signatures and enciphering e-documents of e-Commerce applications with various and complicate functions. In this paper, we propose X-KISS service reference model and implement service component based on standard specification. Also describes the analysis and security of XML key information service for safe e-Commerce, paying attention to the features of XML based security service. This reference model supported include public key location by given identifier information, the binding of such keys to identifier information. The client service component controls the number of locate threads and validate threads to analyze the minimum requirements of real-time key retrievals. This service modeling offers the security construction guideline for future domestic e-business frameworks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.473-483
• /
• 2012

To achieve an entire end-to-end security, the classical authentication setting such that all participants have a same password is not practical since a password is not a common secret but a personal secret depending on an individual. Thus, an efficient client to client different password-based authenticated key agreement protocol (for short, EC2C-PAKA) has been suggested in the cross-realm setting. Very recently, however, a security weakness of the EC2C-PAKA protocol has been analyzed by Feng and Xu. They have claimed that the EC2C-PAKA protocol is insecure against a password impersonation attack. They also have presented an improved version of the EC2C-PAKA protocol. In this paper, we demonstrate that their claim on the insecurity of EC2C-PAKA protocol against a password impersonation attack is not valid. We show that the EC2C-PAKA protocol is still secure against the password impersonation attack. In addition, ironically, we show that the improved protocol by Feng and Xu is insecure against an impersonation attack such that a server holding password of Alice in realm A can impersonate Bob in realm B. We also discuss a countermeasure to prevent the attack.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.10
• /
• pp.1269-1284
• /
• 2001

The Secure Sockets Layer is a protocol for encryption TCP/IP traffic that provides confidentiality, authentication and data integrity. Also the SSL is intended to provide the widely applicable connection-oriented mechanism which is applicable for various application-layer, for Internet client/server communication security. SSL, designed by Netscape is supported by all clients' browsers and server supporting security services. Now the version of SSL is 3.0. The first official TLS vl.0 specification was released by IETF Transport Layer Security working group in January 1999. As the version of SSL has had upgraded, a lot of vulnerabilities were revealed. SSL and TLS generate the private key with parameters exchange method in handshake protocol, a lot of attacks may be caused on this exchange mechanism, also the same thing may be come about in record protocol. In this paper, we analyze SSL protocol, compare the difference between TLS and SSL protocol, and suggest what developers should pay attention to implementation.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.33-41
• /
• 2015

With rapid rise of virtualization technology from diverse types of cloud computing service, security problems such as data safety and reliability are the issues at stake. Since damage in virtualization layer of cloud service can cause damage on all host (user) tasks, Hypervisor that provides an environment for multiple virtual operating systems can be a target of attackers. This paper propose a security structure for protecting Hypervisor from hacking and malware infection.

• Annual Conference of KIPS
• /
• 2002.11b
• /
• pp.1067-1070
• /
• 2002

EAP(Extensible Authentication Protocol)[3]은 다양한 인증 방법을 제공하기 위한 표준 인증 메커니즘이다. EAP는 PPP[16], 802.1x[17] 등에서 사용되며, 실제 인증 능력을 가지는 TLS[2] 등과 같은 인증 프로토콜과 결합하여 사용된다. TLS(Transport Layer Security)는 두 peer 간에 전송계층에서 상호 인증, 무결성, 기밀성을 제공하기 위해 개발되었다. TLS 는 상호 인증을 위하여 공개키 기반 인증서를 사용한다. 그러나, 인증서를 사용하는 것은 대부분의 사용자들이 ID, password 기반의 응용에 익숙하다는 것을 생각하면 일반적인 인증 방법이 아님을 알 수 있다. 따라서, EAP-TLS와 같은 인증 방법 역시 그런 면에서 PPP 혹은 802.1x에서 사용하기에 부적합하다고 볼 수 있다. 본 논문에서는 패스워드 기반 인증 및 키교환 프레임웍을 TLS 에 적용하고 이를 다시 EAP 와 결합한다. 패스워드 기반 EAP-TLS 는 인증서에 관련된 복잡한 연산을 수행하지 않으면서도 안전성에 있어 수학적 증명을 가지며, PPP 혹은 802.1x 서비스를 받고자 하는 사용자가 인증서를 가질 필요가 없는 장점을 가지게 된다.

• Journal of Internet Computing and Services
• /
• v.23 no.3
• /
• pp.21-33
• /
• 2022

This paper is to suggest the secure secret sharing system in order to outstandingly reduce the damage caused by the leakage of the corporate secret. This research system is suggested as efficient P2P distributed system kept from the centrally controlled server scheme. Even the bitcoin circulation system is also based on P2P distribution scheme recenly. This research has designed the secure circulation of the secret shares produced by Threshold Shamir Secret Sharing scheme instead of the shares specified in the torrent file using the simple, highly scalable and fast transferring torrent P2P distribution structure and its protocol. In addition, this research has studied to apply both Shamir Threshold Secret Sharing scheme and the securely strong multiple user authentication based on Collaborative Threshold Autentication scheme. The secure transmission of secret data is protected as using the efficient symmetric encryption with the session secret key which is safely exchanged by the public key encryption. Also it is safer against the leakage because the secret key is effectively alive only for short lifetime like a session. Especially the characteristics of this proposed system is effectively to apply the threshold secret sharing scheme into efficient torrent P2P distributed system without modifying its architecture of the torrent system. In addition, this system guaranttes the confidentiality in distributing the secret file using the efficient symmetric encryption scheme, which the session key is securely exchanged using the public key encryption scheme. In this system, the devices to be taken out can be dynamically registered as an user. This scalability allows to apply the confidentiality and the authentication even to dynamically registerred users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.85-96
• /
• 2003

Wireless LAM in itself is vulnerable to eavesdropping and modification attack, and thus, IEEE 802.11i and IEEE 802. 1x/1aa have been defined to secure the wireless channel. These protocols accompanied by RADIUS and EAP-TLS provide users of wireless LAM with integrity and confidentiality services, and also they perform authentication and access control of wireless ports. In this paper, we suggest a method to implement accounting session using authentication session of IEEE 802. 1x and accounting state machine is designed with the accounting session. Also, we propose a key exchange mechanism to establish secure channel between stations and an access point. The mechanism is designed to be inter-operable with IEEE 802. 1aa.

• Proceedings of the IEEK Conference
• /
• 2000.06a
• /
• pp.221-224
• /
• 2000

In this paper, we introduce an efficient and security-enhanced re-authentication and key exchange protocol for IEEE 802.11 Wireless LANs using Re-authentication Period. We introduce a low computational complexity re-authentication and key exchange procedure that provides robustness in face of cryptographic attacks. This procedure accounts for the wireless media limitations, e.g. limited bandwidth and noise. We introduce the Re-authentication Period that reflects the frequency that the re-authentication procedure should be executed. We provide the user with suitable guidelines that will help in the determination of the re-authentication period.

• Annual Conference of KIPS
• /
• 2017.04a
• /
• pp.480-482
• /
• 2017

최근 무선 통신 기술과 센서 디바이스들의 발달로 센서 기반 IoT 환경이 다양한 분야에 활용되고 있다. 하지만, 센서 네트워크 환경을 구성하는 센서 노드는 대부분 소형 하드웨어로 구성되어 있어 메모리, 처리능력, 에너지 등에서 많은 제약사항을 가지고 있다. 또한, 이기종 센서간의 통신 절차도 필요하다. 따라서, 본 논문에서는 DisTance-Bounding 프로토콜과 해시 함수를 이용하여 센서 노드간 인증 및 키 교환을 경량화 기법을 제안한다. 제안하는 시스템은 숲이나 군사지역 등 사람이 접근하기 어려운 곳에 활용되는 센서 노드들의 배터리 수명을 향상시켜 효율적이고 지속적인 데이터 수집이 가능할 것으로 기대된다.