• Annual Conference of KIPS
• /
• 2011.04a
• /
• pp.844-847
• /
• 2011

Wireless mesh network (WMN) is a type of mobile ad-hoc network consists of wireless router, mobile clients and gateway which connects the network with the Internet. To provide security in the network it is required to encrypt the message sent among the communicating nodes in such way so that only legitimate user can retrieve the original data. Several security mechanisms have been proposed so far to enhance the security of WMN. However, there still exists a need for a comprehensive mechanism to prevent attacks in data communication. Considering the characteristic of mesh network, in this paper we proposed a public key cryptography based security architecture to establish a secure key agreement among communicating nodes in mesh network. The proposed security architecture consists of two major sections: client data protection and network data protection. Client data protection deals with the mutual authentication between the client and the access router and provide client to access router encryption for data confidentiality using standard IEEE 802.11i protocol. On the other hand, network data protection ensures encrypted routing and data transfer in the multi hop backbone network. For the network data protection, we used the pre-distributed public key to form a secure backbone infrastructure.

• Journal of Platform Technology
• /
• v.10 no.4
• /
• pp.25-38
• /
• 2022

Recently, it is reported that the Korean Unmanned Aerial Vehicle (UAV) interface protocol (K-4586) based on STANAG-4586 is being developed to secure interoperability between UAVs. The core elements of the K-4586-based Unmanned Aircraft System (UAS) are the Core UAV Control System (CUCS), Vehicle Specific Module (VSM), Data Link Interface (DLI), and C4I systems. In UAS based on K-4586, the DLI function for transmitting and receiving messages to link UAVs is included in VSM and CUCS respectively. The Generator/Analyzer (G/A) tool is an apparatus that is developed for protocol conformance verification for VSM and CUCS, and G/A tools with DLI message transmitting and receiving should be developed separately. Core applications (VSM, CUCS, DLI) and G/A tools based on K-4586 may be developed independently depending on the developers. If the DLI message modules are different for each developer, the scope and results of protocol conformance verification will be dissimilar, and some problems may happen during system integration. In this study, common DLI message module based on the API was designed to provide the DLI message transmitting and receiving function necessary to the development of core applications and the protocol conformance verification tool of based on K-4586. When applying the proposed common DLI message module, it can be expected to shorten the UAS system development period and reduce costs, and ensure conformance of protocol. In this paper, the design and implementation method for the common DLI message module based on API was proposed and the results of functional test was described.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.1
• /
• pp.149-157
• /
• 2003

Recently, the Internet enhanced by development of IT makes the processing and exchanging of information, As the Internet is sending and receiving digitized documents over the Internet e-mail system. The security of document information is being threated when exchanging digitized documents over an open network such as the Internet. The degree of threat is even higher when sensitive documents are involved Therefore, in this paper, the secure e-mail system on a client is designed and implemented in order to make secure exchanging of digitized documents. By using the public key infrastructure in which encrypted mail transmission, proof of delivery and integrity of the message are garanted, unauthorized manipulation, illegal acquisition and mutual authentication problem can be prevented in order to secure the document information which is crucial and sensible when exchanging the digitized document over the Internet. Futhenmore, by using the SET protocol based on public key cryptography, the secure mail system is designed and implemented in order for the users not having any professional knowledge to deal with the system easily and friendly in GUI environment.

• Aerospace Engineering and Technology
• /
• v.13 no.1
• /
• pp.55-62
• /
• 2014

FTSR(Flight Termination System Receiver) is a device that receives a ground command signal to abort a flight mission when abnormal conditions occur in the space launch vehicle. The secure tone command message shall consist of a series of 11 character tone pattern. Each character consists of the sum of two tones which taken from a set of 7 tones defined by IRIG(Inter-Range Instrumentation Group) in the audio frequency range. The MHA(Modified High alphabet) command adds a security feature to the secure tone command by using the predefined difference code. In order to check the function and performance of MHA FTSR, which is under development, for KSLV-II, the testbed should have functions of RF signal generation, receiver's output port monitoring, RS-422 communication and test data management. In this paper, we first briefly introduce MHA command and FTSR interface, and then show the LavVIEW based testbed include its H/W configuration, S/W implementation and test results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.417-429
• /
• 2019

WPA2-PSK uses a 4-way handshake protocol based on a shared secret to establish a secure session between a client and an AP. It has various security problems such as eavesdropping attacks and the secure session establishment process is inefficient because it requires multiple interactions between client and AP. The WPA3 standard has recently been proposed to solve the security problem of WPA2, but it is a small improvement using the same 4-way handshake methodology. OAuth 2.0 token authentication is widely used on the web, which can be used to keep an authenticated state of a client for a long time by using tokens issued to an authenticated client. In this paper, we apply the dual-token based randomized token authentication technology to the Wi-Fi security protocol to achieve an efficient Wi-Fi security protocol by dividing initial authentication and secure session establishment. Once a client is authenticated and equipped with dual tokens issued by AP, it can establish secure session using them quickly with one message exchange over a non-secure channel.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.105-114
• /
• 2006

Ubiquitous Sensor Network consists of a number of sensor nodes with a limited computation power and limited communication capabilities, and a sensor node is able to communicate with each other at anytime and in any place. Due to the rapid research and development in sensor networks, it will rapidly grow into environments where hmm beings can interact in an intuitive way with sensing objects which can be PDAs, sensors, or even clothes in the future. We are aiming at realizing an Unattended Secure Security System to apply it to Ubiquitous Sensor Network. In this paper, the vulnerabilities in the Unattended security system are identified, and a new protocol called OMAC-SNEP is proposed for the Unattended Secure Security System. Because the CBC-MAC in SNEP is not secure unless the message length is fixed, the CBC-MAC in SNEP was replaced with OMAC in SNEP. We have shown that the proposed protocol is secure for my bit length of messages and is almost as efficient as the CBC-MAC with only one key. OMAC-SNEP can be used not only in Unattended Security System, but also any other Sensor Networks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.4C
• /
• pp.451-457
• /
• 2006

A peer-to-peer(P2P) network is inherently vulnerable to malicious attacks from participating peers because of its open, flat, and autonomous nature. This paper addresses the problem of effectively defending from active attacks of malicious peers at bootstrapping phase and at online phase, respectively. We propose a secure membership handling protocol to protect the assignment of ID related things to a newly joining peer with the aid of a trusted entity in the network. The trusted entities are only consulted when new peers are joining and are otherwise uninvolved in the actions of the P2P networks. For the attacks in online phase, we present a novel message structure applied to each message transmitted on the P2P overlay. It facilitates the detection of message alteration, replay attack and a message with wrong information. Taken together, the proposed techniques deter malicious peers from cheating and encourage good peers to obey the protocol of the network. The techniques assume a basic P2P overlay network model, which is generic enough to encompass a large class of well-known P2P networks, either unstructured or not.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.9C
• /
• pp.855-862
• /
• 2009

The path key establishment phase in the wireless sensor network is vulnerable to Byzantine attack. Huang and Hedhi proposed a Byzantine resilient multi-key establishment scheme using a systematic RS code, which has shortcomings of exposing a part of message symbols and inefficient transmission. In this paper, we propose a new Byzantine resilient multi-path key establishment scheme in which direct message symbols are not exposed to an adversary and are more efficiently transmitted the RS-encoded symbols to the destination node. In the Proposed scheme, a non-systematic RS code is used to transmit a generated indirect secret key and each encoded symbol is relayed through available paths between two sensor nodes. If enough symbols are collected at the destination node, it is possible to reconstruct the secret message through RS decoding.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.37-47
• /
• 2009

In VANET, each vehicle can obtain traffic information from other vehicles or infrastructure, and they frequently exchange life-critical safety message. Therefore, it is necessary among vehicles to establish a secure channel for keeping the driver's safe and protecting the channel against several attack challenges. TSVC is a representative scheme which needs low communication and computation to be performed. But, there is a delay when verifying the messages because it is designed based on TESLA. Thus, it is not acceptable to use TSVC for sending the time-critical messages. In this paper, we propose a novel message authentication scheme which reduces a delay for the verification of messages. Therefore, the proposed scheme can be suitable to transmitting time-critical messages. Furthermore, the scheme supports to privacy preservation and can robust against DoS attacks.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.497-508
• /
• 2004

The existing wireless LAN standard IEEE802.11b has many vulnerabilities from security point of view. The authentication mechanisms in IEEE802.11b have many vulnerabilities. As a result to complement the weak of IEEE802.11b authentication, the IEEE802.1x had been developed in the sense of providing strong user authentication with appropriate mechanism. But this mechanism does not perform AP authentication and there are also some weak points. And in confidentiality and message Integrity case, WEP is weak from key stream reuse attack, IV reuse attack and so on. For that reason, in this paper we propose secure wireless LAN system. Our system provides strong user authentication, confidentiality, and message integrity based on existing IEEE802.1x framework and TLS.