• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.48 no.11
• /
• pp.35-43
• /
• 2011

In this paper, we propose a novel architecture for seamless mobility management to provide users with seamless Internet connection when users roam between diverse wireless local area networks (WLANS) controlled by different management entities. There have been many researches in IETF, i.e., MIPv6, HMIPv6, and PMIPv6, to provide the mobility management. However, practically since wireless access points or access routers, which are managed by an individual manager or ISP managers, have different authentication scheme and the supported mobility management, the previous mobility management protocol developed by IETF can not guarantee the quality of service of application services as the mobile node performs the handover. To solve this drawback, we propose the mobility management scheme to provide QoS-guaranteed Internet services during the handover by configurating the wireless networks which is defined by users. More specifically, we present a model, the architecture and an algorithm for user-defined network (UDN) to provide the seamless Internet service. Finally, the performance of the proposed algorithm is evaluated by the network simulation tool.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.377-386
• /
• 2003

In this paper, we present an application layer protocol to support secure wireless Internet services, called Application Layer Security(ALS). The drawbacks of the two traditional approaches to secure wireless applications motivated the development of ALS. One is that in the conventional application-specific security protocol such as Secure HyperText Transfer Protocol(S-HTTP), security mechanism is included in the application itself. This gives a disadvantage that the security services are available only to that particular application. The other is that a separate protocol layer is inserted between the application and transport layers, as in the Secure Sockets Layer(SSL)/Transport Layer Security(TLS). In this case, all channel data are encrypted regardless of the specific application's requirements, resulting in much waste of network resources. To overcome these problems, ALS is proposed to be implemented on top of HTTP so that it is independent of the various transport layer protocols, and provides a common security interface with security applications so that it greatly improves the portability of security applications. In addition, since ALS takes advantages of well-known TLS mechanism, it eliminates the danger of malicious attack and provides applications with various security services such as authentication, confidentiality integrity and digital signature, and partial encryption. We conclude this paper with an example of applying ALS to the solution of end-to-end security in a present commercial wireless protocol stack, Wireless Application Protocol.

• The Journal of the Convergence on Culture Technology
• /
• v.4 no.3
• /
• pp.139-147
• /
• 2018

This study starts with the consciousness of what should be the public pension service that meets the 4th Industrial Revolution era. To do this, we review the current status of non-facing services of domestic and foreign public institutions, and draw out implications for revitalizing non-facing services of the National Pension over the medium to long term. First, we reviewed the status of non-face-to-face service and the authentication method of the National Pension Service. Next, we reviewed the status of non-facing services in public pension and private agencies in the United States, the United Kingdom, Canada, and Australia. Based on the results of the analysis, we needs to analyze the impact of the 4th Industrial Revolution on the National Pension Service and extract future strategies, to expand channels of non-facing by business, to introduce PinTech as a non-facing authentication method, and to propose a unified service channel through the construction of an internet integrated portal. In the 4th industrial revolution era, it is possible to secure the connectivity of government portal for civil affairs and intelligence and automation introducing artificial intelligence robots.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.12
• /
• pp.7292-7301
• /
• 2014

With the development of IT Info-Communications technology, the vehicle with a combination of wireless-communication technology has resulted in significant research into the convergence of the component of existing traffic with information, electronics and communication technology. Intelligent Vehicle Communication is a Machine-to-Machine (M2M) concept of the Vehicle-to-Vehicle. The Vehicle-to-Infrastructure communication consists of safety and the ease of transportation. Security technologies must precede the effective Intelligent Vehicle Communication Structure, unlike the existing internet environment, where high-speed vehicle communication is with the security threats of a wireless communication environment and can receive unusual vehicle messages. In this paper, the Vehicle Identification number between the V2I and the secure message communication protocol was proposed using hash functions and a time stamp, and the validity of the vehicle was assessed. The proposed system was the performance evaluation section compared to the conventional technique at a rate VPKI aspect showed an approximate 44% reduction. The safety, including authentication, confidentiality, and privacy threats, were analyzed.

• The KIPS Transactions:PartC
• /
• v.19C no.2
• /
• pp.99-118
• /
• 2012

In PMIPv6-based network, mobile nodes can be made smaller and lighter because the network nodes perform the mobility management-related functions on behalf of the mobile nodes. The one of the protocols, Fast Handovers for Proxy Mobile IPv6(FPMIPv6)[1] has studied by the Internet Engineering Task Force(IETF). Since FPMIPv6 adopts the entities and the concepts of Fast Handovers for Mobile IPv6(FMIPv6) in Proxy Mobile IPv6(PMIPv6), it reduces the packet loss. Conventional scheme has proposed that it cooperated with an Authentication, Authorization and Accounting(AAA) infrastructure for authentication of a mobile node in PMIPv6, Despite the best efficiency, without begin secured of signaling messages, PMIPv6 is vulnerable to various security threats such as the DoS or redirect attAcks and it can not support global mobility between PMIPv. In this paper, we analyze Kang-Park & ESS-FH scheme, and then propose an Enhanced Security scheme for FPMIPv6(ESS-FP). Based on the CGA method and the pubilc key Cryptography, ESS-FP provides the strong key exchange and the key independence in addition to improving the weaknesses for FPMIPv6. The proposed scheme is formally verified based on Ban-logic, and its handover latency is analyzed and compared with that of Kang-Park scheme[3] & ESS-FH and this paper propose inter-domain fast handover sheme for PMIPv6 using proxy-based FMIPv6(FPMIPv6).

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.44 no.7 s.361
• /
• pp.71-80
• /
• 2007

This paper describes an efficient hardware design of WiBro security processor (WBSec) supporting for the security sub-layer of WiBro wireless internet system. The WBSec processor, which is based on AES (Advanced Encryption Standard) block cipher algorithm, performs data oncryption/decryption, authentication/integrity, and key encryption/decryption for packet data protection of wireless network. It carries out the modes of ECB, CTR, CBC, CCM and key wrap/unwrap with two AES cores working in parallel. In order to achieve an area-efficient implementation, two design techniques are considered; First, round transformation block within AES core is designed using a shared structure for encryption/decryption. Secondly, SubByte/InvSubByte blocks that require the largest hardware in AES core are implemented using field transformation technique. It results that the gate count of WBSec is reduced by about 25% compared with conventional LUT (Look-Up Table)-based design. The WBSec processor designed in Verilog-HDL has about 22,350 gates, and the estimated throughput is about 16-Mbps at key wrap mode and maximum 213-Mbps at CCM mode, thus it can be used for hardware design of WiBro security system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.781-793
• /
• 2014

A Public Key Infrastructure (PKI) is security standards to manage and use public key cryptosystem. A PKI is used to provide digital signature, authentication, public key encryption functionality on insecure channel, such as E-banking and E-commerce on Internet. A soft-token private key in PKI is leaked easily because it is stored in a file at standardized location. Also it is vulnerable to a brute-force password attack as is protected by password-based encryption. In this paper, we proposed a new method that detects private key compromise and is probabilistically secure against a brute-force password attack though soft-token private key is leaked. The main idea of the proposed method is to use a genuine signature key pair and (n-1) fake signature key pairs to make an attacker difficult to generate a valid signature with probability 1/n even if the attacker found the correct password. The proposed method provides detection and notification functionality when an attacker make an attempt at authentication, and enhances the security of soft-token private key without the additional cost of construction of infrastructure thereby extending the function of the existing PKI and SSL/TLS.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.12C
• /
• pp.1258-1267
• /
• 2003

As the need for stable and high speed wireless Internet service Brows, the wireless LAN service provider hurries to preempt wireless LAN service market. IAPP(InterAccess Point protocol) is defined to be able to provide a secure handoff mechanism of wireless LAN terminal information between AP(Access Point)s, and the related IEEE standard is IEEE 802.11f. For the secure handoff of wireless LAN terminal, it is necessary to transfer terminal's authentication & accounting information securely from old AP to new AP IEEE 802.11f recommends RADIUS server as IAPP server which authenticates AP and provides information for secure channel between APs. This paper proposes IAPP server using Diameter protocol to overcome the limit of RADIUS sewer, and describes about the interaction between server components and integration method with the current IAPP client system.

• Journal of Information Processing Systems
• /
• v.13 no.3
• /
• pp.599-617
• /
• 2017

Due to the rapid growth and expansion of the Internet, the digital multimedia such as image, audio and video are available for everyone. Anyone can make unauthorized copying for any digital product. Accordingly, the owner of these products cannot protect his ownership. Unfortunately, this situation will restrict any improvement which can be done on the digital media production in the future. Some procedures have been proposed to protect these products such as cryptography and watermarking techniques. Watermarking means embedding a message such as text, the image is called watermark, yet, in a host such as a text, an image, an audio, or a video, it is called a cover. Watermarking can provide and ensure security, data authentication and copyright protection for the digital media. In this paper, a new watermarking method of still image is proposed for the purpose of copyright protection. The procedure of embedding watermark is done in a transform domain. The discrete cosine transform (DCT) is exploited in the proposed method, where the watermark is embedded in the selected coefficients according to several criteria. With this procedure, the deterioration on the image is minimized to achieve high invisibility. Unlike the traditional techniques, in this paper, a new method is suggested for selecting the best blocks of DCT coefficients. After selecting the best DCT coefficients blocks, the best coefficients in the selected blocks are selected as a host in which the watermark bit is embedded. The coefficients selection is done depending on a weighting function method, where this function exploits the values and locations of the selected coefficients for choosing them. The experimental results proved that the proposed method has produced good imperceptibility and robustness for different types of attacks.

• Journal of Convergence Society for SMB
• /
• v.6 no.4
• /
• pp.59-64
• /
• 2016

6LoWPAN (IPv6 over Low Power Wireless Sensor Network) standardized by IETF does not support the mobility of wireless sensor nodes. Since the wireless sensor node, subject to a lot of constraints in the CPU, memory, a battery is not easy to apply to existing protocols such as Mobile IPv6. In this paper, we propose a novel mobility management architecture and methods to work with 6LoWPAN based on the analysis on FPMIPv6 (Fast PMIPv6) the host is not a handover procedure performed in order to support the mobility of such sensor nodes. It was suggested the use of a dispatch code pattern that is not currently used in 6LoWPAN for inter-working, MAG and MAC, MAC in order to reduce packet loss caused as the authentication delay in the handover process to minimize the power consumption of a sensor node that is caused by the re-transmission the new concept of temporary guarantee (temporary guarantee) and trust relationships (trust relationship) between AAA and introduced.