• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.8 no.6
• /
• pp.520-527
• /
• 2015

The key exchange protocols are very crucial tools to provide the secure communication in the broadband satellite access network. They should be required to satisfy various requirements such as security, key confirmation, and key freshness. In this paper, we present the security functions in ETSI(European Telecommunications Standards Institute), and analyze the specification of the security primitives and the key exchange protocols for the authenticated key agreement between RCST(Return Channel Satellite Terminal) and NCC(Network Control Centre). ETSI key exchange protocols consists of Main Key Exchange, Quick Key Exchange, and Explicit Key Exchange. We analyse the pros and cons of key exchange protocols based on performance analysis and performance evaluation.

• Journal of The Institute of Information and Telecommunication Facilities Engineering
• /
• v.1 no.2
• /
• pp.30-42
• /
• 2002

UPnP(Universal Plug and Play) is commercial product for the first time in home network middlewares, but it has problem that it has no security standards in UPnP specification. In this paper, we present UPnP security model. It is based on XML Signature of XML Security. It provides UPnP with secure services which are device control message authentication and user access level control. It is independent of UPnP modules and has mobility of secure service modules for non secure ability user part. We conclude this paper with an example of applying UPnP Security model to the UPnP audio device control and an test example.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.29-46
• /
• 2002

We generally use SSL/TLS protocol utilizing X.509 v3 certificates so as to provide a secure means in establishment an confidential communication and the support of the authentication service. SPKI/SDSI was motivated by the perception that X.509 is too complex and incomplete. This thesis focuses on designing a secure server and an implementation of the prototype which has two main modules, one is to support secure communication and RBAC, not being remained in the SPKI/SDSI server which was developed by the existing Geronimo project and the other is to wholly issue name-certificate and authorization-cerificate. And the demonstration embodied for our sewer is outlined hereafter.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.447-452
• /
• 2013

Berkley Media Access Control (B-MAC) protocol is one of the well-known MAC protocols, which uses adaptive preamble sampling scheme and is designed for wireless sensor networks (WSN). In this paper, we are reviewed about security vulnerability in B-MAC, and analyzed the power which is consumed at each stage of B-MAC protocol according to vulnerability of denial of sleep(DoS) and replay problem. From our analytical results, it can be considered the need of power efficient authentication scheme which provides the reliability, efficiency, and security for a general B-MAC communication. This is the case study of possible DoS vulnerability and its power consumption in B-MAC.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.123-132
• /
• 2006

Biometric-based authentication can provide strong security guarantee about the identity of users. However, security of biometric data is particularly important as the compromise of the data will be permanent. To protect the biometric data, we need to store it in a non-invertible transformed version. Thus, even if the transformed version is compromised, the actual biometric data remains safe. In this paper, we propose an approach to protect finger-print templates by using the idea of the fuzzy vault. Fuzzy vault is a recently developed cryptographic construct to secure critical data with the fingerprint data in a way that only the authorized user can access the secret by providing the valid fingerprint. We modify the fuzzy vault to protect fingerprint templates and to perform fingerprint verification with the protected template at the same time. This is challenging because the fingerprint verification is performed in the domain of the protected form. Based on the experimental results, we confirm that the proposed approach can perform the fingerprint verification with the protected template.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06d
• /
• pp.218-223
• /
• 2008

최근 홈, 오피스 및 핫스팟 영역에서 초고속 멀티미디어의 서비스 수요가 많아짐에 따라 고속의 안정 적인 무선랜에 대한 수요도 증가하고 있다. Access Point 를 이용한 네트워크를 하는 무선랜은 네트워크 에 접근하는 사용자에 대한 인증 프로토콜을 통한 보안이 필요로 하며, 무선랜의 특성상 단말의 이동으로 인해, 핸드오프 시마다 반복되는 사용자 인증은 또 다른 문제를 야기한다. 또, 차세대 인터넷 프로토콜 IPv6는 현재의 주소체계인 IPv4 가 인터넷에 접속된 컴퓨터 수의 기하급수적으로 증가로 인해 빠른 속 도로 고갈되는 상황에서의 대안이다. 따라서 본 논문에서는 이동성을 고려하여 무선랜 환경에서 안전하게 사용자를 인증하고 서비스를 제공하기 위한 패스워드 기반의 사용자 인증 프로토콜을 제안한다. 또한 본 논문에서 제안한 프로토콜을 차세대 주소체계인 IPv6 환경을 바탕으로 구현하였고, 제안한 프로토콜에 대한 다양한 공격으로부터의 안전성을 분석 하였다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.1B
• /
• pp.49-55
• /
• 2002

IMT-2000 mobile system will provide many application services such as mobile internet, wireless electronics commerce applications using air interface with high data rate. These applications require high data integrity, data confidentiality, user authentication, user identity confidentiality and non-repudiation. In this study, we analyze new security threats and air interface traffic performance for IMT-2000 mobile systems. Signal traffic for network access security services requires 0.2kbps~4.5kbps with the conditions of 246~768bits/massage, 0.2~1.0 basic services/sec and the security services of the rate 0.2~1.0 times compared with basic services.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2001.05a
• /
• pp.1-10
• /
• 2001

SNMPv3 provides the security services such as authentication and privacy of messages as well as a new flexible and extensible administration framework. Therefore, with the security services enabled by SNMPv3, network managers can monitor and control the operation of network components more secure way than before. But, due to the user-centric security management and the deficiency of policy-based security management facility, SNMPv3 might be inadequate network management solution for large-scaled networks. In this paper, we review the problems of the SNMPv3 security services, and propose a Role-based Security Management Model(RSM), which greatly reduces the complexity of permission management by specifying and enforcing a security management policy far entire network.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.41 no.9
• /
• pp.67-71
• /
• 2004

Because the Internet diffusion has been increased, the service that used at the offline has been applied to the online, the saving time and portability has been emphasized, and the service has been increased from the wire to the wireless by the development of the mobile communication technology. There are a Pocket PC, Palm and so forth as devices that are used for it and the services are already used. However, because it is used at only limited operating systems like PCs have, there is the restriction to use for much more users. In order to allow various devices used by much more people the access services, the WPKI authentication should be implemented for devices using Linux OS.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.2
• /
• pp.315-320
• /
• 2006

This paper describes access control, user authentication, and User Security and Encryption technology for the construction of database security system from network users. We propose model of network encrypted database security system for combining these elements through the analysis of operational and technological elements. Systematic combination of operational and technological elements with proposed model can construct encrypted database security system secured from unauthorized users in distributed computing environment.