• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.1-13
• /
• 2006

In this paper, we introduce a novel key management scheme that is based on the key pre-distribution but provides the key re-distribution method, in order to manage keys for message encryption and authentication of lower-layer sensor nodes on hierarchical mobile sensor networks. The characteristics of our key management are as follows: First, the role of key management is distributed to aggregator nodes as well as a sink node, to overcome the weakness of centralized management. Second, a sink node generates keys using regression model, thus it stores only the information for calculating the keys using the key information received from nodes, but does not store the relationship between a node and a key, and the keys themselves. As the disadvantage of existing key pre-distributions, they do not support the key re-distribution after the deployment of nodes, and it is hard to extend the key information in the case that sensor nodes in the network enlarge. Thirdly, our mechanism provides the resilience to node capture(${\lambda}$-security), also provided by the existing key pre-distributions, and fourth offers the key freshness through key re-distribution, key distribution to mobile nodes, and scalability to make up for the weak points in the existing key pre-distributions. Fifth, our mechanism does not fix the relationship between a node and a key, thus supports the anonymity and untraceability of mobile nodes. Lastly, we compare ours with existing mechanisms, and verify our performance through the overhead analysis of communication, computation, and memory.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.93-103
• /
• 2005

As the usage of XML documents increases the requirement of security for XML documents is growing. Especially it is very important to solve the problem of access control to XML object which shares in the environment where various users connect to each others. In this paper, we propose the access control model and mechanism which is combined with role hierarchy in the RBAC and hierarchical key derivation/assign method for the access to XML object. So we implement the access control mechanism by including hierarchical key derivation method. The technique, we proposed, gives not only the benefit in management which RBAC provides in access control to XML objects, but also it ran help derive a lower layer key from the higher layer user's. This feature decrease the number of keys managed in each role hierarchy in comparison with previous methods.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.2
• /
• pp.43-51
• /
• 2017

Recently, MANET has been used in many fields as the range of applications increases. However, the dynamic topology that MANET has makes it difficult to route and provides the cause of exposure to security vulnerabilities. Therefore, the security features that can be robust to many attacks must have been applied in the routing technique provided in the MANET. In this paper, we propose a secure routing method that secure route is established by reliability evaluation of nodes and secure data communication has applied through key exchange mechanism. The proposed technique used hierarchical structure for efficiency of reliability evaluation of nodes. The reliability of nodes is performed by trust management node and reliability of nodes managed periodically is broadcasted. And the key exchange for secure data transmission is dene without CA as the certificate issuing organization. This allows fast key exchange and the integrity of data transmission improved. The proposed technique improves the security of the data transmission because a secure route to the destination node is established by the reliability evaluation and the data transmission is performed after the key between the source node and the destination node is exchanged through the established route.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.1
• /
• pp.87-93
• /
• 2013

MANET has the advantage of having the flexibility to build easily a network in a difficult situation that builds a wired network. But, data transmission errors by movement of nodes and eavesdropping by wireless communications have become a problem of security. Authentication service is the most essential in order to overcome these problems and operate network stably. In this paper, we propose 3-tiers authentication structure to exclude of malicious node and operate stable network through more systematic and thorough node authentication. After network is composed into a cluster, cluster head which play CA role is elected. Among these, the highest-CA is elected. The highest-CA receives certificates to cluster head and the cluster head evaluates trust value of their member nodes. Authentication technique which issues member node key is used. We compared PSS and experimented to evaluate performance of proposed scheme in this paper and efficiency of the proposed technique through experience was confirmed.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.1B
• /
• pp.64-72
• /
• 2004

Multiprotocol Label Switching (MPLS) has been developed as a key technology to enhance the reliability, manageability and overall quality of service of core If networks with connection-oriented tunnel LSP and traffic engineering such as constraint-based routing, explicit routing, and restoration. In this paper, we propose a control bandwidth borrowing scheme that maximizes the utilization of tunnel LSPs or physical links by an extension to the RSVP-TE label distribution protocol. MPLS-based core switching network and VPN services rely on the establishment of connection-oriented tunneled LSPs that are configured or predefined by network management systems. The mechanism of network management system varies from (i) a relatively static LSP establishment accounting, to (ii) a dynamic QoS routing mechanisms. With the use of hierarchical LSPs, the extra bandwidth that is unused by the trunk (outer) LSPs should be fully allocated to their constituent end-to-end user traffic (inner) LSPs in order to maximize their utilization. In order to find out the unused extra bandwidth in tunnel LSP or physical link and redistribute these resources to constituent LSPs, we expend the functionality of RSVP-TE and the found unused extra bandwidth is redistributed with a weight-based recursive redistribution scheme. By the extended RSVP-TE and proposed recursive redistributed scheme, we could achieve the instantaneous maximized utilization of tunnel LSP or physical link suffering from the potential under-utilization problem and guarantee the end-to-end QoS requirements. With the proposed scheme, network manager can manage more effectively the extra available bandwidth of hierarchical LSPs and maximize the instantaneous utilization of the tunneled LSP resources.

• Journal of Broadcast Engineering
• /
• v.13 no.1
• /
• pp.53-61
• /
• 2008

Public Key Broadcast Encryption (PKBE) allows a sender to distribute a message to a changing set of users over an insecure channel. PKBE schemes should be able to dynamically exclude (i.e., revoke) a certain subset of users from decrypting a ciphertext, so that only remaining users can decrypt the ciphertext. Another important requirement is for the scheme to be forward-secrecy. A forward-secure PKBE (fs-PKBE) enables each user to update his private key periodically. This updated private key prevents an adversary from obtain the private key for certain past period, which property is particularly needed for pay-TV systems. In this paper, we present a fs-PKBE scheme where both ciphertexts and private keys are of $O(\sqrt{n})$ size. Our PKBE construction is based on Boneh-Boyen-Goh's hierarchical identity-based encryption scheme. To provide the forward-secrecy with our PKBE scheme, we again use the delegation mechanism for lower level identities, introduced in the BBG scheme. We prove chosen ciphertext security of the proposed scheme under the Bilinear Diffie-Hellman Exponent assumption without random oracles.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.5B
• /
• pp.741-752
• /
• 2010

The ability to seamlessly switch between the macro networks and femtocell networks is a key driver for femtocell network deployment. The handover procedures for the integrated femtocell/macrocell networks differ from the existing handovers. Some modifications of existing network and protocol architecture for the integration of femtocell networks with the existing macrocell networks are also essential. These modifications change the signal flow for handover procedures due to different 2-tier cell (macrocell and femtocell) environment. The handover between two networks should be performed with minimum signaling. A frequent and unnecessary handover is another problem for hierarchical femtocell/macrocell network environment that must be minimized. This work studies the details mobility management schemes for small and medium scale femtocell network deployment. To do that, firstly we present two different network architectures for small scale and medium scale WCDMA femtocell deployment. The details handover call flow for these two network architectures and CAC scheme to minimize the unnecessary handovers are proposed for the integrated femtocell/macrocell networks. The numerical analysis for the proposed M/M/N/N queuing scheme and the simulation results of the proposed CAC scheme demonstrate the handover call control performances for femtocell environment.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.10c
• /
• pp.488-492
• /
• 2006

최근 Chen등[1]은 계층적 센서 네트워크 환경을 위한 키 관리 기법을 제안하였다. 본 논문에서는 Chen등의 기법이 센서 노드의 추가와 재배치 시 직계 부모 노드가 양단키(pair-wise key)를 생성해서 새롭게 추가와 재배치되는 자식노드에게 아무런 보안기법 없이 양단키를 전송하므로써, 보안에 취약함을 보여준다. 이러한 문제를 해결하기 위해 본 논문에서는 싱크노드가 추가 및 재배치되는 센서 노드의 양단키를 사전에 생성하여 전송하고 추가 및 재배치되는 노드의 부모노드에게 생성한 키를 전송하는 개선된 키 관리 기법을 제안한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.12
• /
• pp.708-715
• /
• 2016

Quality of experience (QoE) for multimedia services in macro-femtocell networks is one of the key issues for 5G mobile and wireless communications. A service management structure needs to guarantee the QoE for mobile users based on end-to-end negotiation to support service continuity. Resource management is necessary to maintain the QoE requirements of different multimedia applications, because service continuity may be impeded by delays. This paper proposes four types of resource management scheme to support consistent QoE for different multimedia services. For this purpose, a QoE structure is suggested, and a resource allocation scheme is proposed by utilizing a fixed amount of radio resources reserved for dedicated use to support QoE. Various multimedia services with different requirements (such as voice, image, and data) can be serviced simultaneously, because QoE can be provided under our proposed scheme. Simulation results show that our scheme provides better performance than a conventional scheme with respect to outage probability and total data throughput.

• Journal of Korea Multimedia Society
• /
• v.13 no.2
• /
• pp.205-215
• /
• 2010

It is necessary to provide a fast and secure handover for seamless real-time multimedia services based on IEEE 802.11. In this paper, we propose FMIPv6 handoff protocol integrating L2/L3 layer based on IEEE 802.11 WLAN environment. In that, we propose a hierarchical key management scheme and authentication mechanism for protecting the handover signaling messages. The number of connections with AAA server is minimized for the fast handover. It is also compared and analyzed the handover cost with previous method.