• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.7A
• /
• pp.717-723
• /
• 2007

There are many weaknesses in sensor networks due to hardware limitation of sensor nodes besides the vulnerabilities of a wireless channel. In order to provide sensor networks with security, we should find out the approaches different from ones in existing wireless networks; the security mechanism in sensor network should be light-weighted and not degrade network performance. Sowe proposed a novel data origin authentication satisfying both of being light-weighted and maintaining network performance by using Unique Random Sequence Code. This scheme uses a challenge-response authentication consisting of a query code and a response code. In this paper, we show how to make a Unique Random Sequence Code and how to use it for data origin authentication.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.5A
• /
• pp.402-408
• /
• 2007

There are many weaknesses in sensor networks due to hardware limitation of sensor nodes besides the vulnerabilities of a wireless channel. In order to provide sensor networks with security, we should find out the approaches different from ones in existing wireless networks; the security mechanism in sensor network should be light-weighted and not degrade network performance. Sowe proposed a novel data origin authentication satisfying both of being light-weighted and maintaining network performance by using Unique Random Sequence Code. This scheme uses a challenge-response authentication consisting of a query code and a response code. In this paper, we show how to make a Unique Random Sequence Code and how to use it for data origin authentication.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.7
• /
• pp.135-142
• /
• 2010

Wireless mesh network, which is an access network technology, adopts ubiquitous features of ad-hoc network that includes capabilities of self-configuration and self-management. This paper proposes a scheme which enables nodes along route in wireless mesh network to authenticate data and verify data integrity. The scheme distinguishes infra-node, which is a network device used to form mesh network, and user node in ad-hoc network, which operates functions as a sender, receiver or relayer, to deploy different authentication scheme. That is, hop-based authentication scheme along route forming wireless backbone differs from authentication scheme for user nodes in route over MANET. The proposed scheme is less complex than previously proposed schemes from the repects of security setup procedures and managements. In addition, the scheme is able to reduce transmission delay from a source to a destination owing to fast authentication over wireless backbone.

• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.765-772
• /
• 2004

Multicast communication is simultaneous transmission of data to multiple receivers and saves considerably sender resources and network bandwidth. It has high risk to attack using group address and inherent complexity of routing packets to a large group of receivers. It is therefore critical to provide source authentication, allowing a receiver to ensure that received data is authentic. In this paper, we propose the multiple chain authentication scheme for secure and efficient multicast stream. To evaluate the performance of our scheme, we compare our technique with two other previously proposed schemes using simulation results. Our scheme provides non-repudiation of origin, low overhead by amortizing the signature operation over multiple packets, and high packet loss resistance.

• Journal of Internet Computing and Services
• /
• v.7 no.6
• /
• pp.157-174
• /
• 2006

Ajax interaction model changes the posture of web application to become a stateful over HTTP. Ajax applications are long-lived inthe browser. XMLHTTPRequest (XHR) is used to facilitate the data exchange. Using HTTPS over this interaction is not viable because of the frequency of data exchange. Moreover, switching of protocols form HTTP to HTTPS for sensitive information is prohibited because of server-of-origin policy. The longevity, constraint, and asynchronous features of Ajax application need to hove a different authentication and session fondling mechanism that invoke re-authentication. This paper presents an authentication and session management scheme using Ajax. The scheme is design lo invoke periodic and event based re-authentication in the background using digest authentication with auto-generated password similar to OTP (One Time Password). The authentication and session management are wrapped into a framework called AWASec (Ajax Web Application Security) for coupling to avoid broken authentication and session management.

• Economic and Environmental Geology
• /
• v.42 no.6
• /
• pp.645-654
• /
• 2009

Recently there have been increasing consumers' interests in the geographical origin of foods, due to the FTA (Free Trade Agreement) in the global market. Especially, in Korea, in relation to BSE (bovine spongiform encephalopathy), it is considered to be urgent to develop analytical techniques for distinguishing the geographical origin of beef. Korea is facing conclusion of FTA with many countries, and there is a deep national concern about the distinction of the geographical origin of food. Diverse analytical techniques have been used in many of recent researches to obtain data for distinguishing the geographical origin of foods produced in various countries. In this paper, we reviewed national and international researches about tracing of geographical origin and food authentication using stable isotopes. Improvement of the isotopic techniques and their numerous application have been provided useful information of their geographical origin in food products. Furthermore, we expect that this study could be detecting of many frauds and illegal transaction of food products. We look forward to active progressing research of detecting food origin using isotope analysis and numerous application about imported food products.

• The Journal of Society for e-Business Studies
• /
• v.3 no.2
• /
• pp.125-140
• /
• 1998

컴퓨터 통신망을 통한 자료교환이 증가되고 있는 요즘 정보보호 위협요소 역시 비례하여 증가되고 있다. 거래 상대방과 중요한 상역 거래문서를 전자문서 형태로 주고받는 EDI(Electronic Data Interchange) 는 부당한 행위자에 의한 불법적인 전자문서의 내용 변조 및 누출 그리고 송수신사실에 대한 부인(Repudiation) 등의 여러 위협들에 대항할 수 있는 정보보호 기능을 필수 서비스로 제공해야 한다. 본 고에서는 KT-EDI 시스템의 실제 운영환경을 기반으로 하여 시스템이 제공하는 정보보호 서비스 중에서 기본적인 메세지출처인증(Message Origin Authentication) 서비스와 내용 기밀성(Content Confidentiality) 서비스를 중심으로 UN/EDIFACT 전자문서 레벨에서의 구현에 관하여 다룬다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.17 no.10
• /
• pp.1164-1174
• /
• 1992

In this paper, an Information Security protocol in LLC/MAC Layer Architecture is discussed. This paper examines the security Vulnerability and threats, the security Service required to protect these threats, and architectural considerations of security protocol in IEEE 802 LAN architecture. To provide an Information security service, an information security protocol(SP2 : Security Protocol 2) PDU construction with LLC/MAC service primitives is suggested. To construct the SP2 protocol, the ECB, CBC mode of DES algorithm and DAA(Data Authentication Algorithm) of FIPS is used. The SP2 protocol suggested in this paper provides data origin authentication, data confidentiality, data integrity service.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.10a
• /
• pp.499-502
• /
• 2001

FreeS/WAN[l] 은 LINUX 상에서 네트워크 보안 프로토콜표준인 IPSEC을 구현한 공개 S/W이다. 현재 LINUX Project로 수행되고 있으며 1.91 version 까지 나와 있다. 라우터와 라우터간에 IPSEC을 사용하여 통신함으로써 access control, connectionless integrity, data origin authentication, protection against replays, confidentiality의 서비스를 보장받을 수 있고, 또한 이러한 서비스들은 IP 계층에서 제공되기 때문에 IP 계층뿐만 아니라 그 이상의 계층에 대한 보호를 제공한다. [2] 본 논문에서는 LINUX router에 FreeS/WAN IPSEC을 설치하여 Security Gateway를 구성하고, 이 Security Gateway를 통해 전형적인 가상사설망을 구성할 수 있음을 보였다. 양단의 Security Gateway에 설치되어진 FreeS/WAN으로 VPN connection을 설정하고, 인증방법으로 RSA authentication key를 setup 하였다. IPSEC을 통하여 암호화되어진 데이터로 양단의 Gateway 구간에서 보안통신이 이루어짐을 알아본다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.6C
• /
• pp.659-667
• /
• 2003

IPsec refers to a standardized set of security protocols and algorithms which can provide the integrity, the authentication and the confidentiality services for IP packets in the Internet. Between two security gateways, IPsec provides the access control, the connectionless Integrity, data origin authentication, the anti-replay, and the confidentiality services, not only to the IP layer but also to the upper layers. In this paper, we describe a VPN (Virtual Private Network) testbed configuration using the FreeS/WAN and analyze the ISAKMP messages exchanged between the linux security gateway during the IKE SA setup. Also, we describe our development of an IPSEC encryption verification tool which can be used conveniently by VPN administrators.