• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.8C
• /
• pp.1203-1209
• /
• 2004

A huge growth the wireless internet services, which are based on the wireless mobile network technology and internet technology, poses demand for the end-to-end secure connections. Restrictions of wireless mobile environment and mobile devices make difficult to adapt present secure protocols to wireless internet services. In this paper, we analyze existing certificate status verification methods in WPKI and propose a new method, adding a observer information in handshake protocol. The method with observer makes it more efficient for relying parties to verify both the current status of the X.509 certificate and the short-lived WTLS server certificate.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.87-101
• /
• 2017

As people increasingly rely on mobile networks in modern society, mobile communication security is becoming more and more important. In the Long Term Evolution/System Architecture Evolution (LTE/SAE) architecture, the 3rd Generation Partnership (3GPP) team has also developed the improved Evolved Packet System Authentication and Key Agreement (EPS AKA) protocol based on the 3rd Generation Authentication and Key Agreement (3G AKA) protocol in order to provide mutual authentication and secure communication between the user and the network. Unfortunately, the EPS AKA also has several vulnerabilities such as sending the International Mobile Subscriber Identity (IMSI) in plain text (which leads to disclosure of user identity and further causes location and tracing of the user, Mobility Management Entity (MME) attack), man-in-middle attack, etc. Hence, in this paper, we analyze the EPS AKA protocol and point out its deficiencies and then propose an Efficient and Security Enhanced Authentication and Key agreement (ESE-EPS AKA) protocol based on hybrid of Dynamic Pseudonym Mechanism (DPM) and Public Key Infrastructure (PKI) retaining the original framework and the infrastructure of the LTE network. Then, our evaluation proves that the proposed new ESE-EPS AKA protocol is relatively more efficient, secure and satisfies some of the security requirements such as confidentiality, integrity and authentication.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.825-834
• /
• 2003

In this paper, we propose a new certified e-mail system which reduces user's computational overhead and distributes confidentiality of TTP(Trusted Third Partty). Based on the traditional cryptographic schemes and server-supported signiture for fairness and confidentiality of message, we intend to minimize to computation overhead of mobile device on public key algorithm. Therefore, our proposal becomes to be suitable for mail user sho uses mobile devices such as cellular phone and PDA. Moreover, the proposed system is fault-tolerant, secure against mobile adversary and conspiracy attack, since it is based on the threshold cryptography on server-side.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.516-519
• /
• 2014

Cloud computing is an up-and-coming paradigm shift transforming computing models from a technology to a utility. However, security concerns related to privacy, confidentiality and trust are among the issues that threaten the wide deployment of cloud computing. With the advancement of ubiquitous mobile-based clients, the ubiquity of the model suggests a higher integration in our day to day life and this leads to a rise in security issues. To strengthen the access control of cloud resources, most organizations are acquiring Identity Management Systems (IDM). This paper presents one of the most popular IDM systems, specifically OAuth, working in the scope of Mobile Cloud Computing which has many weaknesses in its protocol flow. OAuth is a Delegated Authorization protocol, and not an Authentication protocol and this is where the problem lies. This could lead to very poor security decisions around authentication when the basic OAuth flow is adhered to. OAuth provides an access token to a client, so that it can access a protected resource, based on the permission of the resource owner. Many researchers have opted to implement OpenlD alongside OAuth so as to solve this problem. But OpenlD similarly has several security flows. This paper presents scenarios of how insecure implementations of OAuth can be abused maliciously. We incorporate an authentication protocol to verify the identities before authorization is carried out.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.1B
• /
• pp.11-16
• /
• 2007

This paper describes the design and performance of a secure routing protocol with time-space cryptography for mobile ad-hoc networks. The proposed time-space scheme works in the time domain for key distribution between source and destination as well as in the space domain for intrusion detection along the route between them. For data authentication, it relies on the symmetric key cryptography due to high efficiency and a secret key is distributed using a time difference from the source to the destination. Also, a one-way hash chain is formed on a hop-by-hop basis to prevent a compromised node or an intruder from manipulating the routing information. In order to evaluate the performance of our routing protocol, we compare it with the existing AODV protocol by simulation under the same conditions. The proposed protocol has been validated using the ns-2 network simulator with wireless and mobility extensions.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.75-84
• /
• 2014

The advancement in ubiquitous healthcare specifically in preventive healthcare can lead to longer life expectancy especially for the elderly patients. To aid in preventing premature loss of lives as well as lengthening life span, this research aims to implement the use of mobile and wireless sensor technology to improve the quality of life and lengthen life expectancy. The threats to privacy and security have received increasing attention as ubiquitous healthcare applications over the Internet become more prevalent, mobile and universal. Therefore, we propose Context-aware Service of U-Healthcare Application based Knowledge using Ontology in secure health information exchange. This research also applies ontology in secure information exchange to support knowledge base, context modeling, and context reasoning by applying the general application areas for ontologies to the domain of context in ubiquitous computing environments. This paper also demonstrates how knowledge base, context technologies, and mobile web services can help enhance the quality of services in preventive ubiquitous healthcare to elderly patients.

• Convergence Security Journal
• /
• v.17 no.4
• /
• pp.11-16
• /
• 2017

MANET composed of only mobile node is applied to various environments because of its advantage which can construct network quickly in emergency situation. However, many routing vulnerabilities are exposed due to the dynamic topology and link failures by the movement of nodes. It can significantly degrade network performance. In this paper, we propose a secure routing protocol based on trust model. The domain-based network structure is used for efficient trust evaluation and management of nodes in the proposed technique. The reliability evaluation of nodes was performed by the discard ratio of control packet and data packet of the nodes. The abnormal nodes are detected by performing traffic check and inspecting of nodes on a path that generates excessive traffic in order to increase the efficiency of routing. It is confirmed through experiments of the proposed technique that data transmission is performed securely even if an attack exists on the path.

• Journal of information and communication convergence engineering
• /
• v.8 no.4
• /
• pp.437-442
• /
• 2010

Ubiquitous mobile computing is becoming easier and more attractive in this ambient technological Internet world. However, some portable devices such as Personal Digital Assistant (PDAs) and smart phones are still encountering inherent constraints of limited storages and computing resources. To alleviate this problem, we develop a cost-effective protocol, iATA to transfer ATA commands and data over TCP/IP network between mobile appliances and stationary servers. It provides mobile users a virtual storage platform which is physically resided at remote home or office. As communications are made through insecure Internet connections, security risks of adopting this service become a concern. There are many reported cases in the history where attackers masquerade as legitimate users, illegally access to network-based applications or systems by breaking through the poor authentication gates. In this paper, we propose a mutual authentication and secure session termination scheme as the first and last defense steps to combat identity thief and fraud threat in particular for iATA services. Random validation factors, large prime numbers, current timestamps, one-way hash functions and one-time session key are deployed accordingly in the scheme. Moreover, we employ the concept of hard factorization problem (HFP) in the termination phase to against fraud termination requests. Theoretical security analysis discussed in later section indicates the scheme supports mutual authentication and is robust against several attacks such as verifiers' impersonation, replay attack, denial-of-services (DoS) attack and so on.

• The KIPS Transactions:PartC
• /
• v.13C no.3 s.106
• /
• pp.359-368
• /
• 2006

AAA(Authentication, Authorization, Accounting) is the service that offers authentication, authorization, and accounting method, and every terminal that accesses the network requires this AAA service. The authentication process of a mobile terminal is as follows: a mobile phone accesses an authentication server in a home network via the authentication service in an external network, which receives the authentication result. And, for the home authentication server to offer secure service, a unique key is distributed for the secure communication between the external agent and the user, the external agent and the home authentication server, and the user and the home authentication server. This paper discusses and proposes the key distribution for secure communication among external authentication servers when a mobile terminal travels to an external network. As the proposed method does not require the home authentication server to reissue another authentication when a user travels to other external networks, it reduces the overload in the home authentication server. It can also distribute a PIN-driven key.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.5
• /
• pp.851-856
• /
• 2015

As crime has actually increased in recent years, various mobile applications related to safety and emergency measure have received much attention. Therefore, IoT (Internet of Things) technologies, which connect various physical objects with Internet communication, have been also paid attention and then diverse safety services based on IoT technologies have been on the increase. However, existing mobile safety applications are simply based on location based service (LBS). Also, as they are independently operated without the help of another safety systems, they cannot efficiently cope with various safety situations. So, this paper proposes the efficient smart safety service architecture with both the risky situation detection using user location as well as various sensing information and the risk congruence measure using the streetlight infrastructure. Additionally, UDID (unique device identifier) is utilized for the secure communication with the control center.