• 한국산학기술학회:학술대회논문집
• /
• 한국산학기술학회 2009년도 춘계학술발표논문집
• /
• pp.421-424
• /
• 2009

SCADA control systems and protocols are developed based on reliability, availability, and speed but with no or little attention paid to security. Specifically in Modbus protocol, there are inherent security vulnerabilities in their design. The lack of common security mechanisms in the protocol such as authentication, confidentiality and integrity must be addressed. In this paper, security vulnerabilities of Modbus-based SCADA controls systems will be studied. An in-depth analysis of the message frame formats being sent between master and slave will be discussed to expose the security vulnerabilities. This will enable SCADA users to find ways to fix the security flaws of the protocol and design mitigation strategies to reduce the impact of the possible attacks. Security mechanisms are recommended to further enhance the security of SCADA control systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권1호
• /
• pp.344-365
• /
• 2020

Providing security has been always on priority in all areas of computing and communication, and for the systems that are low on computing power, implementing appropriate and efficient security mechanism has been a continuous challenge for the researchers. Radio Frequency Identification (RFID) system is such an environment, which requires the design and implementation of efficient security mechanism. Earlier, the security protocols for RFID based on hash functions and symmetric key cryptography have been proposed. But, due to high strength and requirement of less key size in elliptic curve cryptography, the focus of researchers has been on designing efficient security protocol for RFID based on elliptic curves. In this paper, an efficient elliptic curve signcryption based security protocol for RFID has been proposed, which provides mutual authentication, confidentiality, non-repudiation, integrity, availability, forward security, anonymity, and scalability. Moreover, the proposed protocol successfully provides resistance from replay attack, impersonation attack, location tracking attack, de-synchronization attack, denial of service attack, man-in-the-middle attack, cloning attack, and key-compromise attack. Results have revealed that the proposed protocol is efficient than the other related protocols as it takes less computational time and storage cost, especially for the tag, making it ideal to be used for RFID systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제5권3호
• /
• pp.607-625
• /
• 2011

Two-party key exchange protocol is a mechanism in which two parties communicate with each other over an insecure channel and output the same session key. A key exchange protocol that is secure against an active adversary who can control and modify the exchanged messages is called authenticated key exchange (AKE) protocol. LaMacchia, Lauter and Mityagin presented a strong security definition for public key infrastructure (PKI) based two-pass protocol, which we call the extended Canetti-Krawczyk (eCK) security model, and some researchers have provided eCK-secure AKE protocols in recent years. However, almost all protocols are provably secure in the random oracle model or rely on a special implementation technique so-called the NAXOS trick. In this paper, we present a PKI-based two-pass AKE protocol that is secure in the eCK security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and does not rely on implementation techniques such as the NAXOS trick.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권8호
• /
• pp.1982-1997
• /
• 2012

Authenticated multiple key agreement protocols not only allow participants to agree the multiple session keys within one run of the protocol but also ensure the authenticity of the other party. In 2011, Dehkordi et al. proposed an identity-based authenticated multiple key agreement protocol. In this paper, we demonstrate that Dehkordi et al.'s protocol is vulnerable to impersonation attacks. Furthermore, we have found that their protocol cannot provide perfect forward security or mutual security. Then we propose an identity-based authenticated multiple key agreement protocol which removes the weaknesses of the Dehkordi et al.'s protocol. Compared with the multiple key agreement protocols in the literature, the proposed protocol is more efficient and holds stronger security.

• 한국산업정보학회논문지
• /
• 제6권1호
• /
• pp.56-60
• /
• 2001

본 논문에서는 무선이동 통신시스템을 위한 인증 프로토콜을 제안한다. 제안한 프로토콜은 상호 인증과 세션 키 분배를 제공하기 위해서 키 해쉬 함수를 사용한다. 본 프로토콜은 이 동국에서의 계산량이 적다. 또한, 중간 전송 네트워크에서의 최소 보호설정을 제공하기 위하여 고정 망에서의 보호 설정을 하지 않았다.

• Journal of Internet Technology
• /
• 제22권5호
• /
• pp.1069-1082
• /
• 2021

The Internet of Things (IoT) is vulnerable to a wide range of security risks, which can be effectively mitigated by applying Cyber Threat Intelligence (CTI) sharing as a proactive mitigation approach. In realizing CTI sharing, it is of paramount importance to guarantee end-to-end protection of the shared information as unauthorized disclosure of CTI is disastrous for organizations using IoT. Furthermore, resource-constrained devices should be supported through lightweight operations. Unfortunately, the aforementioned are not satisfied by the Hypertext Transfer Protocol Secure (HTTPS), which state-of-the-art CTI sharing systems mainly depends on. As a promising alternative to HTTPS, Ephemeral Diffie-Hellman over COSE (EDHOC) can be considered because it meets the above requirements. However, EDHOC in its current version contains several security flaws, most notably due to the unprotected initial message. Consequently, we propose a lightweight end-to-end privacy-preserving security protocol that improves the existing draft EDHOC protocol by utilizing previously shared keys and keying materials while providing ticket-based optimized reauthentication. The proposed protocol is not only formally validated through BAN-logic and AVISPA, but also proved to fulfill essential security properties such as mutual authentication, secure key exchange, perfect forward secrecy, anonymity, confidentiality, and integrity. Also, comparing the protocol's performance to that of the EDHOC protocol reveals a substantial improvement with a single roundtrip to allow frequent CTI sharing.

• 한국산업정보학회:학술대회논문집
• /
• 한국산업정보학회 2007년도 춘계학술대회
• /
• pp.26-31
• /
• 2007

An ad hoc network is a collection of mobile nodes without any Infrastructure. However, ad hoc networks are vulnerable to attacks such as routing disruption and resource consumption; thus, routing protocol security is needed This paper proposes a secure and efficient routing protocol for mobile ad hoc networks, where only one-way hash function are used to authenticate nodes in the ROUTE REQUEST, while additional public-key cryptography is used to guard against active attackers disguising a node in the ROUTE REPLY.

• 시큐리티연구
• /
• 제49호
• /
• pp.67-93
• /
• 2016

본 연구는 성공적인 국제회의로 평가받고 있는 2010년 서울 G20 정상회의, 2012년 서울 핵안보정상회의 등 국제회의 개최사례를 중심으로 의전경호체계의 현황 및 문제점을 분석하고 그 개선방안을 제시하는데 그 목적이 있다. 본 연구에서 도출한 연구결과는 다음과 같다. 첫째, 국제회의 지원법규의 정립이 필요하다. 이를 위해서는 '국제회의산업 육성에 관한 법률'에 대한 국가차원 주무부처 정립, 국제회의 지원법규의 체계에 대한 조정, 국제회의 지원조직의 일관성 유지 등이 수반되어야 한다. 둘째, 경호안전체계 관련법규 소관부처 간 이해 조정이 필요하다. 국제회의 의전경호와 밀접한 관련이 있는 경호안전체계 관련 다수 법규 간의 충돌 가능성 해소가 필요하다. 셋째, 국제회의 의전경호체계 확립을 위한 정부합동 의전편람 제작이 필요하다. 행정부, 입법부 등에 산재하여 다소 국지적이고, 일관성이 없는 의전관련 주요지침(편람)을 정부합동 의전편람 제작을 통해 국제회의 의전체계 확립을 도모해야 할 것이다. 넷째, PCO의 전문역량 배양 및 강화가 필요하다. "분야별로 PCO를 선정, 활용하여 차세대 유망 산업으로 기대되는 국제 컨벤션 대행 산업의 기반을 육성하고 해당 분야의 인력을 양성한다"는 정부 방침이 충분히 달성할 수 있도록 다양한 분야의 PCO를 발굴하여 국가 차원의 지원을 병행해야 할 것이다.

• Journal of Electrical Engineering and information Science
• /
• 제2권5호
• /
• pp.89-99
• /
• 1997

The application for real-time database systems must satisfy timing constraints. Typically the timing constraints are expressed in the form of deadlines which are represented by priorities to e used by schedulers. In any real-time applications, since the system maintains sensitive information to be shared by multiple users with different levels of security clearance, security is another important requirement. As more advanced database systems are being used in applications that need to support timeliness while managing sensitive information, protocols that satisfy both requirements need to be developed. In this appear, we proposed a new priority-driven secure multiversion locking (PSMVL) protocol for real-time secure database systems. The schedules produced by PSMVL are proven to e one-copy serializable. We have also shown tat the protocol eliminates covert channels and priority inversions. The details of the protocol, including the compatibility matrix and the version selection algorithms are presented. the results of the performance comparisons of our protocol with other protocols are described.

• 디지털산업정보학회논문지
• /
• 제19권1호
• /
• pp.31-42
• /
• 2023

As computer performance is leveled upward, the use of IoT systems is gradually expanding. Although IoT systems are used in many fields, it is true that it is difficult to build a safe system due to performance limitations. To overcome these limitations, many researchers have proposed numerous protocols to improve security issues. Among them, Azrour et al. except. We proposed a new efficient and secure authentication protocol for remote healthcare systems in a cloud-based IoT environment, and claimed that the new protocol could solve the security vulnerabilities of the existing protocols and was more efficient. However, in this paper, through the security analysis of the remote healthcare system in the cloud-based IoT environment proposed by Azrour et al., the protocol of this system was found to be vulnerable to Masquerade attack, Lack of Perfect Forward Secrecy, Off-line password guessing attack, and Replay attack.