• The KIPS Transactions:PartC
• /
• v.11C no.3
• /
• pp.277-286
• /
• 2004

Password-based mechanism is widely used methods for user authentication. Password-based mechanisms are using memorable passwords(weak ferrets), therefore Password-based mechanism are vulnerable to the password guessing attack. To overcome this problem, man password-based authenticated key exchange protocols have been proposed to resist password guessing attacks. Recently, Seo-Sweeny proposed password-based Simple Authenticated Key Agreement(SAKA) protocol. In this paper, first, we will examine the SAKA and authenticated key agreement protocols, and then we will show that the proposed simple authenticated key agreement protocols are still insecure against Advanced Modification Attack. And we propose a password-based Simple Authenticated Key Agreement Protocol secure against Advanced Modification Attack.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.1
• /
• pp.206-215
• /
• 2007

Ad-Hoc network technology is a mobile internet technology of the future that will be used widely not only in Mobile Network but also in Wireless Personal Area Network (WPAN) and Ubiquitous Network For this to occur, distributed routing protocol design, loop prevention for link information reduction in overhead for control messages and route restoration algorithm must be improved or complemented. Security techniques that can guarantee safe com-munication between Ad-Hot nodes net also be provided. This study proposes and evaluates a new authentication mechanism for MANET. The mechanism segregates the roles of certification authority to keep with the dynamic mobility of nodes and handle rapid and random topological changes with minimal over-head. That is, this model is characterized by its high expandability that allows the network to perform authentication service without the influence of joining and leaving nodes. The efficiency and security of this concept was evaluated through simulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.85-96
• /
• 2003

Wireless LAM in itself is vulnerable to eavesdropping and modification attack, and thus, IEEE 802.11i and IEEE 802. 1x/1aa have been defined to secure the wireless channel. These protocols accompanied by RADIUS and EAP-TLS provide users of wireless LAM with integrity and confidentiality services, and also they perform authentication and access control of wireless ports. In this paper, we suggest a method to implement accounting session using authentication session of IEEE 802. 1x and accounting state machine is designed with the accounting session. Also, we propose a key exchange mechanism to establish secure channel between stations and an access point. The mechanism is designed to be inter-operable with IEEE 802. 1aa.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.1
• /
• pp.31-36
• /
• 2015

As web accessibility has been easier, security issue becomes much more important in web applications demanding user authentication. Cookie is used to reduce the load of the server from the session in web applications and manage the user information efficiently. However, the cookie containing user information can be sniffed by an attacker. With this sniffed cookie, the attacker can retain the web application session of the lawful user as if the attacker is the lawful user. This kind of attack are called cookie replay attack and it causes serious security problems in web applications. In this paper, we have introduced a mechanism to detect cookie replay attacks and defend them, and verified effectiveness of the mechanism.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.1-10
• /
• 2021

The Internet of things (IoT) is the main advancement in data processing and communication technologies. In IoT, intelligent devices play an exciting role in wireless communication. Although, sensor nodes are low-cost devices for communication and data gathering. However, sensor nodes are more vulnerable to different security threats because these nodes have continuous access to the internet. Therefore, the multiparty security credential-based key generation mechanism provides effective security against several attacks. The key generation-based methods are implemented at sensor nodes, edge nodes, and also at server nodes for secure communication. The main challenging issue in a collaborative key generation scheme is the extensive multiplication. When the number of parties increased the multiplications are more complex. Thus, the computational cost of batch key and multiparty key-based schemes is high. This paper presents a Secure Multipart Key Distribution scheme (SMKD) that provides secure communication among the nodes by generating a multiparty secure key for communication. In this paper, we provide node authentication and session key generation mechanism among mobile nodes, head nodes, and trusted servers. We analyzed the achievements of the SMKD scheme against SPPDA, PPDAS, and PFDA schemes. Thus, the simulation environment is established by employing an NS 2. Simulation results prove that the performance of SMKD is better in terms of communication cost, computational cost, and energy consumption.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.581-584
• /
• 2004

Currently, there are many subscriber access networks: PSTN, ADSL, Cellular Network, IMT200 and so on. To these service providers that provide above network service, it is important that they authenticate and authorize legal subscribers and account for their usage. At present, There exist the several protocols that Support AAA(Authentication, Authorization and Accounting) service : RADIUS, Diameter, TACACS+. Nowadays, RADIUS has used for AAA service widely. It has been extended to support other access network environment. So, we extend RADIUS to support environment of Mobile IPv6. Mobile IPv6 uses IPsec as a security mechanism, basically. But, IPsec is a heavy security technology for small, portable, mobile device. Especially, it is serious at IKE, the subset of IPsec. IKE is a key distribution protocol that distributes the key to the endpoints of IPsec. In t:lis paper, we extend RADIUS to support environment of Mobile IPv6 and simplify the IKE phase of IPsec by AAA system distributing the keys by using its security communication channel. Namely, we propose the key distribution method for IPsec SA establishment between mobile node and home agent. The suggested method was anticipated to be effective at low-power, low computing deyice. Finally, end users feel the faster authentication.

• Journal of IKEEE
• /
• v.13 no.4
• /
• pp.89-95
• /
• 2009

Recently, IC cards are used to protect personal information and to have user verification. Among them, the usage of Java Cards which can contain applications after issuing are increasing and installing several applets on Java card is possible. When Java Cards are used, applet works after completing user identification. In this paper, we designed, embodied and verified the mechanism of user identification process according to PIN setting of applets; Stored_PIN, Install_PIN and Update_PIN. These several applications of Java cards will be used for user identification independently or multiply, while using diverse user identification.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.33-41
• /
• 2015

With rapid rise of virtualization technology from diverse types of cloud computing service, security problems such as data safety and reliability are the issues at stake. Since damage in virtualization layer of cloud service can cause damage on all host (user) tasks, Hypervisor that provides an environment for multiple virtual operating systems can be a target of attackers. This paper propose a security structure for protecting Hypervisor from hacking and malware infection.

• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.7
• /
• pp.332-339
• /
• 2008

Radio Frequency Identification (RFID) technology is an important part of infrastructures in ubiquitous computing. Although all products using tags is a target of these services, these products also are a target of attacking on user privacy and services using authentication problem between user and merchant, unfortunately. Presently, it is very important about security mechanism of RFID system and in this paper, we analyze the security protocol among many kinds of mechanisms to solve privacy and authentication problem using formal verification and propose a modified novel protocol. In addition, the possibility of practical implementation for proposed protocol will be discussed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1561-1569
• /
• 2016

As the use of the sensor device increases in IoT environment, the need for device security is becoming more and more important When a sensor device is deployed in IEEE 802.15.4-based LoWPAN, it has to perform the join operation with PAN Coordinator and the binding operation with another device. In the join and binding process, authentication and key distribution of the device are performed using the pre-distributed network key or certificate. However, the network key used in the conventional method has problems that it's role is limited to the group authentication and individual identification is not applied in certificate issuing. In this paper, we propose a secure join and binding protocol in LoWPAN environment that solves the problems of pre-distributed network key.