• Journal of Communications and Networks
• /
• v.14 no.4
• /
• pp.396-409
• /
• 2012

With the proliferation of diverse wireless devices, there is an increasing concern about the security of location information which can be spoofed or disrupted by adversaries. This paper investigates the characterization and detection of location spoofing attacks, specifically those which are attempting to falsify (degrade) the position estimate through signal strength based attacks. Since the physical-layer approach identifies and assesses the security risk of position information based solely on using received signal strength (RSS), it is applicable to nearly any practical wireless network. In this paper, we characterize the impact of signal strength and beamforming attacks on range estimates and the resulting position estimate. It is shown that such attacks can be characterized by a scaling factor that biases the individual range estimators either uniformly or selectively. We then identify the more severe types of attacks, and develop an attack detection approach which does not rely on a priori knowledge (either statistical or environmental). The resulting approach, which exploits the dissimilar behavior of two RSS-based estimators when under attack, is shown to be effective at detecting both types of attacks with the detection rate increasing with the severity of the induced location error.

• Convergence Security Journal
• /
• v.6 no.1
• /
• pp.45-53
• /
• 2006

It has been proposed that several RFID authentication protocols based on hash chain. Status based authentication protocol and challenge-response based authentication protocol are secured against location tracking attacks, spoofing attacks, replay attacks, traffic analysis attacks but are vulnerable to Dos attacks. RFID authentication protocol with strong resistance against traceability and denial of service attack is secured against location tracking attack, spoofing attacks, replay attacks, DoS attacks but are vulnerable to traffic analysis attacks. The present study suggests a more secure and lightweight RFID authentication protocol which is combining the advantages of hash-chain authentication protocol and RFID authentication protocol with strong resistance against traceability and denial of service attack. The results of the secure analysts for a proposed protocol are illustrated that it is secured against location tracking attacks, spoofing attacks, replay attacks, traffic analysis attacks, Dos attacks and is a lightweight operation between server and tag.

• Journal of Communications and Networks
• /
• v.15 no.2
• /
• pp.153-163
• /
• 2013

In recent years, more and more researches have been focusing on trust management of vehicle ad-hoc networks (VANETs) for improving the safety of vehicles. However, in these researches, little attention has been paid to the location privacy due to the natural conflict between trust and anonymity, which is the basic protection of privacy. Although traffic safety remains the most crucial issue in VANETs, location privacy can be just as important for drivers, and neither can be ignored. In this paper, we propose a beacon-based trust management system, called BTM, that aims to thwart internal attackers from sending false messages in privacy-enhanced VANETs. To evaluate the reliability and performance of the proposed system, we conducted a set of simulations under alteration attacks, bogus message attacks, and message suppression attacks. The simulation results show that the proposed system is highly resilient to adversarial attacks, whether it is under a fixed silent period or random silent period location privacy-enhancement scheme.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.399-408
• /
• 2021

Information security reports four types of basic attacks on information. One of the attacks is named as fabrication. Even though mobile devices and applications are showing its maturity in terms of performance, security and ubiquity, location-based applications still faces challenges of quality of service, privacy, integrity, authentication among mobile devices and hence mobile users associated with the devices. There is always a continued fear as how location information of users or IoT appliances is used by third party LB Service providers. Even adversary or malicious attackers get hold of location information in transit or fraudulently hold this information. In this paper, location information fabrication scenarios are presented after knowing basic model of information attacks. Peer-to-Peer broadcast model of location privacy is proposed. This document contains introduction to fabrication, solutions to such threats, management of fabrication mitigation in collaborative or peer to peer location privacy and its cost analysis. There are various infrastructure components in Location Based Services such as Governance Server, Point of interest POI repository, POI service, End users, Intruders etc. Various algorithms are presented and analyzed for fabrication management, integrity, and authentication. Moreover, anti-fabrication mechanism is devised in the presence of trust. Over cost analysis is done for anti-fabrication management due to nature of various cryptographic combinations.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.3
• /
• pp.266-270
• /
• 2008

Bluetooth technology provides a way to connect and exchange information between personal devices over a secure and short-range radio frequency without any authentication infrastructures. For this infrastructure-less feature, Bluetooth has several problems which could not occur in other network, and among them location tracking attacks is essential problem which should be solved. In this paper, we introduce the location tracking attack and propose an anonymous connection protocol against it. We also perform security analysis based on possible scenarios of this attack, and estimate both execution time and memory spaces of our scheme and existing methods.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.9
• /
• pp.1684-1697
• /
• 2011

We show that two protocols for RFID mutual authentication in pervasive computing environments, recently proposed by Kang et al, are vulnerable to several attacks. First, we show these protocols do not preserve the privacy of users' location. Once a tag is authenticated successfully, we show several scenarios where legitimate or illegitimate readers can trace the location of that tag without any further information about the tag's identifier or initial private key. Second, since the communication between readers and the database takes place over an insecure communication channel and in the plaintext form, we show scenarios where a compromised tag can gain access to confidential information that the tag is not supposed get access to. Finally, we show that these protocols are also vulnerable to the replay and denial-of-service attacks. While some of these attacks are due to simple flaws and can be easily fixed, others are more fundamental and are due to relaxing widely accepted assumptions in the literature. We examine this issue, apply countermeasures, and re-evaluate the protocols overhead after taking these countermeasures into account and compare them to other work in the literature.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.1
• /
• pp.63-70
• /
• 2009

As individuals spend more time doing social and economic life on the web, the importance of protecting privacy against Phishing and Pharming attacks also increases. Until now, there have been researches on the methods of protection against Phishing and Pharming. However, these researches don't provide efficient methods for protecting privacy and don't consider Pharming attacks. In this paper, we propose an authentication protocol that protects user information from Phishing and Pharming attacks. In this protocol, the messages passed between clients and servers are secure because they authenticate each other using a hash function of password and location information which are certificated to clients and servers only. These messages are used only once, so that the protocol is secure from replay attacks and man-in-the-middle attacks. Furthermore, it is also secure from Pharming attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.5C
• /
• pp.410-419
• /
• 2012

This paper proposes a secure and efficient anonymous authentication scheme for health information push service based on indoor location in hospital. The proposed scheme has the following benefits: (1)It is just based on a secure one-way hash function for avoiding complex computations for both health care operations users and health care centers. (2)It does not require sensitive verification table which may cause health care centers to become an attractive target for numerous attacks(e.g., insertion attacks and stolen-verifier attacks), (3)It provides higher security level (e.g., secure mutual authentication and key establishment, confidential communication, user's privacy, simple key management, and session key independence). As result, the proposed scheme is very suitable for various location-based medical information service environments using lightweight-device(e.g., smartphone) because of very low computation overload on the part of both health care operations users and health care centers.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.2
• /
• pp.357-364
• /
• 2015

Tags and Readers is receiving and sending the data using the wireless communication in the RFID environment. Therefore, it could allow an attacker to participate in the network without the physical constraints, which can be easily exposed to a variety of attacks, such as taps and data forgery. Also, it is not easy to apply the security techniques to defend external attacks because the resource constraints of RFID tags is high. In this paper, new tag-reader mutual authentication protocol is proposed to protect the external cyber attacks such as spoofing attacks, replay attacks, traffic analysis attacks, location tracking attacks. The performance evaluation of the proposed mutual authentication protocol is performed and the simulation results are presented.

• Journal of Internet Computing and Services
• /
• v.10 no.3
• /
• pp.51-60
• /
• 2009

This paper proposes a reliable 2-mode authentication framework for probabilistic key pre-distribution in Wireless Sensor Network (WSN) that guarantees the safe defense against different kinds of attacks: Hello flood attacks, Wormhole attacks, Sinkhole attack, location deployment attacks, and Man in the middle attack. The mechanism storing the trust neighbor IDs reduces the dependence on the cluster head and as the result; it saves the power energy for the authentication process as well as provides peer-to-peer communication.