• Journal of Korea Multimedia Society
• /
• v.8 no.7
• /
• pp.974-987
• /
• 2005

As the ad hoc networks have been received a great deal of attention to not only the military but also the industry applications, some security mechanisms are required for implementing a practical ad hoc application. In this paper, we propose a security architecture in ad hoc networks for the purpose of supporting ID-based public key cryptosystems because of the advantage that ID-based schemes require less complex infrastructure compared with the traditional public key cryptosystems. We assume a trusted key generation center which only issues a private key derived from IDs of every nodes in the system setup phase, and use NIL(Node ID List) and NRL(Node Revocation List) in order to distribute the information about IDs used as public keys in our system. Furthermore, we propose a collaborative status checking mechanism that is performed by nodes themselves not by a central server in ad-hoc network to check the validity of the IDs.

• Journal of Communications and Networks
• /
• v.16 no.4
• /
• pp.363-370
• /
• 2014

Despite several years of intense research, the security and cryptography in wireless sensor networks still have a number of ongoing problems. This paper describes how identification (ID)-based node authentication can be used to solve the key agreement problem in a three-layer interaction. The scheme uses a novel security mechanism that considers the characteristics, architecture, and vulnerability of the sensors, and provides an ID-based node authentication that does not require expensive certificates. The scheme describes the routing process using a simple ID suitable for low power and ID exposure, and proposes an ID-based node authentication. This method achieves low-cost communications with an efficient protocol. Results from this study demonstrates that it improves routing performance under different node densities, and reduces the computational cost of key encryption and decryption.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.8
• /
• pp.311-317
• /
• 2016

Many services have been developed that are based on smart devices, and security between devices is emphasized. A beacon on the current IoT(Internet of Things) services has been utilized in the commercial field and is being applied to the services of the home IoT. On the other hand, the beacon is weak to security using Bluetooth-based services. Therefore, it is important to strengthen the security of the beacon. This paper proposes a dual security technique that can enhance the security of beacon-based services. The dual security architecture and security process is proposed based on beacon and authentication service. In addition, mobile application was developed and validated based on the beacon for proving the suitability of the proposed technique. The experimental method for verification are the authentication failure case, such as 1st authentication fail, and authentication success case, such as 1st authentication success and 2nd authentication success. The components of the verification experiments consists of two beacons (matched with Beacon ID, mismatched with Beacon ID), one mobile device and authentication application. This was tested to verify the compatibility of the dual security architecture and 1st/2nd authentication process.

• Journal of Aerospace System Engineering
• /
• v.17 no.4
• /
• pp.133-143
• /
• 2023

As drones (also known as UAV) become popular with advanced information and communication technology (ICT), they have been utilized for various fields (agriculture, architecture, and so on). However, malicious attackers with advanced drones may pose a threat to critical national infrastructures. Thus, anti-drone systems have been developed to respond to drone threats. In particular, remote identification data (R-ID)-based UAV detection and identification systems that detect and identify illegal drones with R-ID broadcasted by drones have been developed, and are widely employed worldwide. However, this R-ID-based UAV detection/identification system is vulnerable to security due to wireless broadcast characteristics. In this paper, we analyze the security vulnerabilities of DJI Aeroscope, a representative example of the R-ID-based UAV detection and identification system, and propose a replay-attack-based neutralization method using the analyzed vulnerabilities. To validate the proposed method, it is implemented as a software program, and verified against four types of attacks in real test environments. The results demonstrate that the proposed neutralization method is an effective neutralization method for R-ID-based UAV detection and identification systems.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.8
• /
• pp.63-72
• /
• 2017

In this paper, we propose a security architecture for HDLC-based T4 class common data link. The common data links are composed of point-to-point, multi-to-point, and point-to-multi mode. For multi-to-point mode, one node has a bundle of point-to-point links with different end-point on the other side of the links. Thus multi-to-point mode can be considered as a bundle of point-to-point mode. Point-to-multi mode is broadcasting link. For point-to-point mode we adopted robust security network scheme to establish a secure data link, and for multi-to-point mode we use broadcast encryption scheme based on ID-based cryptography to distribute encryption key for broadcasting message encryption. We also included MACsec technology for point-to-point data link security. Computational and communicational complexity analysis on the broadcast encryption have been done.

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.309-316
• /
• 2013

Machine-to-machine (M2M) communication occurs when devices exchange information independent of human intervention. Prominent among the technical challenges to M2M communication are security issues, such as eavesdropping, spoofing, modification, and privacy violation. Hence, it is very important to establish secure communication. In this paper, we propose a remote authentication scheme, based on dynamic ID, which provides secure communication while avoiding exposure of data through authentication between the M2M domain and the network domain in the M2M architecture. We then prove the correctness and security of the proposed scheme using a logic-based formal method.

• The KIPS Transactions:PartC
• /
• v.14C no.6
• /
• pp.463-470
• /
• 2007

Revocation is one of the main difficulties faced in implementing Public Key Infrastructures(PHs). Boneh, Ding and Tsudik first introduced a mediated cryptography for obtaining immediate revocation of RSA keys used in PKIs. Their method is based on the idea that each user's private key can be split into two random shares, one of which is given to the user and the other to an online security mediator(SEM). Thus any signature or decryption must be performed as a cooperation between a user and his/her associated SEM and revocation is achieved by instructing the mediator SEM to stop cooperating the user. Recently, Libert and Quisquater showed that the fast revocation method using a SEcurity Mediator(SEM) in a mRSA can be applied to the Boneh-Franklin identify based encryption and GDH signature schemes. In this paper we propose a mediated identity based signature(mIBS) with batch verification which apply the SEM architecture to an identity based signature. Libert's GDH siganture scheme is not forward secure even though forward security is an important and desirable feature for signature schemes. We propose an efficient key udating mediated signature scheme, mKUS based on mIBS and analyze its security and efficiency.

• Convergence Security Journal
• /
• v.18 no.4
• /
• pp.3-10
• /
• 2018

Each online user should perform a separate registration and manage his ID and password for each online commerce or SNS service. Since a common secret is shared between the user and the SNS server, the server compromise induces the user privacy breach and financial loss. In this paper, it is considered that the user's authentication material is shared between multiple SNS servers for user authentication. A blockchain service architecture based on Hyperledger Fabric is proposed for each user to utilize an identical ID and OTP using the enhanced hash-chain-based OTP.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.7
• /
• pp.319-325
• /
• 2016

A variety of services for mobile payments by the activation of FinTech have been developed. Various payment methods were developed, and an authentication method was developed to improve the reliability of the payment. On the other hand, when mobile easy payment services are used, they have weak security because the authentication by phone number. Therefore, this paper proposes a technique for increasing the reliability of the authentication process using the unique device ID of the mobile device to improve the authentication process based on the telephone number. The core research contents are the architecture and process for the authentication of mobile payments based on the mobile device ID. The mobile payment architecture consists of a mobile device, authentication service, and mobile payment application. The mobile device consists of mobile device ID and phone number, and the authentication server consists of authentication module and encryption module. The mobile payment service consists of a pre-authentication module and decryption module. The process of mobile payment service is processed by the encrypted authentication information (device ID, phone number, and authentication number) among mobile devices, authentication server, and mobile payment application. The mobile device sends the telephone number and the device ID to the authentication server and the authentication server authenticates the user through an authentication process and encryption process. The mobile payment application performs the pre-authentication process by decrypting the received authentication number. This paper reports a difference that can prevent the risk of leakage of the authentication number in existing payment services through the authentication process of the authentication server and the pre-authentication process of the mobile payment service of this paper.

• Convergence Security Journal
• /
• v.10 no.2
• /
• pp.1-9
• /
• 2010

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.