• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.5
• /
• pp.9-15
• /
• 2018

With the advent of the 5G communication era recently, advancement of the convergence technologies related to IoT has been progressed rapidly. IoT convergence technologies using various sensors are actively applied many fields in our lives, and it contributes to the popularization of these convergence technologies among many people successfully. The security problem of the IoT which connects many things on the network is critically vulnerable and is one of the most important challenge to be solved urgently. In this paper, we design an intrusion detection and self-treatment system for IoT, which can detect external attacks and anomalies in order to solve the security problems in IoT, perform self-treatment by operating the vaccine program according to the intrusion type whenever it detects certain intrusion. Furthermore, we consider the broadcasting of intrusion alarm message according to the frequency of similar circumstances in order to block intrusion contagious in IoT.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.599-606
• /
• 2009

For many mission-critical related wireless sensor network applications such as military and homeland security, user's access restriction is necessary to be enforced by access control mechanisms for different access rights. Public key-based access control schemes are more attractive than symmetric-key based approaches due to high scalability, low memory requirement, easy key-addition/revocation for a new node, and no key predistribution requirement. Although Wang et al. recently introduced a promising access control scheme based on elliptic curve cryptography (ECC), it is still burdensome for sensors and has several security limitations (it does not provide mutual authentication and is strictly vulnerable to denial-of-service (DoS) attacks). This paper presents an energy-efficient access control scheme based on ECC to overcome these problems and more importantly to provide dominant energy-efficiency. Through analysis and simulation based evaluations, we show that the proposed scheme overcomes the security problems and has far better energy-efficiency compared to current scheme proposed byWang et al.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.45 no.4
• /
• pp.41-52
• /
• 2008

Ubiquitous service environment is poor in reliability of connection and has a high probability that the intrusion and the system failure may occur. Therefore, in the environment, the capability of a system to collectively accomplish its mission in spite of active intrusions and various failure scenarios, that is, the survivability of services are needed. In this paper, we analyze the Jgroup/ARM framework that was developed in order to help the development of fault- tolerant Jini services. More importantly, we propose an intrusion-tolerant Jini service architecture to satisfy the security availability and quality of services on the basis of the analysis. The proposed architecture is able to protect a Jini system not only from faults such as network partitioning or server crash, but also from attacks exploiting flaws. It is designed to provides performance enough to show a low response latency so as to support seamless service usage. Through the experiment on a test-bed, we have confirmed that the architecture is able to provide high security and availability at the level that degraded services quality is ignorable.

• The Journal of Society for e-Business Studies
• /
• v.25 no.2
• /
• pp.99-108
• /
• 2020

Unlike a general IT environment, an industrial control system is an environment where stability and continuity are more important than security. In the event of a security accident in the industrial control system, physical motion can be controlled, so physical damage can occur and physical damage can even result in personal injury. Cyber attacks on industrial control systems are not simply cyber damage, but terrorism. However, the security of industrial control systems has not been strengthened yet, and many vulnerabilities are actually occurring. This paper shows that the PLC can be remotely controlled by analyzing the connection process and packets for the PLC protocol used in the industrial control system and bypassing the security mechanism existing in the protocol. Through this, we intend to raise the security awareness of the industrial control system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.3
• /
• pp.1273-1288
• /
• 2016

With the swift growth of wireless technologies, an increasing number of users rely on the mobile services which can exchange information in mobile networks. Security is of key issue when a user tries to access those services in this network environment. Many authentication schemes have been presented with the purpose of authenticating entities and wishing to communicate securely. Recently, Chou et al. and Farash-Attari presented two ID authentication schemes. They both claimed that their scheme could withstand various attacks. However, we find that the two authentication schemes are vulnerable to trace attack while having a problem of clock synchronization. Additionally, we show that Farash-Attari's scheme is still susceptible to key-compromise impersonation attack. Therefore, we present an enhanced scheme to remedy the security weaknesses which are troubled in these schemes. We also demonstrate the completeness of the enhanced scheme through the Burrow-Abadi-Needham (BAN) logic. Security analysis shows that our scheme prevents the drawbacks found in the two authentication schemes while supporting better secure attributes. In addition, our scheme owns low computation overheads compared with other related schemes. As a result, our enhanced scheme seems to be more practical and suitable for resource-constrained mobile devices in mobile networks.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.27-32
• /
• 2014

Utilization of web application has been widely spread and complication in recent years by the rapid development of network technologies and changes in the computing environment. The attack being target of this is increasing and the means is diverse and intelligent while these web applications are using to a lot of important services. In this paper, we proposed security model using virtualization technology to prevent attacks using vulnerabilities of web application. The request information for query in a database server also can be recognized by conveying to the virtual web server after ID is given to created session by the client request and the type of the query is analyzed in this request. VM-Master module is constructed in order to monitor traffic between the virtual web servers and prevent the waste of resources of Host OS. The performance of attack detection and resource utilization of the proposed method is experimentally confirmed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.803-813
• /
• 2013

As the developments of smart devices and social network services, the amount of data has been exploding. The world is facing Big data era. For these reasons, the Big data processing technology which is a new technology that can handle such data has attracted much attention. One of the most representative technologies is Hadoop. Hadoop Distributed File System(HDFS) designed to run on commercial Linux server is an open source framework and can store many terabytes of data. The initial version of Hadoop did not consider security because it only focused on efficient Big data processing. As the number of users rapidly increases, a lot of sensitive data including personal information were stored on HDFS. So Hadoop announced a new version that introduces Kerberos and token system in 2009. However, this system is vulnerable to the replay attack, impersonation attack and other attacks. In this paper, we analyze these vulnerabilities of HDFS security and propose a new protocol which complements these vulnerabilities and maintains the performance of Hadoop.

• The Journal of the Korea Contents Association
• /
• v.10 no.3
• /
• pp.32-43
• /
• 2010

IPTV is an emerging technology that combines both broadcasting and tele-communication technologies, and provides various multi-media contents to the service subscribers. In general, IPTV broadcasters transmit scrambled signals (multi-media contents) to the paying subscribers, and the users within the acknowledged network descramble the signals using the smart-card. That is, users are verified through communication between STB (Set-Top Box) and smart-card. In 2004, Jiang et al. proposed a secure protocol regarding the verification process. The method has been modified and enhanced by several following research works. However, all the methods that have been proposed so far required modular exponentiation operations which may raise the smart-card costs. In this paper, we propose a new efficient mutual authentication and session-key establishment protocol using only hash functions and exclusive-or operations, and show that the proposed protocol is still secure under various security attacks.

• Journal of Korea Multimedia Society
• /
• v.6 no.5
• /
• pp.861-869
• /
• 2003

The rapid growth of multimedia network systems has caused overflowing illegal copies of digital contents. Among digital contents, watermarking technique can be used to protect ownership about the image. Copyright protection involves the authentication of image ownership and the identification of illegal copies of image. In this paper, a new digital watermarking technique using HVS and adaptive scale factor based on the wavelet transform is proposed to use the binary image watermark. The original image is decomposed by 3-level wavelet transform. It is embedded to baseband and high frequency band. The embedding in the baseband is considered robustness, the embedding in the high frequency band is concerned about HVS and invisibility. The watermarking of a visually recognizable binary image used the HVS and random permutation to protect the copyright. From the experimental results, we confirm that the proposed technique is strong to various attacks such as joint photographic experts ground(JPEG) compression, cropping, collusion, and inversion of lines.

• Journal of Korea Multimedia Society
• /
• v.11 no.8
• /
• pp.1093-1100
• /
• 2008

Feistel and SPN are the two main structures in designing a block cipher algorithm. Unlike Feistel, an SPN has an asymmetric structure in encryption and decryption. In this paper we propose an SPN algorithm which has a symmetric structure in encryption and decryption. The whole operations in our SPN algorithm are composed of the even numbers of N rounds where the first half of them, 1 to N/2, applies function and the last half of them, (N+1)/2 to N, employs inverse function. Symmetry layer is executed to create a symmetry block in between function layer and inverse function layer. AES encryption and decryption algorithm, whose safety is already proved, are exploited for function and inverse function, respectively. In order to be secure enough against the byte or word unit-based attacks, 32bit rotation and simple logical operations are performed in symmetry layer. Due to the simplicity of the proposed encryption and decryption algorithm in hardware configuration, the proposed algorithm is believed to construct a safe and efficient cipher in Smart Card and RFID environments where electronic chips are built in.