• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.669-685
• /
• 2003

Nowadays mobile phones and PDAs are part and parcel of our lives. By carrying a portable mobile device with us all the time we are already living in partial Pervasive Computing Environment (PCE) that is waiting to be exploited very soon. One of the advantages of pervasive computing is that it strongly supports the deployment of Location-Based Service(s) (LBSs). In PCE, there would be many competitive service providers (SPs) trying to sell different or similar LBSs to users. In order to reserve a particular service, it becomes very difficult for a low-computing and resource-poor mobile device to handle many such SPs at a time, and to identify and securely communicate with only genuine ones. Our paper establishes a convincing trust model through which secure job delegation is accomplished. Secure Job delegation and cost effective cryptographic techniques largely help in reducing the burden on the mobile device to securely communicate with trusted SPs. Our protocol also provides users privacy protection, replay protection, entity authentication, and message authentication, integrity, and confidentiality. This paper explains our protocol by suggesting one of the LBSs namely“Secure Automated Taxi Calling Service”.

• Journal of Internet Computing and Services
• /
• v.13 no.6
• /
• pp.55-62
• /
• 2012

Grid web applications by standard Web technology are increasingly used to provide grid service to users as normal Web user interface and service. It is however difficult to integrate a grid security system such as Grid Security Infrastructure (GSI) into Web applications because the delegation way of standard Web security is not the same as the one of Grid security. This can be solved by allowing Web applications to get a Grid credential by using an online credential repository system such as MyProxy. In this paper, we investigate the problem that occurs when MyProxy, which assumes mutual trust between a user and Grid web application, is adapted for achieving security integration between Web and Grid, and we propose a new Grid proxy delegation service to delegate a Grid credential to the Web without assuming mutual trust. In the service, the X.509 proxy delegation process is added to OAuth protocol for credential exchange, and authentication can be done by an external service such as OpenID. So, users can login onto the Grid web application in a single sign-on manner, and are allowed to securely delegate and retrieve multiple credentials for one or more Virtual Organizations.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.2 no.1
• /
• pp.23-35
• /
• 2008

Mobile IP (MIP) is the solution supporting the mobility of Mobile Nodes (MNs), however, it is known to lack the support for NEtwork MObility (NEMO). NEMO manages situations when an entire network, composed of one or more subnets, dynamically changes its point of attachment to the Internet. NEMO Basic Support (NBS) protocol ensures session continuity for all the nodes in a mobile network, however, there exists a serious pinball routing problem. To overcome this weakness, there are many Route Optimization (RO) solutions such as Bi-directional Tunneling (BT) mechanism, Aggregation and Surrogate (A&S) mechanism, Recursive Approach, etc. The A&S RO mechanism is known to outperform the other RO mechanisms, except for the Binding Update (BU) cost. Although Improved Prefix Delegation (IPD) reduces the cost problem of Prefix Delegation (PD), a well-known A&S protocol, the BU cost problem still presents, especially when a large number of Mobile Routers (MRs) and MNs exist in the environment such as train, bus, ship, or aircraft. In this paper, a solution to reduce the cost of delivering the BU messages is proposed using a multicast mechanism instead of unicasting such as the traditional BU of the RO. The performance of the proposed multicast-based BU scheme is examined with an analytical model which shows that the BU cost enhancement is up to 32.9% over IPDbased, hence, it is feasible to predict that the proposed scheme could benefit in other NEMO RO protocols.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.8 no.5
• /
• pp.95-103
• /
• 2008

The Network Mobility (NEMO) basic support protocol extends the operation of Mobile IPv6 to provide uninterrupted Internet connectivity to the communicating nodes of mobile networks. The protocol is not efficient to offer delays in data delivery and higher overheads in the case of nested mobile networks because it uses fairly sub-optimal routing and multiple encapsulation of data packets. In this paper, our scheme combining Hierarchical Mobile IPv6 (HMIPv6) functionality and Hierarchical Prefix Delegation (HPD) protocol for IPv6, which provide more effective route optimization and reduce packet header overhead and the burden of location registration for handoff. The scheme also uses hierarchical mobile network prefix (HMNP) assignment and tree-based routing mechanism to allocate the location address of mobile network nodes (MNNs) and support micro-mobility and intra-domain data communication. The performance is evaluated using NS-2.

• Journal of KIISE:Information Networking
• /
• v.36 no.4
• /
• pp.309-321
• /
• 2009

Nowadays, requests of connecting to the Internet while moving are increasing more and more, and various technologies have been developed for satisfying those requests. The IETF nemo WG standardized "Network Mobility Basic Support Protocol" for supporting mobile network through extending existing MIPv6 protocol for supporting host mobility. But, mobile networks can be nested while they are changing their location. And if they are multi -level nested, that causes some problems because of protocol characteristic. In this paper, we try to solve the problem that is complicated routing path caused by multi-level nesting of mobile networks with our limited prefix delegation method. We give a little modification to the standard protocol and add some functions to mobile router. With results from analysis, we could say that our method has better performance than other proposed methods.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.4
• /
• pp.340-349
• /
• 2017

This paper is proposed Hadoop security protocol to protect a reply attack and impersonation attack. The proposed hadoop security protocol is consists of user authentication module, public key based data node authentication module, name node authentication module, and data node authentication module. The user authentication module is issued the temporary access ID from TGS after verifing user's identification on Authentication Server. The public key based data node authentication module generates secret key between name node and data node, and generates OTKL(One-Time Key List) using Hash-chain. The name node authentication module verifies user's identification using user's temporary access ID, and issues DT(Delegation Token) and BAT(Block Access Token) to user. The data node authentication module sends the encrypted data block to user after verifing user's identification using OwerID of BAT. Therefore the proposed hadoop security protocol dose not only prepare the exposure of data node's secret key by using OTKL, timestamp, owerID but also detect the reply attack and impersonation attack. Also, it enhances the data access of data node, and enforces data security by sending the encrypted data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1103-1113
• /
• 2020

Hospitals store and manage personal and health information through the electronic medical record (EMR). However, vulnerabilities and threats are increasing with the provision of various services for information sharing in hospitals. Therefore, in this paper, we propose a model to prevent personal information leakage due to the transmission of patient information in EMR. A method for granting permission to securely receive and transmit patient information from hospitals where patient medical records are stored is proposed using OAuth authorization tokens. A protocol was proposed to enable secure information delivery by applying and delivering the record access restrictions desired by the patient to the OAuth Token. OAuth Delegation Token can be delivered by writing the authority, scope, and time of destruction to view patient information.This prevents the illegal collection of patient information and prevents the leakage of personal information that may occur during the delivery process.

• Journal of KIISE:Computer Systems and Theory
• /
• v.31 no.8
• /
• pp.465-472
• /
• 2004

Proxy signatures is a signature scheme that an original signer delegates one's signature capability to a proxy signer, and then the proxy signer creates a signature on behalf of the original signer. Delegation of authority is a common practice in the real world, in particular, it happens naturally in hierarchical groups such as company, bank and army, etc. In this paper, we propose a new dynamic multi-proxy signature scheme allowing repetitive delegations in a hierarchical group. We adopt multi-proxy signatures to enhance the security of proxy signature. In multi-proxy signatures, plural proxy signers can generate a valid proxy signature collectively on behalf of one original signer. In our scheme, the proxy group is not fixed but constructed dynamically according to some situations. Delegations are processed from higher level to lower level in the hierarchy using delegation tickets. When the original signer wants to delegate one's signature authority, the original signer generates a delegation ticket based on secret sharing and Diffie-Hellman problems. The delegation ticket is shared among proxy signers and then all the proxy signers can generate a valid proxy signature collectively by reconstructing the original signer's delegation ticket. If a certain proxy signer can not attend the proxy signature generating protocol, the proxy signer can also delegate repetitively his partial signature authority to the lower level participants, and then the proxies are constructed dynamically.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.863-874
• /
• 2021

Distributed key generation (DKG) with trustless setup is a cryptographic protocol that distributes Shamir secret shares of a private key to participants while keeping the actual private key hidden to the participants. Also, by extending it to a threshold signature protocol, digital signatures can be generated without construction of private keys. This paper proposes a recovery protocol maintaining trustless setup assumptions, in particular to the useful (1,3) share structure. The proposed protocol meets same levels of security requirements with DKG in terms of correctness and secrecy. The protocol can also enable delegation and revocation of digital sign rights for blockchain-based asset management.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1452-1454
• /
• 2008

태그의 식별을 DB에 의뢰하는 것에 의존적인 RFID기반 시스템은 리더와 DB가 서로의 통신반경 밖에 있거나 기반 통신망이 없어 DB와 연결이 어려운 환경에서는 응용이 제한적이며, 정상적인 경우에도 병목현상의 가능성을 갖고 있다. 본 논문은 DB가 태그의 인증기능을 리더에게 대리 위임하여 자체적으로 인증을 수행할 수 있는 RFID인증프로토콜을 제안한다. 제안하는 기법은 DB와의 통신범위 제한에 비교적 자유롭고, 리더 자체적으로 태그인증이 가능하며, 부가적으로 DB의 연산부하를 경감시킬 수 있다.