• Title/Summary/Keyword: message eavesdropping

Search Result 23, Processing Time 0.023 seconds

Efficient Congestion Control Utilizing Message Eavesdropping in Asynchronous Range-Based Localization

  • Choi, Hoon;Baek, Yunju;Lee, Ben
    • ETRI Journal
    • /
    • v.35 no.1
    • /
    • pp.35-40
    • /
    • 2013
  • Asynchronous ranging is one practical method to implement a locating system that provides accurate results. However, a locating system utilizing asynchronous ranging generates a large number of messages that cause transmission delays or failures and degrades the system performance. This paper proposes a novel approach for efficient congestion control in an asynchronous range-based locating system. The proposed method significantly reduces the number of messages generated during the reader discovery phase by eavesdropping on other transmissions and improves the efficiency of ranging by organizing the tags in a hierarchical fashion in the measurement phase. Our evaluation shows that the proposed method reduces the number of messages by 70% compared to the conventional method and significantly improves the success rate of ranging.

A Solution of Binary Jamming Message to Source-Wiretapping and Disadvantage of Sharing the Jamming Signal in Physical-Layer Security (물리 계층에서 보안 재밍 신호 공유의 한계점과 이진 재밍 메시지 도청의 해결책)

  • Kong, Hyung-Yun
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.14 no.6
    • /
    • pp.63-67
    • /
    • 2014
  • A distributed zero-beamforming based cooperative jamming technique is useless when an eavesdropper detects the sharing seed. In addition, the currently alternatives are very limited when the eavesdropper is located nearby a source for wiretapping. This letter presents a solution to this extreme case. Relay randomly generates and transmits a binary jamming message to both source and destination in the first phase. When these two receivers securely and correctly decode the message, the source creates and transmits another message based on the use of exclusive-or for its information message and the decoded message. Consequently, the next transmission can avoid the eavesdropping.

Securing the MQTT Protocol using the LEA Algorithm (LEA 알고리즘을 이용한 MQTT 프로토콜 보안)

  • Laksmono Agus Mahardika Ari;Iqbal Muhammad;Pratama Derry;Howon Kim
    • Annual Conference of KIPS
    • /
    • 2024.05a
    • /
    • pp.175-178
    • /
    • 2024
  • IoT is becoming more and more popular, along with the massive availability of cheap and easy-to-use IoT devices. One protocol that is often used in IoT devices is the Message Queuing Telemetry Transport (MQTT) protocol. By default, the MQTT protocol does not activate encrypted data security features. This MQTT default feature makes the transmitted and received message data vulnerable to attacks, such as eavesdropping. Therefore, this paper will design and implement encrypted data security using the lightweight cryptography algorithm. The focus of this paper will be on securing MQTT message data at the application layer. We propose a method for encrypting specific MQTT message fields while maintaining compatibility with the protocol's functionalities. The paper then analyzes the timing performance of the MQTT-LEA implementation on the Raspberry Pi 3+. Our findings demonstrate the feasibility of using LEA at the application layer to secure MQTT message communication on resource-constrained devices.

Location Privacy and Authentication for Low-cost Sensor Node Devices Using Varying Identifiers

  • Hamid Abdul;HONG Choong Seon
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2005.07a
    • /
    • pp.412-414
    • /
    • 2005
  • Because a sensor node must operate on a tiny battery, the goal to eliminate energy inefficiencies leads the current researchers excavating for new techniques to advocate. As sensor networks edge closer towards wide spread deployment, security issues become a central concern. So far much research has focused on making sensor networks feasible and useful, and has not concentrated much on security issues especially computationally inexpensive techniques. In this paper we introduce a simple scheme relying on one-way hash-functions that greatly enhances location privacy by changing traceable identifiers on every read getting by with only a single, unreliable message exchange. Thereby the scheme is safe from many threats like eavesdropping, message interception, spoofing, and replay attacks.

  • PDF

Generation of Dummy Messages Depending Upon the Location Privacy Level in Sensor Networks (센서 네트워크에서 위치 기밀 수준에 따른 더미 메시지 생성)

  • Tscha, Yeong-Hwan
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.11 no.9
    • /
    • pp.861-868
    • /
    • 2016
  • Dummy messages are usually generated for faking in preserving the location privacy of a sink or source against the global eavesdropping in wireless networks. In this paper, we propose a new method in which a certain number of nodes determined by considering the required privacy level are made to transit to the dormant state doing nothing so that the total number of dummy messages is reduced, while the paths from the sink to the sources are ensured. Through simulation we verify the success ratio of path establishments between the sink and a set of sources and the location privacy level of them.

Backward Channel Protection Method For RFID Tag Security in the Randomized Tree Walking Algorithm (랜덤화된 트리워킹 알고리즘에서의 RFID 태그 보안을 위한 백워드 채널 보호 방식)

  • Choi Wonjoon;Roh Byeong-hee;Yoo S. W.;Oh Young Cheol
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.30 no.5C
    • /
    • pp.415-421
    • /
    • 2005
  • Passive RFID tag does not have its own power, so it has very poor computation abilities and it can deliver signals in very short range. From the facts, most RFID Tag security schemes assumed that the backward channel from tags to a reader is safe from eavesdropping. However, eavesdroppers near a tag can overhear message from a tag illegally. In this paper, we propose a method to protect the backward channel from eavesdropping by illegal readers. The proposed scheme can overcome the problems of conventional schemes such as randomized tree walking, which have been proposed to secure tag information in tree-walking algorithm as an anti-collision scheme for RFID tags. We showed the efficiency of our proposed method by using an analytical model, and it is also shown that the proposed method can provide the probability of eavesdropping in some standardized RFID tag system such as EPCglobal, ISO, uCode near to '0'.

Efficient OTP(One Time Password) Generation using AES-based MAC

  • Park, Soon-Dong;Na, Joong-Chae;Kim, Young-Hwan;Kim, Dong-Kyue
    • Journal of Korea Multimedia Society
    • /
    • v.11 no.6
    • /
    • pp.845-851
    • /
    • 2008
  • The ID/password method is the most classical method among authentication techniques on the internet, and is performed more easily and successfully than other methods. However, it is a vulnerable method against attacks such as eavesdropping or replay attack. To overcome this problem, OTP technique is used. The most popular OTP is HOTP algorithm, which is based on one-way hash function SHA-1. As recent researches show the weakness of the hash function, we need a new algorithm to replace HOTP. In this paper we propose a new OTP algorithm using the MAC(Message Authentication Code) based on AES. We also show that the new OTP outperforms HOTP experimentally.

  • PDF

Password-Based Mutual Authentication Protocol Against Phishing Attacks (피싱 공격에 대응하기 위한 패스워드 기반의 상호 인증 프로토콜)

  • Kim, Iksu;Choi, Jongmyung
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.7 no.2
    • /
    • pp.41-48
    • /
    • 2018
  • Until now, various studies on anti-phishing have been conducted. The most typical anti-phishing method is a method of collecting URL information of a phishing site in advance and then detecting phishing by comparing the URL of the visited site with the previously stored information. However, this blacklist-based anti-phishing method can not detect new phishing sites. For this reason, various anti-phishing authentication protocols have been proposed. but these protocols require a public key and a private key. In this paper, we propose a password-based mutual authentication protocol that is safe for phishing attacks. In the proposed protocol, the mutual authentication between the client and the server is performed through the authentication message including the password information. The proposed protocol is safe to eavesdropping attack because the authentication message uses the hash value of the password, not the original password, And it is safe to replay attack because different messages are used every time of authentication. In addition, since mutual authentication is performed, it is safe for man-in-the-middle attack. Finally, the proposed protocol does not require a key issuance process for authentication.

Analysis and Elimination of Side Channels during Duplicate Identification in Remote Data Outsourcing (원격 저장소 데이터 아웃소싱에서 발생하는 중복 식별 과정에서의 부채널 분석 및 제거)

  • Koo, Dongyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.981-987
    • /
    • 2017
  • Proliferation of cloud computing services brings about reduction of the maintenance and management costs by allowing data to be outsourced to a dedicated third-party remote storage. At the same time, the majority of storage service providers have adopted a data deduplication technique for efficient utilization of storage resources. When a hash tree is employed for duplicate identification as part of deduplication process, size information of the attested data and partial information about the tree can be deduced from eavesdropping. To mitigate such side channels, in this paper, a new duplicate identification method is presented by exploiting a multi-set hash function.

A User Anonymous Mutual Authentication Protocol

  • Kumari, Saru;Li, Xiong;Wu, Fan;Das, Ashok Kumar;Odelu, Vanga;Khan, Muhammad Khurram
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.9
    • /
    • pp.4508-4528
    • /
    • 2016
  • Widespread use of wireless networks has drawn attention to ascertain confidential communication and proper authentication of an entity before granting access to services over insecure channels. Recently, Truong et al. proposed a modified dynamic ID-based authentication scheme which they claimed to resist smart-card-theft attack. Nevertheless, we find that their scheme is prone to smart-card-theft attack contrary to the author's claim. Besides, anyone can impersonate the user as well as service provider server and can breach the confidentiality of communication by merely eavesdropping the login request and server's reply message from the network. We also notice that the scheme does not impart user anonymity and forward secrecy. Therefore, we present another authentication scheme keeping apart the threats encountered in the design of Truong et al.'s scheme. We also prove the security of the proposed scheme with the help of widespread BAN (Burrows, Abadi and Needham) Logic.