• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.5
• /
• pp.21-30
• /
• 2005

Recently, a mobile IPv6 binding update protocol using Address Based Keys (BU-ABK) was proposed. This protocol applies Address Based Keys (ABK), generated through identity-based cryptosystem, to enable strong authentication and secure key exchange without any global security infrastructure. However, because it cannot detect that public cryptographic parameters for ABKs are altered or forged, it is vulnerable to man-in-the-middle attacks and denial of service attacks. Furthermore, it has heavy burden of managing the public cryptographic parameters. In this paper, we show the weaknesses of BU-ABK and then propose an enhanced BU-ABK (EBU-ABK). Furthermore, we provide an optimization for mobile devices with constraint computational power. The comparison of EBU-ABK with BU-ABK shows that the enhanced protocol achieves strong security while not resulting in heavy computation overhead on a mobile node.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.856-858
• /
• 2013

The data which is sensed on USN(Ubiquitous Sensor Network) environment is concerned with personal privacy and the secret information of business, but it has more vulnerable characteristics, in contrast to common networks. In other words, USN has the vulnerabilities which is easily exposed to the attacks such as the eavesdropping of sensor information, the distribution of abnormal packets, the reuse of message, an forgery attack, and denial of service attacks. Therefore, the key is necessarily required for secure communication between sensor nodes. This paper proposes a KDPC(Key Distribution Protocol based on Cluster) using ECDH algorithm by considering the characteristics of sensor network. As a result, the KDPC can provide the safe USN environment by detecting the forgery data and preventing the exposure of sensing data.

• Journal of KIISE:Information Networking
• /
• v.36 no.3
• /
• pp.173-183
• /
• 2009

We present a real-time monitoring system for detecting anomalous network events using the entropy. The entropy accounts for the effects of disorder in the system. When an abnormal factor arises to agitate the current system the entropy must show an abrupt change. In this paper we deliberately model the Internet to measure the entropy. Packets flowing between these two networks may incur to sustain the current value. In the proposed system we keep track of the value of entropy in time to pinpoint the sudden changes in the value. The time-series data of entropy are transformed into the two-dimensional domains to help visually inspect the activities on the network. We examine the system using network traffic traces containing notorious worms and DoS attacks on the testbed. Furthermore, we compare our proposed system of time series forecasting method, such as EWMA, holt-winters, and PCA in terms of sensitive. The result suggests that our approach be able to detect anomalies with the fairly high accuracy. Our contributions are two folds: (1) highly sensitive detection of anomalies and (2) visualization of network activities to alert anomalies.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.2
• /
• pp.207-214
• /
• 2019

The speed of technological development is increasing, and high-performance digital devices are spreading. Wired digital devices such as PCs have been optimized for existing wired environments, but needs are shifting away from the constraints of space and space to smart work that enables efficient work anywhere and anytime. The Smart Work System security design is needed to secure integrity and availability in the face of various security threats including physical threats (lost, stolen, and damaged terminals), technical threats (data theft, DoS: denial of service), and unauthorized access outside the wired environment. In this study, we analyzed smart work network systems, wired / wireless link systems, and digital smart devices. We also studied cyber-attack analysis and cybersecurity design methods for a Smart Work wired system and a future wireless system. This study will be used as basic data for building a secure Smart Work system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.667-669
• /
• 2012

Traditional DDoS defence methods are performed at server side which was attacked. If servers detect DDoS attack, they use some methods for defending the attack such as increasing the bandwidth, bypassing the traffic, blocking the IP addresses or blocking the ports by the firewall. But as lots of people use smart-phones, it is possible a smart-phone to be a zombie and DDoS attack could be much more a huge and powerful forms than now. Victims are not only a server but also a host which becomes a zombie. While it performs DDoS attack, zombie smart-phone users have to pay the extra charge. After finish the attack, DDoS try to destroy hard drives of zombie hosts. Therefore the situation is changed rather than to defend DDoS server side only, we should protect a client side who needs to prevent DDoS attacks. In this paper, we study a defence method that we terminates a process which perform the attack, send the information to different hosts when a zombie PC or smart-phone perform DDoS attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2895-2921
• /
• 2018

Security has become one of the major concerns in mobile adhoc networks (MANETs). Data and voice communication amongst roaming battlefield entities (such as platoon of soldiers, inter-battlefield tanks and military aircrafts) served by MANETs throw several challenges. It requires complex securing strategy to address threats such as unauthorized network access, man in the middle attacks, denial of service etc., to provide highly reliable communication amongst the nodes. Intrusion Detection and Prevention System (IDPS) undoubtedly is a crucial ingredient to address these threats. IDPS in MANET is managed by Command Control Communication and Intelligence (C3I) system. It consists of networked computers in the tactical battle area that facilitates comprehensive situation awareness by the commanders for timely and optimum decision-making. Key issue in such IDPS mechanism is lack of Smart Learning Engine. We propose a novel behavioral based "Smart Multi-Instance Multi-Label Intrusion Detection and Prevention System (MIML-IDPS)" that follows a distributed and centralized architecture to support a Robust C3I System. This protocol is deployed in a virtually clustered non-uniform network topology with dynamic election of several virtual head nodes acting as a client Intrusion Detection agent connected to a centralized server IDPS located at Command and Control Center. Distributed virtual client nodes serve as the intelligent decision processing unit and centralized IDPS server act as a Smart MIML decision making unit. Simulation and experimental analysis shows the proposed protocol exhibits computational intelligence with counter attacks, efficient memory utilization, classification accuracy and decision convergence in securing C3I System in a Tactical Battlefield environment.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.7
• /
• pp.107-115
• /
• 2012

Recently, Li and Hwang scheme proposed a biometrics-based remote user authentication scheme using smart card. It is asserted that this scheme has very excellent benefits by the operation cost efficiency based on the smart card, one-way function and biometrics using random numbers. But this scheme cannot provide the properly authentication, especially, it is analyzed as the vulnerable security scheme for Denial-of-Service(DoS) attacks by impersonate attacks. The attacker controls the insecure channel, they can easily fabricate messages to pass the user's or server's authentication, and the malicious attacker can impersonate the user to cheat the server and can impersonate the server to cheat the user without knowing any secret information. This paper proposes the strong improved scheme which can respond to multiple attacks by supplementing the function of integrity check from the server which applied variable authenticator and OSPA without exposing the user's password information. It is supplemented pregnable of disguise attack and mutual authentication of Li and Hwang scheme.

• Journal of information and communication convergence engineering
• /
• v.8 no.4
• /
• pp.437-442
• /
• 2010

Ubiquitous mobile computing is becoming easier and more attractive in this ambient technological Internet world. However, some portable devices such as Personal Digital Assistant (PDAs) and smart phones are still encountering inherent constraints of limited storages and computing resources. To alleviate this problem, we develop a cost-effective protocol, iATA to transfer ATA commands and data over TCP/IP network between mobile appliances and stationary servers. It provides mobile users a virtual storage platform which is physically resided at remote home or office. As communications are made through insecure Internet connections, security risks of adopting this service become a concern. There are many reported cases in the history where attackers masquerade as legitimate users, illegally access to network-based applications or systems by breaking through the poor authentication gates. In this paper, we propose a mutual authentication and secure session termination scheme as the first and last defense steps to combat identity thief and fraud threat in particular for iATA services. Random validation factors, large prime numbers, current timestamps, one-way hash functions and one-time session key are deployed accordingly in the scheme. Moreover, we employ the concept of hard factorization problem (HFP) in the termination phase to against fraud termination requests. Theoretical security analysis discussed in later section indicates the scheme supports mutual authentication and is robust against several attacks such as verifiers' impersonation, replay attack, denial-of-services (DoS) attack and so on.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.101-108
• /
• 2013

Sensor network configurations are for a specific situation or environment sensors capable of sensing, processing the collected information processors, and as a device is transmitting or receiving data. It is presently serious that sensor networks provide many benefits, but can not solve the wireless network security vulnerabilities, the risk of exposure to a variety of state information. u-Healthcare sensor networks, the smaller the sensor node power consumption, and computing power, memory, etc. restrictions imposing, wireless sensing through the kind of features that deliver value, so it ispossible that eavesdropping, denial of service, attack, routing path. In this paper, with a focus on sensing of the environment u-Healthcare system wireless security vulnerabilities factors u-Healthcare security framework to diagnose and design methods are presented. Sensor network technologies take measures for security vulnerabilities, but without the development of technology, if technology is not being utilized properly it will be an element of threat. Studies suggest that the u-Healthcare System in a variety of security risks measures user protection in the field of health information will be used as an important guide.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.107-114
• /
• 2008

The Bot is a kind of worm/virus that can be used to launch the distributed denial-of-service(DDoS) attacks or send massive amount of spam e-mails, etc. A lot of organizations make an effort to counter the Botnet's attacks. In Korea, we use DNS sinkhole system to protect from the Botnet's attack, while in Japan "so called" CCC(Cyber Clean Center) has been developed to protect from the Botnet's attacks. But in case of DNS sinkhole system, there is a problem since it cannot cure the Bot infected PCs themselves and in case of CCC there is a problem since only 30% of users with the Botnet-infected PCs can cooperate to cure themself. In this paper we propose a new method that prevent the Botnet's attacks and cure the Bot-infected PCs at the same time.