• Journal of Navigation and Port Research
• /
• v.36 no.1
• /
• pp.1-7
• /
• 2012

A concept of the "e-Navigation" was introduced in 2005 and implementation strategies are under way by IMO/IALA in the maritime safety area. Specially VTS is an important maritime traffic monitoring and aids to navigation system which is aims to improve safety, navigation efficiency and protect the marine environment. The demand of the inter-VTS networking has been increased and standardization is underway for realization of shore side collaboration for maritime safety in IALA. But there may be security problems in the inter-VTS networks if they have not proper security mechanism. The hacking of realtime ship position and sensitive maritime surveillance information caused a critical accident of vessel, human life and environment by terrorist. This paper aims to design of a secure inter-VTS network structure and related security protocol for secure sharing of sensitive maritime data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.71-84
• /
• 2003

Self-certified public keys need not be accompanied with a separate certificate to be authenticated by other users because the public keys are computed by both the authority and the user. At this point, verifiable self-certified public keys are proposed that can determine which is wrong signatures or public keys if public keys are used in signature scheme and then verification of signatures does not succeed. To verify these public keys, key generation center's public key trusted by users is required. If all users trust same key generation center, public keys can be verified simply. But among users in different domains, rusty relationship between two key generation centers must be accomplished. In this paper we propose inter-domain verifiable self-certified public keys that can be verified without certificate between users under key generation centers whose trusty relationship is accomplished. Also we present the execution of signature and key distribution between users under key generation centers use different public key parameters.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.3
• /
• pp.605-612
• /
• 2011

Recently, cyber attacks against public communications networks are getting more complicated and varied. Moreover, in some cases, one country could make systematic attacks at a national level against another country to steal its confidential information and intellectual property. Therefore, the issue of cyber attacks is now regarded as a new major threat to national security. The conventional way of operating individual information security systems such as IDS and IPS may not be sufficient to cope with those attacks committed by highly-motivated attackers with significant resources. In this paper, we discuss the technologies and standard trends about actual cyber threat and response methods, design the collaborative response framework based on the security information sharing in the inter-domain environments. The computation method of network threat level based on the collaborative response framework is proposed. The network threats are be quickly detected and real-time response can be executed using the proposed computation method.

• Journal of Information Technology Applications and Management
• /
• v.18 no.3
• /
• pp.61-72
• /
• 2011

Trust for the data created, processed and transferred on e-Science environments can be estimated with provenance. The information to form provenance, which says how the data was created and reached its current state, increases as data evolves. It is a heavy burden to trace and verify the massive provenance in order to trust data. On the other hand, it is another issue how to trust the verification of data with provenance. This paper proposes a fast and exact verification of inter-domain data transfer and data origin for e-Science environment based on PKI. The verification, which is called two-way verification, cuts down the tracking overhead of the data along the causality presented on Open Provenance Model with the domain specialty of e-Science environment supported by Grid Security Infrastructure (GSI). The proposed scheme is easy-applicable without an extra infrastructure, scalable irrespective of the number of provenance records, transparent and secure with cryptography as well as low-overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.57-66
• /
• 2011

The current trend of the handover authentication delay time is gradually increased according to the interworking between 3G cellular network and WLANs. Therefore, authentication mechanism minimized in delay is required to perform the seamless handover and support the inter-subnet and inter-domain handover. In this paper, we propose a novel pre-authentication scheme based on the fast channel switching which directly performs the authentication with the next access point in advance. In addition, the proposed scheme is efficient in the inter-domain handover and can be easily implemented in current WLANs since it just modifies the client side of user. To analysis and evaluate our scheme, we compare the packet loss ratio and the delay time with the two standard 802.11 authentication schemes. The analytical results show that our scheme is approximate 10 times more effective than the standard schemes in packet loss and the delay time is minimized down to 0.16 msec.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.3
• /
• pp.916-937
• /
• 2023

Most of the existing Distributed Denial-of-Service mitigation schemes in Software-Defined Networking are only implemented in the network domain managed by a single controller. In fact, the zombies for attackers to launch large-scale DDoS attacks are actually not in the same network domain. Therefore, abnormal traffic of DDoS attack will affect multiple paths and network domains. A single defense method is difficult to deal with large-scale DDoS attacks. The cooperative defense of multiple domains becomes an important means to effectively solve cross-domain DDoS attacks. We propose an efficient multi-domain DDoS cooperative defense mechanism by integrating blockchain and SDN architecture. It includes attack traceability, inter-domain information sharing and attack mitigation. In order to reduce the length of the marking path and shorten the traceability time, we propose an AS-level packet traceability method called ASPM. We propose an information sharing method across multiple domains based on blockchain and smart contract. It effectively solves the impact of DDoS illegal traffic on multiple domains. According to the traceability results, we designed a DDoS attack mitigation method by replacing the ACL list with the IP address black/gray list. The experimental results show that our ASPM traceability method requires less data packets, high traceability precision and low overhead. And blockchain-based inter-domain sharing scheme has low cost, high scalability and high security. Attack mitigation measures can prevent illegal data flow in a timely and efficient manner.

• The KIPS Transactions:PartC
• /
• v.19C no.2
• /
• pp.99-118
• /
• 2012

In PMIPv6-based network, mobile nodes can be made smaller and lighter because the network nodes perform the mobility management-related functions on behalf of the mobile nodes. The one of the protocols, Fast Handovers for Proxy Mobile IPv6(FPMIPv6)[1] has studied by the Internet Engineering Task Force(IETF). Since FPMIPv6 adopts the entities and the concepts of Fast Handovers for Mobile IPv6(FMIPv6) in Proxy Mobile IPv6(PMIPv6), it reduces the packet loss. Conventional scheme has proposed that it cooperated with an Authentication, Authorization and Accounting(AAA) infrastructure for authentication of a mobile node in PMIPv6, Despite the best efficiency, without begin secured of signaling messages, PMIPv6 is vulnerable to various security threats such as the DoS or redirect attAcks and it can not support global mobility between PMIPv. In this paper, we analyze Kang-Park & ESS-FH scheme, and then propose an Enhanced Security scheme for FPMIPv6(ESS-FP). Based on the CGA method and the pubilc key Cryptography, ESS-FP provides the strong key exchange and the key independence in addition to improving the weaknesses for FPMIPv6. The proposed scheme is formally verified based on Ban-logic, and its handover latency is analyzed and compared with that of Kang-Park scheme[3] & ESS-FH and this paper propose inter-domain fast handover sheme for PMIPv6 using proxy-based FMIPv6(FPMIPv6).

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.63-69
• /
• 2017

In the early 1990s, IETF(Internet Engineering TaskForce) had started the discussion on new address protocol that can modify and supplement various drawbacks of existing IPv4 address protocol with the introduction of CIDR(Classless Inter-Domain Routing) which is a temporary solution for IPv4 address depletion, NAT, private IP address. While various standards related to new address protocol has been proposed, the SIPP(Simple Internet Protocol Plus) was adopted among them because it is regarded as the most promising solution. And this protocol has been developed into current IPv6. The new concepts are introduced with modifying a lot of deficiencies in the exisitng IPv4 such as real-time data processing, performance on QoS, security and the efficiency of routing. Since many security threats in IPv6 environment still exist, the necessity of stable data communication environment has been brought up continuously. This paper deveopled one-way communication algorithm in IPv6 based on the high possibility of protecting the system from uncertain and potential risk factors if the data is transmitted in one way. After the analysis of existing IPv6 and ICMPv6, this paper suggests one-way communication algorithm as a solution for existing IPv6 and ICMPv6 environment.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.12C
• /
• pp.1288-1296
• /
• 2006

This paper proposes a fast authentication scheme based on hierarchical key structure (HiFA) for roaming mobile nodes in both intra-domain and inter-domain. The full authentication procedure standardized in IEEE 802.11 and 802.16 is difficult to be applied to a handover since it needs a heavy operation and long delay time during a handover. Though a number of schemes were proposed to solve the problem, the existing schemes might degrade the security of authentication or impose heavy administrative burden on the Pome authentication server. The main contribution of this paper is to reduce the communication and computation overhead of the home authentication sewer without degrading the security strength of the fast roaming authentication using hierarchical authentication key structure. The proposed scheme iii this paper decentralizes the administrative burden of the home authentication server to other network entities such as a local authentication server or access point and supports the security separation of the authentication key among local authentication servers using hash key chain.

• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.9_10
• /
• pp.441-451
• /
• 2008

Currently, the X.509 proxy certificate is widely used to delegate an entity's right to another entity in the computational grid environment. However it has two drawbacks: the potential security threat caused by intraceability of a delegation chain and the inefficiency caused by an interactive communication between the right grantor and the right grantee on the delegation protocol. To address these problems for computational grids, we propose a new delegation protocol without additional cost. We use an ID-based key generation technique to generate a proxy private key which is a means to exercise the delegated signing right. By applying the ID-based key generation technique, the proposed protocol has the delegation traceability and the non-interactive delegation property. Since the right delegation occurs massively in the computational grid environment, our protocol can contribute the security enhancement by providing the delegation traceability and the efficiency enhancement by reducing the inter-domain communication cost.