• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.3 s.303
• /
• pp.1-8
• /
• 2005

At IETF (Internet Engineering Task Force), recently RFC3775, RFC3776 documents about the mobile IPv6 were standardized by IETF (Internet Engineering Task Force). Those specifications propose that during the roaming, the mobile node sends securely the binding update to the home agent and the correspondent node after setting the security association between Mobile Node and Home Agent. But there is no secure bootstrapping method between a mobile node and a home agent at the two RFC documents. This paper proposed a method for the secure bootstrapping between a mobile node and a home agent. This makes the authentication, binding update, home agent assignment, security association distribution through the AAA-based secure channel between mobile node and home agent. And the proposed method was analyzed in the view of the procedure, round trip and security strength.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.3
• /
• pp.13-19
• /
• 2016

The PSK (Pre-shared Secret Key) based method is appropriate for the IoT environment consisting of lightweight devices since this method requires less computing time and energy than the method to configure the session key based on the public key algorithm. A fundamental prerequisite for the PSK based method is that PSK should have been configured between the communication entities safely in advance. However, in case of a small sensor or actuator, no input and output interface such as keyboard and monitor required for configuration exists, so it is more difficult to configure PSK for such lightweight devices safely in the IoT environment than the previous Internet devices. Especially, normal users lack expertise in security so they face difficulty in configuration. Therefore, the default value configured at the time of manufacturing at factories is used or the device installer configures PSK in most cases. In such case, it is a matter for consideration whether all installers and manufacturers can be trusted or not. In order to solve such problem, this paper proposes a secure bootstrapping scheme, which utilizes the NFC (Near Field Communication) as an OOB (Out-Of-Band) channel, for lightweight devices with limited resources.

• Review of KIISC
• /
• v.15 no.3
• /
• pp.29-39
• /
• 2005

IT839의 3대 인프라 중 하나인 IPv6 환경에서 단말의 이동성을 지원하기 위한 기술로 IETF(Internet Engineering Task Force) 표준화 기구에서는 Mobile IPv6 기술을 제안하였으며, 현재 RFC3775와 RFC3776으로 기본 스펙이 확정된 상태이다. 상기 표준 문서에 의하면 이동노드의 위치 인증을 위해 RR(Return Routability)을 사용하도록 규정되어 있으며, 이동노드와 홈에이전트 구간의 보호를 위해 IPsec 사용을 제안하고 있다. IETF 기구는 또한 이동 중인 단말이 새로운 네트워크에 접속시 수행하는 Auto-configuraton을 통한 주소 생성 과정을 안전하게 하기 위한 프로토콜로 SEND(SEcure Neighbor Discovery) 라는 프로토콜을 제안하기도 하였다. 최근에 IPv6 단말의 이동성 보안과 관련하여 주요 이슈가 되고 있는 분야는 이동노드의 Bootstrapping기술이다. 이동노드의 Bootstrapping 시에 AAA와 같은 안전한 인프라를 이용하여 인증, 위치갱신, 홈에이전트 할당, 보안연계 설정 등의 작업을 해주고자 하는 것이 이 기술의 목표이다. 본 고에서는 IPv6 환경에서 이동성 지원을 위해 현재 정의된 그리고 연구 중인 보안 프로토콜들을 살펴보고 ETRI에서 개발한 MIPv6 Bootstrapping 기술을 간단히 소개하도록 한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.4C
• /
• pp.451-457
• /
• 2006

A peer-to-peer(P2P) network is inherently vulnerable to malicious attacks from participating peers because of its open, flat, and autonomous nature. This paper addresses the problem of effectively defending from active attacks of malicious peers at bootstrapping phase and at online phase, respectively. We propose a secure membership handling protocol to protect the assignment of ID related things to a newly joining peer with the aid of a trusted entity in the network. The trusted entities are only consulted when new peers are joining and are otherwise uninvolved in the actions of the P2P networks. For the attacks in online phase, we present a novel message structure applied to each message transmitted on the P2P overlay. It facilitates the detection of message alteration, replay attack and a message with wrong information. Taken together, the proposed techniques deter malicious peers from cheating and encourage good peers to obey the protocol of the network. The techniques assume a basic P2P overlay network model, which is generic enough to encompass a large class of well-known P2P networks, either unstructured or not.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1561-1569
• /
• 2016

As the use of the sensor device increases in IoT environment, the need for device security is becoming more and more important When a sensor device is deployed in IEEE 802.15.4-based LoWPAN, it has to perform the join operation with PAN Coordinator and the binding operation with another device. In the join and binding process, authentication and key distribution of the device are performed using the pre-distributed network key or certificate. However, the network key used in the conventional method has problems that it's role is limited to the group authentication and individual identification is not applied in certificate issuing. In this paper, we propose a secure join and binding protocol in LoWPAN environment that solves the problems of pre-distributed network key.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.3
• /
• pp.1-6
• /
• 2015

The IoT(Internet of things) technology enable objects around user to be connected with each other for sharing information. To support security is the mandatory requirement in IoT because it is related to the disclosure of private information but also directly related to the human safety. However, it is difficult to apply traditional security mechanism into lightweight devices. This is owing to the fact that many IoT devices are generally resource constrained and powered by battery. PSK(Pre-Shared Key) based approach, which share secret key in advance between communication entities thereafter operate security functions, is suitable for light-weight device. That is because PSK is costly efficient than a session key establishment approach based on public key algorithm. However, how to safely set a PSK of the lightweight device in advance is a difficult issue because input/output interfaces such as keyboard or display are constrained in general lightweight devices. To solve the problem, we propose and develop a secure PSK configuration scheme for resource constrained devices in IoT.

• Journal of Korean Society of Transportation
• /
• v.24 no.1 s.87
• /
• pp.59-72
• /
• 2006

In spite of continuous implementation of the transportation demand management (TDM), the profuse use of car at the peak-time has caused chronic traffic congestion in the Seoul downtown area. This study makes a comparative analysis on the effectiveness of commuting cost subsidy system for public transit user with other policy instruments such as an increment in fuel tax and park cost. This study not only follows standard guidelines of stated preference methodology to guarantee objectivity, but also uses sample enumeration method and non-Parametric bootstrapping method to secure reliability of empirical results. As a result of empirical studies, the conversion effect of car to public transit is superior to other two Policy instruments. Also. an increment in fuel tax and park cost is income-regressive from the equity aspect in a wage bracket, but commuting cost subsidy system for Public transit user is Income-progressive As a fundamental research on commuting cost subsidy system for public transit user, this study is likely to Provide Policy-makers with quantitative information useful in establishing Public transport Policy to Promote the use of the public transit.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.3
• /
• pp.259-272
• /
• 2004

This paper suggests a new security architecture for facilitating secure OSGi service platform environment. The security architecture includes 1) user authentication mechanism, 2) bundle authentication mechanism, 3) key sharing mechanism, and 4) authorization mechanism. The user authentication mechanism supplies SSO(single sign-on) functions which are useful for safe and easy user authentications. The bundle authentication mechanism utilizes both PKI-based and MAC-based digital signatures for efficiently authenticating service bundles. The key sharing mechanism, which is performed during bootstrapping phase of a service gateway, supplies a safe way for sharing secret keys that are required for authentication mechanisms. Finally, the authorization mechanism suggests distributed authorization among service providers and an operator by establishing their own security policies. The main contributions of the parer are twofold. First, we examine several security requirements of current OSGi specification when its security functions can be applied in real OSGi environments. Second, we describe the ways to resolve the problems by means of designing and implementing concrete security mechanisms.