• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.607-614
• /
• 2009

Recently, Lu et al. proposed an efficient conditional privacy preservation protocol, named ECPP, based on group signature scheme for generating anonymous certificates from roadside units (RSUs). However, ECPP does not provide unlinkability and traceability when multiple RSUs are compromised. In this paper, we make up for the limitations and propose a robust and efficient anonymous authentication protocol without loss of efficiency as compared with ECPP. Furthermore, in the proposed protocol, RSUs can issue multiple anonymous certificates to an OBU to alleviate system overheads for mutual authentication between OBUs and RSUs. In order to achieve these goals, we consider a universal re-encryption scheme and identity-based key establishment scheme as our building blocks. Several simulations are conducted to verify the efficiency and effectiveness of the proposed protocol by comparing with those of the existing ECPP.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06d
• /
• pp.363-365
• /
• 2012

최근 빠르게 확산되고 있는 소셜 네트워크 서비스(Social Network Service)는 사용자의 인맥을 관리하며 새로운 인맥을 형성하는 것을 목표로 한다. 또한 사용자들이 자신의 관심사에 관한 지식이나 정보를 공개함으로써 정보의 효율성을 높이고 다른 사용자들에게 정보를 전파한다. 하지만 현재의 소셜 네트워크 서비스는 새로운 인맥을 형성하는 것보다 실제 사회에서의 인맥을 가상의 공간에서도 유지하고 관리하여 실제로 만나지 않더라도 관계를 유지할 수 있도록 하는 용도로 사용되어 소셜 네트워크의 목표를 달성하지 못하고 있다. 하지만 특정한 공간의 동일한 관심사를 가진 사람들 간의 제한적 정보 공유는 소셜 네트워의 단점을 보안하고 궁극적 목표를 달성할 수 있다. 또한 특정 관심사를 기반으로 그룹을 생성함으로써 정보의 신뢰도를 높이며 새로운 인맥을 형성에도 효과적 일 것이다. 하지만 이러한 네트워크는 모바일 환경의 특징으로 인해 빠르게 변화할 수 있으며 위치를 기반으로 특정 공간의 다른 사용자들과 통신함으로 완전히 새로운 인맥을 형성하게 된다. 그러므로 안전하게 신뢰관계를 구축하기위해 사용자의 평판 관리가 필요하다. 본 논문에서는 소셜 네트워크에서 동일한 관심사를 가진 폐쇄적 정보공유에서의 악의적 노드의 고립을 위한 평판 메커니즘을 제안한다.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.53-58
• /
• 2014

MANET can quickly build a network because it is configured with only the mobile node and it is very popular today due to its various application range. However, MANET should solve vulnerable security problem that dynamic topology, limited resources of each nodes, and wireless communication by the frequent movement of nodes have. In this paper, we propose a domain-based distributed cooperative intrusion detection techniques that can perform accurate intrusion detection by reducing overhead. In the proposed intrusion detection techniques, the local detection and global detection is performed after network is divided into certain size. The local detection performs on all the nodes to detect abnormal behavior of the nodes and the global detection performs signature-based attack detection on gateway node. Signature DB managed by the gateway node accomplishes periodic update by configuring neighboring gateway node and honeynet and maintains the reliability of nodes in the domain by the trust management module. The excellent performance is confirmed through comparative experiments of a multi-layer cluster technique and proposed technique in order to confirm intrusion detection performance of the proposed technique.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.13-19
• /
• 2019

MANET has many security vulnerabilities because it consists of only mobile nodes using wireless. In particular, it is a very important factor determining network performance that excludes the participation of malicious nodes through accurate reliability measurements and authentication of nodes participating in the network. In this paper, we proposed a technique applied with blockchain technology in order to prevent forgery of authentication information for nodes participating in the network. And, an area-based hierarchical structure was applied to increase the efficiency of authentication for nodes and apply the optimal technique of block generation and exchange protocol. In addition, four data payloads were added to the block header in order to add authentication information for nodes in block. To improve the reliability by applying the blockchain technique to the hop-by-hop data transfer method between mobile nodes, blockchain exchange protocol through transaction creation, block packaging and verification processes were implemented. We performed the comparative experiment with the existing methods to evaluate the performance of the proposed method and confirmed the excellent performance by the experiment results.

• Journal of Information Processing Systems
• /
• v.10 no.1
• /
• pp.103-118
• /
• 2014

Over the last couple of years, traditional VANET (Vehicular Ad Hoc NETwork) evolved into VANET-based clouds. From the VANET standpoint, applications became richer by virtue of the boom in automotive telematics and infotainment technologies. Nevertheless, the research community and industries are concerned about the under-utilization of rich computation, communication, and storage resources in middle and high-end vehicles. This phenomenon became the driving force for the birth of VANET-based clouds. In this paper, we envision a novel application layer of VANET-based clouds based on the cooperation of the moving cars on the road, called CaaS (Cooperation as a Service). CaaS is divided into TIaaS (Traffic Information as a Service), WaaS (Warning as a Service), and IfaaS (Infotainment as a Service). Note, however, that this work focuses only on TIaaS and WaaS. TIaaS provides vehicular nodes, more precisely subscribers, with the fine-grained traffic information constructed by CDM (Cloud Decision Module) as a result of the cooperation of the vehicles on the roads in the form of mobility vectors. On the other hand, WaaS provides subscribers with potential warning messages in case of hazard situations on the road. Communication between the cloud infrastructure and the vehicles is done through GTs (Gateway Terminals), whereas GTs are physically realized through RSUs (Road-Side Units) and vehicles with 4G Internet access. These GTs forward the coarse-grained cooperation from vehicles to cloud and fine-grained traffic information and warnings from cloud to vehicles (subscribers) in a secure, privacy-aware fashion. In our proposed scheme, privacy is conditionally preserved wherein the location and the identity of the cooperators are preserved by leveraging the modified location-based encryption and, in case of any dispute, the node is subject to revocation. To the best of our knowledge, our proposed scheme is the first effort to offshore the extended traffic view construction function and warning messages dissemination function to the cloud.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.75-87
• /
• 2010

Secure communication has been one of the main challenges in vehicular ad hoc networks(VANET) since broadcast messages from nearby vehicles contain life-critical information for drivers and passengers. So far various secure communication schemes have been proposed to secure the communication in VANET, and they satisfy most security requirements. However most of them need to put trust on roadside units(RSUs), which are usually deployed in unattended area and vulnerable to compromise. In this paper, we propose a secure communication scheme, which does not need to put trust on RSUs. And we adopt a grouping technique to averagely divide the huge burden in the server without jeopardizing the anonymity of users. Moreover we design a complete set of protocols to satisfy common security requirements with a relatively lower hardware requirement. At last, we evaluate the scheme with respect to security requirements, communication overhead, storage overhead and network performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.93-103
• /
• 2009

Since message forgery or alteration in VANET may cause severe consequences, authentication of critical messages must be provided. However, using normal digital signature may infringe privacy of drivers. Therefore, VANET requires authentication systems that provide conditional anonymity. In this paper, we propose a new authentication system for VANET. In our proposed system, each vehicle can update its pseudonym using re-encryption technique and digitally sign messages using representation problem on the pseudonym. By limiting the usage period, revocation of individual pseudonym is not required. Moreover, we also provide a way to revoke the vehicle itself. Secureness of our system partially rely on the usage of tamper-resistance hardware.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.53-62
• /
• 2010

In VANETs (Vehicular Ad hoc NETwork), conditional anonymity must be provided to protect privacy of vehicles while enabling authorities to identify misbehaving vehicles. To this end, previous systems provide a mechanism to revoke the anonymity of individual messages. In VANET, if we can trace the movement path of vehicles, it can be useful in determining the liability of vehicles in car accidents and crime investigations. Although route tracing can be provided using previous message revocation techniques, they violate privacy of other vehicles. In this paper, we provide a route tracing technique that protects privacy of vehicles that are not targeted. The proposed method can be employed independently of the authentication mechanism used and includes a mechanism to prevent authorities from abusing this new function.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.87-92
• /
• 2017

MANET is a network composed itself because mobile nodes are connected wirelessly. It has been applied to various fields for group communication. However, the dynamic topology by the movement of the nodes causes routing failure frequently because it is difficult to maintain the position information of the nodes participating in the group communication. Also, it has a problem that network performance is decreased due to high overhead for managing information of member nodes. In this paper, we propose a multicast technique using location-based 2-tier virtual group that is flexible and reliable in management of member nodes. The network is composed of cellular zones and the virtual group is constructed using the location information of the nodes in the proposed technique. The virtual group management node is selected to minimize the overhead of location information management for member nodes in the virtual group. In order to improve the reliability for management of member nodes and multicast data transmission, it excludes the gateway node with low transfer rate when setting the route after the packet transmission rate of the member nodes is measured. The excellent performance of the proposed technique can be confirmed through comparative experiments with AMroute method and PAST-DM method.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.195-202
• /
• 2008

In this paper, To improve the effectiveness of security enforcement, the first contribution in this work is that we present a clustered heterogeneous WSN(Wareless Sensor Network) architecture, composed of not only resource constrained sensor nodes, but also a number of more powerful high-end devices acting as cluster heads. Compared to sensor nodes, a high-end cluster head has higher computation capability, larger storage, longer power supply, and longer radio transmission range, and it thus does not suffer from the resource scarceness problem as much as a sensor node does. A distinct feature of our heterogeneous architecture is that cluster heads are equipped with TC(trusted computing) technology, and in particular a TCG(Trusted Computing Group) compliant TPM (Trusted Platform Module) is embedded into each cluster head. According the TCG specifications, TPM is a tamper-resistant, self-contained secure coprocessor, capable of performing cryptographic functions. A TPM attached to a host establishes a trusted computing platform that provides sealed storage, and measures and reports the integrity state of the platform.