• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.91-100
• /
• 2007

In this paper, We design and propose a protocol for supporting secure and efficient mobility in integrating fast handover and HMIPv6. In the proposed protocol which is AAA-based HMIPv6, if the MN enters the MAP domain for the first time, then it performs an Initial Local Binding Update for authentication. We propose a secure Fast Handover method using the ticket provided by MAP, which includes the secret key for authentication. Also, we analyze and compare security properties of our proposed scheme with those of other scheme using various attack scenario.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.67-80
• /
• 2007

Nateon Messenger, which has the most number of users in Korea, supports many services such as E-mail, note, Cyworld, SMS, etc. In this paper, we will analyse the authentication traffic which is transmitted and received by the Nateon Messenger. Through performing the replay attack with the authentication information, we will show that an attacker can be authenticated illegally. Furthermore, we will show that other domestic messengers have similar security problems.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.399-408
• /
• 2021

Information security reports four types of basic attacks on information. One of the attacks is named as fabrication. Even though mobile devices and applications are showing its maturity in terms of performance, security and ubiquity, location-based applications still faces challenges of quality of service, privacy, integrity, authentication among mobile devices and hence mobile users associated with the devices. There is always a continued fear as how location information of users or IoT appliances is used by third party LB Service providers. Even adversary or malicious attackers get hold of location information in transit or fraudulently hold this information. In this paper, location information fabrication scenarios are presented after knowing basic model of information attacks. Peer-to-Peer broadcast model of location privacy is proposed. This document contains introduction to fabrication, solutions to such threats, management of fabrication mitigation in collaborative or peer to peer location privacy and its cost analysis. There are various infrastructure components in Location Based Services such as Governance Server, Point of interest POI repository, POI service, End users, Intruders etc. Various algorithms are presented and analyzed for fabrication management, integrity, and authentication. Moreover, anti-fabrication mechanism is devised in the presence of trust. Over cost analysis is done for anti-fabrication management due to nature of various cryptographic combinations.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.45 no.10
• /
• pp.40-48
• /
• 2008

Security of self organized mobile ad hoc networks is an important issue because administration information in the networks is managed by the constituent nodes. Especially authentication mechanism is necessary for trust setup between newly joining nodes and the network. The authentication models and protocols which are based on the wireline infrastructure could not be practical for mobile ad hoc network. Although public key algorithm-based method is widely used for authentication, it is not easy to be applied to mobile ad hoc networks because they do not have infrastructure such as centralized CA which is needed for certificate verification. In this paper, we consider the public key based random CA group method proposed in [1] to provide efficient authentication scheme to mobile ad hoc networks and analyze the performance of the method, which is then compared to the home CA method. From the analysis results, we see that the random CA method where the function of CA is distributed to some mobile nodes and the authentication information is propagated to randomly chosen CAs shows higher reliability and lower cost than home CA method.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.50-59
• /
• 2006

The new communication paradigm is rapidly shifted from wireless mobile networks to an All-IP(Internet Protocol) network, led by service industry leaders and communication manufacturers. In this paradigm, providing authentication and session keys of a subscriber becomes one of the critical tasks because of IP open accessibility among heterogeneous networks. In this paper, we introduce authentication process procedure of heterogeneous wireless mobile networks and develop so-called IMAS(Integrated Mobile Authentication Server) which can securely inter-work among all mobile networks and support the legacy networks with backward compatibility. Especially, in designing IMAS, mobile authentication inter-working mechanism, key management technique, and other issues to be overcome are presented. We analyze and evaluate the performance of authentication algorithm which creates session key. A simulation environment of IMAS is established, and a performance(TPS; Transaction Per Second) result is analyzed and evaluated. It turned out that IMAS works among heterogeneous wireless mobile networks without compensating efficiency and functionalities of the legacy networks and decrease the entropy of data redundancy and data inconsistency among networks because of the integrity of the distributed Data Base(DB).

• Journal of information and communication convergence engineering
• /
• v.4 no.4
• /
• pp.166-169
• /
• 2006

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. In this paper, we present a new identification scheme: OPI(One Pass Identification). The security of OPI is based on the square root problem, and OPI is secure: against the well known attacks including pre-play attack, off-line dictionary attack and server comprise. A number of pass of OPI is one, and OPI processes the password and does not need the key. We think that OPI is excellent for the consuming time to verify the prover.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1819-1831
• /
• 2018

This paper focuses on a header compression method for the Authentication Header (AH) and Encapsulation Security Payload (ESP) for application to 6LoWPAN. Based on the context, an extendible compression method is developed by analysing each field of the AH and ESP. The method is carried out by resetting the AH and ESP header compression formats, adding a MOD field, and setting different working modes. Authentication, encryption, and a mixture of certification and encryption are provided as flexible options. In addition, the value of the original IPv6 extensible header ID (EID) field can be retained, while the number of occupied NHC_ID values can be decreased for future extendibility. The experimental results show the feasibility and validity of the current compression method. By comparison with other solutions, the new mechanism is demonstrated to be advantageous in terms of compression ratio, flexibility and extendibility.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.85-90
• /
• 2004

A certificate is important media for the purpose of offering user-authentication service on PKI system. In the paper we analyzed management implement which could make the efficient use of a certificate. This implement called ClientCA will make efficient use of the service about user-authentication consisting of the basis in the age of information through efficient management and partial use of each certificates. Especially, ClientCA could be used efficiently by grafting a small group of PKI system which is operated with particular purposes.

• Journal of KIISE:Information Networking
• /
• v.28 no.4
• /
• pp.570-577
• /
• 2001

In recent years, Internet-based application services on the mobile environment have been activated, and the developments of mobile internet application for user authentication and privacy have been required. Especially, the research for preventing disclosure of identity caused by user mobility is on the progress. In this paper, we introduce the study of an authentication protocol for anonymity and untraceability supporting the protection of user identity and the authenticated secure association mechanism between mobile hosts and remote domains. In this protocol use public cryptography.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06d
• /
• pp.110-115
• /
• 2008

음성 데이터를 IP기반의 패킷망을 통해 전송하는 기술인 VoIP(Voice over Internet Protocol) 기술은 음성 데이터를 기존의 PSTN(Public Switched Telephone Network)망을 통해 전송하는 방식에 비해 비용 절감 등의 장점을 가지고 있다. 그러나 VoIP가 기존의 PSTN망을 대체하기 위해서는 QoS(Quality of Service)의 보장과 보안이 제공되어야 한다는 문제점을 가지고 있다. VoIP망에서 보안을 위해서는 사용자간에 전송되는 음성 데이터에 대한 보안과 초기의 세션 연결 시 사용자를 인증하는 과정이 고려되어져야 한다. 실질적인 대화 내용인 음성 데이터의 보안도 중요한 부분이지만 대화에 참여하는 사용자를 인증하는 과정이 선행되어야 한다. VoIP에서는 세션 연결 설정을 위해 H.323과 SIP를 사용하고 있으며, 최근에는 H.323에 비해 간단한 SIP가 주목을 받고 있다. RFC3261에서는 SIP를 이용해 세션 연결을 하는 과정에서 사용자를 인증하기 위한 몇 가지 인증 메커니즘을 제시하고 있다. 본 논문에서는 SIP를 이용하여 세션을 연결하는 과정에서 사용자의 인증을 위해 사용되는 인증 메커니즘 중 한 가지인 HTTP Digest Authentication의 취약점을 분석하고, 이를 보완하기 위한 새로운 인증 메커니즘을 제시한다.