• Journal of the Korea Society of Computer and Information
• /
• v.17 no.9
• /
• pp.91-101
• /
• 2012

Key exchange protocols are essential for building a secure communication channel over an insecure open network. In particular, password-based key exchange protocols are designed to work when user authentication is done via the use of passwords. But, passwords are easy for human beings to remember, but are low entropy and thus are subject to dictionary attacks. Recently, Zhao and Gu proposed a new server-aided protocol for password-based key exchange. Zhao and Gu's protocol was claimed to be provably secure in a formal adversarial model which captures the notion of leakage of ephemeral secret keys. In this paper, we mount a replay attack on Zhao and Gu's protocol and thereby show that unlike the claim of provable security, the protocol is not secure against leakage of ephemeral secret keys. Our result implies that Zhao and Gu's proof of security for the protocol is invalid.

• The KIPS Transactions:PartC
• /
• v.14C no.1 s.111
• /
• pp.55-64
• /
• 2007

Behind the popularity of VoIP in these days, it may present significant security challenges in privacy and accounting. Authentication and message encryption are considered to be essential mechanisms in VoIP to be comparable to PSTN. SIP is responsible for setting up a secure call in VoIP. SIP employs TLS, DTLS or IPSec combined with TCP, UDP or SCTP as a security protocol in VoIP. These security mechanisms may introduce additional overheads into the SIP performance. However, this overhead has not been understood in detail by the community. In this paper we present the effect of the security protocol on the performance of SIP by comparing the call setup delays among security protocols. We implement a simulation of the various combinations of three security protocols and three transport layer protocols suggested for SIP. UDP with any combination of security protocols performs a lot better than the combination of TCP. TLS over SCTP may impose higher impact on the performance in average because TLS might have to open secure channels as the same number of streams in SCTP. The reasons for differences in the SIP performances are given.

• ETRI Journal
• /
• v.19 no.3
• /
• pp.98-115
• /
• 1997

The architecture of the CDMA mobile system (CMS) is developed based on three function groups - service resource, service control, and service management groups. In this paper, the CMS architecture is discussed from the point of view of implementing these functions. The variable length packets are used for transmission. The synchronization clock signals are derived form the GPS receiver. The open loop and closed loop techniques are used for the power control. The internationally accepted signaling and network protocols are employed. The call control for the primary services in designed to provide efficient mobile telecommunication services. The softer handoff is implemented in one card. The mobile assisted handoff and the network assisted handoff are employed in the soft and hard handoffs. The authentication is based on the secret data which includes random numbers. The management functions, which include the location management, resource management, cell boundary management and OAM management, are implemented to warrant the system efficiency, maximum capacity and high reliability. The architecture ensures that the CMS is flexible and expandable to provide subscribers with economic and efficient system configuration. The dynamic power control, adaptive channel allocation. and dynamic cell boundary management are recommended for future work.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2012.07a
• /
• pp.373-375
• /
• 2012

최근 다양하고 전문적인 웹 서비스와 어플리케이션들이 사용자를 위해 제공되고 있다. 이러한 서비스들은 보통 사용자의 인증을 거친 뒤 검증된 사용자에 한해 서비스를 제공하기 때문에 사용자는 매번 서비스별로 회원가입을 해야 하는 불편함을 겪고 있다. 이러한 불편함을 해결하기 위해 제 3의 서비스가 사용자의 보호된 데이터에 접근할 수 있도록 허가하는 OAuth 프로토콜이 등장하게 되었다. 본 논문에서는 OAuth 프로토콜의 동작과정과 문제점을 분석하고 피싱 공격 방어를 위한 확장된 프로토콜을 제안한다. 본 논문에서 제안하는 프로토콜은 기존의 OAuth 프로토콜에 인증 절차를 추가한 것이다.

• Journal of Communications and Networks
• /
• v.18 no.3
• /
• pp.460-475
• /
• 2016

The existing Proxy Mobile IPv6 suffers from a long handover latency which in turn causes significant packet loss that is unacceptable for seamless realtime services such as multimedia streaming. This paper proposes an OpenFlow-enabled proxy mobile IPv6 (OF-PMIPv6) in which the control of access gateways is centralized at an OpenFlow controller of a foreign network. The proposed OF-PMIPv6 separates the control path from the data path by performing the mobility control at the controller, whereas the data path remains direct between a mobile access gateway and a local mobility anchor in an IP tunnel form. A group of simple OpenFlow-enabled access gateways performs link-layer control and monitoring activities to support a comprehensive mobility of mobile nodes, and communicates with the controller through the standard OpenFlow protocol. The controller performs network-layer mobility control on behalf of mobile access gateways and communicates with the local mobility anchor in the Proxy Mobile IPv6 domain. Benefiting from the centralized view and information, the controller caches the authentication and configuration information and reuses it to significantly reduce the handover latency. An analytical analysis of the proposed OF-PMIPv6 reactive and proactive handover schemes shows 43% and 121% reduction in the handover latency, respectively, for highly utilized network. The results gathered from the OF-PMIPv6 testbed suggest similar performance improvements.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.6 no.2
• /
• pp.81-88
• /
• 2016

Machine-to-Machine (M2M) communication provides each component (machine) with access to Internet, evolving into the IoT technology. IoT is a trend where numbers of devices provide the communication service, using the Internet protocol. As spreading the concept of IoT(Internet of Things), various objects become home information sources. According to the wide spread of various devices, it is difficult to access data on the devices with unified manners. Under this environment, security is a critical element to create various types of application and service. In this paper propose the inter-device authentication and Centralized Remote Security Provisioning framework in Open M2M environment. The results of previous studies in this task is carried out by protecting it with the latest information on M2M / IoT and designed to provide the ultimate goal of future M2M / IoT optimized platform that can be integrated M2M / IoT service security and security model presents the information.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.1480-1484
• /
• 2003

This paper presents the design and development of network for housing estate security system. The system can cover up to 961 houses which can be up to 1,200 meters long transfer rate of 9,600 bps. This system uses checking and warning the abnormal situation. More over this system has ability to control switch on/off the electrical equipment in the house via AC line control system. The system consists of 4 parts. The first part is a security system of each house using MCS-51 microcontroller as a central processing unit scan 32 sensors and control 8 appliances and send alarm. The MCS-51 microcontroller received control signal via telephone used DTMF circuit. The second part is distributed two levels master/slave network implementing after RS-485 serial communication standard. The protocol its base on the OSI (Open Systems Interconnection) 7 layers protocol model design focus on speed, reliability and security of data that is transferred. The network security using encrypt by DES algorithm, message sequence, time stamp checking and authentication system when user to access and when connect new device to this system. Flow control in system is Poll/Select and Stop-and-Wait method. The third part is central server that using microcomputer which its main function are storing event data into database and can check history event. The final part is internet system which users can access their own homes via the Internet. This web service is based on a combination of SOAP, HTTP and TCP/IP protocols. Messages are exchanged using XML format [6]. In order to save the number of IP address, the system uses 1 IP address for the whole village in which all homes and appliance in this village are addressed using internal identification numbers. This proposed system gives the data transfer accuracy over 99.8% and maximum polling time is 1,120 ms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.23-35
• /
• 2009

Password-Authenticated Key Exchange (PAKE) Protocol is a useful tool for secure communication conducted over open networks without sharing a common secret key or assuming the existence of the public key infrastructure (PKI). It seems difficult to design efficient PAKE protocols using RSA, and thus many PAKE protocols are designed based on the Diffie-Hellman key exchange (DH-PAKE). Therefore it is important to design an efficient PAKE based on RSA function since the function is suitable for designing a PAKE protocol for imbalanced communication environment. In this paper, we propose a computationally-efficient key exchange protocol based on the RSA function that is suitable for low-power devices in imbalanced environment. Our protocol is more efficient than previous RSA-PAKE protocols, required theoretical computation and experiment time in the same environment. Our protocol can provide that it is more 84% efficiency key exchange than secure and the most efficient RSA-PAKE protocol CEPEK. We can improve the performance of our protocol by computing some costly operations in offline step. We prove the security of our protocol under firmly formalized security model in the random oracle model.

• International Journal of Computer Science & Network Security
• /
• v.24 no.3
• /
• pp.23-28
• /
• 2024

The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.

• Journal of the Korean Society for information Management
• /
• v.19 no.1
• /
• pp.23-46
• /
• 2002

With explosively increasing digital contents, library and Information center should have a new role between knowledge providers and knowledge users as information brokering organization. Electronic transaction system should be required for performing this brokering service since economic value is added to information and knowledge in information society. The developments and changes around library are keeping up with increasing building digital library and digitalizing printed sources. With the rapidly changing circumstances, the Internet is currently witnessing an explosive growth. By serving as a virtual information resource. the Internet can dramatically change the way business is conducted and Information is provided. However because of features o( the Internet like openness and information sharing, it has fundamental vulnerabilities in security issues. For Instance, disclosure of private information and line eavesdropping such as password, banking account, transaction data on network and so on are primary obstruction factors to activation of digital contents delivery on network. For high network security and authentication, this paper looks at smart card technologies and proposes multi-authentication protocol based on smart card on open network, implements and analyzes it.