• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.859-870
• /
• 2020

The MQTT-SN (Message Queuing Telemetry Transport-Sensor Network) protocol is a message transmission protocol used in a sensor-based Internet of Things (IoT) environment. This MQTT-SN protocol is a publish-subscribe model with a broker in the middle of message transmission, and each IoT device sends and receives messages through an intermediary when delivering messages. However, the MQTT-SN protocol does not provide security-related functions such as message security, mutual authentication, access control, and broker security. Accordingly, various security problems have recently occurred, and a situation in which security is required has emerged. In this paper, we review the security requirements of MQTT-SN once again, and propose a modified protocol that improves security while satisfying the constraints in the environment where the resource of IoT to which this protocol is applied is limited. Unlike the existing protocol, the security field and authentication server have been added to satisfy the security requirements. In addition, the proposed protocol is actually implemented and tested, and the proposed protocol is evaluated for practical use in terms of energy consumption.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1309-1317
• /
• 2018

Although the IoT market is steadily growing, there is still a lack of consideration for increasing security threats in the IoT environment. In particular, it is difficult to apply existing IP security technology to resource-constrained devices. Therefore, there is a demand for reliable end-to-end communication security measures to cope with security threats such as information tampering and leakage that may occur during communication between heterogeneous networks do. In this paper, we propose an end-to-end message security protocol based on lightweight cipher that increases security and lowers security overhead in resource-constrained IoT device communication. Through simulation of processing time, we verified that the proposed protocol has better performance than the existing AES-based protocol.

• Journal of Industrial Technology
• /
• v.29 no.B
• /
• pp.33-39
• /
• 2009

The need for end-to-end security has been increased with the widespread use of mobile devices in wireless internet access applications such as mobile commerce. The WAP1.x has an end-to-end security problem that the message transmitted between the mobile device and the Web server is decrypted inside the gateway within a short time. To overcome this problem, several protocols including WAP2.0 has been proposed. These protocols require that the heavy modules such as TLS or data compression modules should be installed on the mobile device with limited resources. This paper proposes a new WTLSW(WTLS-TLS at Web server) protocol and a new WAP2.0 proxy model in order to ensure end-to-end security between the mobile device and the Web server and to be appropriate for mobile devices with limited resources.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.255-266
• /
• 2022

Messenger applications applied end-to-end encryption on their own to prevent message exposure to servers. Standardization of a group messaging protocol called Message Layer Security (MLS) with end-to-end encryption is being discussed for secure and efficient message communication. This paper performs safety checks based on the operation process and security requirements of MLS. Confidentiality to a middleman server, which is an essential security requirement in messenger communication, can be easily violated by a server administrator. We define a server administrator who is curious about the group's communication content as a curious admin and present an attack in which the admin obtains a group key from MLS. Reminds messenger application users that the server can view your communication content at any time. We discuss ways to authenticate between users without going through the server to prevent curious admin attacks.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.1-8
• /
• 2019

Internet of Things (IoT) is proliferating to provide more intelligent services by interconnecting various Internet devices, and TCP based MQTT is being used as a standard communication protocol of the IoT. Although it is recommended to use TLS/SSL security protocol for TCP with MQTT-based IoT devices, encryption and decryption performance degenerates when applied to low-specification / low-capacity IoT devices. In this paper, we propose an end-to-end message security protocol using elliptic curve cryptosystem, a lightweight encryption algorithm, which improves performance on both sides of the client and server, based on the simulation of TLS/SSL and the proposed protocol.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.1-8
• /
• 2021

In Mobile Ad-Hoc Network (MANET) Application, routing protocol is essential to ensure successful data transmission to all nodes. Ad-hoc On-demand Distance Vector (AODV) Protocol is a reactive routing protocol that is mostly used in MANET applications. However, the protocol causes Route Request (RREQ) message flooding issue due to the broadcasting method at the route request stage to find a path to a particular destination, where the RREQ will be rebroadcast if no Request Response (RREP) message is received. A scalable neighbor-based routing (SNBR) protocol was then proposed to overcome the issue. In the SNBR protocol, the RREQ message is only rebroadcast if the number of neighbor nodes less than a certain fix number, known as drop factor. However, since a network always have a dynamic characteristic with a dynamic number of neighbor nodes, the fix drop factor in SNBR protocol could not provide an optimal flooding problem solution in a low dense network environment, where the RREQ message is continuously rebroadcast RREQ message until reach the fix drop factor. To overcome this problem, a new broadcasting method as Dynamic SNBR (DSNBR) is proposed, where the drop factor is determined based on current number of neighbor nodes. This method rebroadcast the extra RREQ messages based on the determined dynamic drop factor. The performance of the proposed DSNBR is evaluated using NS2 and compared with the performance of the existing protocol; AODV and SNBR. Simulation results show that the new routing protocol reduces the routing request overhead, energy consumption, MAC Collision and enhances end-to-end delay, network coverage ratio as a result of reducing the extra route request messages.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.6
• /
• pp.1982-2004
• /
• 2014

Wireless Mesh Networks (WMNs) are emerging as promising, convenient next generation wireless network technology. There is a great need for a secure framework for routing in WMNs and several research studies have proposed secure versions of the default routing protocol of WMNs. In this paper, we propose a security framework for Hybrid Wireless Mesh Protocol (HWMP) in WMNs. Contrary to existing schemes, our proposed framework ensures both end-to-end and point-to-point authentication and integrity to both mutable and non-mutable fields of routing frames by adding message extension fields to the HWMP path selection frame elements. Security analysis and simulation results show that the proposed approach performs significantly well in spite of the cryptographic computations involved in routing.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.77-85
• /
• 2017

In this paper, we propose a key establishment scheme for multicast CoAP security. For multicast CoAP applications, a CoAP Request message from a CoAP client is sent to a group of CoAP servers while each CoAP server responds with a unicast CoAP Response message. In this case, the CoAP Request message should be secured with a group key common to both the CoAP client and servers, while a pairwise key(unicast key) should be employed to secure each CoAP Response message. In the proposed protocol, the CoAP client and the CoAP server establish the group key and the pairwise key using the ECDH in the initial CoAP message exchange process. The proposed protocol, which is highly efficient and scalable, can replace DTLS Handshake and it can support end-to-end security by setting pairwise keys.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.167-174
• /
• 2022

Vehicular Ad hoc Networks are considered as special kind of Mobile Ad Hoc Networks. VANETs are a new emerging recently developed, advanced technology that allows a wide set of applications related to providing more safety on roads, more convenience for passengers, self-driven vehicles, and intelligent transportation systems (ITS). Delay Tolerant Networks (DTN) are networks that allow communication in the event of connection problems, such as delays, intermittent connections, high error rates, and so on. Moreover, these are used in areas that may not have end-to-end connectivity. The expansion from DTN to VANET resulted in Vehicle Delay Tolerant Networks (VDTN). In this approach, a vehicle stores and carries a message in its buffer, and when the opportunity arises, it forwards the message to another node. Carry-store-forward mechanisms, packets in VDTNs can be delivered to the destination without clear connection between the transmitter and the receiver. The primary goals of routing protocols in VDTNs is to maximize the probability of delivery ratio to the destination node, while minimizing the total end-to-end delay. DTNs are used in a variety of operating environments, including those that are subject to failures and interruptions, and those with high delay, such as vehicle ad hoc networks (VANETs). This paper discusses DTN routing protocols belonging to unicast delay tolerant position based. The comparison was implemented using the NS2 simulator. Simulation of the three DTN routing protocols GeOpps, GeoSpray, and MaxProp is recorded, and the results are presented.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.4
• /
• pp.800-806
• /
• 2015

WAVE(Wireless Access in Vehicular Environments) system is wireless communication technology that vehicle sends and receives packets between vehicles or between vehicles and infrastructure in a high-speed mobile environment. In this study, we have designed and implemented a CRL(Certificate Revocation List) download protocol that is used to verify certificate revocation status of the other party when the vehicles communicate with WAVE system. This protocol operates over UDP. And to support security features, also, ECDSA(Elliptic Curve Digital Signature Algorithm) is used for mutual authentication and ECIES(Elliptic Curve Integrated Encryption Scheme) is used to ensure the confidentiality. Moreover, this protocol ensures the integrity of data by adding MAC(Message Authentication Code) to the end of packet and support the error and flow control mechanisms.