• Journal of KIISE:Information Networking
• /
• v.36 no.6
• /
• pp.545-551
• /
• 2009

In this paper, we propose the secure key management framework to connect USN with different network. Although connected USN with different network has no CA (Certificate Authority), it is important to use public key based cryptography system because this network consists of numerous devices. The proposed mechanisms focus on device authentication and public/private key management without existing PKI system of IP network. To solve no CA and certificate problems, the IDC (Identity Based Cryptography) concept is adopted in our proposed mechanism. To verify the possibility of realization, we make an effort to implement the proposed mechanisms to real system. In the test bed, both USN and PLC network are connected to IP network; and proposed mechanisms are implemented to PLC and sensor devices. Through this test using the proposed mechanism, we met the similar performance with symmetric algorithms on key generation and update process. Also, we confirmed possibility of connection between different network and device authentication.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.4
• /
• pp.786-792
• /
• 2016

Camellia was jointly developed by Nippon Telegraph and Telephone Corporation and Mitsubishi Electric Corporation in 2000. Camellia specifies the 128-bit message block size and 128-, 192-, and 256-bit key sizes. In this paper, a modified round operation block which unifies a register setting for key schedule and a conventional round operation block is proposed. 16 ROMs needed for key generation and round operation are implemented using only 4 dual-port ROMs. Due to the use of a message buffer, encryption/decryption can be executed without a waiting time immediately after KA and KB are calculated. The suggested block cipher Camellia algorithm is designed using Verilog-HDL, implemented on Virtex4 device and operates at 184.898MHz. The designed cryptographic core has a maximum throughput of 1.183Gbps in 128-bit key mode and that of 876.5Mbps in 192 and 256-bit key modes. The cryptographic core of this paper is applicable to security module of the areas such as smart card, internet banking, e-commerce and satellite broadcasting.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.10a
• /
• pp.274-277
• /
• 2008

Rekeying is the process of changing the encryption key of an ongoing communication. The main objective is to limit the amount of data encrypted with the same key. The IEEE 802.11 standard defines the Wired Equivalent Privacy, or WEP, encapsulation of 802.11 data frames. MAC at sender encrypts the payload (frame body and CRC) of each 802.11 frame before transmission using RC4 stream cipher. MAC at receiver decrypts and passes data to higher level protocol. WEP uses symmetric key stream cipher (RC4) where same key will be used for data encryption and decryption at the sender and the receiver. WEP is not promising with the advancement of the wireless technology existing today. We propose to use the existing information to define the security attributes. This will eliminate the steps that regenerated keys have to be sent to each other over certain period. The rekeying scheme is according to the number of bytes transmitted. Therefore, even the attacker has recorded the packets, it will be insufficient information and time for the attacker to launch the attacks as the key is not deterministic. We develop a packet simulation software for packet transmission and simulate our propose scheme. From the simulation, our propose scheme will overcome the weak WEP key attack and provide an alternative solution to wireless packet transmission. Besides that, our solution appears to be a software approach where only driver updates are needed for the wireless client and server.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.462-473
• /
• 2010

The RFID system has the security problem of location tracking and user privacy. In order to solve this problem, the cryptographic access method using hash function is difficult to in real applications. Because there is a limit of computing and storage capacity of Tag, but the safety is proved. The lightweight authentication methods like HB and LMAP guarantee the high efficiency, but the safety is not enough to use. In this paper, we use the AES for RFID Authentication, and solve the problem of using fixed key with key change step by step. The symmetric keys of the tag and server are changed by the random number generated by tag, reader and server successively. This could prevent the key exposure. As a result, the output of the tag and reader always changes. These key changes could make it possible to prevent eavesdropping, replay attack, location tracking and spoofing.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.14-23
• /
• 2006

Wireless Sensor Network(WSN) consists of huge number of sensor nodes which are small and inexpensive with very limited resources. The public key cryptography is undesirable to be used in WSN because of the limitations of the resources. A key management and predistribution techniques are required to apply the symmetric key cryptography in such a big network. Many key predistribution techniques and approaches have been proposed, but most of-them didn't consider the real WSN assumptions, In this paper, we propose a security framework that is based on a hierarchical grid for WSN considering the proper assumptions of the communication traffic and required connectivity. We apply simple keying material distribution scheme to measure the value of our framework. Finally, we provide security analysis for possible security threats in WSN.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.3-15
• /
• 2008

In 2000, Song. et. al. firstly proposed the Searchable Keyword Encryption System that treated a problem to search keywords on encrypted data. Since then, various Searchable Keyword Encryption Systems based on symmetric and asymmetric methods have been proposed. However, the Searchable Keyword Encryption Systems based on public key system has a problem that the index size for searching keywords on encrypted data increases linearly according to the number of keyword. In this paper, we propose the method that reduces the index size of Searchable Keyword Encryption based on public key system using Bloom Filter, apply the proposed method to PEKS(Public key Encryption with Keyword Search) that was proposed by Boneh. et. al., and analyze efficiency for the aspect of storage.

• The KIPS Transactions:PartC
• /
• v.14C no.3 s.113
• /
• pp.239-254
• /
• 2007

Ubiquitous computing supports environment to freely connect to network without restrictions of place and time. This environment enables easy access and sharing of information, but because of easy unauthorized accesses, specified security policy is needed. Especially, ubiquitous sensor network devices use limited power and are small in size, so, many restrictions on policies are bound to happen. This paper proposes double-key based light weight security protocol, independent to specific sensor OS, platform and routing protocol in ubiquitous sensor network. The proposed protocol supports safe symmetric key distribution, and allows security manager to change and manage security levels and keys. This had a strong merit by which small process can make large security measures. In the performance evaluation, the proposed light weight security protocol using double-key in ubiquitous sensor network allows relatively efficient low power security policy. It will be efficient to ubiquitous sensor network, such as smart of ace and smart home.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.5C
• /
• pp.737-749
• /
• 2004

Kerberos authenticates clients using symmetric-key cryptography, and supposed to Oust other systems of the realm in distributed network environment. But, authentication and authorization are essential elements for the security. In this paper, we design an efficient and secure authentication/authorization mechanism by introducing the public/private-key and installing the proxy privilege server to Kerberos. In the proposed mechanism, to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we reduce the number of keys by simplifying authentication steps. Proxy privilege server certifies privilege request of client and issues a privilege attribute certificate. Application server executes privilege request of client which is included a privilege attribute certificate. Also, a privilege attribute certificate is used in delegation. We design an efficient and secure authentication/authorization algorithm with Kerberos.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.599-606
• /
• 2009

For many mission-critical related wireless sensor network applications such as military and homeland security, user's access restriction is necessary to be enforced by access control mechanisms for different access rights. Public key-based access control schemes are more attractive than symmetric-key based approaches due to high scalability, low memory requirement, easy key-addition/revocation for a new node, and no key predistribution requirement. Although Wang et al. recently introduced a promising access control scheme based on elliptic curve cryptography (ECC), it is still burdensome for sensors and has several security limitations (it does not provide mutual authentication and is strictly vulnerable to denial-of-service (DoS) attacks). This paper presents an energy-efficient access control scheme based on ECC to overcome these problems and more importantly to provide dominant energy-efficiency. Through analysis and simulation based evaluations, we show that the proposed scheme overcomes the security problems and has far better energy-efficiency compared to current scheme proposed byWang et al.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.12B
• /
• pp.1407-1417
• /
• 2009

We propose a e-document management system that can provide segmented page information on a document according to different levels of authority from access control environment. The proposed system creates hierarchy identifier using a one-way hash chain and therefore does not need to own key information for all users as in existing system. Also by creating group keys by compounding hash chain hierarchy identifier with randomly formed group identifier, the system can flexibly respond to dynamic changes from group member movements while at the same time resolving the problems of key formation and management in document encoding technique using symmetric key for each page. Lastly as a result of comparative analysis through an experiment with existing e-document management systems, the proposed system showed superiority in the efficiency of encoding and decoding document and the speed of encoding and decoding by the pages.