• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.153-172
• /
• 2002

In this paper, we propose an architecture and a protocol fur Secure Mobile Multicast(SMM) offering efficient and secure multicast services to many mobile nodes. In this framework, we use Indirect and Direct Service Mode adaptively, according to the movement of mobile nodes around the overlapped service area, to provide reliably secure multicast with low latency, minimum key update, and minimum data loss.

• Journal of KIISE:Software and Applications
• /
• v.26 no.8
• /
• pp.955-963
• /
• 1999

다단계 보안 실시간 데이타베이스 시스템은 데이타베이스의 일관성 유지와 실시간 요구인 마감시간의 만족, 그리고 기밀성을 띤 데이타가 노출될 수 있는 비밀채널(covert-channel)의 방지라는 요구사항을 모두 만족해야 한다. 기존의 SRT-2PL(Secure Real-Time 2 Phase Locking)은 원본과 복사본으로 데이타 객체를 분리시켜 다른 등급간에 불간섭(non-interference)을 유지하여 비밀채널의 방지를 가능하게 하였으나, 복사본이 모든 데이타 객체에 대해 항상 존재하므로 메모리의 낭비가 있을 수 있고, 복사본의 갱신을 위한 갱신 큐의 관리에 따르는 오버헤드와 그에 따른 예측성 결여라는 문제점을 갖고 있다. 이를 개선하기 위하여 본 논문에서는 다단계 보안 실시간 데이타베이스 시스템의 요구사항을 모두 만족하는 동적 복사 프로토콜을 제안한다. 동적 복사 프로토콜은 로킹 기법을 기초로 동작하고, 트랜잭션의 작업에 따라 동적으로 복사본을 생성하고 삭제한다. 모의 실험 결과 제안한 동적 복사 프로토콜은 비밀채널을 방지하고 동적인 복사본의 생성으로 SRT-2PL의 단점인 메모리 낭비를 줄일 수 있으며, 예측성을 높여 마감시간 오류율을 감소시켰다.Abstract Concurrency control of real-time secure database system must satisfy not only logical data consistency but also timing constraints and security requirements associated with transactions. These conflicting natures between timing constraints and security requirements are often resolved by maintaining several versions(or secondary copies) on the same data items. In this paper, we propose a new lock-based concurrency control protocol, Dynamic Copy Security Protocol, ensuring both two conflicting requirements. Our protocol aims for reducing the storage overhead of maintaining secondary copies and minimizing the processing overhead of update history. Main idea of our protocol is to keep a secondary copy only when it is needed to resolve the conflicting read/write operations in real time secure database systems. For doing this, a secondary copy is dynamically created and removed during a transaction's read/write operations according to our protocol. We have also examined the performance characteristics of our protocol through simulation under different workloads while comparing the existing real time security protocol. The results show that our protocol consumed less storage and decreased the missing deadline transactions.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.785-788
• /
• 2016

최근 IoT 프로토콜 가운데 가장 활발히 논의되는 프로토콜로 CoAP(Constrained Application Protocol)이 있다. CoAP은 4가지 보안모드로 운영된다. 그 중 3가지 모드인 PresharedKey, RawPublicKey, Certificate 모드의 경우 DTLS(Datagram Transport Layer Security)가 적용된 방식이다. 반면 NoSec 모드는 DTLS가 적용되지 않은 기본방식이다. 본 논문에서는 DTLS의 복잡한 Handshake 방식으로 인한 전력소모 및 Performance의 저하를 고려한 새로운 방식을 제안한다. NoSec 환경의 CoAP 프로토콜에 S-Broker(Secure-Broker)를 적용한 security 및 performance 향상 방안이다. 제안한 방식으로 경량화 통신을 구현하여 무결성과 보안 강도를 높였다. 추가적으로 Proxy의 forwarding 기능과 caching 기능을 구현하여 성능의 향상을 도모한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.82-85
• /
• 2005

In the MIPv6 network, when mobile nodes move into new newtwork, they need to find the new access router and points(AR/AP) for the newtwork. Unless they are not connected to authorized AR/APs, they can be exposed to a lot of attacks. In this paper we propose a protocol to authenticate AR/AR and MN each other. This protocol is based on the public key scheme which is used in the SEcure Neighbor Discovery(SEND) protocol.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.1
• /
• pp.49-57
• /
• 2016

Recently, marine accidents such as the sinking accident Mongol freighter ship and the sinking accident of Sewol ferry in Jindo continuously happen. In order to decrease the number of these marine accidents, Korean ships are obliged to follow the AIS(Automatic Identification System) system. The AIS protocol includes all information for sailing ships. However, the standard AIS protocol does not provide any security function, In addition, it is possible to hijack the standard AIS protocol in case of using a satellite communication device called FUNcuve Dongle Pro+. Therefore, this paper analyzes weak points of the security in the standard AIS protocol. Furthermore, this paper ensures reliability by marking the MAC Address of sender and receiver for secure communication and suggests the protocol that can securely send data, using the VPN Tunnelling method. Therefore, the suggested AIS protocol provides the secure communication to the AIS protocol and protect the messages in the AIS protocol, which can serve safe voyages by decreasing the marine accidents.

• Journal of Korea Society of Industrial Information Systems
• /
• v.13 no.1
• /
• pp.68-75
• /
• 2008

Because ad hoc network is vulnerable to attacks such as routing disruption and resource consumption, it is in need of routing protocol security. In this paper, we propose an efficient and secure route discovery protocol for ad hoc network using symmetric key cryptography. This protocol has small computation loads at each hop using symmetric key cryptography. In the Route Reply, encryption/decrytion are used to guard against active attackers disguising a hop on the network.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.05a
• /
• pp.152-156
• /
• 2001

In this paper we propose a secure multicast key distribution protocol using OFT(One-way Function Trees). The proposed protocol is a hybrid scheme of DKMP(Distributed Key Management Protocol) that guarantees all group member's participation for generating a group key, and CKMP(Centralized Key Management Protocol) that makes it easy to manage group key and design a protocol. Since the proposed protocol also computes group key using only hash function and bitwise-XOR, computational overhead ran be reduced. Hence it is suitably and efficiently adaptive to dynamic multicast environment that membership change event frequently occurs.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.2
• /
• pp.113-120
• /
• 2010

RFID system is the contact-less recognition technology and use for distribution system, environment, transport, security and so on. However, it may create many security relevant problems such as privacy because constraints of RFID communication environment. So several methods of resolving these problems have been proposed. Recently, Shin and Park proposed an efficient RFID authentication protocol with protecting user's privacy using hash function and exclusive-OR.. But Ahn and Bu et al. poia problem that a attacker can to masquerade as malicious reader because their protocol can't providing mutual authentication.nted out weakness of Shin and Park's protocol and proposed more secure and efficient protocol. Unfortunately, Ahn and But's protocol has In this paper, We propose an improved RFID authentication protocol providing mutual authentication. The proposed protocol has advantages that providing mutual authentication between a tag and a reader, secure against replay attack and spoofing attack. Also, it guarantees anonymity of RFID tag and secure against location tracking attack by collusion of malicious readers.

• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.605-612
• /
• 2004

In MIPv6, unauthenticated binding updates expose the involved MN and CN to various security attacks. Thus, protecting the binding update process becomes of paramount importance in the MIPv6, and several secure binding update protocols have been proposed. In this paper, we pro-pose a novel protocol for the secure binding updates in MIPv6, which can resolve the drawbacks of the Deng-Zhou-Bao's protocol ［2］, by adopt-ing Aura's CGA scheme with two hashes ［9］. Aura's scheme enables our protocol to achieve stronger security than other CGA-based protocols without a trusted CA, resulting in less cost of verifying the HA's public key than the Deng-Zhou-Bao's protocol. Through the comparison of our protocol with other protocols such as the Deng-Zhou-Bao's protocol, CAM-DH and SUCV, we show that our protocol can provide better performance and manageability in addition to stronger security than other approaches.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.85-96
• /
• 2008

Neighbor Discovery(ND) protocol is used to exchange an information of the neighboring nodes on the same link in the IPv6 protocol environment. For protecting the ND protocol, firstly utilizing Authentication Header(AH) of the IPsec protocol was proposed. But the method has some problems-uses of key exchange protocol is not available and it is hard to distribute manual keys. And then secondly the SEcure Neighbor Discovery(SEND) protocol which protects all of the ND message with digital signature was proposed. However, the digital signature technology on the basis of public key cryptography system is commonly known as requiring high cost, therefore it is expected that there is performance degradation in terms of the availability. In the paper, to improve performance of the SEND protocol, we proposed a modified CGA(Cryptographically Generated Address) which is made by additionally adding MAC(Media Access Control) address to the input of the hash function. Also, we proposed cache mechanism. We compared performance of the methods by experimentation.