• Journal of Communications and Networks
• /
• v.14 no.6
• /
• pp.682-691
• /
• 2012

Key agreement protocol is a fundamental protocol in cryptography whereby two or more participants can agree on a common conference key in order to communicate securely among themselves. In this situation, the participants can securely send and receive messages with each other. An adversary not having access to the conference key will not be able to decrypt the messages. In this paper, we propose a novel identity-based authenticated multi user key agreement protocol employing a symmetric balanced incomplete block design. Our protocol is built on elliptic curve cryptography and takes advantage of a kind of bilinear map called Weil pairing. The protocol presented can provide an identification (ID)-based authentication service and resist different key attacks. Furthermore, our protocol is efficient and needs only two rounds for generating a common conference key. It is worth noting that the communication cost for generating a conference key in our protocol is only O($\sqrt{n}$) and the computation cost is only O($nm^2$), where $n$ implies the number of participants and m denotes the extension degree of the finite field $F_{p^m}$. In addition, in order to resist the different key attack from malicious participants, our protocol can be further extended to provide the fault tolerant property.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.11
• /
• pp.469-478
• /
• 2019

Car-sharing services have been settled on as a new type of public transportation owing to their enhanced convenience, expanded awareness of practical consumption patterns, the inspiration for environmental conscientiousness, and the diffusion of smart phones following the economic crisis. With development of the market, many people have started using such services. However, security is still an issue. Damage is expected since IDs and passwords are required for log-in when renting and controlling the vehicles. The protocol suggested in this study uses bio-information, providing an optimized service, and convenient (but strong) authentication with various service-provider clouds registering car big data about users through brokers. If using the techniques suggested here, it is feasible to reduce the exposure of the bio-information, and to receive service from multiple service-provider clouds through one particular broker. In addition, the proposed protocol reduces public key operations and session key storage by 20% on mobile devices, compared to existing car-sharing platforms, and because it provides convenient, but strong, authentication (and therefore constitutes a secure channel), it is possible to proceed with secure communications. It is anticipated that the techniques suggested in this study will enhance secure communications and user convenience in the future car-sharing-service cloud environment.

• Journal of Internet Computing and Services
• /
• v.16 no.1
• /
• pp.47-55
• /
• 2015

Recently, the environment of a hospital information system is a trend to combine various SMART technologies. Accordingly, various smart devices, such as a smart phone, Tablet PC is utilized in the medical information system. Also, these environments consist of various applications executing on heterogeneous sensors, devices, systems and networks. In these hospital information system environment, applying a security service by traditional access control method cause a problems. Most of the existing security system uses the access control list structure. It is only permitted access defined by an access control matrix such as client name, service object method name. The major problem with the static approach cannot quickly adapt to changed situations. Hence, we needs to new security mechanisms which provides more flexible and can be easily adapted to various environments with very different security requirements. In addition, for addressing the changing of service medical treatment of the patient, the researching is needed. In this paper, we suggest a dynamic approach to medical information systems in smart mobile environments. We focus on how to access medical information systems according to dynamic access control methods based on the existence of the hospital's information system environments. The physical environments consist of a mobile x-ray imaging devices, dedicated mobile/general smart devices, PACS, EMR server and authorization server. The software environment was developed based on the .Net Framework for synchronization and monitoring services based on mobile X-ray imaging equipment Windows7 OS. And dedicated a smart device application, we implemented a dynamic access services through JSP and Java SDK is based on the Android OS. PACS and mobile X-ray image devices in hospital, medical information between the dedicated smart devices are based on the DICOM medical image standard information. In addition, EMR information is based on H7. In order to providing dynamic access control service, we classify the context of the patients according to conditions of bio-information such as oxygen saturation, heart rate, BP and body temperature etc. It shows event trace diagrams which divided into two parts like general situation, emergency situation. And, we designed the dynamic approach of the medical care information by authentication method. The authentication Information are contained ID/PWD, the roles, position and working hours, emergency certification codes for emergency patients. General situations of dynamic access control method may have access to medical information by the value of the authentication information. In the case of an emergency, was to have access to medical information by an emergency code, without the authentication information. And, we constructed the medical information integration database scheme that is consist medical information, patient, medical staff and medical image information according to medical information standards.y Finally, we show the usefulness of the dynamic access application service based on the smart devices for execution results of the proposed system according to patient contexts such as general and emergency situation. Especially, the proposed systems are providing effective medical information services with smart devices in emergency situation by dynamic access control methods. As results, we expect the proposed systems to be useful for u-hospital information systems and services.

• The KIPS Transactions:PartC
• /
• v.17C no.1
• /
• pp.1-14
• /
• 2010

IEEE 802.15.4[1] has been standardized for the physical layer and MAC layer of LR-PANs(Low Rate-Wireless Personal Area Networks) as a technology for operations with low power on sensor networks. The standardization is applied to the variety of applications in the shortrange wireless communication with limited output and performance, for example wireless sensor or virtual wire, but it includes vulnerabilities for various attacks because of the lack of security researches. In this paper, we analyze the vulnerabilities against the denial of sleep attacks on the MAC layer of IEEE 802.15.4, and propose a detection mechanism against it. In results, we analyzed the possibilities of denial of sleep attacks by the modification of superframe, the modification of CW(Contention Window), the process of channel scan or PAN association, and so on. Moreover, we comprehended that some of these attacks can mount even though the standardized security services such as encryption or authentication are performed. In addition to, we model for denial of sleep attacks by Beacon/Association Request messages, and propose a detection mechanism against them. This detection mechanism utilizes the management table consisting of the interval and node ID of request messages, and signal strength. In simulation results, we can show the effect of attacks, the detection possibility and performance superiorities of proposed mechanism.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.12 s.354
• /
• pp.53-60
• /
• 2006

Handover of WiBro is based on 802.16e hard handover scheme. When PSS is handover, it is handover that confirm neighbor's cell condition and RAS ID in neighbor advertisement message. Serving RAS transmits HO-notification message to neighbor RAS. Transmiting HO-notification message to neighbor RAS, it occurs many signaling traffics. Also, When WiBro is handover, It occurs many packet loss. Therefore, user suffer service degradation. LPM handover is supporting seamless handover because it buffers data packets during handover. So It is proposed scheme that predicts is LPM handover and reserves target RAS with pre-authentication. These schemes occur many signaling traffics. In this paper, we propose PSS Movement Prediction to solve signaling traffic. Target RAS is decided by old data in history cache. When serving RAS receives HO-notification-RSP message to target RAS, target RAS inform to crossover node. And crossover node bicast data packet. If handover is over, target RAS forward data packet. Therefore, It reduces signaling traffics but increase handover success rate. When history cache success, It decrease about 48% total traffic. But When history cache fails, It increase about 6% total traffic

• Journal of Korea Multimedia Society
• /
• v.11 no.11
• /
• pp.1555-1565
• /
• 2008

Biometric information such as face and fingerprint information is highlighted in many security areas, including authentication, due to its uniqueness and convenience factors. However, if exploited maliciously, it can cause more serious damage than traditional security measures, like passwords. This paper reviews the watermarking method that is able to verify the integrity of this biometric information. The watermark to be inserted is the date of the biometric information acquisition. It is combined with 16-bit Cyclic Redundancy Checks prior to insertion. In particular, face and fingerprint images are saved in a specific compressed format. The proposed watermarking algorithm will be designed in such a way as to remain resilient against compression. The watermark inserted at the acquisition stage will be extracted at each storage and deployment stage, so that the integrity of the biometric information can be verified.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.115-121
• /
• 2019

Recently, as the use of smart devices is becoming more common, various and convenient services are being developed. Among these services, the Social Network Service(SNS) is easily accessible anywhere, anytime. In particular, as well as sharing information, it forms a social relationship in cyberspace to expand new connections, and the SNS account is used as an authentication means of other services to provide users with speed and convenience at all times. However, despite the many advantages of SNS, due to security vulnerabilities occurring in the interworking process with various services, accidents of personal information are constantly occurring, and it is urgent to prepare countermeasures against potential risk factors. It is a necessary situation. Therefore, in this paper, the use of SNS is expected to increase rapidly in the future, and it is expected that it will be used as the basic data for developing the countermeasures by learning the countermeasures according to the security threats of the SNS.

• Journal of Internet Computing and Services
• /
• v.13 no.6
• /
• pp.55-62
• /
• 2012

Grid web applications by standard Web technology are increasingly used to provide grid service to users as normal Web user interface and service. It is however difficult to integrate a grid security system such as Grid Security Infrastructure (GSI) into Web applications because the delegation way of standard Web security is not the same as the one of Grid security. This can be solved by allowing Web applications to get a Grid credential by using an online credential repository system such as MyProxy. In this paper, we investigate the problem that occurs when MyProxy, which assumes mutual trust between a user and Grid web application, is adapted for achieving security integration between Web and Grid, and we propose a new Grid proxy delegation service to delegate a Grid credential to the Web without assuming mutual trust. In the service, the X.509 proxy delegation process is added to OAuth protocol for credential exchange, and authentication can be done by an external service such as OpenID. So, users can login onto the Grid web application in a single sign-on manner, and are allowed to securely delegate and retrieve multiple credentials for one or more Virtual Organizations.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.2
• /
• pp.73-80
• /
• 2009

Security is critically important for ubiquitous sensor networks that are usually used for the military and serveillance in environments that are opened to attacks, such as, eavesdroping, replay attacks of abnormal messages, forgery of the messages to name a few. ZigBee has emerged as a strong contender for ubiquitous sensor networks. ZigBee is used for low data rate and low power wireless sensor network applications. To deploy ubiquitous sensor networks, the collected information requires protection from an adversary over the network in many cases. The security mechanism should be provided for collecting the information over the network. However, the ZigBee protocol has some security weaknesses. In this paper, these weaknesses are discussed and a method to improve security aspect of the ZigBee protocol is presented along with a comparison of the message complexity of the proposed security protocol with that of the current ZigBee protocol.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.11
• /
• pp.1451-1461
• /
• 2019

DNS spoofing is an attack in which an attacker intervenes in the communication between client and DNS server to deceive DNS server by responding to a fake IP address rather than actual IP address. It is possible to implement a pharming site that hacks user ID and password by duplicating web server's index page and simple web programming. In this paper we have studied web spoofing attack that combines DNS spoofing and pharming site implementation which leads to farming site. We have studied DNS spoofing attack method, procedure and farming site implementation method for portal server of this university. In the case of Kyungsung Portal, bypassing attack and hacking were possible even though the web server was SSL encrypted and secure authentication. Many web servers do not have security measures, and even web servers secured by SSL can be disabled. So it is necessary that these serious risks are to be informed and countermeasures are to be researched.