• IEMEK Journal of Embedded Systems and Applications
• /
• v.1 no.2
• /
• pp.56-63
• /
• 2006

In this paper, we propose the integrated security management framework supporting the trust for the ubiquitous environments. The proposed framework provides the gathering and analysis of the security related information including the location of mobile device and then dynamically configures the security policy and adopts them. More specially, it supports the authentication and delegation service to support the trusted security management for the ubiquitous networks. This system also provides the visible management tools to give the convenient view for network administrator.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.287-294
• /
• 2003

Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.2
• /
• pp.361-365
• /
• 2005

Proxy signature schemes which allows original signer to delegate proxy signer to sign message on its behalf have a considerable amount of interest from researchers since Mambo[1] and have found many practical applications such as distributed network, Grid computing and electronic commerce. Araki[6] extended them to multi-level proxy signature. But it could not satisfy some security requirement. In this paper we propose a protocol to delegate signing right to another entity for multi-level proxy signature. Our protocol do not require secure channel and guarantee that nobody is able to repudiate delegation or acceptance of signing right, it is impossible for anyone to generate signature except designed and original signer can withdraw the delegation before expiration if it is necessary.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.4
• /
• pp.47-53
• /
• 2020

Blockchain is a distributed shared ledger that transparently manages information through verification and agreement between nodes connected to a distributed network. Recently, cases of data management among authorized agencies based on private blockchain are increasing. In this paper, we investigated the application cases and technical processes of PBFT, the representative consensus algorithm of private blockchain, and proposed a modified PBFT algorithm that enables efficient consensus by simplifying duplicate verification and consensus processes that occur during PBFT processing. The algorithm proposed in this paper goes through the process of selecting a delegation node through an authoritative node and can increase the safety of the delegation node selection process by considering an efficient re-election algorithm for candidate nodes. By utilizing this research, it is possible to reduce the burden on the network communication cost of the consensus process and effectively process the final consensus process between nodes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.2
• /
• pp.53-64
• /
• 2005

Previous secure routing protocols for wireless sensor networks assume that a sink is static. In many cases, however, a sink operated by man or vehicle is moving. A mobile sink creates a lot of technical problems such as reconfiguration of routing path exposure of sink location. and selection of secure access point node, which are not considered by many previous researches. In this paper, we propose a new secure routing scheme for solving such problems using hi-directional hash chain and delegation nodes of grid structure. This scheme provides a secure routing path and prevents attacker from recognizing the location of a mobile sink in sensor networks. This new method reduces the resource requirements compared to the cashed routing schemes. Simulation results also show that the system is secure and efficient enough.

• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.937-950
• /
• 2004

In this paper, we present the design and implementation of new execution environment named Customizable Architecture for Flexible Execution Environment(CAFEs) that supports the mechanism of protocol customization and service referencing. We introduce a new concept as micro protocols and active services to enhance software reusability. Micro protocol represents a specific algorithm or functionality of existing network protocol and the active service is in charge of binding legacy application and releasing the active network oriented services. The pro-posed active network execution environment is made up of three parts, virtual network system, protocol and service manager, event engine. First, the virtual network system is used to connect each active nodes using virtual network channels which are based on multiple existing protocol layers. Second, the protocol and service manager is responsible for composing micro protocols and active services to develop new network proto-col and service easily. Finally, the event engine is used to detect the automatic transition of system components using event delegation model. To verify the CAFTs, we have an experiment about the delivery of web contents which are suitable for the user's terminals in the wireless Internet environment. As a result. we are able to obtain the availability of developed execution environment.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.5C
• /
• pp.737-749
• /
• 2004

Kerberos authenticates clients using symmetric-key cryptography, and supposed to Oust other systems of the realm in distributed network environment. But, authentication and authorization are essential elements for the security. In this paper, we design an efficient and secure authentication/authorization mechanism by introducing the public/private-key and installing the proxy privilege server to Kerberos. In the proposed mechanism, to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we reduce the number of keys by simplifying authentication steps. Proxy privilege server certifies privilege request of client and issues a privilege attribute certificate. Application server executes privilege request of client which is included a privilege attribute certificate. Also, a privilege attribute certificate is used in delegation. We design an efficient and secure authentication/authorization algorithm with Kerberos.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.6
• /
• pp.1194-1203
• /
• 2004

The RR protocole, proposed in IETF mip6 WG and standardized by RFC 3775 at lune 2004, send a message 'Binding Update' that express MN's location information to CN safety and update location information. Standard RR protocole has some problems with initiating the protocol by the MN; it causes to increases in communication load in the home network, to increases communication delay between MN and CN. Also, is connoting vulnerability to against attacker who are on the path between CN and HA in security aspect. This paper proposes doing to delegate MN's location information update rights by HA new location information update method. That is, When update MN's location information to HA, Using MN's private key signed location information certificate use and this certificate using method that HA uses MN's location information at update to CN be. It decreases the route optimization overhead by reducing the number of messages as well as the using location information update time. Also, remove security weakness about against attacker who are on the path between CN and HA.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.5 s.43
• /
• pp.165-173
• /
• 2006

Network Mobility Basic Support protocol enables mobile network to change their point of attachment to the Internet, but causes some problems such as suboptimal muting and multiple encapsulations. The proposed scheme, combining Prefix Delegation protocol with HMIPv6 concept can provide more effective route optimization and reduce the amount of packet losses and the burden of location registration for handoff. It also uses hierarchical mobile network prefix (HMNP) assignment and provides tree-based routing mechanism to allocate the location address of mobile network nodes (MNNs) and support micro-mobility. In this scheme, Mobility Management Router (MMR) not only maintains the binding informations for all MNNs in nested mobile networks, but also supports binding procedures to reduce the volume of handoff signals oyer the mobile network. The performance is evaluated using NS-2.

• Proceedings of the KAIS Fall Conference
• /
• 2005.05a
• /
• pp.234-237
• /
• 2005

본 논문에서는 중첩된 이동네트워크(nested mobile network) 환경에서 멀티홈 기능을 지원하도록 구현한 내용을 기술한다. 멀티 흠 환경에서 이동 노드는 중첩도가 낮은 이동 네트워크를 우선적으로 선택하도록 설계 구현하였다. 구현된 중첩 이동 네트워크 시스템은 계층적 프리픽스 위임 기법에 기반한 경로 최적화(Hierarchical Prefix Delegation)를 지원하고 있다. 구현된 시스템을 테스트한 결과 이동 노드 이동 라우터, 흠 에이전트 등이 기대한 대로 동작함을 확인하였는데, 특히 멀티 흠 환경에 접속된 모바일 노드는 중첩도가 낮은 이동라우터를 성공적으로 선택하여 통신한다는 것을 확인할 수 있었다.