• Journal of Communications and Networks
• /
• v.18 no.2
• /
• pp.190-200
• /
• 2016

In this paper, we consider some aspects of binding properties that bind an anonymous user with messages. According to whether all the messages or some part of the messages are bound with an anonymous user, the protocol is said to satisfy the full binding property or the partial binding property, respectively. We propose methods to combine binding properties and anonymity-based authenticated key agreement protocols. Our protocol with the full binding property guarantees that while no participant's identity is revealed, a participant completes a key agreement protocol confirming that all the received messages came from the other participant. Our main idea is to use an anonymous signature scheme with a signer-controlled yet partially enforced linkability. Our protocols can be modified to provide additional properties, such as revocable anonymity. We formally prove that the constructed protocols are secure.

• Journal of KIISE:Information Networking
• /
• v.35 no.4
• /
• pp.345-354
• /
• 2008

Recently, small-scale mobile network which is composed of many mobile devices in a man becomes popular. Also, Examples of large-scale mobile network can be thought access networks deployed on public transportation such as ships, trains and buses. To provide seamless mobility for mobile nodes in this mobile network, binding update messages must be exchanged frequently. However, it incurs network overhead increasingly and decreases energy efficiency of mobile router. If we try to reduce the number of the messages to cope with the problem, it may happen the security -related problems conversely Thus, mobile router needs a effective algorithm to update location information with low cost and to cover security problems. In this paper, mobility management scheme based on mobile router's mobility pattern is proposed. Whenever each mobile router leaves a visiting network, it records related information as moving log. And then it periodically computes mean resident time for all visited network, and saves them in the profile. If each mobile router moves into the visited network hereafter, the number of binding update messages can be reduced since current resident time may be expected based on the profile. At this time, of course, security problems can happen. The problems, however, are solved using key credit, which just sends some keys once. Through extensive experiments, bandwidth usages are measured to compare binding update messages in proposed scheme with that in existing scheme. From the results, we can reduce about 65% of mobility-management-related messages especially when mobile router stays more than 50 minutes in a network. Namely, the proposed scheme improves network usage and energy usage of mobile router by decreasing the number of messages and authorization procedure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.91-100
• /
• 2007

In this paper, We design and propose a protocol for supporting secure and efficient mobility in integrating fast handover and HMIPv6. In the proposed protocol which is AAA-based HMIPv6, if the MN enters the MAP domain for the first time, then it performs an Initial Local Binding Update for authentication. We propose a secure Fast Handover method using the ticket provided by MAP, which includes the secret key for authentication. Also, we analyze and compare security properties of our proposed scheme with those of other scheme using various attack scenario.

• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.605-612
• /
• 2004

In MIPv6, unauthenticated binding updates expose the involved MN and CN to various security attacks. Thus, protecting the binding update process becomes of paramount importance in the MIPv6, and several secure binding update protocols have been proposed. In this paper, we pro-pose a novel protocol for the secure binding updates in MIPv6, which can resolve the drawbacks of the Deng-Zhou-Bao's protocol ［2］, by adopt-ing Aura's CGA scheme with two hashes ［9］. Aura's scheme enables our protocol to achieve stronger security than other CGA-based protocols without a trusted CA, resulting in less cost of verifying the HA's public key than the Deng-Zhou-Bao's protocol. Through the comparison of our protocol with other protocols such as the Deng-Zhou-Bao's protocol, CAM-DH and SUCV, we show that our protocol can provide better performance and manageability in addition to stronger security than other approaches.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.103-114
• /
• 2007

The existing handover authentication schemes have authentication delay and overhead of the authentication server since they have been separately studied handover authentication at the link layer and the network layer. This paper proposes a handover authentication scheme initiated by Mobile Node on FMIPv6 based mobile access networks. The main idea of the paper is to generate a session key at the mobile node side, and transfer it to the next Access Router through the authentication server. Also, the scheme has a hierarchical key management at access router. There are two advantages of the scheme. First, the generated session key can be utilized for protecting the binding update messages and also for access authentication. Second, hierarchical key management at the access router reduced the handover delay time. The security aspects on the against PFS, PBS, and DoS attack of proposed scheme are discussed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1427-1437
• /
• 2018

While biometric authentication system has been in general use, research is ongoing to apply biometric data to public key infrastructure. It is a significant task to generate a cryptographic key from biometrics in setting up a public key of Bio-PKI. Methods for generating the key by quantization of feature vector can cause data loss and degrade the performance of key extraction. In this paper, we suggest a new method for generating a cryptographic key from classification results of biometric data using multiple classifying models. Our proposal does not cause data loss of feature vector so it showed better performance in key extraction. Also, it uses the multiple models to generate key blocks which produce sufficient length of the key.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.11-25
• /
• 2005

In MIPv6 environment, an important design consideration for public key based binding update protocols is to minimize asymmetric cryptographic operations in mobile nodes with constraint computational power, such as PDAs and cellular phones, For that, public key based protocols such as CAM-DH. SUCV and Deng-Zhou-Bao's approach provides an optimization to offload asymmetric cryptographic operations of a mobile node to its home agent. However, such protocols have some problems in providing the optimization. Especially, CAM-DH with this optimization does not unload all asymmetric cryptographic operations from the mobile node, while resulting in the home agent's vulnerability to denial of service attacks. In this paper, we improve the drawbacks of CAM-DH. Furthermore, we adopt Aura's two hash-based CGA scheme to increase the cost of brute-force attacks searching for hash collisions in the CGA method. The comparison of our protocol with other public key based protocols shows that our protocol can minimize the MN's computation overhead, in addition to providing better manageability and stronger security than other protocols.

• Journal of Internet Computing and Services
• /
• v.9 no.1
• /
• pp.1-8
• /
• 2008

IETF has proposed Fast Handovers for Mobile IPv6 (FMIPv6) for efficient mobility management, FMIPv6 has no solutions to protect binding updates. Previous researches have mainly concentrated on using AAA, public cerificates or cryptographic algorithms to secure binding updates. However the approaches need a particular infrastructure or a heavy processing cost to setup secure associations for handovers. Proposed scheem provides authentication for FMIPv6 without infrasturcture and costly cryptographic algorithms by extending Return Routability Protocol. Also proposed scheme is oble to be used for various existing handover mechanisms in IPv6 network.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.4B
• /
• pp.191-199
• /
• 2007

Mobile node has to register its current location to Home Agent when it moves to another network while away from home. However, the registration procedure cannot be completed successfully when Home Agent is protected by the VPN gateway which guards MN's home network and discards the unauthorized packets incoming from outside as a lack of security association(SA) between the Care-of address and security policy of the home network so that the binding registration message without SA is discarded smoothly by the VPN gateway. This paper presents the authentication and key exchange scheme using the AAA infrastructure for a user in Internet to access the home network behind the VPN gateway. By defining the role of authentication and tunnel processing for each agent or relay entity, this paper presents the procedure to register the current location to its Home Agent with secure manner. Performance result shows cost improvement up to 40% comparing with existing scheme in terms of the packet loss cost, the property of mobility and traffic.

• Korean Security Journal
• /
• no.44
• /
• pp.7-35
• /
• 2015

The objective of this article is to inform and document the contemporary development of the private security industry in Queensland Australia, a premier holiday destination that provide entertainment for the larger region. The purpose of this review is to examine the comtemporary development of mandated licensing regimes regulating the industry, and the necessary reform agenda. The overall aim is threefold: first, to chart the main outcomes of the two-wave of reforms since the mid-'90s; second, to examine the effectiveness of changes in modes of regulation; and third, to identify the criteria that can be considered a best practice based on Button(2012) and Prenzler and Sarre's(2014) criteria. The survey of the Queensland regulatory regime has demonstrated that, despite the federal-guided reforms, there remain key areas where further initiatives remain pending, markedly case-by-case utilisation of more proactive strategies such as on-site alcohol/drug testing, psychological evaluations, and checks on close associates; lack of binding training arrangement for technical services providers; and targeted auditing of licensed premises and the vicinity of venues by the Office of Fair Trading, a licensing authority. The study has highlighted the need for more determined responses and active engagements in these priority areas. This study of the development of the licensing regimes in Queensland Australia provides useful insights for other jurisdictions including South Korea on how to better manage licensing system, including the measures required to assure an adequate level of professional competence in the industry. It should be noted that implementing a consistency in delivery mode and assessment in training was the strategic imperative for the Australian authority to intervene in the industry as part of stimulating police-private partnerships. Of particular note, competency elements have conventionally been given a low priority in South Korea, as exemplified through the lack of government-sponsored certificate; this is an area South Korean policymakers must assume an active role in implementing accredited scheme, via consulting transnational templates, including Australian qualifications framework.