• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.27-33
• /
• 2012

VANET(Vehicular Ad-hoc Network) is a kind of ad hoc networks consist of intelligence vehicular ad nodes, and has become a hot emerging research project in many fields. It provide traffic safety, cooperative driving and etc. but has also some security problems that can be occurred in general ad hoc networks. Also, in VANET, vehiculars sho uld be able to authenticate each other to securely communicate with network-based infrastructure, and their location s and identifiers should not be exposed from the communication messages. This paper explains V2I authentication pr otocol using a hash function that preserves the user privacy. In addition, we analyze the security stability of the V2I authentication protocol using Casper in the formal verification technique. As a result, V2I authentication protocol us ing hash function prove a stability.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.581-584
• /
• 2004

Currently, there are many subscriber access networks: PSTN, ADSL, Cellular Network, IMT200 and so on. To these service providers that provide above network service, it is important that they authenticate and authorize legal subscribers and account for their usage. At present, There exist the several protocols that Support AAA(Authentication, Authorization and Accounting) service : RADIUS, Diameter, TACACS+. Nowadays, RADIUS has used for AAA service widely. It has been extended to support other access network environment. So, we extend RADIUS to support environment of Mobile IPv6. Mobile IPv6 uses IPsec as a security mechanism, basically. But, IPsec is a heavy security technology for small, portable, mobile device. Especially, it is serious at IKE, the subset of IPsec. IKE is a key distribution protocol that distributes the key to the endpoints of IPsec. In t:lis paper, we extend RADIUS to support environment of Mobile IPv6 and simplify the IKE phase of IPsec by AAA system distributing the keys by using its security communication channel. Namely, we propose the key distribution method for IPsec SA establishment between mobile node and home agent. The suggested method was anticipated to be effective at low-power, low computing deyice. Finally, end users feel the faster authentication.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.1113-1116
• /
• 2006

Security in wireless sensor networks is very pressing especially when sensor nodes are deployed in hostile environments. To obtain security purposes, it is essential to be able to encrypt and authenticate messages sent amongst sensor nodes. Keys for encryption and authentication must be agreed upon by communicating nodes. Due to resource limitations and other unique features, obtaining such key agreement in wireless sensor network is extremely complex. Many key agreement schemes used in general networks, such as trusted server, Diffie-Hellman and public-key based schemes, are not suitable for wireless sensor networks [1], [2], [5], [7], [8]. In that situation, key pre-distribution scheme has been emerged and considered as the most appropriate scheme [2], [5], [7]. Based on that sense, we propose a new resource-optimal key pre-distribution scheme utilizing merits of the two existing key pre-distribution schemes [3], [4]. Our scheme exhibits the fascinating properties: substantial improvement in sensors' resource usage, rigorous guarantee of successfully deriving pairwise keys between any pair of nodes, greatly improved network resiliency against node capture attack. We also present a detailed analysis in terms of security and resource usage of the scheme.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.31-36
• /
• 2011

Enterprise which has a core technology or organization which manages a core information will be walking into a critical situation like a ruins when organization's confidential information is outflowed. In the past confidential information that was leaked to the off-line, recently the outflow made possible through a variety of equipment at any time via the network based on the ubiquitous communication environment. In this paper, we propose to authenticate and block all packets transmitted via the network at real-time in order to prevent confidentials outflow. Especially in or der to differentiate between users who attempt to disclose confidentials, we propose to insert user's biometric informaion transparently at per-packet basis, and also verify a performance by simulation.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.3
• /
• pp.121-129
• /
• 2010

For the development of software industry, offers an expanded software authentication scheme caused by the unauthorized copying of software is to reduce the damage to software developers, retail sales and to promote the development of the software industry was studied. Serial Number of the current software registration is conducted in such a simple verification procedure if the Serial Number only illegal and can be installed on multiple computers, such as program code to allow third parties to enter the Serial Number, or the extract can be used without is a reality. The proposed extension to the software authentication system when you install the software, my phone authentication and MAC Address Authentication Service introduced to distinguish normal user, the user of the MAC Address of the server and software development company that was sent to the registered MAC Address of the computer to be run only by the use of genuine software and to make unauthorized copies of software generated by the software developer can reduce the damage of the proposed plan.

• Journal of Korean Society of Disaster and Security
• /
• v.5 no.1
• /
• pp.21-28
• /
• 2012

This study can be solved a means of authentication of electronic financial transactions. We suggest that smart devices can be useful to authenticate in electronic financial transactions regardless of time and place. Our new authentication method named Lock-Unlock authentication method with smart devices. This method will be expected to reduce many kind of accidents (theft, phishing, hacking, certificates and simple certified OTP, ATM withdrawals, ARS, etc.) by account locking in electronic financial transactions. And helpful to users can effectively protect electronic financial transactions and minimize the accident during get a electronic trading.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.786-799
• /
• 2018

Recently, NFV has attracted attention as a next-generation network virtualization technology for hardware -independent and efficient utilization of resources. NFV is a technology that not only virtualize computing, server, storage, network resources based on cloud computing but also connect Multi-Tenant of VNFs, a software network function. Therefore, it is possible to reduce the cost for constructing a physical network and to construct a logical network quickly by using NFV. However, in NFV, when a new VNF is added to a running Tenant, authentication between VNFs is not performed. Because of this problem, it is impossible to identify the presence of Fake-VNF in the tenant. Such a problem can cause an access from malicious attacker to one of VNFs in tenant as well as other VNFs in the tenant, disabling the NFV environment. In this paper, we propose Auto-configurable Security Mechanism in NFV including authentication between tenant-internal VNFs, and enforcement mechanism of security policy for traffic control between VNFs. This proposal not only authenticate identification of VNF when the VNF is registered, but also apply the security policy automatically to prevent malicious behavior in the tenant. Therefore, we can establish an independent communication channel for VNFs and guarantee a secure NFV environment.

• Journal of Korea Multimedia Society
• /
• v.14 no.2
• /
• pp.249-257
• /
• 2011

To protect the market for various products, existing authentication techniques using ID, hologram and RFID have been gradually developed. However, these methods can be easily exposed the authentication information, and also these exposed information easily copy. Thus, production of the counterfeit goods can not completely prevent. In this paper, to solve these problems, we designed JCVM file system for saving and managing the authentication information, user's information and a sales agency information into the smart card. And we designed and implemented an authentication protocol that can authenticate to avoiding exposure using processor of the smart card. Through this, this proposed scheme can prevent occurrences of the counterfeit goods. And also, can be used for authentication as any product that can attach the smart card.

• Journal of Internet Computing and Services
• /
• v.9 no.5
• /
• pp.175-183
• /
• 2008

Wi-Fi defines the procedure to search an AP, authenticate both station and AP, and associate the new BSS or ESS which enables the link layer handoff. One of the problems for hotspot service of Wi-Fi is "passing-object", Wi-Fi describes the messages exchanges between two neighboring APs in BSS or ESS. If the station passes through the neighboring APs before completing link-layer handoff, the path where the tunneled packets should be sent is lost. In this paper, we propose to integrate the positioning entity in a service domain to keep track the high-speed movement.

• Journal of Korea Multimedia Society
• /
• v.12 no.9
• /
• pp.1323-1332
• /
• 2009

In this paper, we analyze security weakness of 4-Way Handshake in IEEE 802.11i and propose fast and secure 2-Way Handshake mechanism. Compute PTK(Pairwise Transient Key) using sequence number instead of random numbers in order to protect Replay attack and DoS attack. Also, proposed 2-Way Handshake mechanism can mutual authenticate between mobile station and access point and derive PTK using modified Re-association Request and Re-association Response frames. And, compare with others which are fast and secure Handoff mechanisms.