• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.613-621
• /
• 2016

Since the error control problem is a critical and sensitive issue in the one-way network, we can adopt a forward error correction code method or data retransmission method based on the response of reception result. In this paper, we propose error control method and continuous data transmission protocol in the one-way network which has unidirectional data transmission channel and special channel to receive only the response of reception result. Furthermore we present data encryption and key update mechanism which is based on the pre-shared key distribution scheme and suggest some ASDU(Application Service Data Unit) formats to implement it in the one-way network.

• ETRI Journal
• /
• v.23 no.3
• /
• pp.111-120
• /
• 2001

For scalable multicast transport, one of the promising approaches is to employ a control tree known as acknowledgement (ACK) tree which can be used to convey information on reliability and session status from receivers to a root sender. The existing tree configuration has focused on a 'bottom-up' scheme in which ACK trees grow from leaf receivers toward a root sender. This paper proposes an alternative 'top-down' configuration where an ACK tree begins at the root sender and gradually expands by including non-tree nodes into the tree in a stepwise manner. The proposed scheme is simple and practical to implement along with multicast transport protocols. It is also employed as a tree configuration in the Enhanced Communications Transport Protocol, which has been standardized in the ITU-T and ISO/IEC JTC1. From experimental simulations, we see that the top-down scheme provides advantages over the existing bottom-up one in terms of the number of control messages required for tree configuration and the number of tree levels.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.19-25
• /
• 2013

The increasing demand for fast, flexible and guaranteed Quality of Service (QoS) in core networks has caused to deploy MultiProtocol Label Switching (MPLS) and Generalized MPLS (GMPLS) control plane. In GMPLS control plane, path computation and cooperation processes are one of the crucial element to maintain an acceptable level of service. The Internet Engineering Task Force (IETF) has proposed the Path Computation Element (PCE) architecture. The PCE is a dedicated network element devoted to path computation process and communications between Path Computation Clients (PCC) and PCEs is realized through the PCE Protocol (PCEP). This paper examines the PCE-based path computation architecture to include the design and implementation of PCEP. The functional modules including Finite State Machine (FSM) and related key design issues of each state are presented. In particular we also discuss internal/external protocol interfaces that efficiently control the communication channels.

• The KIPS Transactions:PartD
• /
• v.10D no.7
• /
• pp.1197-1206
• /
• 2003

This paper describes the IPP (Internet Printing Protocol), a standard that makes network setup for printers potentially much easier and, not so incidentally, also user can print over the Internet and specifies an implementation of IPP client/server system. It allows the system administrator and operators to control IPP system users and printer devices. The focus of this effort is optimized capabilities the security features for authentication, authorization, and policies, also improved compatibility with existing WP devices. Finally this paper presents conclusions and further researches.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.3182-3203
• /
• 2023

With the growing adoption of cloud-based technologies, maintaining the privacy and security of cloud data has become a pressing issue. Privacy-preserving encryption schemes are a promising approach for achieving cloud data security, but they require careful design and implementation to be effective. The integrated approach to cloud data security that we suggest in this work uses CogniGate: the orchestrated permissions protocol, index trees, blockchain key management, and unique Opacus encryption. Opacus encryption is a novel homomorphic encryption scheme that enables computation on encrypted data, making it a powerful tool for cloud data security. CogniGate Protocol enables more flexibility and control over access to cloud data by allowing for fine-grained limitations on access depending on user parameters. Index trees provide an efficient data structure for storing and retrieving encrypted data, while blockchain key management ensures the secure and decentralized storage of encryption keys. Performance evaluation focuses on key aspects, including computation cost for the data owner, computation cost for data sharers, the average time cost of index construction, query consumption for data providers, and time cost in key generation. The results highlight that the integrated approach safeguards cloud data while preserving privacy, maintaining usability, and demonstrating high performance. In addition, we explore the role of differential privacy in our integrated approach, showing how it can be used to further enhance privacy protection without compromising performance. We also discuss the key management challenges associated with our approach and propose a novel blockchain-based key management system that leverages smart contracts and consensus mechanisms to ensure the secure and decentralized storage of encryption keys.

• Journal of Digital Convergence
• /
• v.11 no.4
• /
• pp.221-227
• /
• 2013

RFID is an automatic identification technology that can control a range of information via IC chips and radio communication. Also known as electronic tags, smart tags or electronic labels, RFID technology enables embedding the overall process from production to sales in an ultra-small IC chip and tracking down such information using radio frequencies. Currently, RFID-based application and development is in progress in such fields as health care, national defense, logistics and security. RFID structure consists of a reader that reads tag information, a tag that provides information and the database that manages data. Yet, the wireless section between the reader and the tag is vulnerable to security issues. To sort out the vulnerability, studies on security protocols have been conducted actively. However, due to difficulties in implementation, most suggestions are concerned with theorem proving, which is prone to vulnerability found by other investigators later on, ending up in many troubles with applicability in practice. To experimentally test the security of the protocol proposed here, the formal verification tool, CasperFDR was used. To sum up, the proposed protocol was found to be secure against diverse attacks. That is, the proposed protocol meets the safety standard against new types of attacks and ensures security when applied to real tags in the future.

• Journal of KIISE:Information Networking
• /
• v.33 no.4
• /
• pp.310-323
• /
• 2006

In this paper, we describe a secure cluster-routing protocol based on a multi-layer scheme in ad hoc networks. We propose efficient protocols, Authentication based on Multi-layer Clustering for Ad hoc Networks (AMCAN), for detailed security threats against ad hoc routing protocols using the selection of the cluster head (CH) and control cluster head (CCH) using a modification of cluster-based routing ARCH and DMAC. This protocol provides scalability of Shadow Key using threshold authentication scheme in ad hoc networks. The proposed protocol comprises an end-to-end authentication protocol that relies on mutual trust between nodes in other clusters. This scheme takes advantage of Shadow Key using threshold authentication key configuration in large ad hoc networks. In experiments, we show security threats against multilayer routing scheme, thereby successfully including, establishment of secure channels, the detection of reply attacks, mutual end-to-end authentication, prevention of node identity fabrication, and the secure distribution of provisional session keys using threshold key configuration.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.45 no.6
• /
• pp.60-67
• /
• 2008

At present, RFID system is highly welcomed as a substitute system with its bar code recognition system and self recognition equipment. Consequently, the system has multi applications and can be complementing to its security. In particular, RFID system is significantly related with electronic transaction equipments : transportation card, ID card in check point, attendance sheet. Based upon these characteristic, the system is becoming extremely popular in the field of logistics, harbor and stock management, animal control and product circulation & distribution. In this dissertation, I would like to present a more efficient and stable remote entry control system with the network-based TCP/IP. It is a simple example of ubiquitous computing function. Above all, approved protocol system should be applied to the remote entry control function. Its efficient function with the applied approval protocol based-remote entry control system should be confirmed. Therefore, a preliminary test should be prerequisite in automatic entrance function with the embedded and TCP/IP-based RFID system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.5
• /
• pp.47-57
• /
• 2006

Mobile Ad-hoc networks have various implementation constraints such as infrastructure-free, no trusted authority, node mobility, and the limited power and small memory of mobile device. And just like wired networks, various security issues such as authentication, confidentiality, integrity, non-repudiation, access control, availability and so on have been arisen in mobile Ad-hoc networks. But we focus on authentication of these security issues because it is quitely affected by the characteristics of networks. In this paper, we propose the authentication protocol that can limit the size of certificate repository as $log_2N$ and assures to make a trusted certificate path from one node to another, adopting the concept of Hamming distance. Particularly, our protocol can construct a trusted certificate path in spite of decreasing or increasing the number of nodes in mobile Ad-hoc network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.1
• /
• pp.73-83
• /
• 2010

Recently, as IT technologies developed, communication technologies of a various forms that satisfied convenience of user are being researched. Among various research, unlike traditional forms of communication, M2M communication is getting attention that without any control or involvement of people to establish communication between devices. However, the M2M communication could more easily be exposed to many security problems such as data exposure, data theft, unauthorized change and delete and privacy. Therefore, in this paper, we derive security requirements and propose the M2M communication architecture that provide a secure M2M communication environment. Also, we propose a secure mutual authentication and key establishment protocol between a M2M device or gateway domain and a M2M network domain. The proposed protocol is secure against replay attack, impersonation attack and protect a user privacy and tracing.