• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.8B
• /
• pp.730-737
• /
• 2003

In this paper, we present an efficient authentication proxy for IEEE 802.1x systems based on the port-based access control mechanism. An IEEE 802.1x system consists of PC supplicants, a bridge with authentication client functions, and an authentication server. For the network security and user authentication purposes, a supplicant who wants to access Internet should be authorized to access the bridge port using the Extended Authentication Protocol (EAP) over LAN. The frame of EAP over LAN is then relayed to the authentication server by the bridge. After several transactions between the supplicant and the server via the bridge, the supplicant may be either authorized or not. Noting that the transactions between the relaying bridge and the server will be increased as the number of supplicants grows in public networks, we propose a scheme for reducing the transactions by employing an authentication proxy function at the bridge. The proxy is allowed to cache the supplicant's user ID and password during his first transaction with the server. For the next authentication procedure of the same supplicant, the proxy function of the bridge handles the authentication transactions using its cache on behalf of the authentication server. Since the main authentication server handles only the first authentication transaction of each supplicant, the processing load of the server can be reduced. Also, the authentication transaction delay experienced by a supplicant can be decreased compared with the conventional 802.1x system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.5
• /
• pp.39-48
• /
• 2016

One of the major trends of automotive networking architecture is the introduction of automotive Ethernet. Ethernet is already used in single automotive applications (e.g. to connect high-data-rate sources as video cameras), it is expected that the ongoing standardization at IEEE (IEEE802.3bw - 100BASE-T1, respectively IEEE P802.3bp - 1000BASE-T1) will lead to a much broader adoption in future. Those applications will not be limited to simple point-to-point connections, but may affect Electric/Electronic(EE) Architectures as a whole. It is agreed that IP based traffic via Ethernet could be secured by application of well-established IP security protocols (e.g., IPSec, TLS) combined with additional components like, e.g., automotive firewall or IDS. In the case of safety and real-time related applications on resource constraint devices, the IP based communication is not the favorite option to be used with complicated and performance demanding TLS or IPSec. Those applications will be foreseeable incorporate Layer-2 based communication protocols as, e.g., currently standardized at IEEE[13]. The present paper reflects the state-of-the-art communication concepts with respect to security and identifies architectural challenges and potential solutions for future Ethernet Switch-based EE-Architectures. It also gives an overview and provide insights into the ongoing security relevant standardization activities concerning automotive Ethernet. Furthermore, the properties of non-automotive Ethernet security mechanisms as, e.g., IEEE 802.1AE aka. MACsec or 802.1X Port-based Network Access Control, will be evaluated and the applicability for automotive applications will be assessed.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.573-586
• /
• 2008

The improved performance and miniaturization of computer and the improvement of wireless communication technology have enabled the emergence of many high quality services. Among them multicast services are receiving much attention and their usage is increasing due to the increase of Internet multimedia services such as video conference, multimedia stream, internet TV, etc. Security plays an important role in mobile multicast services. In this paper, we proposed a secure multicast protocol for a hierarchical micro-mobility environment. The proposed secure multicast protocol provides security services such as authentication, access control, confidentiality and integrity using mechanisms including symmetric/asymmetric key crypto-algorithms and capabilities. To provide forward/backward secrecy and scalability, we used sub-group keys based on the hierarchical micro-mobility environment. With this security services, it is possible to guard against all kinds of security attacks performed by illegal mobile nodes. Attacks executed by internal nodes can be thwarted except those attacks which delete packet or cause network resources to be wasted. We used simulator to measure the performance of proposed protocol. As a result, the simulation showed that effect of these security mechanisms on the multicast protocol was not too high.

• Journal of Service Research and Studies
• /
• v.4 no.2
• /
• pp.21-35
• /
• 2014

The mobile environment which is based on the Internet is expanding the area of the web information systems. The mobile Internet is expanding mobile content and services due to the development of wireless network technology, the proliferation of smart terminal devices, and the emergence of a variety of mobile services platforms. A mobile web is to access to the Internet service using a mobile network or other wireless network using a smart phone or a mobile device. Recently, it is to increase the smart phone usage rapidly in the country, and many companies is entering the mobile market. There are increasing need for this operation plan of a mobile web information system. In this paper, we compared the COBIT, ITIL, the SLA, which are the International Information Systems operation standards, and the information system operation standards of Korea Information Security Agency. We analyzed the suitability of the mobile environment and information system operating instructions, and we compared mobile web, operating environments and the ITIL V3.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.52 no.7
• /
• pp.15-21
• /
• 2015

Due to the appearance of various mobile terminals like smartphone, smartpad, and smartwatch and tremendous development of WiFi technology, data utilization rate on WiFi network is significantly increasing. As a result, users are wanting to use WiFi network using only a simple identification at a visited place as if they are at their home institute. In this paper, we review the domestic status of eduroam service which supports global extension of wireless network access environment and present the future development perspective of the service in Korea. Besides, we shed light on the current status of WiFi sharing service between domestic universities and propose some methods to facilitate the join of domestic universities in eduroam service.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.6
• /
• pp.61-67
• /
• 2023

The rise of 5G and the proliferation of smart devices have underscored the significance of multi-access edge computing (MEC). Amidst this trend, interest in effectively processing computation-intensive and latency-sensitive applications has increased. This study investigated a novel task offloading strategy considering the probabilistic MEC environment to address these challenges. Initially, we considered the frequency of dynamic task requests and the unstable conditions of wireless channels to propose a method for minimizing vehicle power consumption and latency. Subsequently, our research delved into a deep reinforcement learning (DRL) based offloading technique, offering a way to achieve equilibrium between local computation and offloading transmission power. We analyzed the power consumption and queuing latency of vehicles using the deep deterministic policy gradient (DDPG) and deep Q-network (DQN) techniques. Finally, we derived and validated the optimal performance enhancement strategy in a vehicle based MEC environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1115-1130
• /
• 2020

Modern vehicles are equipped with a number of ECUs(Electronic Control Units), and ECUs can control vehicles efficiently by communicating each other through CAN(Controller Area Network). However, CAN bus is known to be vulnerable to cyber attacks because of the lack of message authentication and message encryption, and access control. To find these security issues related to vehicle hacking, CAN Fuzzing methods, that analyze the vulnerabilities of ECUs, have been studied. In the existing CAN Fuzzing methods, fuzzing inputs are randomly generated without considering the structure of CAN messages transmitted by ECUs, which results in the non-negligible fuzzing time. In addition, the existing fuzzing solutions have limitations in how to monitor fuzzing results. To deal with the limitations of CAN Fuzzing, in this paper, we propose a Non-Random CAN Fuzzing, which consider the structure of CAN messages and systematically generates fuzzing input values that can cause malfunctions to ECUs. The proposed Non-Random CAN Fuzzing takes less time than the existing CAN Fuzzing solutions, so it can quickly find CAN messages related to malfunctions of ECUs that could be originated from SW implementation errors or CAN DBC(Database CAN) design errors. We evaluated the performance of Non-Random CAN Fuzzing by conducting an experiment in a real vehicle, and proved that the proposed method can find CAN messages related to malfunctions faster than the existing fuzzing solutions.

• Journal of Internet Computing and Services
• /
• v.2 no.4
• /
• pp.41-53
• /
• 2001

Multi-distributed web cluster model built for high availability E-Business model exposes internal system nodes on its structural characteristics and has a potential that normal job performance is impossible due to the intentional prevention and attack by an illegal third party. Therefore, the security system which protects the structured system nodes and can correspond to the outflow of information from illegal users and unfair service requirements effectively is needed. Therefore the suggested distributed invasion detection system is the technology which detects the illegal requirement or resource access of system node distributed on open network through organic control between SC-Agents based on the shared memory of SC-Server. Distributed invasion detection system performs the examination of job requirement packet using Detection Agent primarily for detecting illegal invasion, observes the job process through monitoring agent when job is progressed and then judges the invasion through close cooperative works with other system nodes when there is access or demand of resource not permitted.

• Journal of the Korea Convergence Society
• /
• v.11 no.3
• /
• pp.27-35
• /
• 2020

The purpose of this study is to study the technical implementation methods to prevent problems such as the record of important educational activities of the student life record department or the continuous illegal leakage and manipulation. To this end, in this paper, by applying a private blockchain that can be participated only by a given organization or individual, it prevents outsiders from participating in the block network, and creates legitimate authority by creating two types of block data: student information block and access record block in the life record book. We proposed a block mechanism that can be registered, modified, and accessed only by authorized staff members. As a result, we have prepared an alternative to prevent forgery and alteration of the living records by third parties and to secure the integrity of the living records. If applied to the educational administrative information system, social consensus will be established that the operation and management of the life record book is reliable.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.5
• /
• pp.21-27
• /
• 2023

As a means of helping ships navigate safely, navigational aids in operation in the maritime envirionment require periodic management, and due to the nature of the environment, it is difficult to visually check the exact state. As a result, the smart navigation aid system, which improves route safety and operational efficiency, utillizes expertise including sensors, communications, and information technology, unlike general route markings. The communication environment of the smart navigation aid system, which aims to ensure the safety of the navigators operating the ship and the safety of the ship, uses a wireless communication network in accordance with the marine environment. The ship collects the information necessary for the maritime environment on the land and operates. In this process, there is a need to consider the wireless communication security guideline. Basically, based on IHO S-100 a standard for facilitating data exchange and SECOM, which provides an interface for safe communication. This paper research a security system for safe communication in a maritime environment. The security system for the basic interface based on the document was presented, and there were some vulnerabillties to data exchange due to the wireless communication characteristics of the maritime environment, and the user authetication part was added considering the vulnerability that unauthorized users can access the service.