• The KIPS Transactions:PartC
• /
• v.15C no.1
• /
• pp.1-8
• /
• 2008

The security of wireless sensor networks is a challenging research area where the resources constraints are a bottleneck for any successful security design. Due to their computational feasibility, symmetric key algorithms that require key pre-distribution are more desirable for use in these networks. In the pre-distribution scheme, keys or keying materials are assigned to each node prior deployment to guarantee a secure communication within the entire network. Though several works are introduced on this issue, yet the connectivity and resiliency are imperfectly handled. In this paper, we revisit the grid based key pre-distribution scheme aiming to improve the connectivity, introduce a higher resiliency level, simplify the logic of key establishment and maintain same level of used of resources usage. The core of our modification relies on introducing the novel plat-based polynomial assignment and key establishment mechanism. To demonstrate the advantageous properties of our scheme over the revisited one, details of consumed resources, resulting connectivity, security and comparisons with relevant works are introduced.

• Journal of Electrical Engineering and Technology
• /
• v.4 no.1
• /
• pp.49-54
• /
• 2009

One of the major challenges confronting a multiservice electric utility is the establishment of the right prices for its services. The key objectives of particular pricing schemes are reasonableness of company earnings, economic efficiency, the responsiveness of supply and of the allocation of sources to the desires of consumers, and maintenance of some degree of competition. This paper proposes a value-based pricing mechanism amenable to the current deregulation situation in electricity market allowing service differentiation. The proposed pricing mechanism can be implemented in a nodal auction model, and can also be applied to direct load control.

• Proceedings of the IEEK Conference
• /
• 2000.06a
• /
• pp.217-220
• /
• 2000

With the expansion of E-commerce, Public Key Infrastructure (PKI) solutions are requited to resolve Internet security problems. But the certification mechanism for each organization has been independently developed under its own circumstances, so the cooperation of heterogeneous certification mechanisms must be carefully taken into account. In this paper, we propose an efficient protocol for the cross certification based on the path validation. The proposed “cross certification gateway” provides flexibility and convenience with the initial establishment protocol for the cross certification among different certification domains.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.40 no.8
• /
• pp.318-330
• /
• 2003

The advantages of "VPN over Internet" are cost-effectiveness and flexibility However, the disadvantages are the lack of sufficient QoS mechanism and transmission capacity for high bandwidth service. Given this increasing demand for high bandwidth Internet and QoS assurances in "PN over Internet", IP/GMPLS based control plane combined with a high bandwidth capacity of DWDM optical network is seen as a very favorable approach for the realization of future "OVPN over IP/GMPLS over DWDM" Within OVPN for providing QoS guaranteed multimedia service over the NGOI(Next Generation Optical Internet) based on the "IP/GMPLS over DWDM" concept, differentiated QoS framework is one of the key issues to implement OVPN over DWDM-based NGOI. Keeping in mind that IETF(Internet Engineering Task Force) and ITU-T(International Telecommunication Union) are standardizing IP/GMPLS over DWDM protocol framework as a solution for the NGOI, in this paper, we suggest Optical-LSP establishment and QoS maintenance scheme based on DOQS(Differentiated Optical QoS Service) classes, which are the key issue of DOQS protocol framework for assuring end-to-end QoS in "OVPN over IP/GMPLS over DWDM".

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.11a
• /
• pp.941-944
• /
• 2005

본 논문에서는 인터넷을 통해 다양한 컨테츠 서비스를 사용자가 편리하게 이용할 수 있도록 EAP-TLS 인증 방식과 SKKE(Symmetric-Key Key Establishment)방식을 이용하여 보다 효율적인 인증 메커니즘을 설계하였다. 제안하고 있는 메커니즘에서는 사용자가 인증서 방식을 통해 AS(AAA Server)로부터 인증을 받으면 AS 와 가맹 관계에 있는 CP(Contents Provider)에는 별도의 로그인 과정없이 서비스를 이용할 수 있는 SSO 서비스, 사용자 익명성, 프라이버시를 제공한다. 사용자가 익명성을 필요로 하는 컨텐츠 서비스를 이용할 경우 사용자의 익명성을 보장 해주고 AS 모르게 사용자와 CP 가 안전하게 서비스를 전송하기 위해 사용 할 세션키를 교환하고 CP 마다 다른 세션키를 사용함으로써 사용자의 프라이버시를 보장해 준다.

• The KIPS Transactions:PartC
• /
• v.15C no.5
• /
• pp.329-342
• /
• 2008

The Sensor Networks have limitations in utilizing energies, developing energy-efficient routing protocol and secure routing protocol are important issues in Sensor Network. In the field of data management, Tributaries and Deltas(TD) which incorporates tree topology and multi-path topology effectively have been suggested to provide efficiency and robustness in data aggregation. And our research rendered hierarchical property to TD and proposed Clustering-based Tributaries-Deltas. Through this new structure, we integrated efficiency and robustness of TD structure and advantages of hierarchical Sensor Network. Clustering-based Tributaries-Deltas was proven to perform better than TD in two situations through our research. The first is when a Base Station (BS) notices received information as wrong and requests the network's sensing data retransmission and aggregation. And the second is when the BS is mobile agent with mobility. In addition, we proposed key establishment mechanism proper for the newly proposed structure which resulted in new Sensor Network structure with improved security and energy efficiency as well. We demonstrated that the new mechanism is more energy-efficient than previous one by analyzing consumed amount of energy, and realized the mechanism on TmoteSKY sensor board using TinyOS 2.0. Through this we proved that the new mechanism could be actually utilized in network design.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.581-584
• /
• 2004

Currently, there are many subscriber access networks: PSTN, ADSL, Cellular Network, IMT200 and so on. To these service providers that provide above network service, it is important that they authenticate and authorize legal subscribers and account for their usage. At present, There exist the several protocols that Support AAA(Authentication, Authorization and Accounting) service : RADIUS, Diameter, TACACS+. Nowadays, RADIUS has used for AAA service widely. It has been extended to support other access network environment. So, we extend RADIUS to support environment of Mobile IPv6. Mobile IPv6 uses IPsec as a security mechanism, basically. But, IPsec is a heavy security technology for small, portable, mobile device. Especially, it is serious at IKE, the subset of IPsec. IKE is a key distribution protocol that distributes the key to the endpoints of IPsec. In t:lis paper, we extend RADIUS to support environment of Mobile IPv6 and simplify the IKE phase of IPsec by AAA system distributing the keys by using its security communication channel. Namely, we propose the key distribution method for IPsec SA establishment between mobile node and home agent. The suggested method was anticipated to be effective at low-power, low computing deyice. Finally, end users feel the faster authentication.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.3
• /
• pp.1-6
• /
• 2015

The IoT(Internet of things) technology enable objects around user to be connected with each other for sharing information. To support security is the mandatory requirement in IoT because it is related to the disclosure of private information but also directly related to the human safety. However, it is difficult to apply traditional security mechanism into lightweight devices. This is owing to the fact that many IoT devices are generally resource constrained and powered by battery. PSK(Pre-Shared Key) based approach, which share secret key in advance between communication entities thereafter operate security functions, is suitable for light-weight device. That is because PSK is costly efficient than a session key establishment approach based on public key algorithm. However, how to safely set a PSK of the lightweight device in advance is a difficult issue because input/output interfaces such as keyboard or display are constrained in general lightweight devices. To solve the problem, we propose and develop a secure PSK configuration scheme for resource constrained devices in IoT.

• Journal of KIISE:Computer Systems and Theory
• /
• v.36 no.5
• /
• pp.387-395
• /
• 2009

The establishment of security architecture is essential because security vulnerabilities occur such as user's unjustifiable connection for the opened gateway and access to resources without permission in OSGi service platform environment. In this paper, it proposes a authentication technique for an Automatic user authentication which is used the Symmetric Key and the Service bundle authentication to consider the constraints of the hardware in the OSGi service platform environment. Typically, the type of entering a password is used for the user authentication mechanism however OSGi platform environment studies not entering the password but using MAC address and encrypted identifier of the automatic user authentication mechanism because the devices are limited in their input. In this paper, the Symmetric Key is used for bundle authentication mechanism. Therefore operation becomes quick and secure authentication process has been successfully completed by using the time data and a ticket which contains a license. Based on these two different authentication mechanisms, it could eliminate the constraints of resources and improve the convenience of users and administrators. Also it shows an effect from omitting the waiting time to enter a password and reducing operations which need for authentication in the OSGi service platform environment.

• Journal of KIISE:Information Networking
• /
• v.32 no.4
• /
• pp.452-461
• /
• 2005

In the star VPN (Virtual Private Network) topology, the traffic between the communicating two CPE(Customer Premise Equipment) VPN GW(Gateway)s nay be inefficiently transferred. Also, the Center VPN GW nav erperience the overload due to excessive packet processing overhead. As a solution to this problem, a direct tunnel can be established between the communicating two CPE VPN GWs using the IKE (Internet Key Exchange) mechanism of IPSec(IP Security). In this case, however, the tunnel establishment and management nay be complicated. In this paper, we propose a mechanism called' SVOT (Star VPN On-demand Tunnel)', which automatically establishes a direct tunnel between the communicating CPE VPN GWs based on demand. In the SVOT scheme, CPE VPN GWs determine whether it will establish a direct tunnel or not depending on the traffic information monitored. CPE VPN GW requests the information that is necessary to establishes a direct tunnel to the Center VPN GW Through a simulation, we investigate the performance of the scheme performs better than the SYST scheme with respect to scalability, traffic efficiency and overhead of Center VPN GW, while it shows similar performance to the FVST with respect to end-to-end delay and throughput.