• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.1
• /
• pp.187-199
• /
• 2016

In this paper, we consider secure communications in multi-hop relaying systems, where multiple decode-and-forward (DF) relays are located at each individual hop and perform cooperative beamforming to improve physical layer security. In order to determine the cooperative relay beamformer at each hop, we propose an iterative beamformer update scheme using semidefinite relaxation and bisection techniques. Numerical results are presented to verify the secrecy rate performance of the proposed scheme.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.16 no.3
• /
• pp.99-105
• /
• 2021

The cloud computing evolution has brought us increasing necessity to manage virtual resources. For this reason, Kubernetes has developed to realize autonomous resource management in a large scale. It provides cloud computing infrastructure to handle cluster creations and deletions in a secure virtual computing environment. In the paper, we provide a monitoring scheme in which users can observe securely encrypted protocols while each Kubernetes component exchanges their packets. Eventually, users can utilize the proposed scheme for debugging as well as monitoring.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.190-195
• /
• 2018

Recently, Due to the ongoing increase in cyber attacks and the improved awareness of privacy protection, most Internet services encrypt the traffic by using security protocols. Existing security protocols usually have additional layer between transport layer and application layer, and they incur additional costs because of encrypting all the traffic transmitted. This results in unnecessary performance degradation because it also encrypts data that does not require confidentiality. In this paper, we propose TCP OENC(Optional Encryption) which enables users of the application layer to optionally encrypt only confidential data. TCP OENC operates by TCP option to allow the application layer to encrypt the TCP stream transmitted only on demand. And it ensures transparency between the TCP layer and the application layer. To verify this, we verified that TCP OENC optionally encrypts the stream of TCP session on the embedded board. And then analyzed the performance of the encrypted stream by measuring the elapsed time.

• Journal of KIISE:Databases
• /
• v.31 no.1
• /
• pp.1-12
• /
• 2004

As network systems are developed rapidly and network architectures are more complex than before, it needs to use PBNM(Policy-Based Network Management) in network system. Generally, architecture of the PBNM consists of two hierarchical layers: management layer and enforcement layer. A security policy server in the management layer should be able to generate new policy, delete, update the existing policy and decide the policy when security policy is requested. And the security policy server should be able to analyze and manage the alert messages received from Policy enforcement system in the enforcement layer for the available information. In this paper, we propose an alert analyzer using data mining. First, in the framework of the policy-based network security management, we design and implement an alert analyzes that analyzes alert data stored in DBMS. The alert analyzer is a helpful system to manage the fault users or hosts. Second, we implement a data mining system for analyzing alert data. The implemented mining system can support alert analyzer and the high level analyzer efficiently for the security policy management. Finally, the proposed system is evaluated with performance parameter, and is able to find out new alert sequences and similar alert patterns.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.255-266
• /
• 2022

Messenger applications applied end-to-end encryption on their own to prevent message exposure to servers. Standardization of a group messaging protocol called Message Layer Security (MLS) with end-to-end encryption is being discussed for secure and efficient message communication. This paper performs safety checks based on the operation process and security requirements of MLS. Confidentiality to a middleman server, which is an essential security requirement in messenger communication, can be easily violated by a server administrator. We define a server administrator who is curious about the group's communication content as a curious admin and present an attack in which the admin obtains a group key from MLS. Reminds messenger application users that the server can view your communication content at any time. We discuss ways to authenticate between users without going through the server to prevent curious admin attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.8A
• /
• pp.640-647
• /
• 2009

IEEE 802.11i is an amendment to the original IEEE 802.11/b,a,g standard specifying security mechanism by stipulating RSNA for tighter security. The RSNA uses TKIP(Temporal Key Integrity Protocol) and CCMP(Counter with CBC-MAC Protocol) instead of old-fashioned WEP(Wired Equivalent Privacy) for data encryption. This paper describes a design of a communication security engine for IEEE 802.11i MAC layer. The design includes WEP and TKIP modules based on the RC4 encryption algorithm, and CCMP module based on the AES encryption algorism. The WEP module suffices for compatibility with the IEEE 802.11 b,a,g MAC layer. The CCMP module has about 816.7Mbps throughput at 134MHz, hence it satisfies maximum 600Mbps data rate described in the IEEE 802.11n specifications. We propose a pipelined AES-CCMP cipher core architecture, which has lower hardware cost than existing AES cores, because CBC mode and CTR mode operate at the same time.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.9
• /
• pp.3870-3884
• /
• 2020

The proposed framework of Four Layer Robust Storage in Cloud (FLRSC) architecture involves host server, local host and edge devices in addition to Virtual Machine Monitoring (VMM). The goal is to protect the privacy of stored data at edge devices. The computational intelligence (CI) part of our algorithm distributes blocks of data to three different layers by partially encoded and forwarded for decoding to the next layer using hash and greed Solomon algorithms. VMM monitoring uses snapshot algorithm to detect intrusion. The proposed system is compared with Tiang Wang method to validate efficiency of data transfer with security. Hence, security is proven against the indexed efficiency. It is an important study to integrate communication between local host software and nearer edge devices through different channels by verifying snapshot using lamport mechanism to ensure integrity and security at software level thereby reducing the latency. It also provides thorough knowledge and understanding about data communication at software level with VMM. The performance evaluation and feasibility study of security in FLRSC against three-layered approach is proven over 2³² blocks of data with 98% accuracy. Practical implications and contributions to the growing knowledge base are highlighted along with directions for further research.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.1-19
• /
• 2020

In an underlay cognitive simultaneous wireless information and power transfer (SWIPT) network, communication from secondary user (SU) to secondary destination (SD) is accomplished with decode-and-forward (DF) relays. Multiple energy-constrained relays are assumed to harvest energy from SU via power splitting (PS) protocol and complete SU secure information transmission with beamforming. Hence, physical layer security (PLS) is investigated in cognitive SWIPT network. In order to interfere with eavesdropper and improve relay's energy efficiency, a destination-assisted jamming scheme is proposed. Namely, SD transmits artificial noise (AN) to interfere with eavesdropping, while jamming signal can also provide harvested energy to relays. Beamforming vector and power splitting ratio are jointly optimized with the objective of SU secrecy capacity maximization. We solve this non-convex optimization problem via a general two-stage procedure. Firstly, we obtain the optimal beamforming vector through semi-definite relaxation (SDR) method with a fixed power splitting ratio. Secondly, the best power splitting ratio can be obtained by one-dimensional search. We provide simulation results to verify the proposed solution. Simulation results show that the scheme achieves the maximum SD secrecy rate with appropriate selection of power splitting ratio, and the proposed scheme guarantees security in cognitive SWIPT networks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.12
• /
• pp.6092-6115
• /
• 2017

This paper demonstrates a case for an end-to-end pure Application Security Layer for reliable and confidential communications within an Internet of Things (IoT) constrained environment. To provide a secure key exchange and to setup a secure data connection, Transport Layer Security (TLS) is used, which provides native protection against replay attacks. TLS along with digital signature can be used to achieve non-repudiation within app-to-app communications. This paper studies the use of TLS over the JavaScript Object Notation (JSON) via a The Constrained Application Protocol (CoAP) RESTful service to verify the hypothesis that in this way one can provide end-to-end communication flexibility and potentially retain identity information for repudiation. As a proof of concept, a prototype has been developed to simulate an IoT software client with the capability of hosting a CoAP RESTful service. The prototype studies data requests via a network client establishing a TLS over JSON session using a hosted CoAP RESTful service. To prove reputability and integrity of TLS JSON messages, JSON messages was intercepted and verified against simulated MITM attacks. The experimental results confirm that TLS over JSON works as hypothesised.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.1 no.2
• /
• pp.107-122
• /
• 2008

Communication is be classified into public network and private network. VPN is made by integrating the circuit cost reduction of public network and the reliable security support of public network. This paper analyzes the IPSec using three layer tunneling, MPLS(Multi Protocol Label Switching) integrating 2 layer switching and 3 layer routing techniques and dedicated line from the viewpoint of security. In conclusion, VPN is better than dedicated network line in cost and security. If IPSec VPN is compared with MPLS VPN, MPLS VPN is more excellent than IPSec VPN in safe data transmission, cost, QoS and management.