• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.2
• /
• pp.87-97
• /
• 2015

To support the efficient mobility MIPv6v, FMIPv6, HMIPv6 and host-based mobility management protocols have been developed. AAAC (Authentication, Authorization, Accounting and Charging) system is applied in this paper analyzed the the existing IPv6 PMIPv6, FPMIPv6 network security effective and IPv6 MMP (Mobile Management Protocol) Features and performance analysis is performed. And IPv6 MMP seamless transfer performance in terms of packet loss probability, will be analyzed. That can be efficiently used as a method for the integration of QoS and mobility so that you can manage and control the resources presented QoSB usage. Results of evaluation results showed a better overall fast handover structure of mobility management techniques. PMIPv6 and FPMIPv6 in many respects the most efficient structure that can be specifically, a fast handover of the structure of the network-based mobility management scheme showed the best results.

• Genomics & Informatics
• /
• v.14 no.1
• /
• pp.20-28
• /
• 2016

Internet addiction (IA) has become a widespread and problematic phenomenon as smart devices pervade society. Moreover, internet gaming disorder leads to increases in social expenditures for both individuals and nations alike. Although the prevention and treatment of IA are getting more important, the diagnosis of IA remains problematic. Understanding the neurobiological mechanism of behavioral addictions is essential for the development of specific and effective treatments. Although there are many databases related to other addictions, a database for IA has not been developed yet. In addition, bioinformatics databases, especially genetic databases, require a high level of security and should be designed based on medical information standards. In this respect, our study proposes the OAuth standard protocol for database access authorization. The proposed IA Bioinformatics (IABio) database system is based on internet user authentication, which is a guideline for medical information standards, and uses OAuth 2.0 for access control technology. This study designed and developed the system requirements and configuration. The OAuth 2.0 protocol is expected to establish the security of personal medical information and be applied to genomic research on IA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1343-1354
• /
• 2018

OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

• Journal of KIISE:Information Networking
• /
• v.33 no.3
• /
• pp.218-230
• /
• 2006

The enterprise service network is composed of internet, intranet and DMZ. The design rationale of Mobile IP is providing of seamless mobility transparency without regarding to the type of network topology and services. However, Mobile IP specification does not include the mobility support in case of using VPN environment and define the access scenarios to get into the VPN intranet without disturbing existing security policy. In this paper, we propose an authentication method using AAA infrastructure and keying material exchange to enable an user in internet to be able to access the intranet through the VPN gateway. Finally, performance analysis for the proposed scheme is provided.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.122-131
• /
• 2006

This paper introduces the security standardization trend and related technology in ITU-T SG 13 Q.15. Q.15 deals with the security requirements and guidelines over NGN(Next Generation Network) release 1. Korea proposes draft recommendation on 'AAA(Authentication, Authorization and Accounting) Service for network access control over NGN' and the procedure of the user authentication for the NGN convergence service terminals.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.573-586
• /
• 2016

With the adoption of cloud computing, the number of companies that take advantage of cloud computing has increased. Additionally, various of existing service providers have moved their service onto the cloud and provided user with various cloud-based service. The management of user authentication and authorization in cloud-based service technology has become an important issue. This paper introduce a new technique for providing authentication and authorization with other inter-cloud IAM (Identity and Access Management). It is an essential and easy method for data sharing and communication between other cloud users. The proposed system uses the credentials of a user that has already joined an organization who would like to use other cloud services. When users of a cloud provider try to obtain access to the data of another cloud provider, part of credentials from IAM server will be forwarded to the cloud provider. Before the transaction, Access Agreement must be set for granting access to the resource of other Organization. a user can access the resource of other organization based on the control access configuration of the system. Using the above method, we could provide an effective and secure authentication system on the cloud.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.880-882
• /
• 2002

최근 사용자 정보의 안전한 정보 전송 및 네트워크 시스템의 안전성을 보장하기 위한 방법으로 각종보안 인증 프로토콜에 대한 연구가 진행 중에 있다. 그 중에서 AAA 는 다중 네트워크와 플랫폼에서 인증(Authentication), 권한 부여(Authorization), 자원 체크(Accounting)의 기능들을 제공하는 모든 프로토콜을 말한다. 이 논문에서는 AAA 프로토콜의 대표적인 예인 RADIUS(Remote Authentication Dial-in User Service)를 보안 프로토콜 디자인 및 분석 도구인 SPEAR(Security Protocol Engineering & Analysis Resource)를 이용해 SSL 상에서 동작하는 RADIUS 보안 프로토콜의 문제점 및 성능을 디자인 단계에서부터 분석하여 보안 프로토콜의 안정성을 보다 향상시키고자 하였다

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.57 no.4
• /
• pp.706-714
• /
• 2008

In this paper, we suggest a practical and flexible system architecture for JTAG(Joint Test Action Group) protection of application processors. From the view point of security, the debugging function through JTAG port can be abused by malicious users, so the internal structures and important information of application processors, and the sensitive information of devices connected to an application processor can be leak. This paper suggests a system architecture that disables computing power of computers used to attack processors to reveal important information. For this, a user authentication method is used to improve security strength by checking the integrity of boot code that is stored at boot memory, on booting time. Moreover for user authorization, we share hard wired secret key cryptography modules designed for functional operation instead of hardwired public key cryptography modules designed for only JTAG protection; this methodology allows developers to design application processors in a cost and power effective way. Our experiment shows that the security strength can be improved up to $2^{160}{\times}0.6$second when using 160-bit secure hash algorithm.

• Journal of Korea Multimedia Society
• /
• v.11 no.8
• /
• pp.1101-1110
• /
• 2008

Nespot provides a convenient wireless internet connection service. The existing IEEE 802.1X EAP-MD5 authentication mechanism can be achieved based on ID/password information for a wireless connection. The Nespot system offers an advanced accounting and authorization procedure for providing wireless user authentication mechanism. However, many problems were found on the existing Nespot EAP-MD5 mechanism such as a ill value exposure, a leakage of personal information on wireless authentication procedure and a weakness on Nespot mutual authentication mechanism. Therefore, we analyzed the limitation of the existing IEEE 802.1X EAP-MD5 certification system, and suggested a one-time session key based authentication mechanism. And then we offered a simplified encryption function on the Nespot certification process for providing secure mutual authentication process.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.63-68
• /
• 2023

In this study, in relation to blockchain protocol and network security, we study the configuration of blockchain and encryption key management methods on smart contracts so that we can have a strong level of response to MITM attacks and DoS/DDoS attacks. It is expected that the use of blockchain technology with enhanced security can be activated through respond to data security threats such as MITM through encryption communication protocols and enhanced authentication, node load balancing and distributed DDoS attack response, secure coding and vulnerability scanning, strengthen smart contract security with secure consensus algorithms, access control and authentication through enhanced user authentication and authorization, strengthen the security of cores and nodes, and monitoring system to update other blockchain protocols and enhance security.