• Journal of Internet Computing and Services
• /
• v.11 no.3
• /
• pp.139-148
• /
• 2010

In the sensor network security area, previous works were mainly concentrated on achieving authentication, confidentiality, integrity and availability. But the ID exposure issue is recently an increasing concern in research community. To protect the ID exposure from various attacks, the most common approach is to make use of a dynamic pseudonym rather than the real ID. However, if a node's secret key (or hash key) and the current pseudonym (such as a random number) are exposed, the attacker can easily generate the previous/next pseudonyms. In this paper, we propose a security infra-structure scheme for enabling strong anonymity of sensor nodes. Our scheme ensures that the probability being able to generate a pseudonym is very low even if a sensor node has been compromised with an attacker. Security analyses have proven that our scheme is suitable for sensor network environments in terms of preserving of forward anonymity as well as backward anonymity.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.2B
• /
• pp.138-147
• /
• 2012

With the improvement of wireless communication and embedded technology, WSN is used at various fields. Meanwhile, because WSN is resource constrained, it is more vulnerable than other networks. To solve the security problem of WSN, we can use the traditional secure mechanism like as cryptography and authentication. But the traditional secure mechanism is not enough for all security issues that may be happened in WSN, especially attacks caused by the compromised node. So, we need the IDS as the second secure mechanism for WSN. In this paper, we propose the Specification-based Intrusion Detection Mechanism that makes LEACH, which is one of the clustering routing protocol for WSN, more reliable and safety.

• Journal of Chest Surgery
• /
• v.26 no.3
• /
• pp.214-218
• /
• 1993

Extensive lymphnode dissection combined with thoracic esophagectomy improved prognosis of esophageal cancer, but there is still high postoperative recurrence rate. The immunologic capacity of esophageal cancer patients is compromised by surgery and adjuvant chemotherapy. Therefore immunological therapy for esophageal cancer patients seems rational. We have adopted postoperative immunochemotherapy since 1988. From 1988 to 1992, 31 patients with thoracic esophageal cancer underwent esophagectomy and radical lymphnode dissection, and selected patient with early esophageal cancer and unfit for thoracotomy underwent transhiatal esophagectomy in Korea University Hospital. Mean age of patients was 56 years. There were 28 squamous cell cancers, 2 adenocarcinomas and one mixed tumor. There were 4 stage I, 3 stage II, 18 stage III, and 6 stage IV cases. There were no opeartive death. Postoperative complications included anastomotic leakage in 9%, pneumonia 3 %, cylothorax 3%, recurrent laryngeal neve paresis in 3% of all patients. Curative resection group[n=19] received immunotherapy. Noncurative resection group[n=12] received postoperative immunochemotherapy, including PS-K, CDDP, and 5-FU. Operative survivors were followed from 4 months to 5 years. There were 3 lost of follow-up. Actuarial survival rate is 79% to one year, 54% to two years and 27% to five years.In conclusion, an transthoracic esophagectomy combined with systematic lymph node dissection and postoperative immunochemotherapy could improve survival rate for esophageal cancer.

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06d
• /
• pp.115-117
• /
• 2011

Intrusion detection systems (IDS) are supposed to be an efficient safety measure against inside attacks. In purely distributed IDS approach, IDS agent is installed in every node. It checks abnormal behavior of neighboring nodes locally. It collects the data that it receives from nodes in its radio range. Sensor nodes audit that data and generate alerts for abnormal activity. Here, there are two ways of taking decision. First, it can take decision individually and second, it can communicate with its neighbor to find the status of the claimed compromised nodes. In this paper, we propose a collaborative decision making scheme for purely distributed detection system. The proposed scheme is light weight compared to consensus based validation methodology. It provides a better scheme to find intrusions by interacting with other nodes.

• Journal of Communications and Networks
• /
• v.15 no.2
• /
• pp.122-131
• /
• 2013

We address the problem of effective vehicular routing in hostile scenarios where malicious nodes intend to jeopardize the delivery of messages. Compromised vehicles can severely affect the performance of the network by a number of attacks, such as selectively dropping messages, manipulating them on the fly, and the likes. One of the best performing solutions that has been used in static wireless sensor networks to deal with these attacks is based on the concept of watchdog nodes (also known as guard nodes) that collaborate to continue the forwarding of data packets in case a malicious behavior in a neighbor node is detected. In this work, we consider the beacon-less routing algorithm for vehicular environments routing protocol, which has been previously shown to perform very well in vehicular networks, and analyze whether a similar solution would be feasible for vehicular environments. Our simulation results in an urban scenario show that watchdog nodes are able to avoid up to a 50% of packet drops across different network densities and for different number of attackers, without introducing a significant increase in terms of control overhead. However, the overall performance of the routing protocol is still far from optimal. Thus, in the case of vehicular networks, watchdog nodes alone are not able to completely alleviate these security threats.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1214-1217
• /
• 2009

무선 센서 네트워크에서 각각의 센서 노드들은 무선 통신을 통해 서로 간에 통신을 수행한다. 과거에는 이러한 센서 노드간의 통신을 제 3 자로부터 안전하게 지키는 것이 중요한 보안 이슈였다. 특히 보안 서비스를 제공 하기 위한 키 관리 기법들이 주요 연구방향이었다. 하지만 안전하게 만들어진 확률론적 키(key)를 기반으로 하는 키 사전분배 방법은 공격받은 다른 노드로 인해 자신의 키가 노출 될 수 있다. 공격자는 노출된 공유키(shared key)를 통해 노출되지 않은 정상 노드(non-compromised node) 사이의 대칭키(pairwise key)를 얻을 수 있으며, 공격자는 네트워크에 심각한 영향을 줄 수 있는 메시지 삽입 및 수정 공격을 감행할 수 있다. 이와 같은 오용된 키를 폐기하고 메시지 삽입 및 수정 공격을 막기 위해 Liu and Dong 은 오용키 탐지 방법을 제안하였다. 하지만 이들의 방법에는 한계점이 있어 이를 보완하기 위한 에너지 효율적인 오용키 탐지 기법을 제안한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.1B
• /
• pp.11-16
• /
• 2007

This paper describes the design and performance of a secure routing protocol with time-space cryptography for mobile ad-hoc networks. The proposed time-space scheme works in the time domain for key distribution between source and destination as well as in the space domain for intrusion detection along the route between them. For data authentication, it relies on the symmetric key cryptography due to high efficiency and a secret key is distributed using a time difference from the source to the destination. Also, a one-way hash chain is formed on a hop-by-hop basis to prevent a compromised node or an intruder from manipulating the routing information. In order to evaluate the performance of our routing protocol, we compare it with the existing AODV protocol by simulation under the same conditions. The proposed protocol has been validated using the ns-2 network simulator with wireless and mobility extensions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.6
• /
• pp.2111-2131
• /
• 2015

Tiered wireless sensor network is a network model of flexibility and robustness, which consists of the traditional resource-limited sensor nodes and the resource-abundant storage nodes. In such architecture, collected data from the sensor nodes are periodically submitted to the nearby storage nodes for archive purpose. When a query is requested, storage nodes also process the query and return qualified data as the result to the base station. The role of the storage nodes leads to an attack prone situation and leaves them more vulnerable in a hostile environment. If any of them is compromised, fake data may be injected into and/or qualified data may be discarded. And the base station would receive incorrect answers incurring malfunction to applications. In this paper, an efficient verifiable top-k query processing scheme called EVTQ is proposed, which is capable of verifying the authentication and completeness of the results. Collected data items with the embedded information of ordering and adjacent relationship through a hashed message authentication coding function, which serves as a validation code, are submitted from the sensor nodes to the storage nodes. Any injected or incomplete data in the returned result from a corresponded storage node is detected by the validation code at the base station. For saving communication cost, two optimized solutions that fuse and compress validation codes are presented. Experiments on communication cost show the proposed method is more efficiency than previous works.

• Journal of the Korea Society for Simulation
• /
• v.20 no.3
• /
• pp.69-78
• /
• 2011

A large-scale sensor network usually operates in open and unattended environments, hence individual sensor node is vulnerable to various attacks. Therefore, malicious attackers can physically capture sensor nodes and inject false reports into the network easily through compromised nodes. These false reports are forwarded to the base station. The false report injection attack causes not only false alarms, but also the depletion of the restricted energy resources in a battery powered network. The statistical en-route filtering (SEF) mechanism was proposed to detect and drop false reports en route. In SEF, the choice of routing paths largely affect the energy consumption rate and the detecting power of the false report. To sustain the secure routing path, when and how to execute the path re-selection is greatly need by reason of the frequent network topology change and the nodes's limitations. In this paper, the regional path re-selection period determination method is proposed for efficient usage of the limited energy resource. A fuzzy logic system is exploited in order to dynamically determine the path re-selection period and compose the routing path. The simulation results show that up to 50% of the energy is saved by applying the proposed method.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.51-57
• /
• 2024

Although industrial control systems (ICSs) recently keep evolving with the introduction of Industrial IoT converging information technology (IT) and operational technology (OT), it also leads to a variety of threats and vulnerabilities, which was not experienced in the past ICS with no connection to the external network. Since various control command messages are sent to field devices of the ICS for the purpose of monitoring and controlling the operational processes, it is required to guarantee the message integrity as well as control center authentication. In case of the conventional message integrity codes and signature schemes based on symmetric keys and public keys, respectively, they are not suitable considering the asymmetry between the control center and field devices. Especially, compromised node attacks can be mounted against the symmetric-key-based schemes. In this paper, we propose message authentication scheme based on double hash chains constructed from cryptographic hash function without introducing other primitives, and then propose extension scheme using Merkle tree for multiple uses of the double hash chains. It is shown that the proposed scheme is much more efficient in computational complexity than other conventional schemes.