• The KIPS Transactions:PartC
• /
• v.16C no.3
• /
• pp.317-324
• /
• 2009

In this paper, a 4-way Handshake protocol in the IEEE 802.11i is analyzed in terms of both security and reliability. It is shown that the 4-way Handshake protocol breaks down under some conditions due to a MIC (message integrity code) failure, and a solution to fix it is proposed. It is also proposed that a new 2-way Handshake protocol which is more secure and efficient than the 4-way Handshake protocol.

• Review of KIISC
• /
• v.23 no.5
• /
• pp.36-45
• /
• 2013

TLS 프로토콜은 인터넷 보안에서 가장 널리 사용되는 핵심 기술로서, 핸드쉐이크(handshake) 프로토콜과 레코드 레이어(record layer) 프로토콜로 구성된다. 핸드쉐이크에서 형성된 키를 이용하여 레코드 레이어 프로토콜에서 데이터들에 대해 인증, 무결성, 기밀성과 같은 정보보호 서비스를 제공한다. 이와 같이, TLS 프로토콜은 키 공유라고 하는 고전적인 암호학 문제를 포함하고 있기 때문에, 암호학 연구자들에게 접근성이 매우 뛰어난 연구 주제가 되어 왔다. 이를 반영하듯, 최근에 암호학 분야의 최고 권위 있는 Crypto학회에 TLS 이론 연구에 관한 논문이 연속적인 주제로 게재되었다. 본 논문에서는 최근 Crypto학회 및 eprint에 올라온 TLS와 관련된 최신 연구 동향 및 결과를 분석하여, TLS 프로토콜의 안전성을 연구하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1307-1315
• /
• 2017

While the PSK mode of the DTLS is the most efficient in terms of the performance, it is not easy to pre-distribute and manage the symmetric key pairs as the number of sensor devices increases. On the other hand, both the RPK and certificate modes offer a convenient key management tool, but they do not guarantee a good computational performance. In this paper, the end-to-end security protocol suitable for the constrained devices is proposed, based on both the ECQV certificate and the PSK mode. Namely, the initial DTLS handshake is performed using the ECQV certificate, and the subsequent DTLS handshakes with the other CoAP servers in the same group are performed using the PSK mode for the purpose of reducing the overall computational load. Furthermore, a fine-grained access control for the CoAP client can be enforced to allow access to the limited number of CoAP servers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.417-429
• /
• 2019

WPA2-PSK uses a 4-way handshake protocol based on a shared secret to establish a secure session between a client and an AP. It has various security problems such as eavesdropping attacks and the secure session establishment process is inefficient because it requires multiple interactions between client and AP. The WPA3 standard has recently been proposed to solve the security problem of WPA2, but it is a small improvement using the same 4-way handshake methodology. OAuth 2.0 token authentication is widely used on the web, which can be used to keep an authenticated state of a client for a long time by using tokens issued to an authenticated client. In this paper, we apply the dual-token based randomized token authentication technology to the Wi-Fi security protocol to achieve an efficient Wi-Fi security protocol by dividing initial authentication and secure session establishment. Once a client is authenticated and equipped with dual tokens issued by AP, it can establish secure session using them quickly with one message exchange over a non-secure channel.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.07a
• /
• pp.204-206
• /
• 2015

본 논문에서는 원자력발전소와 같은 극한환경에서 사용할 수 있는 로봇 원격제어를 위한 데이터 송수신용 통신 모듈 구현의 제약 조건을 기술하고 이를 해결할 수 있는 방안을 제시한다. 원격제어는 오퍼레이터가 원격지 로봇의 다양한 환경 정보를 인식하면서 로봇 제어 명령을 전송하는 특성을 갖는다. 오퍼레이터와 원격지 로봇 사이에 지속적인 데이터 통신에 의해 제어를 수행하므로, 통신 속도와 통신 프로토콜에 따른 현재의 통신 상태 보장 방안도 필요하다. 네트워크 기반 통신에서는 물리적 환경에 의한 영향을 포함하여 TCP/IP 프로토콜의 경우 핸드쉐이크와 혼잡회피 알고리즘 등에 의한 논리적 통신 속도의 지터가 발생하므로, 로봇 원격제어 시 이 문제를 충분히 검토해야한다. 로봇 원격제어를 위해서는 TCP/IP는 물론 UDP와 같은 통신 프로토콜과 시리얼 통신 기반의 다양한 프로토콜을 적용할 수 있는데, 송수신 데이터의 종류에 따라 적절한 프로토콜을 적용해야하며 통신 라인의 연결 상태도 확인할 수 있어야 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.10b
• /
• pp.1165-1168
• /
• 2000

WAP은 무선환경에서 발견되는 저 대역폭, 높은 지연하에서 기존의 TCP/IP/HTTP/HTML을 최적화해서 적용하기 위한 일련의 프로토콜이다. WAP은 웹컨텐츠를 이동전화나 PDA등에서 받아 볼 수 있게 해준다. 그러나 WAP 게이트웨이가 컨텐츠제공자에게 속해있지 않다면 단대단 보안을 지원하지는 못한다. 본 논문은 ITLS를 제안하여 WAP 게이트웨이에서 평문의 메시지를 보지 못하게 한다. 기본원리는 웹서버의 보안 상대를 게이트웨이가 아닌 클라이언트로 변경하고, 클라이언트는 웹서버와 게이트웨이를 위해 두번 암호화하도록 하는 것이다. 즉 게이트웨이는 클라이언트로부터 수신한 암호문을 한번만 복호화하고 재암호화 없이 바로 웹서버에게 보내는 것이다. 반대방향도 유사한 형태이다. 이러한 기능을 제공하기 위해 WTLS 핸드쉐이크 프로토콜에 새로운 메시지 유형을 추가하고, 응용데이터 암호화 또는 복호화 규칙도 변경하였다.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.10
• /
• pp.1269-1284
• /
• 2001

The Secure Sockets Layer is a protocol for encryption TCP/IP traffic that provides confidentiality, authentication and data integrity. Also the SSL is intended to provide the widely applicable connection-oriented mechanism which is applicable for various application-layer, for Internet client/server communication security. SSL, designed by Netscape is supported by all clients' browsers and server supporting security services. Now the version of SSL is 3.0. The first official TLS vl.0 specification was released by IETF Transport Layer Security working group in January 1999. As the version of SSL has had upgraded, a lot of vulnerabilities were revealed. SSL and TLS generate the private key with parameters exchange method in handshake protocol, a lot of attacks may be caused on this exchange mechanism, also the same thing may be come about in record protocol. In this paper, we analyze SSL protocol, compare the difference between TLS and SSL protocol, and suggest what developers should pay attention to implementation.

• The Journal of the Korea Contents Association
• /
• v.10 no.3
• /
• pp.64-71
• /
• 2010

Recently, to achieve high performance of the processor, the cache is splits physically into two parts, one for instruction and one for data. This paper proposes an architecture of asynchronous instruction cache based on mixed-delay model that are DI(delay-insensitive) model for cache hit and Bundled delay model for cache miss. We synthesized the instruction cache at gate-level and constructed a test platform with 32-bit embedded processor EISC to evaluate performance. The cache communicates with the main memory and CPU using 4-phase hand-shake protocol. It has a 8-KB, 4-way set associative memory that employs Pseudo-LRU replacement algorithm. As the results, the designed cache shows 99% cache hit ratio and reduced latency to 68% tested on the platform with MI bench mark programs.

• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.169-185
• /
• 2017

Juliano Rizzo and Thai Duong, the authors of the BEAST attack [11, 12] on SSL, have proposed a new attack named CRIME [13] which is Compression Ratio Info-leak Made Easy. The CRIME exploits how data compression and encryption interact to discover secret information about the underlying encrypted data. Repeating this method allows an attacker to eventually decrypt the data and recover HTTP session cookies. This security weakness targets in SPDY and SSL/TLS compression. The attack becomes effective because the attacker is enable to choose different input data and observe the length of the encrypted data that comes out. Since Transport Layer Security (TLS) ensures integrity of data transmitted between two parties (server and client) and provides strong authentication for both parties, in the last few years, it has a wide range of attacks on SSL/TLS which have exploited various features in the TLS mechanism. In this paper, we will discuss about the CRIME and other versions of SSL/TLS attacks along with countermeasures, implementations. We also present direction for SSL/TLS attacks resistance in practice.