• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.163-172
• /
• 2003

Proposed in this paper is an authentication mechanism for multimedia streaming data in the Intemet multicast environment. The multicast authentication mechanism is coupled with the packet-level forward error correction code which has been recently applied for a reliable multicast transport transmission. Associated with this, Reed-Solomon erasure code is chosen for tolerating packet loss so that each of the received packets can be authenticated independently of the lost packets.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.17-22
• /
• 2014

Wireless Ad hoc Network is threatened from many types of attacks because of its open structure, dynamic topology and the absence of infrastructure. Attacks by malicious nodes inside the network destroy communication path and discard packet. The damage is quite large and detecting attacks are difficult. In this paper, we proposed attack detection technique using secure authentication infrastructure for efficient detection and prevention of internal attack nodes. Cluster structure is used in the proposed method so that each nodes act as a certificate authority and the public key is issued in cluster head through trust evaluation of nodes. Symmetric Key is shared for integrity of data between the nodes and the structure which adds authentication message to the RREQ packet is used. ns-2 simulator is used to evaluate performance of proposed method and excellent performance can be performed through the experiment.

• Journal of Communications and Networks
• /
• v.18 no.1
• /
• pp.105-111
• /
• 2016

Trust models in the literature of MANETs commonly assume that packets have different security requirements. Before a node forwards a packet, if the recipient's trust level does not meet the packet's requirement level, then the recipient must perform certain security association procedures, such as re-authentication. We present in this paper an analysis of the epidemic broadcast delay in such context. The network, mobility and trust models presented in this paper are quite generic and allow us to obtain the delay component induced only by the security associations along a path. Numerical results obtained by simulations also confirm the accuracy of the analysis. In particular, we can observe from both simulation's and analysis results that, for large and sparsely connected networks, the delay caused by security associations is very small compared to the total delay of a packet. This also means that parameters like network density and nodes' velocity, rather than any trust model parameter, have more impact on the overall delay.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.12
• /
• pp.998-1002
• /
• 2009

In IPTV multicast architecture, the IGMP(Internet Group Management Protocol) is used for access networks. This protocol supports the functionality of join or leave for a specific multicast channel group. But, malicious attackers can disturb legitimate users being served appropriately. By using spoofed IGMP messages, attackers can hi-jack the premium channel, wasting bandwidth and exhausting the IGMP router's resources. To prevent the message spoofing, we can introduce the packet-level authentication methods. But, it causes the additional processing overhead to an IGMP processing router, so that the router is more susceptible to the flooding attacks. In this paper, we propose the two-level authentication scheme in order to mitigate the IGMP flooding attack.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.6 s.348
• /
• pp.23-29
• /
• 2006

It is difficult to apply conventional security algorithms to the wireless sensor networks composed of nodes that have resource constraints such as memory, computing, power resources limitation. Generally, shared key based algorithms with low resource consumption and short key length are used for broadcast packets in authentication of base station. But it is not suitable that all the nodes hold the same shared key only for packet authentication. Recently, broadcast authentication algorithm for sensor network is proposed, which uses key chain generation by one-way hash function, Message Authentication Code generation by each keys of the key chains and delayed key disclosure. It provides suitable authentication method for wireless sensor networks but may leads to inefficient consequence with respect to network conditions such as broadcast ratio, key chain level, and so on. In this paper, we propose an improved broadcast authentication algorithm that uses key chain link and periodical key disclosure. We evaluated the performance of proposed algorithm using TOSSIM(TinyOS Simulator) in TinyOS. The results show that the proposed algorithm ensures low authentication delay, uses memory and computing resource of receiving nodes efficiently and reduces the amount of packet transmitting/receiving.

• ETRI Journal
• /
• v.27 no.4
• /
• pp.394-404
• /
• 2005

We discuss some typical procedures to measure the efficiency of telecommand authentication systems in space missions. As a case-study, the Packet Telecommand Standard used by the European Space Agency is considered. It is shown that, although acceptable under well consolidated evaluation suites, the standard presents some flaws particularly in regard to the randomness level of the pre-signature. For this reason, some possible changes are proposed and evaluated that should be able to improve performance, even reducing the on-board elaboration time.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.41-49
• /
• 2008

VoIP is a service that changes the analogue audio signal into a digital signal and then transfers the audio information to the users after configuring it as a packet; and it has an advantage of lower price than the existing voice call service and better extensibility. However, VoIP service has a system structure that, compared to the existing PSTN (Public Switched Telephone Network), has poor call quality and is vulnerable in the security aspect. To make up these problems, TLS service was introduced to enhance the security. In practical system, however, since QoS problem occurs, it is necessary to develop the VoIP security system that can satisfy QoS at the same time in the security aspect. In this paper, a user authentication VoIP system that can provide a service according to the security and the user through providing a differential service according to the approach of the users by adding AA server at the step of configuring the existing VoIP session is suggested. It was found that the proposed system of this study provides a quicker QoS than the TLS-added system at a similar level of security. Also, it is able to provide a variety of additional services by the different users.

• Journal of the Korea Convergence Society
• /
• v.9 no.8
• /
• pp.41-46
• /
• 2018

As the industry related to drones has been activated, the public interest in drones has increased explosively, and many cases of drone-using are increasing. In the case of military drones, the security problem is the level of defense of the aircraft or cruise missiles, but commercial small and low cost drones are often released and utilized without security count-measure. This makes it possible for an attacker to easily gain access to the root of the drones, access internal files, or send fake packets. However, this droning problem can lead to another dangerous attack. In this regard, this paper has identified the vulnerabilities inherent in the commercial drones by analyzing the attack cases in the communication process of the specific drones. In this paper, we analyze and test the vulnerability in terms of scanning attack, meson attack, authentication revocation attack, packet stop command attack, packet retransmission attack, signal manipulation and de-compile attack. This study is useful for the analysis of drones attack and vulnerability.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.4
• /
• pp.155-162
• /
• 2013

Routing protocol in ad hoc mobile networking has been an active research area in recent years. However, the environments of ad hoc network tend to have vulnerable points from attacks, because ad hoc mobile network is a kind of wireless network without centralized authentication or fixed network infrastructure such as base stations. Also, existing routing protocols that are effective in a wired network become inapplicable in ad hoc mobile networks. To address these issues, several secure routing protocols have been proposed: SAODV and SRPTES. Even though our protocols are intensified security of networks than existing protocols, they can not deal fluidly with frequent changing of wireless environment. Moreover, demerits in energy efficiency are detected because they concentrated only safety routing. In this paper, we propose an energy efficient secure routing protocol for various ad hoc mobile environment. First of all, we provide that the nodes distribute security information to reliable nodes for secure routing. The nodes constitute tree-structured with around nodes for token escrow, this action will protect invasion of malicious node through hiding security information. Next, we propose multi-path routing based security level for protection from dropping attack of malicious node, then networks will prevent data from unexpected packet loss. As a result, this algorithm enhances packet delivery ratio in network environment which has some malicious nodes, and a life time of entire network is extended through consuming energy evenly.

• Journal of Convergence Society for SMB
• /
• v.2 no.2
• /
• pp.35-41
• /
• 2012

The rapid development of cloud computing and mobile internet service changes to an mobile cloud service environment that can serve and pay computing source that users want anywhere and anytime. But when user misses mobile device, the respond to any threat like user's personal information exposal is insufficient. This paper proposes cloud service access control model to provide secure service for mobile cloud users to other level users. The proposed role-based model performs access authority when performs user certification to adapt various access security policy. Also, the proposed model uses user's attribute information and processes before user certification therefore it lowers communication overhead and service delay. As a result, packet certification delay time is increased 3.7% and throughput of certification server is increased 10.5%.