• The Journal of the Korea Contents Association
• /
• v.11 no.12
• /
• pp.88-93
• /
• 2011

Due to vulnerable authentication scheme of SIP, intruders can easily impersonate legitimate user. HTTP Digest authentication scheme or private key issued by trust third parties has been used to prevent impersonation attack. However, these methods have suffered security vulnerability or service delay due to computation overhead. In this paper, we propose new authentication method to generate automatically one-time password using the pre-shared password and time information of messages exchanged between SIP UA(User Agent) and SIP Registrar. This method protects against impersonation attack without significant modification of exiting SIP authentication procedure to build securer SIP environment.

• Journal of Information Processing Systems
• /
• v.3 no.2
• /
• pp.82-88
• /
• 2007

Web services are the new building block of today's Internet, and provides interoperability among heterogeneous distributed systems. Recently in web services environment, security has become one of the most critical issues. The hackers attack one of fragile point and can misuse legitimate user privilege because all of the connected devices provide services for the user control and monitoring in real time. Also, the users of web services must temporarily delegate some or all of their rights to agents in order to perform actions on their behalf. This fact risks the exposure of user privacy information. In this paper, we propose secure delegation model based on SAML that provides confidentiality and integrity about the user information in distributed systems. In order to support privacy protection, service confidentiality, and assertion integrity, encryption and a digital signature mechanism is deployed. We build web service management server based on XACML, in order to manage services and policies of web service providers.

• Proceedings of the IEEK Conference
• /
• 2002.07b
• /
• pp.1331-1334
• /
• 2002

Micropayment is an electronic payment system for small value transaction. It needs to use a little amount of resources, such as communication and computation due to its small value. In other words, the processing cost for the micropayment must be less than the value of the payment. Several kinds of transactions are suitable for micropayment, eg. the purchasing of train tickets or digital newspapers. Since micropayment systems are designed for small-amount payment the key factor for any micropayment system design is believed to be the minimization of resource consumption without compromising the standard security. In this paper, we propose an adaptive agent approach to credit-based micropayment system, which employs the concept of dynamic balancing between the resource consumption and the risk in the system. As a result of the dynamic balancing, our system not only solves the problem of global overspending but also uses fewer amount of resources than existing approaches. Our approach limits the amount of money spent by untrusted customers to all merchants. Thus, our approach provides a boundary of the global overspending. In addition, for trusted customers, our approach requires less scale of communication for verifying authorizations than all existing approaches.

• Journal of Electrical Engineering and Technology
• /
• v.13 no.5
• /
• pp.2086-2098
• /
• 2018

Security plays a vital role and is the key challenge in Mobile Ad-hoc Networks (MANET). Infrastructure-less nature of MANET makes it arduous to envisage the genre of topology. Due to its inexhaustible access, information disseminated by roaming nodes to other nodes is susceptible to many hazardous attacks. Intrusion Detection and Prevention System (IDPS) is undoubtedly a defense structure to address threats in MANET. Many IDPS methods have been developed to ascertain the exceptional behavior in these networks. Key issue in such IDPS is lack of fast self-organized learning engine that facilitates comprehensive situation awareness for optimum decision making. Proposed "Intelligent Behavioral Hybridized Intrusion Detection and Prevention System (IBH_IDPS)" is built with computational intelligence to detect complex multistage attacks making the system robust and reliable. The System comprises of an Intelligent Client Agent and a Smart Server empowered with fuzzy inference rule-based service engine to ensure confidentiality and integrity of network. Distributed Intelligent Client Agents incorporated with centralized Smart Server makes it capable of analyzing and categorizing unethical incidents appropriately through unsupervised learning mechanism. Experimental analysis proves the proposed model is highly attack resistant, reliable and secure on devices and shows promising gains with assured delivery ratio, low end-to-end delay compared to existing approach.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.5
• /
• pp.1871-1890
• /
• 2021

The transition toward a contactless society has been rapidly progressing owing to the recent COVID-19 pandemic. As a result, the IT environment of organizations and enterprises is changing rapidly; in particular, data security is expanding to the private sector. To adapt to these changes, organizations and companies have started to securely transfer confidential data to residential PCs and personally owned devices of employees working from home or from other locations. Therefore, organizations and companies are introducing streaming data services, such as the virtual desktop infrastructure (VDI) or cloud services, to securely connect internal and external networks. These methods have the advantage of providing data without the need to download to a third terminal; however, while the data are being streamed, attacks such as screen shooting or capturing are performed. Therefore, there is an increasing interest in prevention techniques against screen capture threats that may occur in a contactless environment. In this study, we analyze possible screen capture methods in a PC and a mobile phone environment and present techniques that can protect the screens against specific attack methods. The detection and defense for screen capture of PC applications on Windows OS and Mac OS could be solved with a single agent using our proposed techniques. Screen capture of mobile devices can be prevented by applying our proposed techniques on Android and iOS.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.5
• /
• pp.1516-1539
• /
• 2022

This article shows a set of physical information fusion IoT systems that we designed for smart buildings. Its essence is a computer system that combines physical quantities in buildings with quantitative analysis and control. In the part of the Internet of Things, its mechanism is controlled by a monitoring system based on sensor networks and computer-based algorithms. Based on the design idea of the agent, we have realized human-machine interaction (HMI) and machine-machine interaction (MMI). Among them, HMI is realized through human-machine interaction, while MMI is realized through embedded computing, sensors, controllers, and execution. Device and wireless communication network. This article mainly focuses on the function of wireless sensor networks and MMI in environmental monitoring. This function plays a fundamental role in building security, environmental control, HVAC, and other smart building control systems. The article not only discusses various network applications and their implementation based on agent design but also demonstrates our collaborative information fusion strategy. This strategy can provide a stable incentive method for the system through collaborative information fusion when the sensor system is unstable in the physical measurements, thereby preventing system jitter and unstable response caused by uncertain disturbances and environmental factors. This article also gives the results of the system test. The results show that through the CPS interaction of HMI and MMI, the intelligent building IoT system can achieve comprehensive monitoring, thereby providing support and expansion for advanced automation management.

• Convergence Security Journal
• /
• v.4 no.3
• /
• pp.47-55
• /
• 2004

Currently used to manage a whole bunch of networks is the Client/Server Network Management Technique in which a central manager system supports a number of managed ones. Unfortunately it has a big drawback: wasting network resources, most of all bandwidth, which is mainly caused by too much traffic between the central manager system and the managed ones. In a way to overcome this weak point, we have designed a new type of system, a Configuration Management System (CMS), based on code mobility which has been used in distributed network management systems. In this thesis we have compared the CMS with the currently used network management system, identified class to make Mobile Code, and analyzed the techniques of other network management systems in order to verify the validity of the new system.

• Proceedings of the KAIS Fall Conference
• /
• 2007.05a
• /
• pp.203-207
• /
• 2007

NEMO 기본 지원 (NEMO-BS, NEMO Basic Support) 프로토콜에서 MNN(Mobile Network Node)가 CN(Correspondent Node) 과 통신을 하기 위해서는 항상 MR(Mobile Router)과 HA(Home Agent) 사이의 양방향 터널을 이용해야 한다. 그러나 NEMO-BS 방식은 노드 간 데이터 전송 지연과 부분 구간에 대한 공격 가능성이 존재한다. 따라서 본 논문에서는 NEMO를 위한 인증된 경로 최적화(ATRO) 프로토콜을 제안한다. MR은 홈 링크로부터 멀어졌다고 판단되면 MNN으로부터 위임 권한을 얻기 위해 권한 위임 프로토콜을 수행한다. 그런 후에 MR과 CN은 공개키 암호 방식을 이용하여 자신의 의탁주소(CoA, Care-of Address)를 MNN의 홈 주소(HoA, Home-of Address)와 매핑하기 위한 등록 과정을 수행한다. 이때 각 노드의 주소 소유권 증명을 위해 암호학적으로 생성한 주소(CGA, Cryptographically Generated Address)를 이용한다. 성능분석에서는 구간별 안전성과 종단간 패킷 전송 지연 시간을 통해 프로토콜을 분석한다.

• The Journal of Society for e-Business Studies
• /
• v.12 no.4
• /
• pp.29-36
• /
• 2007

Recently, Jaiswal et al. proposed a protocol to improve the multi-agent negotiation test-bed which was proposed by Collins et al. Using publish/subscribe system, time-release cryptography and anonymous communication, their protocol gives an improvement on the old one. However, it is shown that the protocol also has some security weaknesses: such as replay data attack and DOS (denial-of-service) attack, anonymity disclosure, collusion between customers and a certain supplier. So proposed protocol reduces DOS attack and avoids replay data attack by providing ticket token and deal sequence number to the supplier. And it is proved that the way that market generates random number to the supplier is better than the supplier do by himself in guaranteeing anonymity. Market publishes interpolating polynomial for sharing the determination process data. It avoids collusion between customer and a certain supplie

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.1
• /
• pp.37-43
• /
• 2003

The growing Internet business has required the acceleration of the development of security components. There are many different kinds of security components that have been developed in accordance with the appearance of various logs. Therefore, it is important that after the logs are collected they become integrated and need to Once the data from the logs have been collected form the IDS/Firewall/Router logs. It needs to be analyzed and formatted for standardization. This paper suggests designs that the log analyzation system could use in analyzing, detecting, and preventing intrusion in the various systems. Once the data has been analyzed it would be possible to Prevent further intrusion as well as trace the intrusion back to the source.