• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.4 s.346
• /
• pp.13-21
• /
• 2006

An mobile ad hoc network(MANET) is a collection of wireless computers (nodes), communicating among themselves over multi-hop paths, without the help of any infrastructure such as base stations or access points. Prior research in MANET has generally studied the routing problem in a non-adversarial setting, assuming a trusted environment. In this paper, we design and evaluate the Secure Zone Routing Protocol(T-ZRP), a secure ad hoc network routing protocol is based on the design of the hash chain. In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and don't use asymmetric cryptographic operations in the protocol. Proposed algorithm can safely send to data through authentication mechanism and integrity about routing establishment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.5
• /
• pp.957-962
• /
• 2016

Current terrestrial Digital Multimedia Broadcasting (T-DMB) is conducting the emergency alert broadcast, or can view a variety of broadcasting. However, propagation shadow area is a situation where the service is limited due to limitations of facilities investment. In addition, there is the problem of T-DMB broadcasting is for viewing only a restricted area and a mobile device because the mobile is also T-DMB viewing device impossible. In this paper, it receives a T-DMB broadcasting as a way to solve the problems of the T-DMB system, which was studied the re transmission to the mobile device. Accordingly, by receiving the broadcast may be watched in the mobile device the T-DMB reception impossible. Also provides a one-way/two-way authentication mechanism using a conditional access function, and the system was configured so that the user can watch only the registered broadcasting.

• The KIPS Transactions:PartC
• /
• v.11C no.2
• /
• pp.163-170
• /
• 2004

The additional mechanism Is required to set up a secure connection among the communication subjects in the internet environment. Each entity should transfer and receive the encrypted and hashed data to guarantee the data integrity. Also, the mutual authentication procedure should be processed using a secure communication protocol. The SSL/TLS is a protocol which creates the secure communication channel among the communication subjects and sends/receives a data. Although the OpenSSL which implements the TLS is using by many developers and its stability and performance are proved, it has a difficulty in using because of its large size. So, this Paper designs and implements the secure communication which the users can use easily by modification works of OpenSSL library API. We proved the real application results using the DRM client/server case which supports a secure communication using the implemented API.

• KIISE Transactions on Computing Practices
• /
• v.23 no.8
• /
• pp.504-509
• /
• 2017

Preserving the integrity of the booting process is important. Recent rootkit attacks and subverting OS attacks prove that any post-OS security mechanism can be easily circumvented if the booting process is not properly controlled. Using an actual case as an example, the hacker of the Se-jong government office simply bypassed the user's password authentication by compromising the normal booting process. This paper analyzes existing pre-OS protection using secure boot and measured boot, and proposes another bootloader that overcomes the limitations. The proposed bootloader not only guarantees the integrity of all the pre-OS binaries, bootloaders, and kernel, it also makes explicit records of integrity in the booting process to the external TPM device, so that we can track modifications of BIOS configurations or unintended booting process modifications.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.11
• /
• pp.6849-6855
• /
• 2014

Recently, with the increasing use of smart phones, security issues, such as safety and reliability of the use of the Android application has become a topic to provide services in various forms. An Android application is performed using several important files in the form of an apk file. On the other hand, they may be subject to unauthorized use, such as the loss of rights and privileges due to the insertion of malicious source code of these apk files. This paper examines the Android environment to study ways to define the threats related to the unauthorized use of the application source code, and based on the results of the analysis, to prevent unauthorized use of the application source code. In this paper, a system is provided using a third body to prevent and detect applications that have been counterfeited or forged illegally and installed on Android devices. The application provides services to existing systems that are configured with only the service server that provides users and applications general, This paper proposes the use of a trusted third party for user registration and to verify the integrity of the application, add an institution, and provide a safe application.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.7C
• /
• pp.985-996
• /
• 2004

In order to solve the increasing security problems, IDSs(Intrusion Detection System) have appeared. However, local IDSs have a limit to detect various intrusions in a large-scale network environment. So there are a lot of researches in progress which organize the elements of IDS in a distributed or hierarchical manner. In this paper, we design a integrated IDS which exchanges messages between them through the standardized message format (IDMEF) and communication protocol (IDXP). We also propose a policy profile for an effective control of IDSs, and employ the PKI mechanism for mutual authentication. We implement a prototype system for the proposed IDSs communicating with Snort and analyze its performance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2276-2291
• /
• 2017

Data protection of removable storage devices is an important issue in information security. Unfortunately, most existing data protection mechanisms are aimed at protecting computer platform which is not suitable for ultra-low-power devices. To protect the flash disk appropriately and efficiently, we propose a trust based USB flash disk, named UTrustDisk. The data protection technologies in UTrustDisk include data authentication protocol, data confidentiality protection and data leakage prevention. Usually, the data integrity protection scheme is the bottleneck in the whole system and we accelerate it by WH universal hash function and speculative caching. The speculative caching will cache the potential hot chunks for reducing the memory bandwidth pollution. We adopt the symmetric encryption algorithm to protect data confidentiality. Before mounting the UTrustDisk, we will run a trusted virtual domain based lightweight virtual machine for preventing information leakage. Besides, we prove formally that UTrustDisk can prevent sensitive data from leaking out. Experimental results show that our scheme's average writing throughput is 44.8% higher than that of NH scheme, and 316% higher than that of SHA-1 scheme. And the success rate of speculative caching mechanism is up to 94.5% since the access pattern is usually sequential.

• The KIPS Transactions:PartC
• /
• v.9C no.3
• /
• pp.313-322
• /
• 2002

In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Ggroup. Did to certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, acquire public key from DNS server by chain (CertPath) between realms by certification and Key exchange way that provide service between realms applying X.509, DS/BNS of PKINIT base. In order to provide regional services, Certification and key exchange between realms use Kerberos' symmetric method and Session connection used Directory service to connection X.509 is designed using an asymmetric method. Excluded random number ($K_{rand}$) generation and duplex encryption progress to confirm Client. A Design of Kerberos system that have effect and simplification of certification formality that reduce Overload on communication.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.5
• /
• pp.2427-2445
• /
• 2016

In contrast to traditional "store-and-forward" routing mechanisms, network coding offers an elegant solution for achieving maximum network throughput. The core idea is that intermediate network nodes linearly combine received data packets so that the destination nodes can decode original files from some authenticated packets. Although network coding has many advantages, especially in wireless sensor network and peer-to-peer network, the encoding mechanism of intermediate nodes also results in some additional security issues. For a powerful adversary who can control arbitrary number of malicious network nodes and can eavesdrop on the entire network, cryptographic signature schemes provide undeniable authentication mechanisms for network nodes. However, with the development of quantum technologies, some existing network coding signature schemes based on some traditional number-theoretic primitives vulnerable to quantum cryptanalysis. In this paper we first present an efficient network coding signature scheme in the standard model using lattice theory, which can be viewed as the most promising tool for designing post-quantum cryptographic protocols. In the security proof, we propose a new method for generating a random lattice and the corresponding trapdoor, which may be used in other cryptographic protocols. Our scheme has many advantages, such as supporting multi-source networks, low computational complexity and low communication overhead.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.2
• /
• pp.73-80
• /
• 2009

Security is critically important for ubiquitous sensor networks that are usually used for the military and serveillance in environments that are opened to attacks, such as, eavesdroping, replay attacks of abnormal messages, forgery of the messages to name a few. ZigBee has emerged as a strong contender for ubiquitous sensor networks. ZigBee is used for low data rate and low power wireless sensor network applications. To deploy ubiquitous sensor networks, the collected information requires protection from an adversary over the network in many cases. The security mechanism should be provided for collecting the information over the network. However, the ZigBee protocol has some security weaknesses. In this paper, these weaknesses are discussed and a method to improve security aspect of the ZigBee protocol is presented along with a comparison of the message complexity of the proposed security protocol with that of the current ZigBee protocol.