• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1515-1523
• /
• 2015

It has been prevalent to be serviced through WLAN(Wireless Local Area Network) as a variety of mobile devices have been introduced. If the number of mobile devices increases rapidly for the network access in a limited range of ESS(Extended Service Set), a lengthy connection delays are induced due to the initial link setup process of the IEEE 802.11i which is WLAN security standard. In this paper, we propose a new initial link setup protocol which can be executed in the ESS area of WLAN.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.8
• /
• pp.1588-1596
• /
• 2015

In the Internet of Things (IoT), resource-constrained devices such as sensors are capable of communicating and exchanging data over the Internet. The IETF standard group has specified an application protocol CoAP, which uses UDP as a transport protocol, allows such a lightweight device to transmit data. Also, the IETF recommended the DTLS binding for securing CoAP. However, additional features should be added to the DTLS protocol to resolve several problems such as packet loss, reordering, fragmentation and replay attack. Consequently, performance of DTLS is worse than TLS. It is highly required for lightweight devices powered by small battery to design and implement a security protocol in an energy efficient manner. This paper thus discusses about DTLS performance in the perspective of energy consumption. To analyze the performance, we implemented IEEE 802.15.4 based test network consisting of constrained sensor devices in the Cooja simulator. We measured energy consumptions required for each of DTLS client and server in the test network. This paper compares the energy consumption and amount of transmitted data of each flight of DTLS handshake, and the processing and receiving time. We present the analyzed results with regard to code size, cipher primitive and fragmentation as well.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.1
• /
• pp.53-59
• /
• 2019

As the number of harmful sites increases, many social problems are occurring. Therefore, in order to solve this problem, the government is carrying out activities to block access to web sites to harmful sites based on the law. However, due to the change from HTTP to HTTPS protocol, it has become difficult to block the harmful sites in the existing method. In the existing HTTP protocol, a method of blocking the site corresponding to the harmful site domain list by utilizing the DNS information was used. However, due to the generalization of HTTPS, it is difficult to block the harmful sites in the existing method. Therefore, the ISP uses the method of blocking the website using the SNI field in the TLS (Transport Layer Security) Handshake protocol used for HTTPS. However, since the method using SNI field raises the concern of monitoring Internet users or exposing information about connected sites, in this paper, we proposed method which can support anonymity to Internet users while blocking harmful sites. The suggested method also can support integrity and source authentication to the transmitted data.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.10
• /
• pp.1269-1284
• /
• 2001

The Secure Sockets Layer is a protocol for encryption TCP/IP traffic that provides confidentiality, authentication and data integrity. Also the SSL is intended to provide the widely applicable connection-oriented mechanism which is applicable for various application-layer, for Internet client/server communication security. SSL, designed by Netscape is supported by all clients' browsers and server supporting security services. Now the version of SSL is 3.0. The first official TLS vl.0 specification was released by IETF Transport Layer Security working group in January 1999. As the version of SSL has had upgraded, a lot of vulnerabilities were revealed. SSL and TLS generate the private key with parameters exchange method in handshake protocol, a lot of attacks may be caused on this exchange mechanism, also the same thing may be come about in record protocol. In this paper, we analyze SSL protocol, compare the difference between TLS and SSL protocol, and suggest what developers should pay attention to implementation.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.5
• /
• pp.567-577
• /
• 2003

We usually applied PPP CHAP (Point-to-Point Protocol Challenge Handshake Authentication Protocol) when the visited ISP subscriber accesses to authentication server in own home ISP network and IP Assignment for remote Internet service. But PPP CHAP doesn't support in case of visited ISP subscriber in GPRS network accesses to authentication server in own home ISP network for wireless Internet service. We suggest solution this problem with PPP CHAP improvement. For this we propose the modified PPP CHAP message format, PCO Message format at MT, and interworking message and format between GGSN and RADIUS in home ISP network for wireless internet service of mobile ISP subscriber at GPRS network in this paper. We also show authentication results when visited mobile ISP subscriber via PPP CHAP at GPRS network accesses the RADIUS server in home ISP network.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.11
• /
• pp.2031-2038
• /
• 2008

A small-area and high-speed authentication/security processor (WUSB_Sec) IP is designed, which performs the 4-way handshake protocol for authentication between host and device, and data encryption/decryption of wireless USB system. The PRF-256 and PRF-64 are implemented by CCM (Counter mode with CBC-MAC) operation, and the CCM is designed with two AES (Advanced Encryption Standard) encryption coles working concurrently for parallel processing of CBC mode and CTR mode operations. The AES core that is an essential block of the WUSB_Sec processor is designed by applying composite field arithmetic on AF$(((2^2)^2)^2)$. Also, S-Box sharing between SubByte block and key scheduler block reduces the gate count by 10%. The designed WUSB_Sec processor has 25,000 gates and the estimated throughput rate is about 480Mbps at 120MHz clock frequency.

• Journal of KIISE:Information Networking
• /
• v.33 no.1
• /
• pp.16-27
• /
• 2006

The wireless transmission medium inherently broadcasts a signal to all neighbor nodes in the transmission range. Existing asynchronous MAC protocols do not provide a concrete solution for reliable broadcast in link layer. This mainly comes from that an omni-directional broadcasting causes to reduce the network performance due to the explosive collisions and contentions. This paper proposes a reliable broadcast protocol in link taller based on directional antennas, named MDB(MAC protocol for Directional Broadcasting). This protocol makes use of DAST(Directional Antennas Statement Table) information and D-MACA(Directional Multiple Access and Collision Avoidance) scheme through 4-way handshake to resolve the many collision problem wit]1 omni-directional antenna. To analyze its performance, MDB protocol is compared with IEEE 802.11 DCF protocol [9] and the protocol 2 of reference [3], in terms of the success rate of broadcast and the collision rate. As a result of performance analysis through simulation, it was confirmed that the collision rate of the MDB protocol is lower than those of IEEE 802.11 and the protocol 2 of reference [3], and that the completion rate of broadcast of MDB protocol is higher than those of IEEE 802.11 and the protocol 2 of reference [3].

• Proceedings of the IEEK Conference
• /
• 2002.06b
• /
• pp.353-356
• /
• 2002

Due to the increased complexity and size of digital system and the need of the H/W-S/W co-design, C/C++ based system design methodology gains more Interests than ever in EDA field. This paper suggests the methodology in which handshake module corresponding to each basic statement of C is provided of the form of STG(Signal Transition Graph) and then, C statements is synthesized into asynchronous circuit through syntax-oriented translation. The 4-phase handshaking protocol is used for the communications between modules, and the modules are synthesized by the Petrify which is asynchronous logic synthesis CAD tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.93-103
• /
• 2009

Recently, there is an increase in demand of real-time multimedia service in the WLAN environment, with a commercialization of IEEE 802.11n standard. However, the 802.1x authentication protocol is too slow to provide seamless real-time multimedia service, which defined in an IEEE 802.11i security standard. In this paper, a Ticket-based authentication mechanism in the CAPWAP(Control And Provisioning Wireless Access Point) architecture is introduced to support for the fast handoff.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.423-424
• /
• 2024

본 논문은 TCP/IP 네트워크 및 암호 프로토콜을 결합하여 CCTV 카메라 영상 데이터를 안전하게 전송하는 시스템에 관한 것이다. 특히, TCP Handshake에서 암호 키를 교환하고, 디바이스의 시그니처 정보를 활용하여 키를 생성하는 키 교환 암호 프로토콜을 도입한다. 이를 통해 CCTV 카메라의 영상 데이터를 암호화하여 전송하고, 수신 시 복호화하여 저장한다. 또한, 적어도 하나 이상의 CCTV 카메라에 대한 보안 인증과 네트워크 연결 상태를 제어하며, 중간자 공격을 방지하기 위한 안전한 키 교환을 수행한다. 이로써 안전성이 강화된 CCTV 카메라 시스템을 제공할 수 있다.