• 한국컴퓨터정보학회논문지
• /
• 제22권8호
• /
• pp.55-61
• /
• 2017

Cloud computing is cost-effective in terms of system configuration and maintenance and does not require special IT skills for management. Also, cloud computing provides an access control setting where SSO is adopted to secure user convenience and availability. As the SSO user authentication structure of cloud computing is exposed to quite a few external security threats in wire/wireless network integrated service environment, researchers explore technologies drawing on distributed SSO agents. Yet, although the cloud computing access control using the distributed SSO agents enhances security, it impacts on the availability of services. That is, if any single agent responsible for providing the authentication information fails to offer normal services, the cloud computing services become unavailable. To rectify the environment compromising the availability of cloud computing services, and to protect resources, the current paper proposes a security policy that controls the authority to access the resources for cloud computing services by applying the authentication policy of user authentication agents. The proposed system with its policy of the authority to access the resources ensures seamless and secure cloud computing services for users.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권7호
• /
• pp.3720-3746
• /
• 2017

At present, numerous hospitals and medical institutes have implemented Telecare Medicine Information Systems (TMIS) with authentication protocols to enable secure, efficient electronic transactions for e-medicine. Numerous studies have investigated the use of authentication protocols to construct efficient, robust health care services, and recently, Liu et al. presented an authenticated key agreement mechanism for TMIS. They argued that their mechanism can prevent various types of attacks and preserve a secure environment. However, we discovered that Liu et al.'s mechanism presents some vulnerabilities. First, their mechanism uses an improper identification process for user biometrics; second, the mechanism is not guaranteed to protect against server spoofing attacks; third, there is no session key verification process in the authentication process. As such, we describe how the above-mentioned attacks operate and suggest an upgraded security mechanism for TMIS. We analyze the security and performance of our method to show that it improves security relative to comparable schemes and also operates in an efficient manner.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권8호
• /
• pp.4025-4042
• /
• 2017

Session initiation protocol (SIP) is a kind of powerful and common protocols applied for the voice over internet protocol. The security and efficiency are two urgent requirements and admired properties of SIP. Recently, Hamed et al. proposed an efficient authentication and key agreement scheme for SIP. However, we demonstrate that Hamed et al.'s scheme is vulnerable to de-synchronization attack and cannot provide anonymity for users. Furthermore, we propose an improved and efficient authentication and key agreement scheme by using elliptic curve cryptosystem. Besides, we prove that the proposed scheme is provably secure by using secure formal proof based on Burrows-Abadi-Needham logic. The comparison with the relevant schemes shows that our proposed scheme has lower computation costs and can provide stronger security.

• 디지털산업정보학회논문지
• /
• 제11권3호
• /
• pp.69-77
• /
• 2015

MANET is composed of only the mobile nodes have a limited transmission range. The dynamic topology by the frequent movement of nodes makes routing difficult and is also cause exposed to security vulnerabilities. In this paper, we propose the security routing technique consisted of mechanism of two steps in order to respond effectively to attack by the modification of the routing information and transmit secure data. The hierarchical structure is used and the authentication node that issues the key of the nodes within each cluster is elected in this proposed method. The authentication node manages key issues and issued information for encrypting the routing information from the source node. The reliability value for each node is managed to routing trust table in order to secure data transmission. In the first step, the route discovery is performed using this after the routing information is encrypted using the key issued by the authentication node. In the second step, the average reliability value of the node in the found path is calculated. And the safety of the data transmission is improved after the average reliability value selects the highest path. The improved performance of the proposed method in this paper was confirmed through comparative experiments with CBSR and SEER. It was confirmed a better performance in the transmission delay, the amount of the control packet, and the packet transmission success ratio.

• 디지털산업정보학회논문지
• /
• 제10권3호
• /
• pp.161-169
• /
• 2014

Wireless Ad Hoc Network is suitable for emergency situations such as and emergency, disaster recovery and war. That is, it has a characteristic that can build a network and use without help of any infrastructure. However, this characteristic is providing a cause of many security threats. In particular, routing attack is not applied the existing routing methods as it is and it is difficult to determine accurately whether nodes that participate in routing is malicious or not. The appropriate measure for this is necessary. In this paper, we propose a secure routing technique through a zone architecture-based node authentication in order to provide efficient routing between nodes. ZH node is elected for trust evaluation of the member nodes within each zone. The elected ZH node issues a certification of the member nodes and stores the information in ZMTT. The routing involvement of malicious nodes is blocked by limiting the transfer of data in the nodes which are not issued the certification. The superior performance of the proposed technique is confirmed through experiments.

• 디지털산업정보학회논문지
• /
• 제13권4호
• /
• pp.13-23
• /
• 2017

In order to protect personal information and important information (confidential information, sales information, user information, etc.) in the internal network, companies and organizations apply encryption to the Server-To-Server or Server-To-Client communication section, And are experiencing difficulties due to the increasing number of known attacks and intelligent security attacks. In order to apply the existing S / W encryption technology, it is necessary to modify the application. In the financial sector, "Comprehensive Measures to Prevent the Recurrence of Personal Information Leakage in the Domestic Financial Sector" has been issued, and standard guidelines for financial computing security have been laid out, and it is required to expand the whole area of encryption to the internal network. In addition, even in environments such as U-Health and Smart Grid, which are based on the Internet of Things (IoT) environment, which is increasingly used, security requirements for each collection gateway and secure transmission of the transmitted and received data The requirements of the secure channel for the use of the standard are specified in the standard. Therefore, in this paper, we propose a secure encryption algorithm through mutual authentication and grouping for each node through H / W based Network Control Server (NCS) applicable to internal system and IoT environment provided by enterprises and organizations. We propose a protocol design that can set the channel.

• 한국콘텐츠학회논문지
• /
• 제9권9호
• /
• pp.105-113
• /
• 2009

클러스터 기반의 라우팅 기법에서의 안전한 데이터 통신을 위해서는 기존의 키 관리 방식은 적합하지 않다. 왜냐하면 클러스터 기반에서는 매 라운드 마다 클러스터 헤드가 변경되기 때문에, 안전한 통신을 위해 각 멤버 노드들과 인증이나 공유키 설정 단계를 거쳐야 한다. 또한 기존의 키 관리 메커니즘에서는 대부분 센서 네트워크 안의 모든 노드에 대해 이동성을 부여하지 않았기 때문에, 노드의 이동성을 고려하게 되면 안전한 통신을 위한 커다란 오버 헤드가 발생한다. 따라서 본 논문에서는 이동성과 새로운 노드의 삽입이 빈번한 경우에도 안전하고 효율적인 클러스터 기반에 적합한 키 관리 메커니즘을 제안한다.

• 한국컴퓨터정보학회논문지
• /
• 제24권8호
• /
• pp.67-76
• /
• 2019

Along with the diversification of digital content services using wired/wireless networks, the market for the construction of base systems is growing rapidly. Cloud computing services are recognized for a reasonable cost of service and superior system operations. Cloud computing is convenient as far as system construction and maintenance are concerned; however, owing to the security risks associated with the system construction of actual cloud computing service, the ICT(Information and Communications Technologies) market is lacking regardless of its many advantages. In this paper, we conducted an experiment on a cloud computing security enhancement model to strengthen the security aspect of cloud computing and provide convenient services to the users. The objective of this study is to provide secure services for system operation and management while providing convenient services to the users. For secure and convenient cloud computing, a single sign-on (SSO) technique and a system access control technique are proposed. For user authentication using SSO, a security level is established for each user to facilitate the access to the system, thereby designing the system in such a manner that the rights to access resources of the accessed system are not abused. Furthermore, using a user authentication ticket, various systems can be accessed without a reauthorization process. Applying the security technique to protect the entire process of requesting, issuing, and using a ticket against external security threats, the proposed technique facilitates secure cloud computing service.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권2호
• /
• pp.582-596
• /
• 2019

Considering that the existing Long Term Evolution is not suitable for the fast and frequent handovers of high-speed trains, this paper proposes a relay-assisted handover mechanism to solve the problems of long handover authentication time and vulnerable to security attacks. It can achieve mutual authentication for train-ground wireless communication, and data transmission is consistent with one-time pad at the same time. The security analysis, efficiency analysis and simulation results show that the proposed mechanism not only realizes the forward security and resists many common attacks, but also effectively reduces the computational overhead of train antenna during the secure handover process. When the running speed of a train is lower than 500km/h, the handover delay is generally lower than 50ms and the handover outage probability is less than 1.8%. When the running speed of a train is 350km/h, the throughput is higher than 16.4mbps in the process of handover. Therefore, the secure handover mechanism can improve the handover performance of high-speed trains.

• 한국정보과학회:학술대회논문집
• /
• 한국정보과학회 2006년도 가을 학술발표논문집 Vol.33 No.2 (D)
• /
• pp.132-134
• /
• 2006

In this paper, we propose an efficient bilateral remote user authentication scheme with smart cards. Our scheme ensures both-way authentication, so that any attempt of the adversary to affect the secure communications between the authentication server and the user could not be successful. We also present a brief analysis of our proposed scheme and show that it is well-resistant against the known attacks in remote user authentication process.