• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06d
• /
• pp.86-91
• /
• 2008

본 논문은 정보보호 시스템들간에 교환해야 하는 침입탐지 정보 및 대응 수행 명령들을 효율적으로 전달 및 처리 응 답을 수신 받기 위한 아키텍처에 대한 정의를 수행한다. 각 시스템에서 제공하는 서비스를 제공받고자 하는 시스템 측에서는 원격호출 메시지를 전송함으로써 서비스를 제공받으며, 시스템 간의 동적 연결을 위한 '시스템 분포맵' 의 정의, 메시지 교환 시에 인가되지 않은 시스템 또는 인가되지 않은 메시지의 교환을 차단하기 위한 '시스템 서비스업' 의 정의, 각기 다른 분리된 네트워크 상에 존재하는 시스템간 통신을 위한 Proxy 기능을 수행하는 시스템을 통한 메시지의 Tunneling 기능, 교환되는 XML 메시지의 교환 성능 향상을 위해 'Fast InfoSet' 을 적용한 보안메시지 교환 아키텍처 (SMEA)를 정의한다.

• Journal of Industrial Technology
• /
• v.24 no.B
• /
• pp.193-198
• /
• 2004

We propose and analyse a flexible secure file sharing scheme which can be used for data sharing among members in P2P environment. When a member wants to share data, notification messages are sent to the members with whom the member wants to share data. Each notification message includes one-time password encrypted with the receiver's public key. A member who received the notification message can download the data by using the one-time password. The proposed scheme provides selective sharing, download confirmation and efficient memory management. In terms of security, the proposed scheme supports authentication, entity privacy, replay attack protection and disguise prevention.

• The Journal of the Korea Contents Association
• /
• v.15 no.12
• /
• pp.18-23
• /
• 2015

This paper proposes a new protection technique against deregistration attack in SIP. Although it is caused by simple spoofing the REGISTER message of a legitimate SIP UA, its impact is serious. This new protection technique identifies and protects the deregistration attack by removing a binding form the location server after delaying a certain period of time instead of removing the binding immediately after receiving deregistration message. Therefore, this technique makes it possible to establish a secure SIP environment defending the deregistraion attack without any additional overhead such as an encryption or authentication.

• Journal of the Semiconductor & Display Technology
• /
• v.15 no.4
• /
• pp.92-96
• /
• 2016

Although deregistration attack is caused by simple spoofing the REGISTER message of a legitimate SIP UA, its impact is serious. The root cause of this attack is based on the fact that RFC 3261 allows the UA to remove the binding from the Location Server. In this paper, we propose a simple protection method to allow Registrar or Location Server just to ignore deregistration messages. We also show that this method works well by analyzing the process of registration and deregistration. Without any additional overhead such as an encryption or authentication, this method is able to establish a secure SIP environment efficiently protecting against the deregistration attack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.2
• /
• pp.440-456
• /
• 2011

In this paper, we introduce a novel Public Key Infrastructure (PKI) based message authentication scheme that takes advantage of temporal and spatial uniqueness in physical layer channel responses for each transmission pair in vehicular communication networks. The proposed scheme aims at achieving fast authentication and minimizing the packet transmission overhead without compromising the security requirements, in which most messages can be authenticated through an extreme fast physical-layer authentication mechanism. We will demonstrate that the proposed secure authentication scheme can achieve very short message delay and reduced communication overhead through extensive analysis and simulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.3
• /
• pp.117-128
• /
• 1997

When computer systems with mandatory access control mechanism are interconnected each other for enforcing the MHS(Message Handling System) security on the multilevel secure distributed network environment, illegal information flow may occurs due to the unexpected cascade vulnerability problem. In this paper, new MHS security policy and security property functions are proposed for preventing the cascade vulnerability.

• Journal of Digital Convergence
• /
• v.11 no.10
• /
• pp.217-224
• /
• 2013

Due to the development of mobile technologies, the carrier (telecommunications) billing service market is rapidly growing. carrier (telecommunications) billing service allows users to make on-line purchases through mobile-billing. Users find this particularly convenient because the payment acts as a credit transaction. Furthermore, the system is commonly believed to be secure through its use of SMS (Short Message Service) authentication and a real-time transaction history to confirm the transaction. Unfortunately, there is a growing number of fraudulent transactions threaten the future of this system. The more well documented types of security breaches involves hackers intercepting the authentication process. By contaminating the device with security breaching applications, hackers can secretly make transactions without notifying users until the end of month phone bill. This study sheds light on the importance of this societal threat and suggests solutions. In particular, "secure" systems need to be more proactive in addressing the methods hackers use to make fraudulent transactions. Our research partially covers specific methods to prevent fraudulent transactions on carrier billing service providers' systems. We discuss about the proposed improvements such as complement of electronic payment systems, active promotion for fraudulent transactions enhanced monitoring, fraud detection and introduce a new authentication service. This research supports a future of secure communications billing services, which is essential to expanding new markets.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.9
• /
• pp.3858-3869
• /
• 2020

In this paper, we propose a hash-chain based friendly force identification protocol for personal combatants equipped with a personal combat system in a tactical wireless network. It is imperative in military operations to effectively and quickly identify friendly forces. If the identification of friendly forces is not correct, this can cause friendly fire. In current ground operations, the identification of friendly forces by personal combatants is neither secure nor safe. To address this issue, the proposed protocol uses a hash-chain to determine if a detected person is friendly. Only friendly forces with the same materials that are assigned before they deploy can construct an initial hash-chain. Moreover, the hash-chain is changed at specific times. The performance of the proposed protocol is evaluated on the assumption that the secret key is leaked, which is the worst scenario in the security research field. We verify that the proposed protocol is secure for the various attack scenarios, such as message replay attack, fabrication attack, and Denial of Service attack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3911-3924
• /
• 2016

Compared to the classical cryptography, lattice-based cryptography is more secure, flexible and simple, and it is believed to be secure against quantum computers. In this paper, an efficient signature scheme is proposed from the ring learning with errors (R-LWE), which avoids sampling from discrete Gaussians and has the characteristics of the much simpler description etc. Then, the scheme is implemented in C/C++ and makes a comparison with the RSA signature scheme in detail. Additionally, a linearly homomorphic signature scheme without trapdoor is proposed from the R-LWE assumption. The security of the above two schemes are reducible to the worst-case hardness of shortest vectors on ideal lattices. The security analyses indicate the proposed schemes are unforgeable under chosen message attack model, and the efficiency analyses also show that the above schemes are much more efficient than other correlative signature schemes.

• ETRI Journal
• /
• v.37 no.1
• /
• pp.186-196
• /
• 2015

In resource-constrained, low-cost, radio-frequency identification (RFID) sensor-based mobile ad hoc networks (MANETs), ensuring security without performance degradation is a major challenge. This paper introduces a novel combination of steps in lightweight protocol integration to provide a secure network for RFID sensor-based MANETs using error-correcting codes (ECCs). The proposed scheme chooses a quasi-cyclic ECC. Key pairs are generated using the ECC for establishing a secure message communication. Probability analysis shows that code-based identification; key generation; and authentication and trust management schemes protect the network from Sybil, eclipse, and de-synchronization attacks. A lightweight model for the proposed sequence of steps is designed and analyzed using an Alloy analyzer. Results show that selection processes with ten nodes and five subgroup controllers identify attacks in only a few milliseconds. Margrave policy analysis shows that there is no conflict among the roles of network members.