• Convergence Security Journal
• /
• v.2 no.1
• /
• pp.99-107
• /
• 2002

This paper proposes a group key management protocol for a secure of all the multicast user in PIM-SM multicast group communication under electronic commerce. Each subgroup manager gives a secure key to it's own transmitter and the transmitter compress the data with it's own secure key from the subgroup manager. Before the transmitter send the data to receiver, the transmitter prepares to encrypt a user's service by sending a encryption key to the receiver though the secure channel, after checking the user's validity through the secure channel. As the transmitter sending a data after then, the architecture is designed that the receiver will decode the received data with the transmitter's group key. Therefore, transmission time is shortened because there is no need to data translation by the group key on data sending and the data transmition is possible without new key distribution at path change to shortest path of the router characteristic.

• The Journal of Society for e-Business Studies
• /
• v.11 no.4
• /
• pp.87-106
• /
• 2006

Today as the scale of e-commerce constantly expands, the number and the amount of the consumer frauds are also increasing very rapidly, without sufficient levels of systematic support to prevent them. Internet Escrow service is one of the promising payment mechanisms, which guarantees secure electronic trades and payments. Especially, if the real-time product delivery information is available via RFID-based track-and-trace environment, the security and efficiency of the Internet Escrow services would be improved a lot. In this research, proposed a novel approach to integrate EPCglobal Network, which is a de-facto standard for RFID-based information network model, with Internet Escrow services. The proposed service model was implemented in the form of "Integrated Financial Platform", which supports the contracts among trading partners and the payment via Escrow services by being fully integrated with bank systems. Using the implemented EPCglobal Network-based Escrow service system, we would be able not only to shorten the money-flow cycle and to develop new kinds of loan services, but also to overcome the problems of existing Escrow services including the lack of product-related information and the delay of purchasing decisions.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.725-728
• /
• 2003

This paper describes an architecture how QoS-enabled virtual private network networks over the internet can be built and managed. The basic technologies for secure VPNs and for QoS support the introduced. Vision of a QoS-enabled VPN service over internet is described. We also presented the simplified implementation scenario and some implementation details in order to achieve secure and QoS-enable VPNs.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.8
• /
• pp.55-61
• /
• 2017

Cloud computing is cost-effective in terms of system configuration and maintenance and does not require special IT skills for management. Also, cloud computing provides an access control setting where SSO is adopted to secure user convenience and availability. As the SSO user authentication structure of cloud computing is exposed to quite a few external security threats in wire/wireless network integrated service environment, researchers explore technologies drawing on distributed SSO agents. Yet, although the cloud computing access control using the distributed SSO agents enhances security, it impacts on the availability of services. That is, if any single agent responsible for providing the authentication information fails to offer normal services, the cloud computing services become unavailable. To rectify the environment compromising the availability of cloud computing services, and to protect resources, the current paper proposes a security policy that controls the authority to access the resources for cloud computing services by applying the authentication policy of user authentication agents. The proposed system with its policy of the authority to access the resources ensures seamless and secure cloud computing services for users.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2841-2860
• /
• 2018

Vehicular networks play an important role in current intelligent transportation networks and have gained much attention from academia and industry. Vehicular networks can be enhanced by Long Term Evolution-Vehicle (LTE-V) technology, which has been defined in a series of standards by the 3rd Generation Partnership Project (3GPP). LTE-V technology is a systematic and integrated V2X solution. To guarantee secure LTE-V communication, security and privacy issues must be addressed before the network is deployed. The present study aims to improve the security functionality of vehicular LTE networks by proposing an efficient and secure ID-based message authentication scheme for vehicular networks, named the ESMAV. We demonstrate its ability to simultaneously support both mutual authentication and privacy protection. In addition, the ESMAV exhibit better performance in terms of overhead computation, communication cost, and security functions, which includes privacy preservation and non-frameability.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.905-908
• /
• 2006

MIPv6 는 MN(Mobile Node)가 자신의 홈 네트워크를 벗어나 외부 네트워크로 이동하여도 다른 노드들과 끊김 없이 지속적인 통신을 할 수 있게 해주는 인터넷 프로토콜이다. MN 은 외부네트워크로 이동 후 HA(Home Agent) 및 CN(Correspondent Node)로 핸드오버(Handover) 동작의 수행하며 이로 인한 지연이 발생하게 된다. 이러한 지연을 줄이기 위한 대책으로 Fast 핸드오버가 등장하였다. Fast 핸드오버 과정에서 MN 은 이동하려는 서브넷의 라우터(New Access Router: NAR)로의 전환을 위하여 현재 연결된 AR 과 미리 정보를 주고 받게 되고, 이동이 발생한 후에 NAR 과의 핸드오버 지연시간이 감소하게 된다. 반면 공격자가 flooding 을 통해 MN 에게 DoS(Denial of Service) 공격을 가하여 MN 을 다운시킨 후, MN 으로 위장하여 데이터를 가로채는 취약점이 존재한다. 본 논문에서는 위의 취약점을 보완하기 위하여 핸드오버 과정에서 주고받는 메세지에 대한 기밀성 및 노드 인증을 제공하는 ID 기반 암호시스템에 기반한 안전한 Fast 핸드오버 방식을 제안한다. 제안하는 모델은 메시지의 암호화와 노드 인증을 통해 무결성 및 기밀성을 보장하고 Traditional PKI 시스템에 비해 공개키 인증시간을 단축하는 이점을 가질 것으로 기대된다.

• Journal of information and communication convergence engineering
• /
• v.1 no.4
• /
• pp.183-188
• /
• 2003

The $4^{th}$ generation mobile communications, through several radio access networks such as WLAN, Bluetooth, UMTS, GPRS, CDMA 1X, and IMT-2000 in the same area offering different type of coverage, will support interactive multimedia services in additions to wider bandwidths, higher bit rates, and service portability. Regardless of various radio access networks, they will also support robust security mechanisms, as well as seamless mobility and common authentication. In this paper, we give an overview of WLAN security and examine its security problems. We also explain the enhanced security schemes, such as port-based authentication, EAP, and IEEE 802.1X. For secure wireless communications, several possible security solutions are offered and evaluated in various respects to improve WLAN security. This paper will make a contribution to provide more secure wireless communications to cellular operators embracing WLAN technology as a means to generate new revenues based on data services.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.1
• /
• pp.81-87
• /
• 2016

Cloud computing technologies are utilized and merged in various domains. Cloud computing technology-based personal cloud service technologies provide mobility and free access by using user centered storages and smart devices such like smart phones and table PCs. Therefore, we should overcome limits on the storage by solving the capacity problems of devices to provide security services in the personal cloud environments It can be addressable to provide the convenience of various security technologies. However, there are some security threats inherited from existing cloud environments and the possibilities of information leakage when devices are lost or stolen. Therefore, we designed a framework for providing secure cloud services by adding objects, such as user authorization, access tokens, set permissions by key generation, and key management assignments, for user management in personal cloud environments. We analyzed the stability of the proposed framework in terms of irreverent use and abuse, access to insiders, and data loss or leakage. And we evaluated the proposed framework in terms of the security with access control requirements in personal cloud environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1343-1354
• /
• 2018

OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.4
• /
• pp.219-228
• /
• 2018

The utilization of NFC has been continuously increasing due to the spread of smart phones and the development of short-range wireless communication networks. However, it has been suggested that stability and security of convenient NFC short-range wireless communications can be unstable and problematic. The unstable causes for NFC are the lack of security technologies for NFC, the controversy about personal information infringement, and the lack of social awareness on security breach against data settlement. NFC service can be conveniently used by simply touching other NFC devices and NFC tags through the NFC device. This thesis analyzes that NFC authentication technology, which is convenient for user are one of the unstable causes of security of NFC. This thesis suggest that ministry should research countermeasures and promote how users can use NFC safely. It also suggests that users should have awareness when they use payment and authentication service through NFC to prevent from security threat.