• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권12호
• /
• pp.6092-6115
• /
• 2017

This paper demonstrates a case for an end-to-end pure Application Security Layer for reliable and confidential communications within an Internet of Things (IoT) constrained environment. To provide a secure key exchange and to setup a secure data connection, Transport Layer Security (TLS) is used, which provides native protection against replay attacks. TLS along with digital signature can be used to achieve non-repudiation within app-to-app communications. This paper studies the use of TLS over the JavaScript Object Notation (JSON) via a The Constrained Application Protocol (CoAP) RESTful service to verify the hypothesis that in this way one can provide end-to-end communication flexibility and potentially retain identity information for repudiation. As a proof of concept, a prototype has been developed to simulate an IoT software client with the capability of hosting a CoAP RESTful service. The prototype studies data requests via a network client establishing a TLS over JSON session using a hosted CoAP RESTful service. To prove reputability and integrity of TLS JSON messages, JSON messages was intercepted and verified against simulated MITM attacks. The experimental results confirm that TLS over JSON works as hypothesised.

• 한국정보전자통신기술학회논문지
• /
• 제1권2호
• /
• pp.107-122
• /
• 2008

통신망은 크게 누구든지 접속할 수 있는 공중망과 해당 조직 내의 사람들만이 접속할 수 있는 사설망으로 구분할 수 있는데, 공중망의 회선비용 절감과 사설망의 신뢰성 있는 보안 통신 지원이라는 장점만을 부각시킨 것이 VPN이라 할 수 있다. 본 연구에서는 3계층 터널링 기법을 사용하는 IPSec VPN과 2계층 스위칭 기법과 3계층 라우팅 기술을 접목한 새로운 스위칭 기법을 이용하는 MPLS(Multi Protocol Label Switching), 그리고 전용회선을 보안측면에서 비교 분석하였다. VPN이 비용면이나 보안측면에서 전용회선보다 우수하며, IPSec VPN과 MPLS VPN을 비교해보면 안전한 데이터 전송을 위한 보안 유지, 비용 절감, QoS 제공, 운영 및 관리의 유연성을 보장하고, 오히려 IPSec VPN의 문제점을 보완하는 MPLS VPN이 차세대 VPN이라 할 수 있다.

• 정보보호학회논문지
• /
• 제27권5호
• /
• pp.993-1000
• /
• 2017

임베디드 장비의 가용성을 고려했을 때, 안전성과 효율성이 동시에 제공될 수 있는 1차 마스킹과 하이딩 대응기법과 같이 조합된 대응기법은 꽤 매력적이다. 특히, 효율성을 제공하기 위하여 첫 번째와 마지막 라운드의 혼돈 및 확산 계층에 조합된 대응기법을 적용할 수 있다. 또한, 중간 라운드에는 1차 마스킹 또는 대응기법이 없게 구성한다. 본 논문에서, 확산 계층의 출력에서 낮은 복잡도를 갖는 최신 부채널 분석을 제안한다. 일반적으로, 공격자는 높은 공격 복잡도 때문에 확산 계층의 출력을 공격 타겟으로 설정할 수 없다. 블록 암호의 확산 계층이 AND 연산들로 구성되어있을 때, 공격 복잡도를 줄일 수 있다는 것을 보인다. 여기서, 우리는 주 알고리즘을 SEED로 간주한다. 그러면, S-box 출력과 확산 계층 출력과의 상관관계에 의해 $2^{32}$ 를 갖는 공격 복잡도는 $2^{16}$으로 줄일 수 있다. 더욱이, 일반적으로 주 타겟이 S-box 출력이라는 사실과 비교하였을 때, 시뮬레이션 파형에서 요구되는 파형 수가 43~98%가 감소할 수 있다는 것을 입증한다. 게다가, 실제 장비에서 100,000개 파형에 대해 일반적인 방법으로 옳은 키를 추출하는 것을 실패하였음에도, 제안된 방법에 의해 옳은 키를 찾는데 8,000개의 파형이면 충분하다는 것을 보인다.

• 방송공학회논문지
• /
• 제13권2호
• /
• pp.261-273
• /
• 2008

최근 급격하게 사용이 증가되고 있는 멀티미디어 서비스는 QoS를 만족하기 위하여 네트워크의 속도, 잡음 환경, 단말의 계산 능력, 컨텐츠 종류 등을 기반으로 멀티미디어 데이터를 변환, 전송한다. 멀티미디어 서비스에서 정보 보호를 위해 중간 수준의 단일한 보안 서비스만을 제공하거나 단말의 계산 능력 및 컨텐츠 종류에 따라 서비스 제공자 정책에 기반한 보안 메커니즘을 제공한다. 안전한 멀티미디어 서비스를 지원하기 위해 응용 계층의 보안과 네트워크 보안 메커니즘을 연구하여 보다 효과적인 멀티미디어 서비스를 위한 보안 메커니즘을 지원할 수 있다. 본 논문은 확장성과 경제성을 향상시킨 무선랜 메쉬 네트워크에서의 보안 수준, 침해 수준에 대한 효용 함수와 누적 보정 모델을 기반으로 멀티미디어 서비스 제공자가 단말의 계산 능력 및 컨텐츠의 종류 이외의 무선랜 메쉬 네트워크에서의 정량화된 보안 수준을 고려하여 멀티미디어 서비스의 보안 메커니즘을 결정하는 프레임워크를 정의 한다.

• International Journal of Computer Science & Network Security
• /
• 제24권3호
• /
• pp.23-28
• /
• 2024

The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권6호
• /
• pp.2595-2618
• /
• 2018

In this paper, we investigate secure communication with the presence of multiple eavesdroppers (Eves) in a two-tier downlink dense heterogeneous network, wherein there is a macrocell base station (MBS) and multiple femtocell base stations (FBSs). Each base station (BS) has multiple users. And Eves attempt to wiretap a macrocell user (MU). To keep Eves ignorant of the confidential message, we propose a physical-layer security scheme based on cross-layer cooperation to exploit interference in the considered network. Under the constraints on the quality of service (QoS) of other legitimate users and transmit power, the secrecy rate of system can be maximized through jointly optimizing the beamforming vectors of MBS and cooperative FBSs. We explore the problem of maximizing secrecy rate in both non-colluding and colluding Eves scenarios, respectively. Firstly, in non-colluding Eves scenario, we approximate the original non-convex problem into a few semi-definite programs (SDPs) by employing the semi-definite relaxation (SDR) technique and conservative convex approximation under perfect channel state information (CSI) case. Furthermore, we extend the frame to imperfect CSI case and use the Lagrangian dual theory to cope with uncertain constraints on CSI. Secondly, in colluding Eves scenario, we transform the original problem into a two-tier optimization problem equivalently. Among them, the outer layer problem is a single variable optimization problem and can be solved by one-dimensional linear search. While the inner-layer optimization problem is transformed into a convex SDP problem with SDR technique and Charnes-Cooper transformation. In the perfect CSI case of both non-colluding and colluding Eves scenarios, we prove that the relaxation of SDR is tight and analyze the complexity of proposed algorithms. Finally, simulation results validate the effectiveness and robustness of proposed scheme.

• 한국경영과학회:학술대회논문집
• /
• 대한산업공학회/한국경영과학회 2002년도 춘계공동학술대회
• /
• pp.639-644
• /
• 2002

Password typing is the most wifely ued identity verification method in computer security domain. However, due to its simplicity, it is vulnerable to imposter attacks Keystroke dynamics adds a shield to password. Discriminating imposters from owners is a novelty detection problem. Auto-Associative Multilayer Perceptron (AaMLP) has teen proved to be a good novelty detector. However, the wifely used 2-layer AaMLP cannot identify nonlinear boundaries, which can result in serious problems in computer security. In this paper, a nonlinear model, i.e. 4-layer AaMLP, is proposed to serve as the novelty detector, which can remedy the limitations of 2-layer AaMLP.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제5권2호
• /
• pp.440-456
• /
• 2011

In this paper, we introduce a novel Public Key Infrastructure (PKI) based message authentication scheme that takes advantage of temporal and spatial uniqueness in physical layer channel responses for each transmission pair in vehicular communication networks. The proposed scheme aims at achieving fast authentication and minimizing the packet transmission overhead without compromising the security requirements, in which most messages can be authenticated through an extreme fast physical-layer authentication mechanism. We will demonstrate that the proposed secure authentication scheme can achieve very short message delay and reduced communication overhead through extensive analysis and simulation.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2003년도 춘계학술발표논문집 (하)
• /
• pp.2117-2120
• /
• 2003

Trusted channel provides a means of secure communication and it includes security services such as confidentiality, authentication, and so on. This paper describes the implementation of trusted channel between secure operating systems that integrates access control mechanisms with FreeBSD kernel code[1]. The trusted channel we developed offers confidentiality an4 message authentication for network traffic based on the destination address. It is implemented in the kernel level of IP layer and transparent to users.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권11호
• /
• pp.4483-4501
• /
• 2015

In this paper, we investigate a security transmission scheme at the physical layer for cooperative wireless relay networks in the presence of a passive eavesdropper. While the security scheme has been previously investigated with perfect channel state information(CSI) in the presence of a passive eavesdropper, this paper focuses on researching the robust cooperative relay beamforming mechanism for wireless relay networks which makes use of artificial noise (AN) to confuse the eavesdropper and increase its uncertainty about the source message. The transmit power used for AN is maximized to degrade the signal-to-interference-plus-noise-ratio (SINR) level at the eavesdropper, while satisfying the individual power constraint of each relay node and worst-case SINR constraint at the desired receiver under a bounded spherical region for the norm of the CSI error vector from the relays to the destination. Cooperative beamforming weight vector in the security scheme can be obtained by using S-Procedure and rank relaxation techniques. The benefit of the proposed scheme is showed in simulation results.