• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.11
• /
• pp.303-309
• /
• 2018

Internet of Things technology is an intelligent service that connects all objects to the Internet and interacts with them. It is a technology that can be used in various fields, such as device management, process management, monitoring of restricted areas for industrial systems, as well as for navigation in military theaters of operation. However, because all devices are connected to the Internet, various attacks using security vulnerabilities can cause a variety of damage, such as economic loss, personal information leaks, and risks to life from vulnerability attacks against medical services or for military purposes. Therefore, in this paper, a mutual authentication method and a key-generation and update system are applied by applying S/Key technology based on a hash chain in the communications process. A mutual authentication method is studied, which can cope with various security threats. The proposed protocol can be applied to inter-peer security communications, and we confirm it is robust against replay attacks and man-in-the-middle attacks, providing data integrity against well-known attacks in the IoT environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1343-1354
• /
• 2018

OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.3
• /
• pp.73-78
• /
• 2019

Due to frequent topology changes in wireless networks, inter-node link disconnection and path re-establishment occur, causing problems such as overloading control messages in the network. In this paper, to solve the problems such as link disconnection and control message overload, we perform path setup in three steps of the neighbor node discovery process, the route discovery process, and the route management process in the wireless network environment. The link stability value is calculated using the information of the routing table. Then, when the zone master monitors the calculated link value and becomes less than the threshold value, it predicts the link disconnection and performs the path reset to the corresponding transmitting and receiving node. The proposed scheme shows a performance improvement over the existing OLSR protocol in terms of data throughput, average path setup time, and data throughput depending on the speed of the mobile node as the number of mobile nodes changes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.103-114
• /
• 2007

The existing handover authentication schemes have authentication delay and overhead of the authentication server since they have been separately studied handover authentication at the link layer and the network layer. This paper proposes a handover authentication scheme initiated by Mobile Node on FMIPv6 based mobile access networks. The main idea of the paper is to generate a session key at the mobile node side, and transfer it to the next Access Router through the authentication server. Also, the scheme has a hierarchical key management at access router. There are two advantages of the scheme. First, the generated session key can be utilized for protecting the binding update messages and also for access authentication. Second, hierarchical key management at the access router reduced the handover delay time. The security aspects on the against PFS, PBS, and DoS attack of proposed scheme are discussed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.141-152
• /
• 2011

Growing efforts and interests of security techniques in a diverse surveillance environment, the intelligent surveillance system, which is capable of automatically detecting and tracking target objects in multi-cameras environment, is actively developing in a security community. In this paper, we propose an effective visual surveillance system that is avaliable to track objects continuously in multiple non-overlapped cameras. The proposed object tracking scheme consists of object tracking module and tracking management module, which are based on hand-off scheme and protocol. The object tracking module, runs on IP camera, provides object tracking information generation, object tracking information distribution and similarity comparison function. On the other hand, the tracking management module, runs on video control server, provides realtime object tracking reception, object tracking information retrieval and IP camera control functions. The proposed object tracking scheme allows comprehensive framework that can be used in a diverse range of application, because it doesn't rely on the particular surveillance system or object tracking techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.505-514
• /
• 2012

Because people usually establish their online social network based on their offline relationship, the social networks (i.e., the graph of friendship relationships) are often used to share contents. Mobile devices let it easier in these days, but it also increases the privacy risk such as access control of shared data and relationship exposure to untrusted server. To control the access on encrypted data and protect relationship from the server, M. Atallah et al. proposed a hop-based scheme in 2009. Their scheme assumed a distributed environment such as p2p, and each user in it shares encrypted data on their social network. On the other hand, it is very inefficient to keep their relationship private, so we propose an improved scheme. In this paper, among encrypted contents and relationships, some authenticated users can only access the data in distributed way. For this, we adopt 'circular-secure symmetric encryption' first. Proposed scheme guarantees the improved security and efficiency compared to the previous work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.675-686
• /
• 2021

According to the recent revision of Privacy Policy and the emerging importance of personal information, cooperations must verify customer identity (Know Your Costomer, KYC) while processing and managing this information so that it does not violate the Privacy Policy. One of the solution of this problem is zero-knowledge proof (ZKP). The use of the ZKP enables to verify the identity without exposing the identity information directly, thereby reducing the burden on the management of personal information while fulfilling the obligation of the cooperations to verify the identity. The ZKP could be employed to many other applications. In this paper, we analyze the ZKP technique and its applications currently being actively studied.

• Smart Media Journal
• /
• v.12 no.2
• /
• pp.91-102
• /
• 2023

The Energy Management System (EMS) communicates with power plants and substations, monitors the substations and plant operational status of the transmission and substation system for stability, continuity, real-time, and economy of power supply, and controls power plants and substations. Currently, the power exchange EMS communicates with power plants and substations based on the serial communication-based Distributed Network Protocol (DNP) 3.0 protocol. However, problems such as the difficulty of supply and demand of serial communication equipment and the lack of installation space for serial ports and modems are raised due to the continuous increase in new facilities to perform communication, including renewable power generation facilities. Therefore, this paper presents a TCP/IP-based communication method instead of the existing serial communication method of the power exchange EMS, and presents a security risk analysis that may occur due to changes in the communication method and a countermeasure to the security risk.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.5
• /
• pp.103-117
• /
• 2009

In MANET(Mobile Ad-Hoc Network), providing security to routing has been a significant issue recently. Existing studies, however, focused on either of secure routing or packet itself where malicious operations occur. In this paper, we propose SRPPnT(A Secure Routing Protocol in MANET based on Malicious Pattern of Node and Trust Level) that consider both malicious behavior on packet and secure routing. SRPPnT is identify the node where malicious activities occur for a specific time to compose trust levels for each node, and then to set up a routing path according to the trust level obtained. Therefore, SRPPnT is able to make efficient countermeasures against malicious operations. SRPPnT is based on AODV(Ad-Hoc On-Demand Distance Vector Routing). The proposed SRPPnT, from results of the NS-2 network simulation. shows a more prompt and accurate finding of malicious nodes than previous protocols did, under the condition of decreased load of networks and route more securely.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.4
• /
• pp.90-99
• /
• 2017

The service structure of the Mobius IoT platform, which has been developed on the basis of the oneM2M standard, connects servers and gateways directly to exchange data using HTTP or MQTT. Such structure may cause problems not to operate IoT services safely. In this paper, we propose an effective structure to manage sessions between gateways (or devices) and server using SIP safely and stably. In addition, we provide the way to implement the proposed method on Mobius IoT platform. To verify the operation of the proposed method, we actually implement the proposed method on Mobius IoT platform, and construct a testbed for a typical IoT application service environment with SIP servers. The results of the experiment show that the proposed method works normally, and it can contribute to the stable operation of IoT services.