• 융합보안논문지
• /
• 제8권1호
• /
• pp.19-26
• /
• 2008

무선 센서 네트워크에서 공격자는 한 위치에서 패킷을 획득하여 획득한 패킷을 재전송하는 공모 모드에게 터널하는 웜홀 공격을 가할 수 있다. 공격자는 이웃 발견 단계 동안에 웜홀 공격을 가할 수도 있으므로, 웜홀 공격은 라우팅 프로토콜에게 매우 위험하다. 웜홀의 전략적인 배치는 네트워크를 통한 통신에서의 심각한 붕괴를 가져올 수 있다. 본 논문은 센서 네트워크를 위한 훼손 감내하는 터널된 패킷 여과 기법을 소개한다. 제안 기법은 메시지의 홉 수와 메시지에 덧붙여진 암호화된 홉 수와의 비교를 통하여 홉 수가 조작된 메시지를 탐지할 수 있다. 제안 기법은 각 노드에 할당된 보안 정보의 양을 제안함으로써 훼손된 노드를 사용하는 웜홀 공격의 영향을 줄일 수 있다.

• Journal of applied mathematics & informatics
• /
• 제30권5_6호
• /
• pp.847-864
• /
• 2012

In recent years, using computer networks (wired and wireless networks) has been widespread in many applications. As computer networks become increasingly complex, the accompanied potential threats also grow to be more sophisticated and as such security has become one of the major concerns in them. Prevention methods alone are not sufficient to make them secure; therefore, detection should be added as another defense before an attacker can breach the system. Intrusion Detection Systems (IDSs) have become a key component in ensuring systems and networks security. An IDS monitors network activities in order to detect malicious actions performed by intruders and then initiate the appropriate countermeasures. In this paper, we present a survey and taxonomy of intrusion detection systems and then evaluate and compare them.

• Journal of Communications and Networks
• /
• 제18권1호
• /
• pp.105-111
• /
• 2016

Trust models in the literature of MANETs commonly assume that packets have different security requirements. Before a node forwards a packet, if the recipient's trust level does not meet the packet's requirement level, then the recipient must perform certain security association procedures, such as re-authentication. We present in this paper an analysis of the epidemic broadcast delay in such context. The network, mobility and trust models presented in this paper are quite generic and allow us to obtain the delay component induced only by the security associations along a path. Numerical results obtained by simulations also confirm the accuracy of the analysis. In particular, we can observe from both simulation's and analysis results that, for large and sparsely connected networks, the delay caused by security associations is very small compared to the total delay of a packet. This also means that parameters like network density and nodes' velocity, rather than any trust model parameter, have more impact on the overall delay.

• International Journal of Computer Science & Network Security
• /
• 제24권4호
• /
• pp.155-162
• /
• 2024

Anonymity online has been an ever so fundamental topic among journalists, experts, cybersecurity professionals, corporate whistleblowers. Highest degree of anonymity online can be obtained by mimicking a normal everyday user of the internet. Without raising any flags of suspicion and perfectly merging with the masses of public users. Online Security is a very diverse topic, with new exploits, malwares, ransomwares, zero-day attacks, breaches occurring every day, staying updated with the latest security measures against them is quite expensive and resource intensive. Network security through anonymity focuses on being unidentifiable by disguising or blending into the public to become invisible to the targeted attacks. By following strict digital discipline, we can avoid all the malicious attacks as a whole. In this paper we have demonstrated a proof of concept and feasibility of securing yourself on a network by being anonymous.

• 정보보호학회논문지
• /
• 제17권1호
• /
• pp.139-144
• /
• 2007

무선센서네트워크 환경에서 브로드캐스트 인증은 필수적 인 보안 요소이다. 대표적인 브로드캐스트 인증 방식은 키 체인을 사용한 ${\mu}-TESLA$ 이다. 하지만 이 기법은 인증 시간의 지연이 불가피함으로 실시간 처리가 중요한 무선센서네트워크 환경에서 적합하지 않다. 따라서 본 논문에서는 인증 시간의 지연이 없을 뿐 아니라 re-keying문제가 없는 효율적인 브로드캐스트 인증 기법을 제안하고 이에 대한 안정성 및 효율성을 분석한다. 이 기법은 무선센서네트워크 환경에 실질적 적용이 가능하고 장기적인 네트워크를 구성할 수 있다.

• Journal of Communications and Networks
• /
• 제16권6호
• /
• pp.592-599
• /
• 2014

Cloud computing enables users to easily store their data and simply share data with others. Due to the security threats in an untrusted cloud, users are recommended to compute verification metadata, such as signatures, on their data to protect the integrity. Many mechanisms have been proposed to allow a public verifier to efficiently audit cloud data integrity without receiving the entire data from the cloud. However, to the best of our knowledge, none of them has considered about the efficiency of public verification on multi-owner data, where each block in data is signed by multiple owners. In this paper, we propose a novel public verification mechanism to audit the integrity of multi-owner data in an untrusted cloud by taking the advantage of multisignatures. With our mechanism, the verification time and storage overhead of signatures on multi-owner data in the cloud are independent with the number of owners. In addition, we demonstrate the security of our scheme with rigorous proofs. Compared to the straightforward extension of previous mechanisms, our mechanism shows a better performance in experiments.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제18권3호
• /
• pp.779-800
• /
• 2024

Unmanned Aerial Vehicle (UAV) networks, also known as drone networks, have gained significant attention for their potential in various applications, including communication. UAV networks for communication involve using a fleet of drones to establish wireless connectivity and provide communication services in areas where traditional infrastructure is lacking or disrupted. UAV communication networks need to be highly secured to ensure the technology's security and the users' safety. The proposed survey provides a comprehensive overview of the current state-of-the-art UAV network security solutions. In this paper, we analyze the existing literature on UAV security and identify the various types of attacks and the underlying vulnerabilities they exploit. Detailed mitigation techniques and countermeasures for the protection of UAVs are described in this paper. The survey focuses on the implementation of novel technologies like Q-learning, blockchain, IRS, and mmWave. This paper discusses network simulation tools that range in complexity, features, and programming capabilities. Finally, future research directions and challenges are highlighted.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제2권5호
• /
• pp.265-277
• /
• 2008

In spite of previous common assumptions about the incompatibility of public key cryptography (PKC) schemes with wireless sensor networks (WSNs), recent works have shown that they can be utilized for such networks in some manner. The major challenge of employing a PKC-based scheme in a wireless sensor network is posed by the resource limitations of the tiny sensors. Considering this sensor feature, in this paper we propose an efficient PKC-based security architecture with relatively lower resource requirements than those of previously proposed PKC schemes for WSN. In addition, our scheme aims to provide robust security in the network. Our security architecture comprises two basic components; a key handshaking scheme based on simple, linear operations and the derivation of a decryption key by a receiver node. Our architecture enables node-to-base-station and node-to-node secure communications. Analysis and simulation results show that our proposed architecture ensures a good level of security for network communications, and can be effectively implemented with the limited computational, memory, and energy budgets of current-generation sensor nodes.

• Journal of Communications and Networks
• /
• 제13권6호
• /
• pp.583-590
• /
• 2011

Full-mesh IPSec tunnels pass through a black ("unsecure") network (B-NET) to any red ("secure") networks (RNETs). These are needed in military environments, because they enable dynamically changing R-NETs to be reached from a BNET. A dynamically reconfiguring security policy database (SPD) is very difficult to manage, since the R-NETs are mobile. This paper proposes advertisement process technologies in association with the tunnel gateway's protocol that sends 'hello' and 'prefix advertisement (ADV)' packets periodically to a multicast IP address to solve mobility and security issues. We focus on the tunnel gateway's security policy (SP) adaptation protocol that enables R-NETs to adapt to mobile environments and allows them to renew services rapidly soon after their redeployment. The prefix ADV process enables tunnel gateways to gather information associated with the dynamic changes of prefixes and the tunnel gateway's status (that is, 'down'/restart). Finally, we observe two different types of performance results. First, we explore the effects of different levels of R-NET movements on SP adaptation latency. Next, we derive the other SP adaptation latency. This can suffer from dynamic deployments of tunnel gateways, during which the protocol data traffic associated with the prefix ADV protocol data unit is expected to be severe, especially when a certain tunnel gateway restarts.

• 디지털콘텐츠학회 논문지
• /
• 제16권1호
• /
• pp.1-12
• /
• 2015

본 논문에서는 새로운 신뢰 망 운용에 가상화 기술을 적용하기 위하여 기존 가상화 기술 연구동향 및 문제점을 분석하고, 가장 적합한 가상화 기술을 제시하고자 한다. 가상화 기술을 통하여 자원의 활용률을 높이고 관리비용을 절감할 수 있는 장점이 있다. 한편 보안 측면에서는 가상화를 통한 보안의 장점도 있는 반면에, 가상화의 도입으로 인한 새로운 취약성이 발생하여 이 문제에 대한 분석 및 대책이 필요하다. 따라서 가상화 시스템의 보안 위협 요소들을 도출하고, 가상화 보안 정책에 대하여 분석하고 살펴본다.