• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.5
• /
• pp.958-964
• /
• 2005

WLAN user authentication is mostly based on user password resulting in vulnerability to the notorious 'offline dictionary attack'. As a way around this problem. EAP-TTLS and PEAP protocols are increasing finding their way into WLANs, which are a sort of combination of password protocols and the TLS public-key protocol. This leads to the use of the public-key certificate of the WLAM authentication server, and naturally the concern arises about its revocation status. It seems, however, that any proper soulution has not been provided to address this concern. We propose a very efficent and proper solution to check the certificate revocation status.

• Journal of the Institute of Convergence Signal Processing
• /
• v.10 no.1
• /
• pp.66-71
• /
• 2009

In view of mutual complementary feature of wide coverage and high data rate, the interworking between 3G cellular network and WLAN is a global trend of wireless communications. This paper introduces the analytic result of an authentication mechanism for 3GPP-WLAN seamless mobility under the USIM-based authentication test-bed. In a handover process between heterogeneous networks, authentication is the main factor of handover delay. So authentication processing time should be firstly reduced. This paper describes an USTM-based EAP-AKA test-bed implemented for handover in UMTS and WLAN interworking systems. Experimental result has shown that the fast re-authentication mechanism during handover has reduced the handover delay by about 48.6%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.137-144
• /
• 2004

3GPP(3rd Generation Project Partnership)-WLAN(Wireless Local Area Network) interworking refers to the utilization of resources and access to services within the 3GPP system by the WLAN UE(User Equipment) and user respectively. The intent of 3GPP-WLAN Interworking is to extend 3GPP services and functionality to the WALN access environment. We propose an efficient mechanism for the setup of UE-initiated tunnels in 3GPP-WLAN interworking. The proposed mechanism is based on a secret key which is pre-distributed in the process of authentication and key agreement between UE and 3GPP AAA(Authentication, Authorization Accounting) server. Therefore it can avoid modular exponentiation and public key signature which need a large amount of computation in UE. Also the proposed scheme provides mutual authentication and session key establishment between UE and PDGW(Packet Data Gateway).

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.8
• /
• pp.1768-1773
• /
• 2005

The IEEE 802.1x standard provides an architectural framework which can be used various authentication methods. But, IEEE 802.1x also has vulnerabilities about the DoS, the session hijacking and the Man in the Middle attack due to the absence of AP authentication. In this paper, we propose a WLAN secure system which can offer a robust secure communication and a user authentications with the IEEE 802.1x framework. The user authentication on the WLAN secure system accomplishes mutual authentications between authentication severs, clients and the AP using PKI and prevents an illegal user from intervening in communication to disguise oneself as a client, the AP or authentication servers. Also, we guarantee the safety of the communication by doing secure communication between clients and the AP by the Dynamic WEP key distribution.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.9
• /
• pp.1983-1989
• /
• 2012

The IEEE 802.1x standard provides an architectural framework which can be used various authentication methods. But, IEEE 802.1x also has vulnerabilities about the DoS(Denial of Service), the session hijacking and the MiM(Man in the Middle) attack due to caused by structural of authentication protocol. In this paper, we propose a WLAN system which can offer safety communication by complement of IEEE 802.1x vulnerabilities. The WLAN system accomplishes mutual authentications between authentication servers, clients and the AP using PKI and prevents an illegal user from intervening in communication to disguise oneself as a client, the AP or authentication servers. Also, we guarantee the safety of the communication by the Dynamic WEP key distribution between clients and the AP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.41-49
• /
• 2007

USIM(UMTS Subscriber Identity Module) technology that accept 3GPP(3rd Generation Partnership Project) standards for information security supports security function in 3GPP. Supported security functions of USIM are confidentiality of user identity, mutual authentication and key agreement between end user and network, confidentiality of user data and data integrity. It is very important technology in wireless network. It makes secure environment that user and service provider can use securely mobile service in network. In this paper, design and implementation USIM security module that supports common network access method and authentication protocol in 3GPP and WLAN(Wireless LAN) and AAA (3A-Authentication Authorization Accounting) server system based RADIUS.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.1155-1158
• /
• 2006

최근 다양한 형태의 통신 네트워크들의 통합 현상이 가속화되고 있다. 그 중에서도 3G 네트워크와 WLAN은 서로 보완적인 특성을 지니고 있으므로 이를 활용한 3G 네트워크와 WLAN의 연동 방안에 대한 연구는 학계와 기업에서 이슈로 떠오르고 있다. 본 논문에서는 강결합 시스템 환경을 기반으로 계층적 핸드오프시 필수적으로 발생하는 AAA 서버와의 인증 절차 동안 VHOM(Virtual Handoff Manager)을 통한 재인증 과정의 단축으로 핸드오프 지연시간을 줄이고, 핸드오프 결정 요소로서 이동 단말의 위치에 따른 네트워크 성능에 초점을 맞춰 계층적 핸드오프를 수행함으로서 이전의 연구들에서 보여준 결과보다 효율적이면서도 고속의 계층적 핸드오프를 위한 방안을 제시하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.495-498
• /
• 2014

최근 스마트폰을 이용한 인터넷 사용이 증가하면서 카페나 영화관과 같은 공공장소에 많은 Access Point(AP)들이 설치되어 있다. 하지만 이러한 AP 대부분이 외부 공격에 무방비하게 노출되어 위험성이 대두되고 있다. 대표적인 공격으로 사용자와 AP간 통신에 끼어들어 데이터를 도청하거나 위 변조하는 Man-In-The-Middle(MITM) 공격이 있다. MITM 공격에 대한 대응책으로 통신간 암호화가 있지만, 모든 통신에 암호화를 적용하는 것은 많은 비용이 발생하기 때문에 현실적으로 불가능하다. 실제로 구글 플레이스토어에 등록된 100개의 무료 인기 어플리케이션 중 모든 메시지에 암호화 통신을 사용하는 어플리케이션은 없으며, 부분적으로 사용하는 어플리케이션은 43개임을 확인하였다. 본 논문에서는 앞서 설명한것과 같이 통신간 암호화를 하지 않는 어플리케이션을 MITM 공격으로부터 보호하기 위한 메시지 인증 기반 무결성 검증 방법을 제안하여 안전한 어플리케이션-서버 통신 모델 개발에 기틀을 마련한다.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.15 no.5
• /
• pp.649-654
• /
• 2005

In this paper, we describe an implementation of real-time face recognition system under ubiquitous computing environments. First, face image is captured by PDA with CMOS camera and then this image with user n and name is transmitted via WLAN(Wireless LAN) to the server and finally PDA receives verification result from the server The proposed system consists of server and client parts. Server uses PCA and LDA algorithm which calculates eigenvector and eigenvalue matrices using the face images from the PDA at enrollment process. And then, it sends recognition result using Euclidean distance at verification process. Here, captured image is first compressed by the wave- let transform and sent as JPG format for real-time processing. Implemented system makes an improvement of the speed and performance by comparing Euclidean distance with previously calculated eigenvector and eignevalue matrices in the learning process.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.16 no.4
• /
• pp.430-435
• /
• 2006

In this paper, we propose a method based on multimodal biometrics system using the face and signature under ubiquitous computing environments. First, the face and signature images are obtained by PDA and then these images with user ID and name are transmitted via WLAN(Wireless LAN) to the server and finally the PDA receives verification result from the server. The multimodal biometrics recognition system consists of two parts. In client part located in PDA, user interface program executes the user registration and verification process. The server consisting of the PCA and LDA algorithm shows excellent face recognition performance and the signature recognition method based on the Kernel PCA and LDA algorithm for signature image projected to vertical and horizontal axes by grid partition method. The proposed algorithm is evaluated with several face and signature images and shows better recognition and verification results than previous unimodal biometrics recognition techniques.