• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.1
• /
• pp.136-141
• /
• 2006

The IEEE 802.1x can be using various user authentication mechanisms: One-Time Password, Certificate-Based TLS, Challenge/Response and Keberos through EAP(Extended Authentication Protocol). But, IEEE 802.1x also has vulnerabilities about the DoS, the session hijacking and the Man in the Middle attack due to the absence of AP authentication. In this paper, we propose a WLAN secure system which can offer a safety secure communication and a user authentications by intensified the vulnerability of spoofing and DoS attacks. The suppose system offers a safe secure communication because it offers sending message of integrity service and also it prevents DoS attack at authentication initial phase.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.11
• /
• pp.2204-2220
• /
• 2011

Without providing a proper security measure to the handover procedure in Mobile WiMAX, several security attacks can be mounted. Even though security schemes have been previously proposed for this purpose, they are still vulnerable to several security attacks due to fatal design flaws. A newly proposed security scheme in this paper is based on the framework of authentication domain and concept of handover ticket. A method of establishing security associations within the authentication domain is proposed, and a lightweight security measure to protect the management messages associated with the handover is also proposed. Especially, using the handover ticket, the new security scheme can defend against a Redirection Attack arising from a compromised base station. The new security scheme is comparatively analyzed with the previous security schemes in terms of Replay, Session Hijacking, Man-In-The-Middle, and Redirection attacks.

• Journal of IKEEE
• /
• v.20 no.3
• /
• pp.291-294
• /
• 2016

A new optical one-time pattern password(OTPT) mutual authentication method is proposed, which presents a two-factor authentication by 2-step phase-shifting digital holography and performs a two-way authentication by a challenge-response handshake of the optical OTPT in both directions. Because a client and a server use OTPT once as a random number and encrypt it for mutual authentication, it protects against a replay or a man-in-the middle attack and results in higher security level.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.3C
• /
• pp.133-139
• /
• 2011

Nowadays, it is considered as an important task to protect digital contents from illegal use and reproduction. In many cases, there are secure servers to authenticate the allowed users and the user authentication process is performed by communication between the servers and users. However, if the number of users and contents are increased, the servers should treat a large amount of authentication loads and the authentication cost will be considerably increased. Moreover, this scheme is not adequate for some players in which only a limited function of communication is deployed. In order to solve this problem, this paper proposes an authentication method which can certificate both the digital contents and players, and prevent illegal reproduction without the certification server. The proposed scheme is secure in the replay attack, the man in the middle attack, and data substitution attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.103-109
• /
• 2008

Many Internet application provide the PKI(public key infrastructure)-based service to provide authentication and message integrity. Several researchers proposed PKI-based p2p network framework. However, in the real world, the use of PKI is not suitable for peer to peer network, because the peer-to-peer network is an open and dynamic network. Moreover, currently there is no nation-to-nation interoperable certificate. In this paper, we designed reliable p2p file sharing application without public key infrastructure. To do this we propose reliable public key distribution mechanism to distribute public key safely without PKI infrastructure for two-tier super-peer architecture. In our system, each peer generates and distributes its public/private key pairs, and the public key is securely distributed without PKI. The proposed mechanism is safe against MITM attack. This mechanism can be applied various P2P applications such as file sharing, IPTV, distributed resource sharing and so on

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2021.01a
• /
• pp.79-80
• /
• 2021

본 논문은 MITM 공격기법을 역이용한 네트워크 보안 기술 및 구현 방안을 제시한다. MITM(Man In The Middle) 공격은 통신 경로 중간에 개입하여 양 단간의 통신 내용을 가로채거나 행위 제어를 수행하는 전통적인 해킹 방법으로 그 공격 기법을 역이용하여 네트워크 공격을 방어하는 보안기술 및 시스템 구현에 대해 기술한다. Linux 시스템을 이용하여 ARP Poisoning을 통해 양단간 통신 트래픽에 개입하며, Netfilter 및 Suricata를 이용하여 Network IDS/IPS 및 Firewall을 구현하였고, Contents 필터링 및 Anti-Virus 구현이 가능하며, 여러 기능을 확장하여 UTM(Unified Threats Management) 시스템을 구현하였다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.7C
• /
• pp.1015-1023
• /
• 2004

In order to protect an exchanged data, it is indispensable to establish a peer-to-peer key between the two communicating nodes. Pre-distributing keys among the nodes is unrealistic in Ad-Hoc network environment because of the dynamic nature of its network topology and the equal authority of its nodes. This paper presents a peer-to-peer key establishment scheme without pre-distributing keys in Ad-Hoc networks. The proposed scheme is based on the Diffie-Hellman key exchange protocol. Main idea is to prevent the falsification of Diffe-Hellman values using some elements of a hash chain. As a result, it is as safe as the underlying hash function against a man-in-the-middle attack. Simulation results have shown that the proposed scheme dramatically reduces the number of messages, and has relatively higher scalability, as compared with the key pre-distribution based scheme.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.01a
• /
• pp.97-100
• /
• 2023

차량 인터넷은 목적지까지 스스로 주행하는 자율 주행 자동차의 최적 경로 설정을 도와주는 차세대 네트워크이다. 자율 주행 자동차의 원활한 자율 주행을 위해서는 도로 위 객체 인지뿐만 아니라 실시간 교통 정보가 수신되어야 한다. 공격자는 자동차로 전달되는 메시지를 탈취하여 내용을 변경하거나 메시지를 제거하는 중간자 공격을 시도할 수 있다. 중간자 공격을 탐지하기 위해 MARINE 기법이 제안되었지만, 주행하는 자동차가 적은 환경에서 중간자 공격을 탐지하기 어렵다. 제안 방법은 이러한 문제를 해결하기 위해 교통 정보 센터에 축적된 교통 정보를 이용하여 자동차에 전달되는 메시지를 분석하고 중간자 공격을 탐지하는 방법을 제안한다.

• Journal of Digital Convergence
• /
• v.12 no.4
• /
• pp.285-291
• /
• 2014

Recent, development of wireless communication devices are rapidly and these device being deployed to the user very fast. By this results, a wired network device and the new device such as wireless devices incorporate. Then a demand of new mesh network is rapidly growing. In this wired/wireless integrated network environment, the network is configured automatically, and a user or wireless communication devices must be provided for authentication services. But, these services do not in the real world. Therefore, in this paper, we propose that wired/wireless integrated network environment to automatically configure the network using OpenFlow and the authentication system using Kerberos method. Our proposed system to be able to provide authentication services, confidentiality, integrity services for user or wired/wireless communication devices. And it can be prvented as well to man-in-the-middle attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37C no.10
• /
• pp.949-964
• /
• 2012

Our PC have been under constant threat of malicious codes and viruses today. As many new ways of cyber attacks are being developed, such as zero-day-attack, nobody's PC is guaranteed to be safe from the attacks. In case where a user uses the existing verification protocol on a unsecured PC, the user's verification information may well be threatened by sniffing or man-in-the-middle attack. Especially, deadly attacks like memory hacking would give hard time for users to even recognize any symptom of virus infection. Therefore, this paper designs secured QR-Login user verification protocol for smart devices that are ready to communicate with QR-Code and proposes a way to keep critical data safe when using the internet. This way, user would be able to safeguard his/her critical data even when under attack by unknown attacks and safely carry out extremely sensitive task, like financial trading, on the device.