• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.59-63
• /
• 2002

본 논문에서는 DIA.METER AAA(Authentication, Authorization and Accounting) 하부 구조를 가지고 Mobile IP 액세스 기법을 사용하는 cdma2000 패킷 데이터 서비스에서 MN(mobile node)와 AAAH(home AAA server)간의 상호 인증과 Mobile IP 개체들간에 안전한 세션키 분배를 위한 방법을 제안한다. 제안된 프로토콜은 DIAMETER AAA 하부 구조론 가정하며 DIAMETER AAA의 비효율성을 개선하고, 인증과 키 분배 프로토콜의 시큐리티 요구 사항들을 모두 만족한다.

• Journal of Internet Computing and Services
• /
• v.6 no.3
• /
• pp.107-119
• /
• 2005

The Mobile IP has evolved from providing mobility support for portable computers to support wireless handheld devices with high mobility patterns. The Mobile IP secures mobility, but does not guarantee security, In this paper, the Mobile IP has been adapted to allow AM protocol that supports authentication, authorization and accounting for authentication and collection of accounting information of network usage by mobile nodes, For this goal, we propose a new security handoff mechanism to intensify the Mobile IP security and to achieve fast handoff. In the proposed mechanism, we provide enough handoff achievement time to maintain the security of mobile nodes, According to the analysis of modeling result, the proposed mechanism composed the basic Mobile IP along with AM protocol is up to about $60\%$ better in terms of normalized surcharge for the handoff failure rate that considers handoff time.

• The KIPS Transactions:PartC
• /
• v.12C no.4 s.100
• /
• pp.481-488
• /
• 2005

The Mobile W provides an efficient and scalable mechanism for host mobility within the Internet. However, the mobility implies higher security risks than static operations in fixed networks. In this paper, the Mobile IP has been adapted to allow AAA protocol that supports authentication, authorization, and accounting(AAA) for security and collection for accounting information of network usage by mobile nodes(MNs). For this goal, we Propose the boundary tone overlapped network structure while solidifying the security for the authentication of an MN. That is, the Proposed scheme delivers the session keys at the wired link for MN's security instead of the wireless one, so that it provides a fast and seamless handoff mechanism. According to the analysis of modeling result, the proposed mechanism compared to the existing session key reuse method is up to about $40\%$ better in terms of normalized surcharge for the handoff failure rate that considers handoff total time.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.502-504
• /
• 2002

현재, IETF AAA 워킹 그룹에서는 기존 AAA 프로토콜인 RADIUS를 보완 및 확장하여 새로운 프로토콜인 Diameter의 표준화를 진행중이다. Diameter는 기존 전화망에서의 PPP 접속 서비스뿐만 아니라 이동 패킷 서비스를 지원하는 Mobile IP 접속 서비스를 지원하도록 설계되고 있다. AAA 서버는 인증(Authentication), 인가(Authorization) 및 과금(Accounting) 서비스를 사용자에게 제공한다. 이때 Diameter 서버는 MN이 제공하는 credential을 검증함으로써, MN에 대한 인증을 수행한다. MN은 credential을 생성하기 위해서, 홈 Diameter 서버와 MN간에 공유하는 MN-AAA 비밀키와 MAC 알고리즘을 사용한다. 상기키는 이동 가입자가 AAA 서비스를 초기에 요청할 때 발급되는 비밀키이며, Diameter 프로토콜은 상기 비밀키의 재발급 메커니즘을 제공하지 않는다. 메커니즘 부재는 키의 누출의 인한 서비스 도용이 발생한 수 있는 취약점이 있다. 본 논문에서는 키의 누출에 대비한 MN-AAA 키의 재생성 및 재분배 메커니즘을 제안한다. 이를 위해서, Mobile IP 프로토콜 및 Diameter 프로토콜을 확장 및 보완한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.137-144
• /
• 2004

3GPP(3rd Generation Project Partnership)-WLAN(Wireless Local Area Network) interworking refers to the utilization of resources and access to services within the 3GPP system by the WLAN UE(User Equipment) and user respectively. The intent of 3GPP-WLAN Interworking is to extend 3GPP services and functionality to the WALN access environment. We propose an efficient mechanism for the setup of UE-initiated tunnels in 3GPP-WLAN interworking. The proposed mechanism is based on a secret key which is pre-distributed in the process of authentication and key agreement between UE and 3GPP AAA(Authentication, Authorization Accounting) server. Therefore it can avoid modular exponentiation and public key signature which need a large amount of computation in UE. Also the proposed scheme provides mutual authentication and session key establishment between UE and PDGW(Packet Data Gateway).

• International Journal of Internet, Broadcasting and Communication
• /
• v.5 no.2
• /
• pp.18-22
• /
• 2013

Mobile IPv6 (MIPv6) is a host-based protocol supporting global mobility while Proxy Mobile IPv6 (PMIPv6) is a network-based protocol supporting localized mobility. This paper makes its focus on how to reduce the longer delay and extra cost arising from the combination of authentication, authorization and accounting (AAA) and PMIPv6 further. Firstly, a novel authentication scheme (Proxy-AAA) is proposed, which supports fast handover mode and forwarding mode between different local mobility anchors (LMAs). Secondly, a cost analysis model is established based on Proxy-AAA. From the theoretical analysis, it could be noted that the cost is affected by average arrival rate and residence time.

• Journal of Internet Computing and Services
• /
• v.9 no.2
• /
• pp.61-68
• /
• 2008

Authentication for inter-NEMO rooming is on important issue for achieving the seamless mobile networking. In this proposal, the technical challenge lies in the fact that a visited network does not initially have the authentication credentials of a roaming mobile router. This paper proposes an efficient approach for providing AAA service in NEMO environment. This approach uses localized authentication based on the roaming agreement between ISPs. A public key certificate structure is proposed, tailored to the business model of wireless internet Service Providers (ISPs). In this approach, the mutual authentication between a visited network and a roaming user can be performed locally without any control with user's home network. In conclusion, our protocol shown that communication delay can be reduced by overuse 45% overhead in communication delay than the previous AAA approach.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.987-990
• /
• 2006

AAA(Authentication, Authorization, Accounting) 프로토콜은 기존의 유선망 뿐만 아니라 비약적으로 발전하고 있는 무선망에서 VoIP, Mobile IP 등과 같은 다양한 서비스 및 프로토콜 상에서 안전하고 신뢰성 있는 사용자 인증, 인가, 과금 기능을 체계적으로 제공하는 정보보호 기술이다. 그러나 현재 무선망은 유선망에 비해 외부로부터의 공격에 매우 취약하고 통신에 있어서 많은 제약사항이 뒤따르고 있다. 현재 IETF AAA 워킹그룹에서도 무선망에서의 안전한 AAA 프로토콜에 관하여 중요하게 다루고 있으며, 모바일 노드의 이동성에 따른 안전한 인증을 제공하는 방안에 대해서 활발히 연구 중이다. 따라서 본 연구에서는 모바일 노드가 홈 인증 서버로부터 인증을 받고 난 후에 외부 네트워크로 이동하더라도 홈 인증 서버로부터 발급받은 티켓을 이용하여 홈 인증 서버로 접근을 하지 않고 외부 네트워크에서의 인증을 제공하여 서비스를 받을 수 있게 한다. 본 방식은 티켓을 사용함으로써 교환되는 메시지 및 지연을 줄이고 지속적인 서비스를 제공받을 수 있어 효율성을 높일 수 있다.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.281-284
• /
• 2005

Kerberos is system that offer authorization in internet and authentication service. Can speak that put each server between client and user in distributed environment and is security system of symmetry height encryption base that offer authentication base mutually. Kerberos authentication is based entirely on the knowledge of passwords that are stored on the Kerberos Server. A user proves her identity to the Kerberos Server by demonstrating Knowledge of the key. The fact that the Kerberos Server has access to the user's decrypted password is a rwsult of the fact that Kerberos does not use public key cryptogrphy. It is a serious disadvantage of the Kerbercs System. The Server must be physically secure to prevent an attacker from stealing the Kerberos Server and learning all of the user passwords. Kerberos was designend so that the server can be stateless. The Kerberos Server simply answers requests from users and issues tickets. This study focused on designing a SIP procy for interworking with AAA server with respect to user authentication and Kerberos System. Kerberos is security system of encryption base that offer certification function mutually between client application element and server application element in distributed network environment. Kerberos provides service necessary to control whether is going to approve also so that certain client may access to certain server. This paper does Credit-Control Server's function in AAA system of Diameter base so that can include Accounting information that is connected to Rating inside certification information message in Rating process with Kerberos system.

• Journal of KIISE:Information Networking
• /
• v.33 no.3
• /
• pp.218-230
• /
• 2006

The enterprise service network is composed of internet, intranet and DMZ. The design rationale of Mobile IP is providing of seamless mobility transparency without regarding to the type of network topology and services. However, Mobile IP specification does not include the mobility support in case of using VPN environment and define the access scenarios to get into the VPN intranet without disturbing existing security policy. In this paper, we propose an authentication method using AAA infrastructure and keying material exchange to enable an user in internet to be able to access the intranet through the VPN gateway. Finally, performance analysis for the proposed scheme is provided.