• Smart Media Journal
• /
• v.9 no.3
• /
• pp.71-79
• /
• 2020

Mobile network is used by many users worldwide for diverse services, including phone-call, messaging and data transfer over the Internet. However, this network may experience massive damage if it is exposed to cyber-attacks or denial-of-service attacks via wireless communication interference. Because the mobile network is also used as an emergency network in cases of disaster, evaluation or verification for security and safety is necessary as an important nation-wide asset. However, it is not easy to analyze the mobile core network because it's built and serviced by private service providers, exclusively operated, and there is even no separate network for testing. Thus, in this paper, a virtual mobile network is built using OpenAirInterface, which is implemented based on 3GPP standards and provided as an open source software, and the structure and protocols of the core network are analyzed. In particular, the S1AP protocol messages captured on S1-MME, the interface between the base station eNodeB and the mobility manager MME, are analyzed to identify potential security threats by evaluating the effect of the messages sent from the user terminal UE to the mobile core network.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.3C
• /
• pp.426-435
• /
• 2004

The DIAMETER protocol provides Authentication, Authorization, and Accounting (AAA) transactions across the Internet. SIP(Session Initiation Protocol) will be used for new types of signaling, such as instant messaging and application level mobility across networks. And SIP will be a major signaling protocol for next generation wireless networks. But the Digest authentication scheme is not using a secure method of user authentication in SIP, and it is vulnerable to man-in-the-middle attacks or dictionary attacks. This study focused on designing a SIP proxy for interworking with AAA server with respect to user authentication and security analysis. We compared and analyzed the security aspects of the scenarios and propose two proposals that a response which include the user address and password-based mutual authentication and key agreement protocol. It is claimed to be more secure against common attacks than current scenarios.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.5 s.43
• /
• pp.241-250
• /
• 2006

Regarding a spam attack and the interception that a spinoff is largest among weakness of VoIP service at these papers study. Write scenario of a spam attack regarding VoIP service, and execute Call spam, Instant Messaging spam, Presence spam attack. A spam attack is succeeded in laboratories, and prove, and confirm damage fact of a user in proposals of a spam interception way of VoIP service, 1) INVITE Request Flood Attack 2) Black/White list, 3) Traceback, 4) Black Hole-Sink Hole, 5) Content Filtering, 6) Consent based Communication, 7) Call act pattern investigation, 8) Reputation System Propose, and prove. Test each interception plan proposed in VoIP networks, and confirm security level of a spam interception. Information protection of VoIP service is enlarged at WiBro, BcN, and to realize Ubiquitous Security through result of research of this paper contribute, and may make.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.301-311
• /
• 2021

The technological advancements of the last two decades directed the era of the Internet of Things (IoT). IoT enables billions of devices to connect through the internet and share their information and resources on a global level. These devices can be anything, from smartphones to embedded sensors. The main purpose of IoT is to make devices capable of achieving the desired goal with minimal to no human intervention. Although it hascome as a social and economic blessing, it still brought forward many security risks. This paper focuses on providing a survey of the most commonly used application layer protocols in the IoT domain, namely, Constrained Application Protocol (CoAP), Message Queuing Telemetry Transport (MQTT), Advanced Message Queuing Protocol (AMQP), and Extensible Messaging and Presence Protocol (XMPP). MQTT, AMQP, and XMPP use TCP for device-to-device communication, while CoAP utilizes UDP to achieve this purpose. MQTT and AMQP are based on a publish/subscribe model, CoAP uses the request/reply model for its structuring. In addition to this, the quality of service provision of MQTT, AMQP, and CoAP is not very high, especially when the deliverance of messages is concerned. The selection of protocols for each application is very a tedious task.This survey discusses the architectures, advantages, disadvantages, and applications of each of these protocols. The main contribution of this work is to describe each of the aforementioned application protocols in detail as well as providing their thorough comparative analysis. This survey will be helpful to the developers in selecting the protocol ideal for their system and/or application.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.5
• /
• pp.1163-1172
• /
• 2015

In this paper, an MQTT based protocol is designed and implemented for control, management and monitoring of HVAC in a cloud platform in real time. The MQTT protocol is a two-way messaging protocol, and has the generality, flexibility, light weighted, quickness with reliability and security. In the implemented system, performance and reliability of the communication protocol is considered for data acquisition and control between the CCU and the cloud server. Control and monitoring for the cloud server is performed in real time in conjunction with CCU and the MQTT server.

• International Journal of Contents
• /
• v.16 no.1
• /
• pp.75-86
• /
• 2020

As the elderly population is becoming an aging society, the elderly are experiencing many problems. Social security costs for the elderly are increasing and the un-linked social phenomenon is emerging. Thus, the social infrastructure and welfare system established in the past economic growth period are in danger of not functioning properly. People socially isolated or with chronic diseases among the elderly are exposed to various accidents. Thus, an active healthcare management service is imperative. Additionally, in the event of a dangerous situation, the system must have ways to notify guardians (family or medical personnel) regarding appropriate action. Thus, in this paper, we propose the smartphone-based healthcare and emergency response service platform. The proposed service platform aggregates movement of relevant data in real-time using a smartphone. Based on aggregated data, it will always recognize the user's movements and current state using the human motion recognition mechanism. Thus, the proposed service platform provides real-time status monitoring, activity reports, a health calendar, location-based hospital information, emergency situation detection, and cloud messaging server-based efficient notification to several subscribers such as family, guardians, and medical personnel. Through this service, users or guardians can augment the level of care for the elderly through the reports. Also, if an emergency situation is detected, the system immediately informs guardians so as to minimize the risk through immediate response.

• Archives of Plastic Surgery
• /
• v.48 no.3
• /
• pp.295-304
• /
• 2021

Clinical photography is an essential component of patient care in plastic surgery. The use of unsecured smartphone cameras, digital cameras, social media, instant messaging, and commercially available cloud-based storage devices threatens patients' data safety. This paper Identifies potential risks of clinical photography and heightens awareness of safe clinical photography. Specifically, we evaluated existing risk-mitigation strategies globally, comparing them to industry standards in similar settings, and formulated a framework for developing a risk-mitigation plan for avoiding data breaches by identifying the safest methods of picture taking, transfer to storage, retrieval, and use, both within and outside the organization. Since threats evolve constantly, the framework must evolve too. Based on a literature search of both PubMed and the web (via Google) with key phrases and child terms (for PubMed), the risks and consequences of data breaches in individual processes in clinical photography are identified. Current clinical-photography practices are described. Lastly, we evaluate current risk mitigation strategies for clinical photography by examining guidelines from professional organizations, governmental agencies, and non-healthcare industries. Combining lessons learned from the steps above into a comprehensive framework that could contribute to national/international guidelines on safe clinical photography, we provide recommendations for best practice guidelines. It is imperative that best practice guidelines for the simple, safe, and secure capture, transfer, storage, and retrieval of clinical photographs be co-developed through cooperative efforts between providers, hospital administrators, clinical informaticians, IT governance structures, and national professional organizations. This would significantly safeguard patient data security and provide the privacy that patients deserve and expect.

• Journal of Digital Convergence
• /
• v.18 no.5
• /
• pp.249-256
• /
• 2020

The session initiation protocol (SIP) is a signaling protocol, which is used to controlling communication session creation, manage and finish over Internet protocol. Based on it, we can implement various services like voice based electronic commerce or instant messaging. Recently, Qiu et al. proposed an enhanced password authentication scheme for SIP. However, this paper withdraws that Qiu et al.'s scheme is weak against the off-line password guessing attack and has denial of service problem. Addition to this, we propose an improved password authentication scheme as a remedy scheme of Qiu et al.'s scheme. For this, the proposed scheme does not use server's verifier and is based on elliptic curve cryptography. Security validation is provided based on a formal validation tool ProVerif. Security analysis shows that the improved authentication scheme is strong against various attacks over SIP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.173-186
• /
• 2003

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive dating. Proactive tracing(such as packet marking and messaging) prepares information for tracing when packets are in transit. Reactive tracing starts tracing after an attack is detected. In this paper, we propose a 'advanced ICW Traceback' mechanism, which is based on the modified pushback system with secure router mechanism. Proposed mechanism can detect and control DDoS traffic on router and can generate ICMP Traceback message for reconstructing origin attack source, by which we can diminish network overload and enhance Traceback performance.

• International Journal of Computer Science & Network Security
• /
• v.23 no.11
• /
• pp.59-66
• /
• 2023

Text mining (TM) is most widely used to find patterns from various text documents. Cyber-bullying is the term that is used to abuse a person online or offline platform. Nowadays cyber-bullying becomes more dangerous to people who are using social networking sites (SNS). Cyber-bullying is of many types such as text messaging, morphed images, morphed videos, etc. It is a very difficult task to prevent this type of abuse of the person in online SNS. Finding accurate text mining patterns gives better results in detecting cyber-bullying on any platform. Cyber-bullying is developed with the online SNS to send defamatory statements or orally bully other persons or by using the online platform to abuse in front of SNS users. Deep Learning (DL) is one of the significant domains which are used to extract and learn the quality features dynamically from the low-level text inclusions. In this scenario, Convolutional neural networks (CNN) are used for training the text data, images, and videos. CNN is a very powerful approach to training on these types of data and achieved better text classification. In this paper, an Ensemble model is introduced with the integration of Term Frequency (TF)-Inverse document frequency (IDF) and Deep Neural Network (DNN) with advanced feature-extracting techniques to classify the bullying text, images, and videos. The proposed approach also focused on reducing the training time and memory usage which helps the classification improvement.