• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.3
• /
• pp.50-57
• /
• 2016

In 2013, Li et al. proposed an improved smart card-based remote user password authentication scheme, and claimed that their scheme not only overcomes security weaknesses of the Chen et al.'s scheme but also is a more user friendly scheme compared with other schemes. In this paper, we analyze the security of Li et al.'s authentication scheme and we show that Li et al.'s authentication scheme is still insecure against the various attacks, such as the off-line password guessing attack, the forgery attack, and the session key generation attack etc. Also, we propose an improved scheme that can resist these security drawbacks of Li et al.'s authentication, even if the secret information stored in the smart card is revealed. As a result of security analysis, the improved scheme is relatively more secure against several attacks than other related schemes in terms of the security.

• Journal of Korea Multimedia Society
• /
• v.20 no.11
• /
• pp.1768-1775
• /
• 2017

The SIP(Session Initiation Protocol) is an application layer call signaling protocol which can create, modify and terminate the session of user, and provides various services in combination with numerous existing protocols. However, most of cryptosystems for SIP cannot prevent quantum computing attack because they have used ECC(Elliptic Curve Cryptosystem). In this paper, we propose a NTRU based authentication and key distribution protocol for SIP in order to protect quantum computing attacks. The proposed protocol can prevent various attacks such as quantum computing attack, server spoofing attack, man-in-the middle attack and impersonation attack anonymity, and our protocol can provide user's anonymity.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.209-215
• /
• 2020

The environment of the Internet provides an efficient communication of the things which are connected. While internet and online service provide us many valuable benefits, online services offered and accessed remotely through internet also exposes us to many different types of security threats. Most security threats were just related to information leakage and the loss of authentication on client-server environment. In 2016, Ahmed et al. proposed an efficient lightweight remote user authentication protocol. However, Kang et al. show that it's scheme still unstable and inefficient. It cannot resist offline identity guessing attack and cannot provide session key confirmation property. Moreover, there is some risk of biometric information's recognition error. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in device. In addition, our proposed scheme should provide not only security, but also efficiency since we only use hash function and XOR operation.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.3B
• /
• pp.195-207
• /
• 2011

In this paper, we design and implement a visual IMS protocol analyzer, VIPA(Visual IMS Protocol Analyzer), providing a graphical view of session connection information between user equipments on IMS network. The VIPA captures SIP packets, which are used to setup sessions on IMS networks, and shows graphical view of session information to provide easy way to analyze IMS protocols. The existing protocol analyzer has limitation to show only terminal side protocol analysis information. Whereas the VIPA can provide not only terminal side but also server side analysis result so that the connection status between all the session participating user agents can be monitored.

• Proceedings of the IEEK Conference
• /
• 2003.07d
• /
• pp.1483-1486
• /
• 2003

This paper describes design and implementation of the DIDL(Digital Item Declaration Language) parser and Session mobility in Digital Item Adaptation. The DIDL is a declaration language which is a uniform and flexible abstraction and interoperable schema for declaring Digital Items. Session mobility specifies a mechanism to preserve a user's current state of interaction with a Digital Item. In this paper, Session mobility is implemented through the DIDL. For session mobility, the XDI (context digital item) shall capture the configuration-state of a Content digital item, shich is defined by the state of Selection elements in DIDL.

• ETRI Journal
• /
• v.35 no.5
• /
• pp.889-899
• /
• 2013

Wireless sensor networks (WSNs) are used for many real-time applications. User authentication is an important security service for WSNs to ensure only legitimate users can access the sensor data within the network. In 2012, Yoo and others proposed a security-performance-balanced user authentication scheme for WSNs, which is an enhancement of existing schemes. In this paper, we show that Yoo and others' scheme has security flaws, and it is not efficient for real WSNs. In addition, this paper proposes a new strong authentication scheme with user privacy for WSNs. The proposed scheme not only achieves end-party mutual authentication (that is, between the user and the sensor node) but also establishes a dynamic session key. The proposed scheme preserves the security features of Yoo and others' scheme and other existing schemes and provides more practical security services. Additionally, the efficiency of the proposed scheme is more appropriate for real-world WSNs applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.967-979
• /
• 2013

Now a day, Wireless Sensor Networks (WSNs) are being widely used in different areas one of which is healthcare services. A wireless medical sensor network senses patient's vital physiological signs through medical sensor-nodes deployed on patient's body area; and transmits these signals to devices of registered medical professionals. These sensor-nodes have low computational power and limited storage capacity. Moreover, the wireless nature of technology attracts malicious minds. Thus, proper user authentication is a prime concern before granting access to patient's sensitive and private data. Recently, P. Kumar et al. claimed to propose a strong authentication protocol for healthcare using Wireless Medical Sensor Networks (WMSN). However, we find that P. Kumar et al.'s scheme is flawed with a number of security pitfalls. Information stored inside smart card, if extracted, is enough to deceive a valid user. Adversary can not only access patient's physiological data on behalf of a valid user without knowing actual password, can also send fake/irrelevant information about patient by playing role of medical sensor-node. Besides, adversary can guess a user's password and is able to compute the session key shared between user and medical sensor-nodes. Thus, the scheme looses message confidentiality. Additionally, the scheme fails to resist insider attack and lacks user anonymity.

• 한국HCI학회:학술대회논문집
• /
• 2008.02a
• /
• pp.510-516
• /
• 2008

In ubiquitous environment, there are no limits to utilize networks whenever and wherever you are. That pervasive networks are combined with the information devices and then create various services such as car navigation of LBS(location based service) and DMB(Digital Multimedia Broadcasting). As these kinds of services are getting more various, the complexity is also getting higher and ultimately the convergence will make people feel frustrated. One of the solutions is Context-Awareness[1] technology. User interface with context-awareness filters unnecessary information and prevents users from being blocked due to the massive information. In this paper, we describe the seamless service system based on location-awareness, which is a type of context-awareness. We developed the system based on UPnP AV Framework. This system provides the automatic terminal device selection for the nomadic user. The system establishes new connections for the ongoing streaming playback session with the new AV devices without substantial loss of playback so that the user can enjoy the seamless service. The AV device selection based on the user's location needs no user's intervention or notification so it achieves the improvement of usability and complexity.

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.741-748
• /
• 2005

SyncML is an open standard data synchronization protocol proposed by OMA(Open Mobile Alliance). In this paper, a Session Handler module, one of major modules for developing SyncML data synchronization clients, and a client User Setup program are designed and implemented. The Session Handier Module controls communication sessions, generates header parts of messages exchanged, and determines the legitimacy of incoming messages. In order to justify normal operations of the Session Handler module and the client User Setup program implemented In this paper, they are ported to a Zaurus PDA, which runs on LINUX operating system. In addition, data synchronization operations are performed between the PDA and a Synthesis sever, whose SyncML data synchronization operation is certificated by OMA, Wireless Internet International Standard Forum.

• Journal of Korea Multimedia Society
• /
• v.9 no.1
• /
• pp.73-88
• /
• 2006

With the development of Next Generation convergence Network, the current Internet needs a new network architecture and new session establishment methods, which can support various applications requiring differentiated traffic processing and high quality of service instead of the conventional best-effort service. It is expected that, in next generation network based on All-IP. SIP will play an important role in the session establishment between the end to end user terminals. In this paper, we propose a new network architecture that can provide quality of service based on SIP using the QoS enabled SIP servers and policy servers, and we also propose a new session establishment method that apply the user's demands participating the session establishment when setting up the session using the SIP. Through simulations under various environments, we show the parameter ranges in terms of server capacity and the number of users in access networks to achieve reasonable delay bounds.