• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.393-398
• /
• 2003

본 논문에서는 사용자 인증에 사용되는 패스워드 검증자의 안전성을 더욱 보강한 새로운 패스워드 검증자 기반 키 분배 프로토콜을 제안한다 기존 패스워드 기반 키 분배프로토콜 방식은 네트워크 상에서 패스워드의 안전한 전송이 어려웠고, 패스워드 파일의 안전한 보호가 어렵다는 문제가 있었다. 이에 패스워드 파일을 그대로 서버에 저장하지 않고 패스워드를 사용하여 생성한 검증자(verifier)를 저장하게 함으로써 패스워드파일을 보다 안전하게 보호할 수 있게 되었으며, 서버가 사용자의 패스워드를 알지 못하더라도 검증자를 사용한 증명방식을 통해 사용자를 인증할 수 있게 되었다. 본 논문에서는 사용자와 서버의 비밀정보로 만든 새로운 형태의 검증자를 사용하고, 사용자는 다른 저장정보 없이 기억하고 있는 ID와 패스워드만을 사용하여 키 분배를 수행하는 패스워드 검증자 기반 키 분배 프로토콜을 제안한다. 제안하는 프로토콜의 안전성 분석을 위해 active impersonation과 forward secrecy, man-in-the-middle attack, off-line dictionary attack 등의 공격 모델을 적용하였다.

• Journal of Korea Multimedia Society
• /
• v.25 no.2
• /
• pp.221-236
• /
• 2022

BLE protocol prevents MITM attacks with user interaction through some input/output devices such as keyboard or display. Therefore, If it use a device which has no input/output facility, it can be vulnerable to MITM attack. If messages to be sent to a control device is forged by MITM attack, the device can be abnormally operated by malicious attack from attacker. Therefore, we describes a scenario which has the vulnerabilities of the BLE network in this paper and propose countermeasure method against MITM attacks integrity violations. Its mechanism provides data confidentiality and integrity with MD5 and security key distribution of Diffie Helman's method. In order to verify the effectiveness of the countermeasure method proposed in this paper, we have conducted the experiments. ​As experiments, the message was sent 200 times and all of them successfully detected whether there was MITM attack or not. In addition, it took at most about 4.2ms delay time with proposed countermeasure method between devices even attacking was going on. It is expected that more secure data transmission can be achieved between IoT devices on a BLE network through the method proposed.

• Journal of KIISE:Information Networking
• /
• v.29 no.5
• /
• pp.583-594
• /
• 2002

Assuring the security of group communications such as tole-conference and software distribution requires a common group key be shared among the legal members in a secure manner. Especially for large groups with frequent membership change, efficient rekey mechanism is essential for scalability. One of the most popular ways to provide sealable rekey is to partition the group into several subgroups. In this paper, we propose a two-layered key management scheme which combines DEP and CBT, a protocol in which subgroup manager cannot access the multicast data and another that has a multi-core, respectively. We also select sub-group key management protocols suitable for our structure and design new rekey protocols to exclude the subgroup managers from the multicast data. Compared to previous protocols based on CBT, our scheme provides forward secrecy, backward secrecy and scalability. This would reduce the number of encryption and decryption for a rekey message and would improve the efficiency number of rekey messages and the amount of information related to group members that group managers must maintain compared to DEP.

• Journal of Broadcast Engineering
• /
• v.15 no.2
• /
• pp.192-204
• /
• 2010

As illegal distribution of the terrestial DTV broadcast program occurs very frequently in on-line, the needs to protect broadcast program have increased. In this paper, a new approach to implement a system for terrestial DTV broadcast program protection based on program protection information(PPI) is proposed. In our approach, the broadcast program is recorded with encryption according to redistribution condition of the PPI and packaged into a file with key information and PPI together. And we also define a set of domain protocol for supporting user fair-use of broadcast program. In the proposed system, copy control can also be provided by process of home domain management. Implementation results show that our system can protect broadcast programs with efficiency and can support conditional distribution within home domain in order to satisfy user fair-use.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.161-169
• /
• 2011

There is a consensus in the field of vehicular network security that public key cryptography should be used to secure communications. A certificate revocation list (CRL) should be distributed quickly to all the vehicles in the network to protect them from malicious users and malfunctioning equipment as well as to increase the overall security and safety of vehicular networks. Thus, a major challenge in vehicular networks is how to efficiently distribute CRLs. This paper proposes a CRL distribution method aided by terrestrial digital multimedia broadcasting (T-DMB). By using T-DMB data broadcasting channels as alternative communication channels, the proposed method can broaden the network coverage, achieve real-time delivery, and enhance transmission reliability. Even if roadside units are not deployed or only sparsely deployed, vehicles can obtain recent CRLs from the T-DMB infrastructure. A new transport protocol expert group (TPEG) CRL application was also designed for the purpose of broadcasting CRLs over the T-DMB infrastructure.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.5
• /
• pp.425-431
• /
• 2020

Recent advancements in industries and technologies have resulted in an increase in the volume of transportation, management, and distribution of logistics. Radio-frequency identification (RFID) technologies have been developed to efficiently manage such a large amount of logistics information. The use of RFID for management is being applied not only to the logistics industry, but also to the power transmission and energy management field. However, due to the limitation of program development capacity, the RFID device is limited in development, and this limitation is vulnerable to security because the existing strong encryption method cannot be used. For this reason, we designed a chaotic system for security with simple operations that are easy to apply to such a restricted environment of RFID. The designed system is a two-dimensional tent map chaotic system. In order to solve the problem of a biased distribution of signals according to the parameters of the chaotic dynamical system, the system has a cryptographic parameter(𝜇₁), a distribution parameter(𝜇₂), and a parameter(𝜃), which is the constant point, ID value, that can be used as a key value. The designed RFID authentication system is similar to random numbers, and it has the characteristics of chaotic signals that can be reproduced with initial values. It can also solve the problem of a biased distribution of parameters, so it is deemed to be more effective than the existing encryption method using the chaotic system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.1B
• /
• pp.64-72
• /
• 2004

Multiprotocol Label Switching (MPLS) has been developed as a key technology to enhance the reliability, manageability and overall quality of service of core If networks with connection-oriented tunnel LSP and traffic engineering such as constraint-based routing, explicit routing, and restoration. In this paper, we propose a control bandwidth borrowing scheme that maximizes the utilization of tunnel LSPs or physical links by an extension to the RSVP-TE label distribution protocol. MPLS-based core switching network and VPN services rely on the establishment of connection-oriented tunneled LSPs that are configured or predefined by network management systems. The mechanism of network management system varies from (i) a relatively static LSP establishment accounting, to (ii) a dynamic QoS routing mechanisms. With the use of hierarchical LSPs, the extra bandwidth that is unused by the trunk (outer) LSPs should be fully allocated to their constituent end-to-end user traffic (inner) LSPs in order to maximize their utilization. In order to find out the unused extra bandwidth in tunnel LSP or physical link and redistribute these resources to constituent LSPs, we expend the functionality of RSVP-TE and the found unused extra bandwidth is redistributed with a weight-based recursive redistribution scheme. By the extended RSVP-TE and proposed recursive redistributed scheme, we could achieve the instantaneous maximized utilization of tunnel LSP or physical link suffering from the potential under-utilization problem and guarantee the end-to-end QoS requirements. With the proposed scheme, network manager can manage more effectively the extra available bandwidth of hierarchical LSPs and maximize the instantaneous utilization of the tunneled LSP resources.

• Journal of KIISE:Information Networking
• /
• v.31 no.6
• /
• pp.595-607
• /
• 2004

Networks often evolve to provide a host with multiple access points to the Internet. In this paper, we propose a transport layer load distribution mechanism utilizing the multiple network interfaces simultaneously. We specifically propose an extension of Stream Control Transmission Protoco1 (SCTP) to have load sharing over multiple network interfaces. We named the particular service provided by the Proposed load sharing mechanism to be LS (Load Sharing) mode service. LS mode service is based on the following four key elements: (i) the separation of flow control and congestion control, (ii) congestion window based striping, (iii) redundant packet retransmission for fast packet loss recovery, (iv) a novel mechanism to keep track of the receiver window size with the SACKS even if they arrive out-of-order. Through simulations, it is shown that the proposed LS mode service can aggregate the bandwidth of multiple paths almost ideally despite of the disparity in their bandwidth. When a path with a delay of 100% greater is utilized as the second path, the throughput is enhanced about 20%.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.5
• /
• pp.1670-1676
• /
• 2010

It is easy to reproduce and manipulate the digital contents. It's difficult to distinguish the original contents with a pirate one. A digital signature scheme is used to protect the contents author's ownership and to provide secure contents distribution. Generally, the digital contents is completed with many authors' help. It's necessary to apply a cryptographic method for protecting co-authors' rights and interests. In this paper, the biometric based convertible undeniable multi-signature scheme is proposed. In the proposed scheme, keys are generated by using a signer's biometric data. Consigning the private key to another signer is infeasible. Signers must participate in signature generation and verification stages. Our scheme also provides signature conversion protocol in which the undeniable signature is converted to the ordinary one. For applications, we show how the proposed scheme is used to protect co-authors' rights and to distribute the contents securely.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.9
• /
• pp.1983-1989
• /
• 2012

The IEEE 802.1x standard provides an architectural framework which can be used various authentication methods. But, IEEE 802.1x also has vulnerabilities about the DoS(Denial of Service), the session hijacking and the MiM(Man in the Middle) attack due to caused by structural of authentication protocol. In this paper, we propose a WLAN system which can offer safety communication by complement of IEEE 802.1x vulnerabilities. The WLAN system accomplishes mutual authentications between authentication servers, clients and the AP using PKI and prevents an illegal user from intervening in communication to disguise oneself as a client, the AP or authentication servers. Also, we guarantee the safety of the communication by the Dynamic WEP key distribution between clients and the AP.