• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.3
• /
• pp.654-660
• /
• 2004

In this paper, we define that pervasive home network, which provides necessary services for user properties and removes distractions to improve the quality of human life. So, user can enjoy home network technology including devices and softwares at any place with no knowledge of networked home, devices, and softwares. In this home network, a mobile agent, called LAFA, can migrate to unfamiliar home network and control the necessary devices. For this environment, we design security management module for authenticating user and home server that access some other home networks, and for protecting text, multimedia data, and mobile agent that are transferred between home networks. The security management module is composed of a key exchange management module and an access control management module, for key exchange management module, we propose a key exchange protocol, which provides multimode of authentication mode and key exchange mode. One of these two modes is selected according to the data type.

• Journal of Convergence for Information Technology
• /
• v.9 no.3
• /
• pp.22-29
• /
• 2019

Due to the development of ICT technology, convergence reality contents are utilized as technology for providing services in various industrial fields by visualizing various information such as sensor information and shared information in a service platform showing only simple three-dimensional contents. Research is underway to reduce the weight of applications by transmitting the resources of the object to be enhanced to the network as the information and the contents to be provided increase. In order to provide resources through the network, servers for processing various information such as pattern information, content information, and sensor information must be constructed in a cloud environment. However, in order to authenticate data transmitted and received in real-time in a cloud environment, there is a problem in that the processing is delayed and a delay phenomenon occurs in the rendering process and QoS is lowered. In this paper, we propose a system to distribute cloud server which provides augmented contents of convergent reality service that provides various contents such as sensor information and three - dimensional model, and shorten the processing time of reliable data through distributed relay between servers Respectively.

• Proceedings of the KAIS Fall Conference
• /
• 2007.05a
• /
• pp.203-207
• /
• 2007

NEMO 기본 지원 (NEMO-BS, NEMO Basic Support) 프로토콜에서 MNN(Mobile Network Node)가 CN(Correspondent Node) 과 통신을 하기 위해서는 항상 MR(Mobile Router)과 HA(Home Agent) 사이의 양방향 터널을 이용해야 한다. 그러나 NEMO-BS 방식은 노드 간 데이터 전송 지연과 부분 구간에 대한 공격 가능성이 존재한다. 따라서 본 논문에서는 NEMO를 위한 인증된 경로 최적화(ATRO) 프로토콜을 제안한다. MR은 홈 링크로부터 멀어졌다고 판단되면 MNN으로부터 위임 권한을 얻기 위해 권한 위임 프로토콜을 수행한다. 그런 후에 MR과 CN은 공개키 암호 방식을 이용하여 자신의 의탁주소(CoA, Care-of Address)를 MNN의 홈 주소(HoA, Home-of Address)와 매핑하기 위한 등록 과정을 수행한다. 이때 각 노드의 주소 소유권 증명을 위해 암호학적으로 생성한 주소(CGA, Cryptographically Generated Address)를 이용한다. 성능분석에서는 구간별 안전성과 종단간 패킷 전송 지연 시간을 통해 프로토콜을 분석한다.

• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.236-244
• /
• 2022

Network Mobility Basic Support (NEMO BS) protocol has been accredited and approved by Internet Engineering Task Force (IETF) working group for mobility of sub-networks. Trains, aircrafts and buses are three examples of typical applications for this protocol. The NEMO BS protocol was designed to offer Internet access for a group of passengers in a roaming vehicle in an adequate fashion. Furthermore, in NEMO BS protocol, specific gateways referred to Mobile Routers (MRs) are responsible for carrying out the mobility management operations. Unfortunately, the main limitations of this basic solution are pinball suboptimal routing, excessive signaling cost, scalability, packet delivery overhead and handoff latency. In order to tackle shortcomings of triangular routing and Quality of Service (QoS) deterioration, the proposed scheme (Diff-FH NEMO) has previously evolved for end-users in moving network. In this sense, the article focuses on an exhaustive analytic evaluation at Home Agent (HA) entity of the proposed solutions. An investigation has been conducted on the signaling costs to assess the performance of the proposed scheme (Diff-FH NEMO) in comparison with the standard NEMO BS protocol and MIPv6 based Route Optimization (MIRON) scheme. The obtained results demonstrate that, the proposed scheme (Diff-FH NEMO) significantly improves the signaling cost at the HA entity in terms of the subnet residence time, number of mobile nodes, the number of DMRs, the number of LFNs and the number of CNs.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.619-622
• /
• 2006

RFID(Radio Frequency IDentification) 기술은 리더(reader)가 RF 신호를 사용하여 물품에 부착된 전자 태그(tag)를 식별하는 비접촉 자동인식 기술이다. 그런데 여기에는 RFID 사용자의 프라이버시 보호라는 큰 문제가 존재한다. 이 문제를 해결하기 위하여 현재까지 제안되었던 보안 기법들은 태그와 리더 사이에 암호학적 기법에 중점을 두었다. 하지만, 본 논문에서는 복잡한 암호학적 기법이 아닌 개인 모바일 기기(mobile device)를 제안한다. 이것은 보호되고 있는 태그를 리더가 읽으려 할 때 태그 인식 과정에 관여하여 정당한 리더만이 태그들을 읽을 수 있도록 한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.267-271
• /
• 2003

IETF mobileip WG에서 MN(Mobile Node)의 위치를 나타내는‘바인딩정보’를 안전하게 CN(Correspond Node)에게 송신하여 최적경로를 설정하는 RR(Return Routability)프로토콜을 드래프트 문서로 제안하고 있다［1］. 하지만 이 프로토콜은 최적경로설정이 MN에 의해 시작됨에 따라 최적경로설정 지연에 따른 최적경로설정 확률의 저하와 불필요한 메시지 교환에 따른 통신부담을 문제점으로 지적할 수 있다. 본 논문에서는 상기와 같은 문제점 해결방안으로 HA(Home Agent)가 CN으로부터 첫번째 패킷을 수신했을 때 최적경로설정을 시작하도록 개선된 RR프로토콜을 제안하였다. 이를 통해서 최적경로 설정에 소용되는 시간을 단축하고 교환되는 메시지 수를 감소시켜 통신부담 경감효과를 얻을 수 있다. 이럼에도 불구하고 기존의 RR프로토콜과 동일한 보안수준을 제공한다.

• Journal of Internet Computing and Services
• /
• v.14 no.5
• /
• pp.11-26
• /
• 2013

In the wireless Internet, it is so restrictive to use the IPSec. The MIPv4 IPSec's path cannot include wireless links. That is, the IPSec of the wireless Internet cannot protect an entire path of Host-to-Host connection. Also wireless circumstance keeps a path static during the shorter time, nevertheless, the IKE for IPSec SA agreement requires relatively long delay. The certificate management of IPSec PKI security needs too much burden. This means that IPSec of the wireless Internet is so disadvantageous. Our paper is to construct the Mobile IPSec proper to the wireless Internet which provides the host-to-host transport mode service to protect even wireless links as applying excellent WP-IBE scheme. For this, Mobile IPSec requires a dynamic routing over a path with wireless links. FA Forwarding is a routing method for FA to extend the path to a newly formed wireless link. The FA IPSec SA for FA Forwarding is updated to comply the dynamically extended path using Source Routing based Bind Update. To improve the performance of IPSec, we apply efficient and strong future Identity based Weil Pairing Bilinear Elliptic Curve Cryptography called as WP-IBE scheme. Our paper proposes the modified protocols to apply 6 security-related algorithms of WP-IBE into the Mobile IPSec. Particularly we focus on the protocols to be applied to construct ESP Datagram.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.160-161
• /
• 2013

Extending mobile IP to ad hoc networks with the foreign agent acting as the bridge between the wired network and ad hoc networks can provide the global Internet connectivity for ad hoc hosts. The existing research in the area of the integrated wired and ad hoc network is carried out in a non-adversarial setting. This paper analysed an effective solution to solve the security related problems encountered in these integrated networks. This security protocol also excludes malicious nodes from performing the ad hoc network routing. This paper focuses on preventing ad hoc hosts from the attacks of anti-integrity.

• Journal of KIISE:Information Networking
• /
• v.34 no.1
• /
• pp.62-72
• /
• 2007

Mobile Virtual Private Network (MVPN) provides VPN services without geographical restriction to mobile workers using mobile devices. Coexistence of Mobile IP (MIP) protocol for mobility and IPsec-based VPN technology are necessary in order to provide continuous VPN service to mobile users. However, Problems like registration failure or frequent IPsec tunnel re-negotiation occur when IPsec-based VPN Gateway (GW) and MIP are used together. In order to solve these problems, IETF proposes a mechanism which uses external home agent (x-HA) located external to the corporate VPN GW. In addition, based on the IETF proposal, a mechanism that assigns x-HA dynamically in the networks where MN is currently located was also proposed with the purpose to reduce handover latency as well as end-to-end delay. However, this mechanism has problems such as exposure of a session key for dynamic Mobility Security Association (MSA) or a long latency in case of the handover between different networks. In this paper, we propose a new MVPN protocol in order to minimize handover latency, enhance the security in key exchange, and to reduce data losses cause by handover. Through a course of simulation, the performance of proposed protocol is compared with the existing mechanism.

• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.605-612
• /
• 2004

In MIPv6, unauthenticated binding updates expose the involved MN and CN to various security attacks. Thus, protecting the binding update process becomes of paramount importance in the MIPv6, and several secure binding update protocols have been proposed. In this paper, we pro-pose a novel protocol for the secure binding updates in MIPv6, which can resolve the drawbacks of the Deng-Zhou-Bao's protocol ［2］, by adopt-ing Aura's CGA scheme with two hashes ［9］. Aura's scheme enables our protocol to achieve stronger security than other CGA-based protocols without a trusted CA, resulting in less cost of verifying the HA's public key than the Deng-Zhou-Bao's protocol. Through the comparison of our protocol with other protocols such as the Deng-Zhou-Bao's protocol, CAM-DH and SUCV, we show that our protocol can provide better performance and manageability in addition to stronger security than other approaches.