• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.179-188
• /
• 2022

Password authentication schemes (PAS) are the most common mechanisms used to ensure secure communication in open networks. Mathematical-based cryptographic authentication schemes such as factorization and discrete logarithms have been proposed and provided strong security features, but they have the disadvantage of high computational and message transmission costs required to construct passwords. Fairuz et al. therefore argued for an improved cryptographic authentication scheme based on two difficult fixed issues related to session key consent using the smart card scheme. However, in this paper, we have made clear through security analysis that Fairuz et al.'s protocol has security holes for Privileged Insider Attack, Lack of Perfect Forward Secrecy, Lack of User Anonymity, DoS Attack, Off-line Password Guessing Attack.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.905-908
• /
• 2006

MIPv6 는 MN(Mobile Node)가 자신의 홈 네트워크를 벗어나 외부 네트워크로 이동하여도 다른 노드들과 끊김 없이 지속적인 통신을 할 수 있게 해주는 인터넷 프로토콜이다. MN 은 외부네트워크로 이동 후 HA(Home Agent) 및 CN(Correspondent Node)로 핸드오버(Handover) 동작의 수행하며 이로 인한 지연이 발생하게 된다. 이러한 지연을 줄이기 위한 대책으로 Fast 핸드오버가 등장하였다. Fast 핸드오버 과정에서 MN 은 이동하려는 서브넷의 라우터(New Access Router: NAR)로의 전환을 위하여 현재 연결된 AR 과 미리 정보를 주고 받게 되고, 이동이 발생한 후에 NAR 과의 핸드오버 지연시간이 감소하게 된다. 반면 공격자가 flooding 을 통해 MN 에게 DoS(Denial of Service) 공격을 가하여 MN 을 다운시킨 후, MN 으로 위장하여 데이터를 가로채는 취약점이 존재한다. 본 논문에서는 위의 취약점을 보완하기 위하여 핸드오버 과정에서 주고받는 메세지에 대한 기밀성 및 노드 인증을 제공하는 ID 기반 암호시스템에 기반한 안전한 Fast 핸드오버 방식을 제안한다. 제안하는 모델은 메시지의 암호화와 노드 인증을 통해 무결성 및 기밀성을 보장하고 Traditional PKI 시스템에 비해 공개키 인증시간을 단축하는 이점을 가질 것으로 기대된다.

• Journal of Digital Convergence
• /
• v.12 no.12
• /
• pp.323-328
• /
• 2014

D-MAC protocol is used convergence network, which is designed to connect wireless link between things. This protocol is supported to local data exchange and aggregation among neighbor nodes, and distributed control packet from sink to sensor node. In this paper, we analysis about efficiency of power consumption according to whether or not security authentication of D-MAC in convergence network. If authentication scheme is applied to MAC communication, it is related to power consumption of preamble whether or not with and without authentication process. It is reduced to energy consumption against denial attack of service, when it is applied to authentication. Future work will take the effort to deal with security authentication scheme.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.4B
• /
• pp.288-299
• /
• 2012

To ensure data confidentiality and fine-grained access control in business environment, system model using KP-ABE(Key Policy-Attribute Based Encryption) and PRE(Proxy Re-Encryption) has been proposed recently. However, in previous study, data confidentiality has been effected by decryption right concentrated on cloud server. Also, Yu's work does not consider a access privilege management, so existing work become dangerous to collusion attack between malicious user and cloud server. To resolve this problem, we propose secure system model against collusion attack through dividing data file into header which is sent to privilege manager group and body which is sent to cloud server and prevent modification attack for proxy re-encryption key using d Secret Sharing, We construct protocol model in medical environment.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.99-106
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.11B
• /
• pp.1005-1016
• /
• 2006

As the increment usage of Internet, the security systems's importance is emphasized. The current Internet Key Exchange protocol(IKE) which has been used for key exchange of security system, was pointed out a problem of efficiency and stability. In this research, we try to resolve those problems, and evaluate the newly designed Key Exchange protocol in the IPsec interaction test bed system environment. In this research we implemented the new Key Exchange Protocol as a recommendation of RFC proposal, so as to resolve the problem which was pointed out the key exchange complexity and the speed of authentication process. We also designed the defense mechanism against the Denial of Service attack. We improved the key exchange speed as a result of simplification of complex key exchange phase, and increased efficiency as a result of reuse the preexistence state value when it's renegotiated.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1181-1190
• /
• 2013

The GOOSE(Generic Object Oriented Substation Event) is used as a network protocol to communicate between IEDs(Intelligent Electronic Devices) in international standard IEC 61850 of substation automation system. Nevertheless, the GOOSE protocol is facing many similar threats used in TCP/IP protocol due to ethernet-based operation. In this paper, we develop a IDS(Intrusion Detection System) for secure GOOSE Protocol using open software-based IDS Snort. In this IDS, two security functions for keyword search and DoS attack detection are implemented through improvement of decoding and preprocessing component modules. And we also implement the GOOSE IDS and verify its accuracy using GOOSE packet generation and communication experiment.

• Journal of Internet Computing and Services
• /
• v.16 no.4
• /
• pp.51-59
• /
• 2015

JavaScript is a popular technique for activating static HTML. JavaScript has drawn more attention following the introduction of HTML5 Standard. In proportion to JavaScript's growing importance, attacks (ex. DDos, Information leak using its function) become more dangerous. Since these attacks do not create a trail, whether the JavaScript code is malicious or not must be decided. The real attack action is completed while the browser runs the JavaScript code. For these reasons, there is a need for a real-time classification and determination technique for malicious JavaScript. This paper proposes the Analysis Engine for detecting malicious JavaScript by adopting the requirements above. The analysis engine performs static analysis using signature-based detection and dynamic analysis using behavior-based detection. Static analysis can detect malicious JavaScript code, whereas dynamic analysis can detect the action of the JavaScript code.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.63-70
• /
• 2015

The numerous improved schemes of user authentication based on password have been proposed in order to prevent the data access from the unauthorized person. The importance of user authentication has been remarkably growing in the expanding application areas of wireless sensor networks. Recently, emerging wireless sensor networks possesses a hierarchy among the nodes which are divided into cluster heads and sensor nodes. Such hierarchical wireless sensor networks have more operational advantages by reducing the energy consumption and traffic load. In 2012, Das et al. proposed a user authentication scheme to be applicable for the hierarchical wireless sensor networks. Das et al. claimed that their scheme is effectively secure against the various security flaws. In this paper, author will prove that Das et al.'s scheme is still vulnerable to man-in-the-middle attack, password guessing/change attack and does not support mutual authentication between the user and the cluster heads.

• Convergence Security Journal
• /
• v.15 no.3_1
• /
• pp.3-9
• /
• 2015

With the development of technology, small UAVs are used in various forms. From military UAV to the Amazon drone, the UAVs are applied to increasing fields for its merits which can replace human work more fast and precisely than what human used to do. Yet, the use and development of UAVs cannot be embraced indiscreetly. There exist negative aspects along with its convenience and positive use. In military use, for instance, the use of UAV can handle dangerous missions in place of human beings but at the same time, it can be very threatening weapons that put people in danger of being attacked at unknown time and places. Therefore, this study discusses the safety measures for major national facilities. Through theoretical understanding of UAVs and major national facilities, the study explores into key concepts and reviewed the cases that threatened our nation's safety. The study also makes suggestions on the policies of the use of UAV to secure national safety.