• The KIPS Transactions:PartC
• /
• v.9C no.3
• /
• pp.367-374
• /
• 2002

IPsec offers not odd Internet security service such as Internet secure communication and authentication but also the safe key exchange and anti-replay attack mechanism. Recently IPsec is implemented on the various operating systems. But there is no existing tool that checks the servers, which provide IPsec services, work properly and provide their network security services well. In this paper, we design and implement the rule based security evaluation system for IPsec engine. This system operated on Windows and UNX platform. We developed the system using Java and C language.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.139-150
• /
• 2009

Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two clients attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients trying to establish a secret key are registered with different authentication servers. In fact, the recent protocol by Yeh and Sun seems to be the only password authenticated key exchange protocol in the four-party setting. But, the Yeh-Sun protocol adopts the so called "hybrid model", in which each client needs not only to remember a password shared with the server but also to store and manage the server's public key. In some sense, this hybrid approach obviates the reason for considering password authenticated protocols in the first place; it is difficult for humans to securely manage long cryptographic keys. In this work, we introduce a key agreement protocol and a key distribution protocol, respectively, that requires each client only to remember a password shared with its authentication server.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.10B
• /
• pp.916-926
• /
• 2003

The encryption of packets increases delay and delay jitter that may degrade the quality of service (QoS) in real-time communications. So, we analyzed the delay jitter, delay, and interval delay between consecutive packets which were encrypted by the DES, 3DES, SEED and AES algorithms in this study. The interval delay and jitter of three algorithms such as the DES, SEED, AES were similar to the results of no encryption. But in the case of 3DES, the encryption of packets increases the variance of interval delay and jitter in comparison with other algorithms. we also analyzed properties of security and an efficiency of RTP security between SRTP and H.235.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.41-49
• /
• 2007

USIM(UMTS Subscriber Identity Module) technology that accept 3GPP(3rd Generation Partnership Project) standards for information security supports security function in 3GPP. Supported security functions of USIM are confidentiality of user identity, mutual authentication and key agreement between end user and network, confidentiality of user data and data integrity. It is very important technology in wireless network. It makes secure environment that user and service provider can use securely mobile service in network. In this paper, design and implementation USIM security module that supports common network access method and authentication protocol in 3GPP and WLAN(Wireless LAN) and AAA (3A-Authentication Authorization Accounting) server system based RADIUS.

• Annual Conference of KIPS
• /
• 2010.11a
• /
• pp.1241-1244
• /
• 2010

인간의 가장 큰 욕구인 편의와 안전을 위해 우리의 곁에서 떨어질 수 없는 것이 차량이다. 그러므로 차량을 이용하면서 겪게 되는 안전과 편의 또한 떼어놓을 수 없는 문제 중에 하나다. 그 편의와 안전을 위해 VANET이 활발히 개발 중이다. VANET은 차량에서 사용되는 근거리/중거리 통신용 무선 프로토콜로써 차량 간 통신인 V2V, 차량과 네트워크 기반구조 간의 통신인 V2I를 지원하는 네트워크로써 다양한 서비스를 제공한다. 이에 학문적, 상업적으로 많은 관심을 받고 있다. 그러나 네트워크 기반의 기술인만큼 사용자의 프라이버시 침해가 큰 문제로 대두되고 있다. 이 중에서도 사용자의 익명성, 추적성, 객체인증에 관한 Location Privacy는 개발과정에서 큰 걸림돌이 되고 있다. 이에 본 논문에서는 VANET에서의 Location Privacy 보호에 대한 기술들의 개략적인 내용을 서술하고, 장단점을 분석하였다. Location Privacy 보호를 위한 기술에는 해쉬통합을 이용한 보호기술, MAC-체인을 이용한 보호기술, 그리고 세션 키 교환을 이용한 보호기술이 있다. 세 가지 기술 중에서 MAC-체인을 이용한 기술이 Location Privacy 보호에 가장 적합하다.

• Annual Conference of KIPS
• /
• 2011.04a
• /
• pp.927-930
• /
• 2011

위성이나 케이블을 통해서 이루어지던 유료 방송 서비스가 최근에는 IPTV 라는 이름 아래 인터넷을 통해서 이루어지고 있다. IP 네트워크를 통해 콘텐츠가 전송되면서 네트워크의 대역폭을 효율적으로 사용하기 위해 멀티캐스트를 통해 이루어진다. 멀티캐스트는 IP 환경에서 동일한 내용의 데이터를 여러명의 특정한 그룹의 수신자에게 동시에 전송하는 것을 말하며, 이때 그룹을 관리하기 위해 인터넷 그룹 관리 프로토콜(Internet Group Management Protocol, IGMP)이 사용된다. IGMP에는 접근제어와 같은 보안 기능을 제공하지 않고 있으며, IPTV와 같은 유료 방송 서비스에서는 멀티캐스트를 통해 전송 되는 콘텐츠를 보호하기위해 접근제어시스템(Conditional Access System, CAS)을 사용한다. 그러나 CAS를 통해 콘텐츠를 보호 하더라도, IGMP에는 보안 기능이 없다는 근본적인 문제에 의해 사용자의 TV 시청을 방해할 수 있다는 가능성이 남아있다. 본 논문에서는 이러한 문제를 해결하기 위해 CAS가 운영되면서 교환된 키를 사용해 IGMP메시지에 보안기능을 추가한 기법을 제안한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2014-2020
• /
• 2016

In general, automatic access control management system using smart door-lock must be always exposed to security vulnerability during wireless communication based on Bluetooth. In particular, important information such as a secrete key can be exposed to the attacker when the authentication protocol has been operating in the wireless section. Therefore important information exchanged in the radio section needs to be properly encrypted. In order to analyze security vulnerability for automatic access control management system of public facilities such as subway vent, GNU Radio platform and HackRF device will be considered and experimented. Proposed experimental system to perform software based power analysis attack could be very effectively applied. As a result, important information such as packet type, CRC, length of data, and data value can be easily decoded from wireless packet obtained from HackRF device on GNU Radio platform. Constructed experimental system will be applied to avoid some security problems.

• The KIPS Transactions:PartC
• /
• v.18C no.5
• /
• pp.327-330
• /
• 2011

After releasing the smart phone equipping the strong computational capability compared to traditional mobil phone, a field of services, which is available on the personal computers, is expanded to smart phone. The development of technology reduces the limited service utilization on time and space but it has a venerability exposing an information to malicious user. Especially we need to more attention when using the financial services which communicate the user's private information. To solve the security problem, OTP(One Time Pad), which uses a private key for a session, is recommended. OTP techniques in smart phone having focused on traditional environments have been proposed and implemented. However, security over mobile environments is more vulnerable to attack and has restriction on resources than traditional system. For this reason, definition of proper conceptual OTP on smart phone is required. In the paper, we present the L-OTP(Location-OTP) protocol, using T-OTP(Time One Time Pad) technique with location information. Proposal generates the OTP using unique location information which is obtained in smart phone.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.6
• /
• pp.1194-1203
• /
• 2004

The RR protocole, proposed in IETF mip6 WG and standardized by RFC 3775 at lune 2004, send a message 'Binding Update' that express MN's location information to CN safety and update location information. Standard RR protocole has some problems with initiating the protocol by the MN; it causes to increases in communication load in the home network, to increases communication delay between MN and CN. Also, is connoting vulnerability to against attacker who are on the path between CN and HA in security aspect. This paper proposes doing to delegate MN's location information update rights by HA new location information update method. That is, When update MN's location information to HA, Using MN's private key signed location information certificate use and this certificate using method that HA uses MN's location information at update to CN be. It decreases the route optimization overhead by reducing the number of messages as well as the using location information update time. Also, remove security weakness about against attacker who are on the path between CN and HA.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.5 s.37
• /
• pp.161-170
• /
• 2005

The Certificate Revocation List(CRL) or the Online Certificate Status Protocol(OCSP)has been used to validate certificates. However, the CRL cannot validate certificates in realtime because of the Time-Gap problem and the OCSP server overloads in a large scale secure system. In addition, the client cannot access a wired LAN until the client has been authenticated by the authentication server on the IEEE 802. 1x framework. Therefore, the client cannot validate the authentication server's certificate using a certificate validation server. Thus, the client cannot authenticate the authentication server in realtime. To solve these problems this paper designed a secure system that can protect the content of communications and authenticate users in realtime on a wireless LAN The designed certificate validation protocol was proved that the stability and efficiency of the system was very high, the result of the validation had the presence, the speed of the validation was not affected by the system scale, the number of authorities user must trust was reduced to one, and the overload of the validation server was Protected. And the designed user authentication and key exchange protocols were Proved that the mutual authentication was possible in realtime and the fact of the authentication could be authorized by the CA because of using the authorized certificates.