• The KIPS Transactions:PartD
• /
• v.9D no.5
• /
• pp.931-938
• /
• 2002

We implement the PBSM (Protocol-Based Security Module) system which guarantees the secure data transmission under web circumstances. There are two modules to implement for the PBSM architecture. One is Web Server Security Module (WSSM) which is working on a web server, the other is the Winsock Client Security Module (WSCSM) which is working on a client. The WSCSM security module decrypts the encrypted HTML document that is received from the security web server The decrypted HTML document is displayed on the screen of a client. The WSSM module contains the encryption part for HTML file and the decryption part for CGI (Common Gateway Interface). We also implement the proposed idea at the web system.

• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.635-644
• /
• 2002

We propose the PBSM(Protocol-Based Security Module) system which guarantees the secure data transmission under web environments. There are two modules in the PBSM architecture. One is Web Server Security Module(WSSM) which is working on a web server, the other is the Winsock Client Security Module(WSCSM) which is working on a client. The WSCSM security module decrypts the encrypted HTML document that is received from the security web server. The decrypted HTML document is displayed on the screen of a client. The WSSM module contains the encryption function for HTML file and the decryption function for CGI(Common Gateway Interface). The formal analysis methodology is imported from format theory for analyzing the data flow of the PBSM system. The formal analysis methodology is based on the order theory.

• The Journal of Information Technology
• /
• v.10 no.3
• /
• pp.77-92
• /
• 2007

This study aims to suggest an implementation methodology of security module for data integrity of mobile internet terminal. This is based on the WTLS(Wileless Transport Layer Security) of WAP Protocol. This security module is expected to achieve central role in conversion of wireless internet environment and emphasis of encryption technology and safe and calculable wireless communication environment construction.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.4
• /
• pp.340-349
• /
• 2017

This paper is proposed Hadoop security protocol to protect a reply attack and impersonation attack. The proposed hadoop security protocol is consists of user authentication module, public key based data node authentication module, name node authentication module, and data node authentication module. The user authentication module is issued the temporary access ID from TGS after verifing user's identification on Authentication Server. The public key based data node authentication module generates secret key between name node and data node, and generates OTKL(One-Time Key List) using Hash-chain. The name node authentication module verifies user's identification using user's temporary access ID, and issues DT(Delegation Token) and BAT(Block Access Token) to user. The data node authentication module sends the encrypted data block to user after verifing user's identification using OwerID of BAT. Therefore the proposed hadoop security protocol dose not only prepare the exposure of data node's secret key by using OTKL, timestamp, owerID but also detect the reply attack and impersonation attack. Also, it enhances the data access of data node, and enforces data security by sending the encrypted data.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.917-920
• /
• 2008

The Internet Key Exchange (IKE) protocol is most widely used as a security key exchange protocol on the Internet. Security policies used by the IKE protocol must be configured in advance, however the complex options and manual settings cause inconvenience. This paper proposes an automatic configuration method for the IKE protocol based on X.509 certificate. Security policies are embedded in the certificate, read, and added into the IKE configuration file by a negotiation assistant module in order to achieve automatic IKE configuration. Our proposed method reduces the complexity of configuration process and improves the adaptability of the IKE protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.8A
• /
• pp.640-647
• /
• 2009

IEEE 802.11i is an amendment to the original IEEE 802.11/b,a,g standard specifying security mechanism by stipulating RSNA for tighter security. The RSNA uses TKIP(Temporal Key Integrity Protocol) and CCMP(Counter with CBC-MAC Protocol) instead of old-fashioned WEP(Wired Equivalent Privacy) for data encryption. This paper describes a design of a communication security engine for IEEE 802.11i MAC layer. The design includes WEP and TKIP modules based on the RC4 encryption algorithm, and CCMP module based on the AES encryption algorism. The WEP module suffices for compatibility with the IEEE 802.11 b,a,g MAC layer. The CCMP module has about 816.7Mbps throughput at 134MHz, hence it satisfies maximum 600Mbps data rate described in the IEEE 802.11n specifications. We propose a pipelined AES-CCMP cipher core architecture, which has lower hardware cost than existing AES cores, because CBC mode and CTR mode operate at the same time.

• Journal of Advanced Navigation Technology
• /
• v.16 no.4
• /
• pp.709-716
• /
• 2012

Recently, smartgrid has interested in enable to existing electrical grid to supplying stably and efficient energy management. Smartgrid environment using PLC is transmit PLC module collected electricity consumption information in each house from PLC module to server. This communication process can occurred security threats such as personal information leak of consumer, electrical grid paralysis. In this paper, we propose efficient electricity consumption information transmission protocol with ID-based key distribution method for respond to security threats.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.41-49
• /
• 2007

USIM(UMTS Subscriber Identity Module) technology that accept 3GPP(3rd Generation Partnership Project) standards for information security supports security function in 3GPP. Supported security functions of USIM are confidentiality of user identity, mutual authentication and key agreement between end user and network, confidentiality of user data and data integrity. It is very important technology in wireless network. It makes secure environment that user and service provider can use securely mobile service in network. In this paper, design and implementation USIM security module that supports common network access method and authentication protocol in 3GPP and WLAN(Wireless LAN) and AAA (3A-Authentication Authorization Accounting) server system based RADIUS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.373-381
• /
• 2017

Currently, various types of user authentication methods based on public certificates are used in domestic financial transactions. Such an authorized certificate method has a problem that a different security module must be installed every time a user connects an individual financial company to a web server. Also, the financial company relying on this authentication method has a problem that a new security module should be additionally installed for each financial institution whenever a next generation authentication method such as biometric authentication is newly introduced. In order to solve these problems, we propose an integrated authentication system that handles user authentication on behalf of each financial institution in financial transactions, and proposes an integrated authentication protocol that handles secure user authentication between user and financial company web server. The new authentication protocol is a modified version of OAuth2.0 that increases security and efficiency. It is characterized by performing a challenge-response protocol with a pre-shared secret key between the authentication server and the financial company web server. This gives users a convenient and secure Single Sign-On (SSO) effect.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.111-124
• /
• 2010

AMI (Advanced Metering Infrastructure) is a core infrastructure of Smart Grid, and is promoting in various country. Wireless network is considered for cost savings and operational efficiencies in AMI. But various security problems are expected in wireless networks of AMI, so we should solve these problems. In this paper, we suggest a wireless network of AMI by using Binary CDMA and security countermeasures of AMI wireless network. Proposed security architecture is using BSIM (Binary Subscriber Identity Module) to perform user authentication and key agreement for the encryption and decryption over radio network to reduce security threats.