• Journal of Communications and Networks
• /
• v.17 no.5
• /
• pp.453-462
• /
• 2015

Body area networks (BANs) have emerged as an enabling technique for e-healthcare systems, which can be used to continuously and remotely monitor patients' health. In BANs, the data of a patient's vital body functions and movements can be collected by small wearable or implantable sensors and sent using shortrange wireless communication techniques. Due to the shared wireless medium between the sensors in BANs, it may be possible to have malicious attacks on e-healthcare systems. The security and privacy issues of BANs are becoming more and more important. To provide secure and correct association of a group of sensors with a patient and satisfy the requirements of data confidentiality and integrity in BANs, we propose a novel enhanced secure sensor association and key management protocol based on elliptic curve cryptography and hash chains. The authentication procedure and group key generation are very simple and efficient. Therefore, our protocol can be easily implemented in the power and resource constrained sensor nodes in BANs. From a comparison of results, furthermore, we can conclude that the proposed protocol dramatically reduces the computation and communication cost for the authentication and key derivation compared with previous protocols. We believe that our protocol is attractive in the application of BANs.

• The KIPS Transactions:PartA
• /
• v.14A no.1 s.105
• /
• pp.1-14
• /
• 2007

MPICH-G2 is an MPI implementation to solve complex computational problems by utilizing geographically dispersed computing resources in grid environments. However, the computation nodes in MPICH-G2 are exposed to the external network due to the lack of supporting the private IP clusters, which raises the possibility of malicious security attacks. In order to address this problem, we propose MPICH-GP with a new relay scheme combining NAT(Network Address Translation) service and an user-level proxy. The proxy running on the front-end system of private IP clusters forwards the incoming connection requests to the systems inside the clusters. The outgoing connection requests out of the cluster are forwarded through the NAT service on the front-end system. Through the connection path between the pair of processes, the requested MPI jobs can be successfully executed in grid environments with various clusters including private IP clusters. By simulations, we show that the performance of MPICH-GP reaches over 80% of the performance of MPICH-G2, and over 95% in ease of using RANK management method.

• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.31-37
• /
• 2011

Recently on tile network to ensure the anonymity of Mixed networking has been actively researched. It uses encrypted communications between Nodes and communications path is changed often to the attacker traceback and response, including the difficult thing is the reality. National institutions and infrastructure in these circumstances, the attack on the national level, if done on a large scale can be disastrous in. However, an anonymous network technology to cover up their own internet communication, it malicious form of Internet use by people who enjoy being continually updated and new forms of technology being developed is a situation continuously. In addition, attacks in the future application of these technologies is expected to continue to emerge. However, this reality does not deserve this thesis is prepared. In this paper, anonymously using a network to respond effectively to a cyber attack on the early detection research is to proceed.

• Journal of Advanced Marine Engineering and Technology
• /
• v.40 no.10
• /
• pp.906-915
• /
• 2016

In this study, a network monitoring system, including a secure 460-Network and a 460-Gateway, is designed and developed according with the requirements of the IEC (International Electro-Technical Commission) 61162-460 network standard for the safety and security of networks on board ships. At present, internal or external unauthorized access to or malicious attack on a ship's on board systems are possible threats to the safe operation of a ship's network. To secure the ship's network, a 460-Network was designed and implemented by using a 460-Switch, 460-Nodes, and a 460-Gateway that contains firewalls and a DMZ (Demilitarized Zone) with various application servers. In addition, a 460-firewall was used to block all traffic from unauthorized networks. 460-NMS (Network Monitoring System) is a network-monitoring software application that was developed by using an simple network management protocol (SNMP) SharpNet library with the .Net 4.5 framework and a backhand SQLite database management system, which is used to manage network information. 460-NMS receives network information from a 460-Switch by utilizing SNMP, SNMP Trap, and Syslog. 460-NMS monitors the 460-Network load, traffic flow, current network status, network failure, and unknown devices connected to the network. It notifies the network administrator via alarms, notifications, or warnings in case any network problem occurs. Once developed, 460-NMS was tested both in a laboratory environment and for a real ship network that had been installed by the manufacturer and was confirmed to comply with the IEC 61162-460 requirements. Network safety and security issues onboard ships could be solved by designing a secure 460-Network along with a 460-Gateway and by constantly monitoring the 460-Network according to the requirements of the IEC 61162-460 network standard.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.413-422
• /
• 2003

An active network is a new generation network based on a software-intensive network architecture in which applications are able to inject new strategies or code into the infrastructure for their immediate needs. Therefore, the secure active node architecture is needed to give the capability defending an active node against threats that may be more dynamic and powerful than those in traditional networks. In this paper, a security enforcement engine is proposed to secure active networks. We implemented an operating engine with security, authentication and a authorization modules. Using this engine, it is possible that active networks are protected from threats of the malicious active node.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.115-119
• /
• 2007

The IPv6 protocol provides the method to automatically generate an address of a node without additional operations of administrators, Before the generated address is used, the duplicate address detection (DAD) mechanism is required in order to verify the address. However, during the process of verification of the address, it is possible for a malicious node to send a message with the address which is identical with the generated address, so the address can be considered as previously used one; although the node properly generates an address, the address cannot be used. In this paper, we present a strong scheme to perform the DAD mechanism based on hash functions in IPv6 networks. Using this scheme, many nodes, which frequently join or separate from wireless networks in public domains like airports, terminals, and conference rooms, can effectively generate and verify an address more than the secure neighbor discovery (SEND) mechanism.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.37-46
• /
• 2007

The authentication in WSN(Wireless Sensor Network) usually means the entity authentication, but owing to the data centric nature of sensor network, much more importance must be put on the authentication(or attestation) for code of sensor nodes. The naive approach to the attestation is for the verifier to compare the previously known memory contents of the target node with the actual memory contents in the target node, but it has a significant drawback. In this paper, we show what the drawback is and propose a countermeasure. This scheme can verify the whole memory space of the target node and provides extremely low probability of malicious code's concealment without depending on accurate timing information unlike SWATT. We provide two modes of this verification method: BS-to-node and node-to-node. The performance estimation in various environments is shown.

• Journal of Internet of Things and Convergence
• /
• v.8 no.5
• /
• pp.55-61
• /
• 2022

Today's payment systems are becoming unmanned and changing to a way of paying with kiosks. This has the advantage of convenient payment because consumers can select a menu and specify the number of products to be purchased with just a touch of the screen. However, from the point of view of system security, the actual kiosk system has various vulnerabilities. This can hijack the administrator account, gain system privileges, and perform malicious actions. In addition, it is exposed to a number of security threats, such as the possibility of wasting unnecessary resources by abnormally increasing the number of payments, and causing the device to fail to operate normally. Therefore, in this paper, if any node of a participant in the solana blockchain approves an incorrect fork, the stake of the voting nodes is deleted. Also, since all participants can see the transaction history due to the nature of the block chain, I intend to write a thesis on a system that improves the vulnerability of kiosk payments by separating the access rights through the private blockchain.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.8B
• /
• pp.636-645
• /
• 2008

Most of routing schemes that protect the source's location from a malicious attacker usually make use of a path of a long length per message for the sake of lengthening the safety period. The biggest problem to such approaches is taking a very long latency in transferring messages to the destination. In this paper we show the problem to find the least-cost single path that is enough to keep the source-location always secure from the attacker, provided that it is used for the delivery of a set of messages given in priori, is NP-complete. Consequently we propose a routing protocol GSLP-w(GPSR-based Source-Location Privacy with crew size co) that is a trade-off between two extreme approaches. The advantage of GSLP-co lies in its enhanced safety period for the source and its lowered delivery latency in messaging. We consider NSP(Normalized Sefety Period) and NDL(Normalized Delivery Latency), measured in terms of the least number of hops to the destination, to achieve tangible interpretation of the results. We ran a simulation to confirm our claim by generating 100 topologies of 50,000 nodes with the average number of neighbors being 8. The results show that GSLP-$\omega$ provides more enhanced NSP compared to other protocols GSLP, an earlier version of GSLP-$\omega$, and PR-SP(Phantom Routing - Single Path), the most notable existing protocol for the source-location privacy, and less NDL than that of GSLP but more than that of PR-SP.

• Convergence Security Journal
• /
• v.11 no.1
• /
• pp.71-77
• /
• 2011

NCW(Network Centric- Warfare) encompasses the concept to use computer data processing and network linkage communications techniques, share information and furthermore, enhance the effectiveness of computer-operating systems. As IT(Information & Technology) have become developed in the recent years, the existing warfare system-centered conventional protocol is not use any longer. Instead, network-based NCW is being widely-available, today. Under this changing computer environment, it becomes important to establish algorithm and build the stable communication systems. Tools to identify malign node factors through Wireless Ad-hoc network cause a tremendous error to analyze and use paths of even benign node factors misreported to prove false without testing or indentifying such factors to an adequate level. These things can become an obstacle in the process of creating the optimum network distribution environment. In this regard, this thesis is designed to test and identify paths of benign node factors and then, present techniques to transmit data through the most significant open short path, with the tool of MP-SAR Protocol, security path search provider, in Ad-hoc NCW environment. Such techniques functions to identify and test unnecessary paths of node factors, and thus, such technique users can give an easy access to benign paths of node factors.