• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.1B
• /
• pp.1-10
• /
• 2003

An EPON which is going on standardization in IEEE 802.3ah, is tree topology consists of a OLT and multiple ONU using passive optical components, so this network is susceptible to variable security threats - eavesdropping, masquerading, denial of service and so on. In this paper, we design a security protocol supporting authentication and confidentiality services in MAC layer in order to prevent these security threats and to guarantee secure data exchange The designed security protocol introduce public-key based authentication and key management protocols for efficient key management, and choose Rijndael algorithm, which is recent standard of AES, to provide the confidentiality of EPON Proposed authentication and key management protocols perform authentication and public-key exchange at a time, and are secure protocols using derived common cipher key by exchanging public random number To implement the designed security protocol, we propose the procedures of authentication and public-key exchange, session key update, key recovery. This proposed protocol is verified using unknown session key, forward secrecy, unknown key-share, key-compromise impersonation.

• Journal of Advanced Navigation Technology
• /
• v.17 no.6
• /
• pp.736-748
• /
• 2013

In this paper, we analyse the vulnerabilities of KL scheme which is an ID-based authentication scheme for AMI network, and propose two kinds of authentication schemes which satisfy forward secrecy as well as security requirements introduced in the previous works. In the first scheme, we use MDMS which is the supervising system located in an electrical company for a time-synchronizing server, in order to synchronize smart grid devices in home, and we process device authentication with a new secret value generated by OTP function every session. In the second scheme, we use a secret hash-chain mechanism for authentication process, so we can use a new secret value every session. The proposed two schemes have strong points and weak points respectively and those depend on the services area and its environment, so we can select one of them efficiently considering real aspects of AMI environment.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.4
• /
• pp.104-110
• /
• 2003

In this paper, we proposed hybrid cryptosystem of Diffie-Hellman base in Elliptic Curve, and explained for specific protocol design. The proposed system is efficient hybrid cryptosystems system that offer implicit key authentication about sender and receiver unlike existing hybrid system. This system increased safety generating session key using pseudo-random number generator by cryptographic. Because the system is hybrid system, it is more efficient in calculation amount aspect supplementing merit and fault of public key system and secret key system. Also, the system can not get right plaintext except receiver even if sender's secret key is revealed and impersonation attack is impossible. And the system offers security on known keys without influencing in safety of other session's cryptogram even if session key is exposed. And the system is provided safety about mutual entity authentication and replay attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1219-1230
• /
• 2012

Recently, lots of users are using wireless LAN providing authentication and confidentiality with security mechanism such as WEP, WPA. But, weakness of each security mechanism was discovered and attack methods that user's information was exposed or modified to the third parties with it and abused by them were suggested. In this paper, we analyzed architecture of security mechanisms in wireless LAN and performed PSK cracking attack and cookie session hijacking attack with the known vulnerability. And, an improved 4-way handshake mechanism which can counter PSK cracking attack and a cookie replay detection mechanism which can prevent cookie session hijacking attack were proposed. Proposed mechanisms are expected to apply to establish more secure wireless LAN environment by countering existing vulnerability.

• ETRI Journal
• /
• v.32 no.5
• /
• pp.704-712
• /
• 2010

Authentication is an important service in wireless sensor networks (WSNs) for an unattended environment. Recently, Das proposed a hash-based authentication protocol for WSNs, which provides more security against the masquerade, stolen-verifier, replay, and guessing attacks and avoids the threat which comes with having many logged-in users with the same login-id. In this paper, we point out one security weakness of Das' protocol in mutual authentication for WSN's preservation between users, gateway-node, and sensor nodes. To remedy the problem, this paper provides a secrecy improvement over Das' protocol to ensure that a legal user can exercise a WSN in an insecure environment. Furthermore, by presenting the comparisons of security, computation and communication costs, and performances with the related protocols, the proposed protocol is shown to be suitable for higher security WSNs.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.9
• /
• pp.2384-2389
• /
• 2009

In this paper, we propose a lightweight mutual authentication protocol for secure and efficient home network service. Lee et al. recently proposed an attribute-base authentication key agreement protocol using public key in home network. Its protocol provided forward secrecy but don't diminish conspicious overhead of operation using ticket. Therefore the proposed protocol provided the security and efficiency using hash function and counter. Also it can provide secure home network service by check consumer electronics control level of users after created session key.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.5
• /
• pp.1471-1483
• /
• 2023

One of the fastest-growing mobile services accessible today is mobile payments. For the safety of this service, the Near Field Communication (NFC) technology is used. However, NFC standard protocol has prioritized transmission rate over authentication feature due to the proximity of communicated devices. Unfortunately, an adversary can exploit this vulnerability with an antenna that can eavesdrop or alter the exchanged messages between NFC-enabled devices. Many researchers have proposed authentication methods for NFC connections to mitigate this challenge. However, the security and privacy of payment transactions remain insufficient. We offer a privacy-preserving, anonymity-based, safe, and efficient authentication protocol to protect users from tracking and replay attacks to guarantee secure transactions. To improve transaction security and, more importantly, to make our protocol lightweight while ensuring privacy, the proposed protocol employs a secure offline session key generation mechanism. Formal security verification is performed to assess the proposed protocol's security strength. When comparing the performance of current protocols, the suggested protocol outperforms the others.

• Journal of Internet Computing and Services
• /
• v.5 no.3
• /
• pp.25-33
• /
• 2004

Mobile IP Low Latency Handoffs(l) allow greater support for real-time services on a Mobile IP network by minimizing the period of time when a mobile node is unable to send or receive IP packets due to the delay in the Mobile IP Registration process. However, on Mobile IP network with AAA servers that are capable of performing Authentication, Authorization, and Accounting(AAA) services, every Registration has to be traversed to the home network to achieve new session keys, that are distributed by home AAA server, for a new Mobile IP session. This communication delay is the time taken to re-authentication the mobile node and to traverse between foreign and home network even if the mobile node has been previously authorized to old foreign agent. In order to reduce these extra time overheads, we present a method that performs Low Latency Handoffs without requiring further involvement by home AAA server. The method re-uses the previously assigned session keys. To provide confidentiality and integrity of session keys in the phase of key exchange between agents, it uses a key sharing method by gateway foreign agent that performs a trusted thirty party. The proposed method allows the mobile node to perform Low Latency Handoffs with fast as well as secure operation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.967-979
• /
• 2013

Now a day, Wireless Sensor Networks (WSNs) are being widely used in different areas one of which is healthcare services. A wireless medical sensor network senses patient's vital physiological signs through medical sensor-nodes deployed on patient's body area; and transmits these signals to devices of registered medical professionals. These sensor-nodes have low computational power and limited storage capacity. Moreover, the wireless nature of technology attracts malicious minds. Thus, proper user authentication is a prime concern before granting access to patient's sensitive and private data. Recently, P. Kumar et al. claimed to propose a strong authentication protocol for healthcare using Wireless Medical Sensor Networks (WMSN). However, we find that P. Kumar et al.'s scheme is flawed with a number of security pitfalls. Information stored inside smart card, if extracted, is enough to deceive a valid user. Adversary can not only access patient's physiological data on behalf of a valid user without knowing actual password, can also send fake/irrelevant information about patient by playing role of medical sensor-node. Besides, adversary can guess a user's password and is able to compute the session key shared between user and medical sensor-nodes. Thus, the scheme looses message confidentiality. Additionally, the scheme fails to resist insider attack and lacks user anonymity.

• The Journal of Korean Association of Computer Education
• /
• v.10 no.3
• /
• pp.57-66
• /
• 2007

E-mail system is considered as a most important communication media, which can be used to transmit personal information by internet. But e-mail attack also has been increased by spoofing e-mail sender address. Therefore, this work proposes sender verification faculty for spam mail protection at sender's MTA by using security card for protection forged sender and also for authenticating legal sender. Sender's mail MT A requests security card's code number to sender. Then sender input code number and generate session key after sender verification. Session key is used to encrypt sender's signature and secure message transmission. This work can provide efficient and secure e-mail sender authentication with sender verification and message encryption.