• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.113-127
• /
• 2003

WTLS as secure protocol of WAP makes TLS that is used in wireless Intemet protocol for TCP security be appropriate for wireless environments. And purpose of WTLS is to provide safe and efficient services. WTLS protocol consists of 4 protocols(Handshake, ChangeCipherSpec, Alert, Application Data etc.). In this papers we analyze properties of Handshake protocol and procedures of establishing master secret in detail. And then we analyze securities against several attacker models with them for a basis. Also we propose new Handshake protocol that is secure against active attacker model and can provide various security services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.5
• /
• pp.25-34
• /
• 2006

Previous binding update protocols for Mobile IPv6 repeats the same protocol each time a mobile node moves to a foreign link Moreover, mobile nodes repeats the same protocol whenever the lifetime of the current binding update expires. To improve the efficiency of binding updates, we Propose a ticket-based binding update protocol for MIPv6. Our protocol minimizes the binding update cost using a ticket issued by the corresponding node. We have analyzed our protocol security against the security requirements of MIPv6 and existing attacks. Furthermore, we have also compared our protocol against previous binding update protocols.

• Journal of KIISE:Software and Applications
• /
• v.26 no.8
• /
• pp.955-963
• /
• 1999

다단계 보안 실시간 데이타베이스 시스템은 데이타베이스의 일관성 유지와 실시간 요구인 마감시간의 만족, 그리고 기밀성을 띤 데이타가 노출될 수 있는 비밀채널(covert-channel)의 방지라는 요구사항을 모두 만족해야 한다. 기존의 SRT-2PL(Secure Real-Time 2 Phase Locking)은 원본과 복사본으로 데이타 객체를 분리시켜 다른 등급간에 불간섭(non-interference)을 유지하여 비밀채널의 방지를 가능하게 하였으나, 복사본이 모든 데이타 객체에 대해 항상 존재하므로 메모리의 낭비가 있을 수 있고, 복사본의 갱신을 위한 갱신 큐의 관리에 따르는 오버헤드와 그에 따른 예측성 결여라는 문제점을 갖고 있다. 이를 개선하기 위하여 본 논문에서는 다단계 보안 실시간 데이타베이스 시스템의 요구사항을 모두 만족하는 동적 복사 프로토콜을 제안한다. 동적 복사 프로토콜은 로킹 기법을 기초로 동작하고, 트랜잭션의 작업에 따라 동적으로 복사본을 생성하고 삭제한다. 모의 실험 결과 제안한 동적 복사 프로토콜은 비밀채널을 방지하고 동적인 복사본의 생성으로 SRT-2PL의 단점인 메모리 낭비를 줄일 수 있으며, 예측성을 높여 마감시간 오류율을 감소시켰다.Abstract Concurrency control of real-time secure database system must satisfy not only logical data consistency but also timing constraints and security requirements associated with transactions. These conflicting natures between timing constraints and security requirements are often resolved by maintaining several versions(or secondary copies) on the same data items. In this paper, we propose a new lock-based concurrency control protocol, Dynamic Copy Security Protocol, ensuring both two conflicting requirements. Our protocol aims for reducing the storage overhead of maintaining secondary copies and minimizing the processing overhead of update history. Main idea of our protocol is to keep a secondary copy only when it is needed to resolve the conflicting read/write operations in real time secure database systems. For doing this, a secondary copy is dynamically created and removed during a transaction's read/write operations according to our protocol. We have also examined the performance characteristics of our protocol through simulation under different workloads while comparing the existing real time security protocol. The results show that our protocol consumed less storage and decreased the missing deadline transactions.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.04a
• /
• pp.445-448
• /
• 2001

The objective of this paper was to cope with the verification of the message transfer protocol that integrates the electronic signature and the distribution and authentication of public key in TCP/IP using security continuity management Choquet fuzzy integral compared with fuzzy integral. They were classified into the security technology, the security policy, the electronic document processing, the electronic document transportation and the encryption and decryption keys in its function. The measures of items of the message security protocol were produced for the verification of the implemented document in every function.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.5
• /
• pp.297-301
• /
• 2013

Key agreement protocols allow multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. Since Joux first published the pairing-based one round tripartite key agreement protocol, many authenticated protocols have been proposed. Unfortunately, many of them have been broken while others have been shown to be deficient in some desirable security attributes. In 2004, Cheng et al. presented two protocols aimed at strengthening Shim's certificate-based and Zhang et al.'s tripartite identity-based protocols. This paper reports that 1) In Cheng et al.'s identity-based protocol, an adversary can extract long-term private keys of all the parties involved; and 2) Cheng et al.'s certification-based protocol is weak against key integrity attacks. This paper suggests possible remedies for the security flaws in both protocols and then presents a modified Cheng et al.'s identity-based, one-round tripartite protocol that is more secure than the original protocol.

• Journal of Convergence Society for SMB
• /
• v.4 no.4
• /
• pp.19-23
• /
• 2014

Group communication is becoming increasingly popular in Internet applications such as videoconferences, online chatting programs, games, and gambling. For secure communications, the integrity of messages, member authentication, and confidentiality must be provided among group members. To maintain message integrity, all group members use the Group Key (GK) for encrypting and decrypting messages while providing enough security to protect against passive attacks. Tree-based Group Diffie-Hellman (TGDH) is an efficient group key agreement protocol to generate the GK. TGDH assumes all members have an equal computing power. One of the characteristics of distributed computing and grid environments is heterogeneity; the member can be at a workstation, a laptop or even a mobile computer. Member reordering in the TDGH protocol could potentially lead to an improved protocol; such reordering should capture the heterogeneity of the network as well as latency. This research investigates dynamic reordering mechanisms to consider not only the overhead involved but also the scalability of the proposed protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.85-102
• /
• 1999

In this paper, we propose an EC-SRP(Elliptic Curve - Secure Remote Password) protocol that uses ECDLP(Elliptic Curve Discrete Logarithm Problem) instead SRP protocols’s DLP. Since EC-SRP uses ECDLP, it inherits the high performance and security those are the properties of elliptic curve. And we reduced the number of elliptic curve scalar multiplication to improve EC-SRP protocol’s performance. Also we have proved BC-SRP protocol is a secure AKC(Authenticated Key Agreement with Key Confirmation) protocol in a random oracle model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.53-57
• /
• 2010

Recently, Lee et al. proposed a delegation-based authentication protocol for secure and private roaming service in global mobility networks. In this paper, we show that the protocol cannot protect the privacy of an user even though the protocol provides the user anonymity. To prove the weakness, we show that the protocol cannot provide the unlinkability and also examine the weakness of the protocol caused by the lack of the unlinkability.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.917-920
• /
• 2008

The Internet Key Exchange (IKE) protocol is most widely used as a security key exchange protocol on the Internet. Security policies used by the IKE protocol must be configured in advance, however the complex options and manual settings cause inconvenience. This paper proposes an automatic configuration method for the IKE protocol based on X.509 certificate. Security policies are embedded in the certificate, read, and added into the IKE configuration file by a negotiation assistant module in order to achieve automatic IKE configuration. Our proposed method reduces the complexity of configuration process and improves the adaptability of the IKE protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.17-27
• /
• 2005

With the development of wire and wireless based networks, a various security protocols have been proposed to protect important resources and user information against attackers. However, many security protocols have found oかy to be later vulnerable to attacks. In this Paper, we introduce the formal methodology to verify the safety of security protocols in the design phase, and we take advantage of the formal methodology which uses Casper/CSP and FDR tools by introducing the verification example of EKE protocol and BCY protocol. Lastly, we propose a new BCY protocol after verifying it's safety.