• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.394-400
• /
• 2013

WoT (Web of Things) was proposed to realize intelligent thing to thing communications using WEB standard technology. It is difficult to adapt security protocols suited for existing Internet communications into WoT directly because WoT includes LLN(Low-power, Lossy Network) and resource constrained sensor devices. Recently, IETF standard group propose to use DTLS protocol for supporting security services in WoT environments. However, DTLS protocol is not an efficient solution for supporting end to end security in WoT since it introduces complex handshaking procedures and high communication overheads. We, therefore, divide WoT environment into two areas- one is DTLS enabled area and the other is an area using lightweight security scheme in order to improve them. Then we propose a mutual authentication scheme and a session key distribution scheme for the second area. The proposed system utilizes a smart device as a mobile gateway and WoT proxy. In the proposed authentication scheme, we modify the ISO 9798 standard to reduce both communication overhead and computing time of cryptographic primitives. In addition, our scheme is able to defend against replay attacks, spoofing attacks, select plaintext/ciphertext attacks, and DoS attacks, etc.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.3-8
• /
• 2008

Ephemeral data are easily revealed if state specific information is stored in insecure memory or a random number generator is corrupted. In this letter, we show that Nam et al.'s group key agreement scheme, which is an improvement of Bresson et al.'s scheme, is not secure against session-state reveal attacks. We then propose an improvement to fix the security flaw.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.5
• /
• pp.1450-1470
• /
• 2023

In a Vehicular Cloud (VC) network, an announcement protocol plays a critical role in promoting safety and efficiency by enabling vehicles to disseminate safety-related messages. The reliability of message exchange is essential for improving traffic safety and road conditions. However, verifying the message authenticity could lead to the potential compromise of vehicle privacy, presenting a significant security challenge in the VC network. In contrast, if any misbehavior occurs, the accountable vehicle must be identifiable and removed from the network to ensure public safety. Addressing this conflict between message reliability and privacy requires a secure protocol that satisfies accountability properties while preserving user privacy. This paper presents a novel announcement protocol for secure communication in VC networks that utilizes group signature to achieve seemingly contradictory goals of reliability, privacy, and accountability. We have developed the first comprehensive announcement protocol for VC using group signature, which has been shown to improve the performance efficiency and feasibility of the VC network through performance analysis and simulation results.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.9-17
• /
• 2019

As the IoT environment becomes more popular, the safety of the M2M environment, which establishes the communication environment between objects and objects without human intervention, becomes important. Due to the nature of the wireless communication environment, there is a possibility of exposure to security threats in various aspects such as data exposure, falsification, tampering, deletion and privacy, and secure communication security technology is considered as an important requirement. In this paper, we propose a new method for group key generation and exchange using trap hash collision hash in existing 'M2M communication environment' using hash collision, And a mechanism for confirming the authentication of the device and the gateway after the group key is generated. The proposed method has attack resistance such as spoofing attack, meson attack, and retransmission attack in the group communication section by using the specificity of the collision message and collision hash, and is a technique for proving safety against vulnerability of hash collision.

• Journal of KIISE:Information Networking
• /
• v.31 no.4
• /
• pp.353-362
• /
• 2004

Mobile Ad-Hoc network tends to expose scarce computing resources and various security threats because all traffics are carried in air along with no central management authority. To provide secure communication and save communication overhead, a scheme is inevitable to serurely establish session keys. However, most of key establishment methods for Ad-Hoc network focus on the distribution of a group key to all hosts and/or the efficient public key management. In this paper, a secure and efficient scheme is proposed to establish a session key between two Ad-Hoc nodes. The proposed scheme makes use of the secret sharing mechanism and the Diffie-Hellman key exchange method. For secure intra-cluster communication, each member node establishes session keys with its clusterhead, after mutual authentication using the secret shares. For inter-cluster communication, each node establishes session keys with its correspondent node using the public key and Diffie-Hellman key exchange method. The simulation results prove that the proposed scheme is more secure and efficient than that of the Clusterhead Authentication Based Method(1).

• Journal of KIISE:Information Networking
• /
• v.28 no.3
• /
• pp.369-376
• /
• 2001

The firewall systems can be installed between the intemal network and the extemal network. The firewall systems has the least privilege, so its does not provide transparency to user. This problem of transparency can be solved by using the proxy. In this thesis, I have designed and verified the FTP-PSM(FTP-Proxy Security Mode]) which provides transparency for the firewall systems and has a strong security function. FTP-PSM doesn't finish its work after implementing a command. Instead, its does several security functions such as user authentication, MAC(MandatOlY Access Controll, DAC(Discretionary Access Controll and authentication of user group. Those data must not be lost under any circumstances in order to implement the above security functions. So, the security against such problems as falling into deadlock or unlimited loop during the implementation must be verified. Therefore, FTP-PSM suggested in thesis was verified its security through PHPlace Invariant) based on CPNlCo]oured Petri Net).

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.63-72
• /
• 2008

Recent heterogeneous network management researches on information security, however, deal only with simple management using PKI and could not sufficiently address the different kinds of security problems that could arise in a heterogeneous network. Thus, various security requirements should first be satisfied and a security management protocol should first be developed to achieve a secure heterogeneous network. Hence, in this paper, various secure and effective heterogeneous network management that address security issues, which were merely a consideration in existing studies, are proposed. The proposed scheme for the protection of the user privacy is the central object and static middle objects of the process used to mutual authentication, also if communication between users is required 1-out-2 oblivious transfer to communicate by using secret communication, as well as the effectiveness and security conscious approach. Specially The proposed scheme is designed to enhance security and efficiency related to various services required in heterogeneous network, based on the reliable peripheral devices for TTP. Using Mobile device, which has been applied to electronic commerce transactions in existing schemes, this study also proposed an appropriate management scheme that is suitable for a dynamic environment and setting a temporary group to provide various services.

• Journal of Platform Technology
• /
• v.9 no.1
• /
• pp.46-57
• /
• 2021

Recently, research has been actively conducted to utilize blockchain technology in various fields. In particular, blockchain-based smart contracts are applied to various automation systems that require reliability as they have the characteristics of recording data in a distributed ledger environment to verify the integrity and validity of data. However, blockchain does not provide data access control and information security because data is shared among network participants. In this paper, we propose a user dynamic access control mechanism utilizing smart contracts in blockchain environments. The proposed mechanism identifies the user's contextual information when accessing data, allocating the user's role and dynamically controlling the data access range. This can increase the security of the system and the efficiency of data management by granting data access dynamically at the time of user authentication, rather than providing the same services in roles assigned to each user group of the network system. The proposed mechanism is expected to provide flexible authentication capabilities through dynamic data access control by users to enhance the security of data stored within blockchain networks.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.12
• /
• pp.77-84
• /
• 2021

In this paper, we propose a system that uses image data and beacon data to classify authorized and unauthorized perosn who are allowed to enter a group facility. The image data collected through the IP camera uses YOLOv4 to extract a person object, and collects beacon signal data (UUID, RSSI) through an application to compose a fingerprinting-based radio map. Beacon extracts user location data after CNN-LSTM-based learning in order to improve location accuracy by supplementing signal instability. As a result of this paper, it showed an accuracy of 93.47%. In the future, it can be expected to fusion with the access authentication process such as QR code that has been used due to the COVID-19, track people who haven't through the authentication process.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.5
• /
• pp.641-652
• /
• 2002

In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Group. Bid to certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, acquire public key from DNS server by chain (CertPath) between realms by certification and Key exchange way that provide service between realms applying X.509, DS/DNS of PKINIT base. In order to provide regional services, Certification and key exchange between realms use Kerberos symmetric method and Session connection used Directory service to connection X.509 is designed using an asymmetric method. By efficient TGT (Ticket Granting Ticket) exchange and reusability of ticket, A Design of Kerberos system that have effect and simplification of certification formality that reduce overload on communication.