• Journal of Internet Computing and Services
• /
• v.8 no.6
• /
• pp.21-28
• /
• 2007

Hierarchical Mobile IPv6 improves performance of Mobile IPv6 by managing Binding Update in terms of location, With improved handover delay, realization of delay-sensitive services (e,g, VoIP or video streaming) has become more persuadable, Comparing with Mobile IPv6, however, Hierarchical Mobile IPv6 brings security threats related to Local Binding Update to mobile network, In the RFC 4140, specific methods to authenticate Local Binding Update message are not explicitly presented. It is essential that design secure architecture to address problems related to authenticating Local Binding Update, Many secure suggestions for Local Binding Update, however, concentrate on infrastructure-based solutions such as AAA PKI. These approaches may cause scalability problem when the suggested solutions are applied to real network. Therefore we suggest authentication method that doesn't require infrastructure, In addition to authentication of Local Binding Update, our method also provides mobile node with power saving ability.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.8
• /
• pp.22-33
• /
• 2009

Mobile Ad Hoc Networks (MANETs) are self-organized networks that do not rely in their operation on wired infrastructure. As in any networking technology, security is an essential element in MANET as well, for proliferation of this type of networks. But supporting secure communication in MANETs proved to be a significant challenge, mainly due to the fact that the set of nodes in the network can change frequently and rapidly and due to the lack of access to the wired infrastructure. In particular, the trust model and the authentication protocols, which were developed for wired and infrastructure-based networks, cannot be used in MANETs. In [1], we addressed the problem of efficient authentication of distributed mobile users in geographically large networks and proposed a new authentication scheme for this case of MANETs. The proposed scheme exploits randomized groups to efficiently share authentication information among nodes that together implement the function of a distributive Certification Authority(CA). In this paper, we analyze numerically the performance of authentication method using randomized groups and compare with the simulation result.

• Journal of Internet Computing and Services
• /
• v.12 no.4
• /
• pp.15-26
• /
• 2011

As quick and secure mobility service is becoming a critical issue in the ubiquitous environment. Internet Engineering Task Force (IETF) has done a lot of meaningful work in order to cope with the critical issues, which is a key technology of guaranteeing the legally and safely using of network resources, they has proposed Hierarchical Mobile IPv6 (HMIPv6) to complement for such problems as handover latency and signaling overhead in existing MIPv6. Most of the current research about HMIPv6 focuses on how to optimize the interactive processes between the HMIPv6 and AAA (Authentication, Authorization, Accounting) protocol. This paper describes a cost-effective hierarchical authentication scheme, which makes its focus on minimizing the authentication latency in AAA processing. In this scheme, a hierarchical AAA architecture is proposed, in which the AAA servers are deployed on the Mobility Anchor Point (MAP), the Root AAA server manages several Leaf AAA servers and the Brokers on behalf of the AAA server in home domain. The simulation results shows that the proposed scheme reduces the handoff and authentication latency evidently compared to the previous traditional authentication combination modeling.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.12
• /
• pp.5049-5057
• /
• 2010

As communication technologies are developed and variety of services to mobile devices are provided, mobile users is rapidly increasing every year. However, mobile services running on wireless network environment are exposed to various security threats, such as illegal tampering, eavesdropping, and disguising identity. Accordingly, the secure mobile communications services to 3GPP were established that the standard for 3GPP-AKA specified authentication and key agreement. But in the standard, sequence number synchronization problem using false base station attack and privacy problem were discovered through related researches. In this paper, we propose an efficient authentication mechanism for enhanced privacy protection in the 3G network. We solve the sequence number synchronization existing 3GPP authentication scheme using timestamp and strengthen a privacy problem using secret token. In addition, the proposed scheme can improve the bandwidth consumption between serving network and home network and the problem of authentication data overhead for the serving network because it uses only one authentication vector.

• The KIPS Transactions:PartC
• /
• v.16C no.2
• /
• pp.165-182
• /
• 2009

Mobile IPv6 spends considerable bandwidth considering that its signal volume is proportional to the mobile and also it should be strengthened to support the binding signal volume, the traffic, and effective mobility. So, the study in NEMO(Network Mobility), an extended version of Mobile IPv6, has been conducted. NEMO provides its mobility by putting several mobiles and more than one portable router into one unit called as mobile network. Because nodes access Internet via the portable router at this time, it receives transparency without any additional work and that much reduces binding signal while solving binding storm. By supporting mobility, NEMO is able to have various mobile structures which realize several networks hierarchically and it is necessary to improve its safety and security by authenticating among the upper networks or the lower ones while moving. Also, it is extremely required to begin a study in the device to improve efficiency accompanied with mobility, which is executed by the fast hand-off as well as the safe authentication. For those reasons, this paper not only classifies various NEMO mobile scenarios into 7 ways, but also provides AAA authentication of each scenario, the authentication through the safety authentication and fast handoff authentication using F+HMIPv6 and the way to reduce both signaling volume and packet delays efficiently during the handoff.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.169-179
• /
• 2013

Recently, with rapid advances of mobile devices such as smart phone and wireless networking, a number of services using mobile device based wireless network have been explosively increasing. From the viewpoint of security, because wireless network is more vulnerable than wired network, strong security is required in wireless network. On the contrary, the security for mobile devices has to be efficient due to the restrictions of battery powered mobile device such as low computation, low memory space and high communication cost. Therefore, in this paper, we propose an efficient authentication scheme with mobile devices in wireless network environment. The proposed scheme satisfies security requirements for the service using mobile device and it is suitable in wireless network environment.

• ETRI Journal
• /
• v.39 no.1
• /
• pp.135-144
• /
• 2017

Recently, mobile phones have been recognized as the most convenient type of mobile payment device. However, they have some security problems; therefore, mobile devices cannot be used for unauthorized transactions using anonymous data by unauthenticated users in a cloud environment. This paper suggests a mobile payment system that uses a certificate mode in which a user receives a paperless receipt of a product purchase in a cloud environment. To address mobile payment system security, we propose the transaction certificate mode (TCM), which supports mutual authentication and key management for transaction parties. TCM provides a software token, the transaction certificate token (TCT), which interacts with a cloud self-proxy server (CSPS). The CSPS shares key management with the TCT and provides simple data authentication without complex encryption. The proposed self-creating protocol supports TCM, which can interactively communicate with the transaction parties without accessing a user's personal information. Therefore, the system can support verification for anonymous data and transaction parties and provides user-based mobile payments with a paperless receipt.

• Journal of information and communication convergence engineering
• /
• v.8 no.4
• /
• pp.427-432
• /
• 2010

The fast-emerging of cloud computing technology today has sufficiently benefited its wide range of users from individuals to large organizations. It carries an attractive characteristic by renting myriad virtual storages, computing resources and platform for users to manipulate their data or utilize the processing resources conveniently over Internet without the need to know the exact underlying infrastructure which is resided remotely at cloud servers. However due to the loss of direct control over the systems/applications, users are concerned about the risks of cloud services if it is truly secured. In the literature, there are cases where attackers masquerade as cloud users, illegally access to their accounts, by stealing the static login password or breaking the poor authentication gate. In this paper, we propose a two-factor authentication framework to enforce cloud services' authentication process, which are Public Key Infrastructure (PKI) authentication and mobile out-of-band (OOB) authentication. We discuss the framework's security analysis in later session and conclude that it is robust to phishing and replay attacks, prohibiting fraud users from accessing to the cloud services.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.8
• /
• pp.4076-4092
• /
• 2019

Nowadays, most users access internet through mobile applications. The common way to authenticate users through websites forms is using passwords; while they are efficient procedures, they are subject to guessed or forgotten and many other problems. Additional multi modal authentication procedures are needed to improve the security. Behavioral authentication is a way to authenticate people based on their typing behavior. It is used as a second factor authentication technique beside the passwords that will strength the authentication effectively. Keystroke dynamic rhythm is one of these behavioral authentication methods. Keystroke dynamics relies on a combination of features that are extracted and processed from typing behavior of users on the touched screen and smart mobile users. This Research presents a novel analysis in the keystroke dynamic authentication field using two features categories: timing and no timing combined features. The proposed model achieved lower error rate of false acceptance rate with 0.1%, false rejection rate with 0.8%, and equal error rate with 0.45%. A comparison in the performance measures is also given for multiple datasets collected in purpose to this research.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.2B
• /
• pp.162-169
• /
• 2009

Message Authentication Code (MAC) assures integrity of messages. In Mobile WiMAX, 128-bit Cipher-based MAC (CMAC) is calculated for management messages but only the least significant half is actually used truncating the most significant 64 bits. Naming these unused most significant 64bits Shared Authentication Information (SAI), we suggest that SAI can be applied to protect the network from DDoS attack which exploits idle mode vulnerabilities. Since SAI is the unused half of CMAC, it is as secure as 64bits of CMAC and no additional calculations are needed to obtain it. Moreover, SAI doesn't have to be exchanged through air interface and shared only among MS, BS, and ASN Gateway. With these good properties, SAI can efficiently reduce the overheads of BS and ASN GW under the DDoS attack.