• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.163-172
• /
• 2003

Proposed in this paper is an authentication mechanism for multimedia streaming data in the Intemet multicast environment. The multicast authentication mechanism is coupled with the packet-level forward error correction code which has been recently applied for a reliable multicast transport transmission. Associated with this, Reed-Solomon erasure code is chosen for tolerating packet loss so that each of the received packets can be authenticated independently of the lost packets.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.93-103
• /
• 2009

Recently, there is an increase in demand of real-time multimedia service in the WLAN environment, with a commercialization of IEEE 802.11n standard. However, the 802.1x authentication protocol is too slow to provide seamless real-time multimedia service, which defined in an IEEE 802.11i security standard. In this paper, a Ticket-based authentication mechanism in the CAPWAP(Control And Provisioning Wireless Access Point) architecture is introduced to support for the fast handoff.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.253-254
• /
• 2011

Most of existing RFID authentication protocols either suffer from some security weaknesses or require costly operations that are not available on low-cost tags. In this paper, we analyzed the security mechanism of a lightweight authentication protocol.

• Journal of information and communication convergence engineering
• /
• v.7 no.3
• /
• pp.335-339
• /
• 2009

RFID security and privacy issues have been intensively studied in the research field, the authentication between RFID reader and tag is the fundamental them. Most of the existing authentication protocols draw assumptions on classic primitives. Since tags have small capacities, the security mechanisms which are in use in computer networks and communication are not suitable. In this paper, we compare and analyze recent technical research on the problems of privacy and security. It consists of security mechanism, threats and performance evaluation, etc.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.786-799
• /
• 2018

Recently, NFV has attracted attention as a next-generation network virtualization technology for hardware -independent and efficient utilization of resources. NFV is a technology that not only virtualize computing, server, storage, network resources based on cloud computing but also connect Multi-Tenant of VNFs, a software network function. Therefore, it is possible to reduce the cost for constructing a physical network and to construct a logical network quickly by using NFV. However, in NFV, when a new VNF is added to a running Tenant, authentication between VNFs is not performed. Because of this problem, it is impossible to identify the presence of Fake-VNF in the tenant. Such a problem can cause an access from malicious attacker to one of VNFs in tenant as well as other VNFs in the tenant, disabling the NFV environment. In this paper, we propose Auto-configurable Security Mechanism in NFV including authentication between tenant-internal VNFs, and enforcement mechanism of security policy for traffic control between VNFs. This proposal not only authenticate identification of VNF when the VNF is registered, but also apply the security policy automatically to prevent malicious behavior in the tenant. Therefore, we can establish an independent communication channel for VNFs and guarantee a secure NFV environment.

• Journal of Korea Multimedia Society
• /
• v.20 no.12
• /
• pp.1928-1939
• /
• 2017

Fog computing is another paradigm of the cloud computing, which extends the ubiquitous services to applications on many connected devices in the IoT (Internet of Things). In general, if we access a lot of IoT devices with existing cloud, we waste a huge amount of bandwidth and work efficiency becomes low. So we apply the paradigm called fog between IoT devices and cloud. The network architecture based on cloud and fog computing discloses the security and privacy issues according to mixed paradigm. There are so many security issues in many aspects. Moreover many IoT devices are connected at fog and they generate much data, therefore light and efficient security mechanism is needed. For example, with inappropriate encryption or authentication algorithm, it causes a huge bandwidth loss. In this paper, we consider issues related with data encryption and authentication mechanism in the network architecture for cloud and fog-based M2M (Machine to Machine) IoT services. This includes trusted encryption and authentication algorithm, and key generation method. The contribution of this paper is to provide efficient security mechanisms for the proposed service architecture. We implemented the envisaged conceptual security check mechanisms and verified their performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.31-40
• /
• 2003

The current security issue for the Internet is focused on the security for user data. On the other hand, the research on the security for routing protocols is not so active, considering the importance of its role for the harmonious and accurate operation of the Internet. In this paper, we investigate the security problems of the link-state routing protocol which has been employed in the Internet, and suggest a new authentication mechanism for routing messages which complements and extends the previous ones. For this purpose, a concept of dual hash chains is newly introduced, which is provably secure, and we explain how to provide both the integrity and source authentication service for routing messages based on the session hash chains.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.11-24
• /
• 2012

Without a proper protection mechanism for the signaling messages to be used for the mobility support in the Proxy Mobile IPv6 (PMIPv6), it is also vulnerable to several security attacks such as redirect attack, MITM (Man-In-The-Middle) attack, replay attack and DoS (Denial of Service) attack as in Mobile IPv6. In this paper, we point out some problems of previous authentication mechanisms associated with PMIPv6, and also propose a new fast and secure authentication mechanism applicable to PMIPv6. In addition, it is also shown that the proposed one is more efficient and secure than the previous ones.

• JSTS:Journal of Semiconductor Technology and Science
• /
• v.12 no.2
• /
• pp.240-253
• /
• 2012

In this paper we propose a protection mechanism for the debug port. While debug ports are useful tools for embedded device development and maintenance, they can also become potential attack tools for device hacking in case their usage is permitted to hackers with malicious intentions. The proposed approach prevents illicit use of debug ports by controlling access through user authentication, where the device generates and issues authentication token only to the server-authenticated users. An authentication token includes user access information which represents the user's permitted level of access and the maximum number of authentications allowed using the token. The device authenticates the user with the token and grants limited access based on the user's access level. The proposed approach improves the degree of overall security by removing the need to expose the device's secret key. Availability is also enhanced by not requiring server connection after the initial token generation and further by supporting flexible token transfer among predefined device groups. Low implementation cost is another benefit of the proposed approach, enabling it to be adopted to a wide range of environments in demand of debug port protection.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.3-13
• /
• 2017

As security log plays important roles in various fields, the integrity of log data become more and more important. Especially, the stored log data is an immediate target of the intruder to erase his trace in the system penetrated. Several theoretical schemes to guarantee the forward secure integrity have been proposed, even though they cannot provide the integrity of the log data after the system is penetrated. Authentication tags of these methods are based on the linear-hash chain. In this case, it is difficult to run partial validation and to accelerate generating and validating authentication tags. In this paper, we propose a log authentication mechanism, based on Mekle Tree, which is easy to do partial validation and able to apply multi threading.