• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.77-85
• /
• 2017

In this paper, we propose a key establishment scheme for multicast CoAP security. For multicast CoAP applications, a CoAP Request message from a CoAP client is sent to a group of CoAP servers while each CoAP server responds with a unicast CoAP Response message. In this case, the CoAP Request message should be secured with a group key common to both the CoAP client and servers, while a pairwise key(unicast key) should be employed to secure each CoAP Response message. In the proposed protocol, the CoAP client and the CoAP server establish the group key and the pairwise key using the ECDH in the initial CoAP message exchange process. The proposed protocol, which is highly efficient and scalable, can replace DTLS Handshake and it can support end-to-end security by setting pairwise keys.

• The Journal of the Korea Contents Association
• /
• v.9 no.12
• /
• pp.537-545
• /
• 2009

In this paper, we proposed an effective multicast causal order algorithm with hand-off protocol for mobile networks. Since the size of control informations needed to enforce message transfer order has much influence on the performance of hand-off and message transfer in mobile networks, size of control information need to be minimized. We reduced the size of control information by analyzing all the valid communication patterns and pruning redundant information not required to enforce causal order as early as possible, and used hand-off protocol which requires minimal amount of control information to be transferred. By simulation, we found that the proposed algorithm showed better performance than other existing algorithms.

• ETRI Journal
• /
• v.36 no.1
• /
• pp.51-61
• /
• 2014

In the Mobile IPv6 (MIPv6) protocol, a mobile node (MN) is a mobile device with a permanent home address (HoA) on its home link. The MN will acquire a care-of address (CoA) when it roams into a foreign link. It then sends a binding update (BU) message to the home agent (HA) and the correspondent node (CN) to inform them of its current CoA so that future data packets destined for its HoA will be forwarded to the CoA. The BU message, however, is vulnerable to different types of security attacks, such as the man-in-the-middle attack, the session hijacking attack, and the denial-of-service attack. The current security protocols in MIPv6 are not able to effectively protect the BU message against these attacks. The private-key-based BU (PKBU) protocol is proposed in this research to overcome the shortcomings of some existing MIPv6 protocols. PKBU incorporates a method to assert the address ownership of the MN, thus allowing the CN to validate that the MN is not a malicious node. The results obtained show that it addresses the security requirements while being able to check the address ownership of the MN. PKBU also incorporates a method to verify the reachability of the MN.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.14 no.4
• /
• pp.369-373
• /
• 1989

This paper investigates average access times on eight asynchronous priority levels of FDDI MAC protocol with parameters on offered loads, message sizes, and number of stations. In case of parameter with offered loads, higher priority levels exhibit similar variances and in case of parameter with message sizes and number of satations, higher priority levels exhibit almost invariables but as increase of message sizes, increase only a small amount of access time on the other hand, as number of stations increase, average access times decrease little by little. But in case of lowest priority level. average access times decrease little by little. But in case of lowest priority level, average access times exhibit relatively large variances about above three parameters.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.5
• /
• pp.567-577
• /
• 2003

We usually applied PPP CHAP (Point-to-Point Protocol Challenge Handshake Authentication Protocol) when the visited ISP subscriber accesses to authentication server in own home ISP network and IP Assignment for remote Internet service. But PPP CHAP doesn't support in case of visited ISP subscriber in GPRS network accesses to authentication server in own home ISP network for wireless Internet service. We suggest solution this problem with PPP CHAP improvement. For this we propose the modified PPP CHAP message format, PCO Message format at MT, and interworking message and format between GGSN and RADIUS in home ISP network for wireless internet service of mobile ISP subscriber at GPRS network in this paper. We also show authentication results when visited mobile ISP subscriber via PPP CHAP at GPRS network accesses the RADIUS server in home ISP network.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.97-102
• /
• 2015

Recently, each country should operates a integrated disaster safety management system in order to reduce the damage, such as the world-natural disasters. In particular, research on digital signage use has been mad e by a method for transmitting a disaster warning message. In this paper, we tried to examine the security requirements that are required by the disaster safety netwo rk by looking at the digital signage concept and disaster safety management system. Also, in order to be tra nsmitted to the safe digital signage terminal a common alarm message in the disaster safety services using d igital signage, we propose a protocol that uses a public key authentication mechanism. The proposed protocol is to be safely displayed a common alarm message to the appropriate area.

• Journal of Positioning, Navigation, and Timing
• /
• v.11 no.1
• /
• pp.1-9
• /
• 2022

Global Navigation Satellite System (GNSS) provides location information using signals from multiple satellites. However, a spoofing attack that forges signals or retransmits delayed signals may cause errors in the location information. To prevent such attacks, authentication protocols considering the navigation message structure of each GNSS can be used. In this paper, we analyze the authentication protocols of Global Positioning System (GPS), Galileo, and BeiDou, and compare the performance of Navigation Message Authentication (NMA) of the above systems, using several performance indicators. According to our analysis, authentication protocols are similar in terms of performing NMA and using Elliptic Curve Digital Signature Algorithm (ECDSA). On the other hand, they are different in several ways, for example, whether to perform Spreading Code Authentication (SCA), whether to use digital certificates and whether to use Timed Efficient Stream Loss-tolerant Authentication (TESLA). According to our quantitative analysis, the authentication protocol of Galileo has the shortest time between authentications and time to first authenticated fix. We also show that the larger the sum of the navigation message bits and authentication bits, the more severely affected are the time between authentications and the time to first authenticated fix.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.11
• /
• pp.99-106
• /
• 2013

In Instant message service, the server should process instant messages and request messages which include many presence resources for users. And it also precesses massive notification messages generating from the subscribed presence resources. In this paper a new architecture of instant message service with multiple servers which can distribute loads efficiently as the number of users increases has been suggested. It also provides various functions to users using extended call processing language. The user subscribes presence information and call processing language script which describes user's functions. The server processes instant messages, presence services and call processing language scripts. New extended presence information data structure has been suggested and new call processing language operation tags have been added. Therefore extendability of the system can be increased and various services which combine presence service and call processing can be provided in this system. Furthermore instant message processing module has been integrated in the server to decrease the amount of SIP(Session Initiation Protocol) messages, and it also improves system efficiency, The performance of our proposed system has been analysed by experiments.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.11 no.1
• /
• pp.25-39
• /
• 1986

In this paper, we analyze the performance, particularly the flow control mechanism, of the CCITT X.25 protocol in a packet-switched network. In this analysis, we consider the link and packet layers separately, and investigate the performance in three measures; normalized channel throughput, mean transmission time, and transmission efficiency. Each of these measures is formulated in terms of given protocol parameters such as windos size, $T_1$ and $T_2$ values, message length, and so forth. We model the service procedure of the inpur traffic based on the flow control mechanism of the X.25 protocol, and investigate the mechanism of the sliding window flow control with the piggybacked acknowlodgment scheme using a discrete-time Markov chain model. With this model, we study the effect of variation of the protoccol parameters on the performance of the X.25 protocol. From the numerical results of this analysis one can select the optimal valuse of the protocol parameters for different channel environments. it has been found that to maintain the trasnmission capacity satisfactorily, the window size must be greater than or equal to 7 in a high-speed channel. The time-out value, $T_1$, must carefully be selected in a noisy channel. In a normal condition, it should be in the order of ls. The value of $T_2$ has some effect on the transmission efficiency, but is not critical.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.7B
• /
• pp.403-410
• /
• 2007

Neighbor Discovery (ND) protocol was proposed to discover neighboring hosts and routers in IPv6 wire/wireless local networks. ND protocol, however, has a problem that it is vulnerable to network attacks because ND protocol allows malicious users to impersonate other legitimate hosts or routers by forging ND protocol messages. To address the security problem, Secure Neighbor Discovery (SEND) protocol was proposed. SEND protocol provides address ownership proof mechanism, ND protocol message protection mechanism, reply attack prevention mechanism, and router authentication mechanism to protect ND protocol. In this paper, we design and implement SEND protocol in IPv6 local networks. And also, we evaluate and analyze the security vulnerability and performance of SEND protocol by experimenting the implemented SEND protocol on IPv6 networks.