• Review of KIISC
• /
• v.17 no.2
• /
• pp.9-23
• /
• 2007

The air interface supports a security layer which provides the key exchange protocol, authentication protocol, and encryption protocol. The authentication is performed on the encryption protocol packet. The authentication protocol header or trailer may contain the digital signature that is used to authenticate a portion of the authentication protocol packet that is authenticated. The encryption protocol may add a trailer to hide the actual length of the plaintext of padding to be used by the encryption algorithm. The encryption protocol header may contain variables such as the initialization vector (IV) to be used by the encryption protocol. It is our aim to firstly compute the session key created from the D H key exchange algorithm, and thereof the authenticating key and the encryption key being generated from the session key.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.8
• /
• pp.4025-4042
• /
• 2017

Session initiation protocol (SIP) is a kind of powerful and common protocols applied for the voice over internet protocol. The security and efficiency are two urgent requirements and admired properties of SIP. Recently, Hamed et al. proposed an efficient authentication and key agreement scheme for SIP. However, we demonstrate that Hamed et al.'s scheme is vulnerable to de-synchronization attack and cannot provide anonymity for users. Furthermore, we propose an improved and efficient authentication and key agreement scheme by using elliptic curve cryptosystem. Besides, we prove that the proposed scheme is provably secure by using secure formal proof based on Burrows-Abadi-Needham logic. The comparison with the relevant schemes shows that our proposed scheme has lower computation costs and can provide stronger security.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.1
• /
• pp.35-41
• /
• 2016

Internet of Things (IoT) services are widely used in appliances of daily life and industries. IoT services also provide various conveniences to users and are expected to affect value added of all industries and national competitiveness. However, a variety of security threats are increased in IoT environments and lowers reliability of IoT devices and services that make some obstacles for commercialization. The attacks arising in IoT environments are making industrial and normal life accidents unlike existing information leak and monetary damages, and can expand damage scale of leakage of personal information and privacy more than existing them. To solve these problems, we design a session key based access control scheme for secure communications in IoT environments. The proposed scheme reinforces message security by generating session key between device and access control network system. We analyzed the stability of the proposed access scheme in terms of data forgery and corruption, unauthorized access, information disclosure, privacy violations, and denial of service attacks. And we also evaluated the proposed scheme in terms of permission settings, privacy indemnity, data confidentiality and integrity, authentication, and access control.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.1-7
• /
• 2020

With the increase in cyber attacks, automated IDS using machine learning is being studied. According to recent research, the IDS using the recursive learning model shows high detection performance. However, the simple application of the recursive model may be difficult to reflect the associated session characteristics, as the overlapping session environment may degrade the performance. In this paper, we designed the session management module and applied it to LSTM (Long Short-Term Memory) recursive model. For the experiment, the CSE-CIC-IDS 2018 dataset is used and increased the normal session ratio to reduce the association of mal-session. The results show that the proposed model is able to maintain high detection performance even in the environment where session relevance is difficult to find.

• The KIPS Transactions:PartC
• /
• v.13C no.2 s.105
• /
• pp.137-146
• /
• 2006

Because the traditional public key-based cryptosystems are unsuitable for the sensor node with limited computational and communication capability, a secure communication between two neighbor sensor nodes becomes an important challenging research in sensor network security. Therefore several session key establishment protocols have been proposed for that purpose. In this paper, we analyzed and compared the existing session key establishment protocols based on the criterions of generation strategy and uniqueness of the session key, connectivity, overhead of communication and computation, and vulnerability to attacks. Based on the analysis results, we specify the requirements for the secure and efficient protocols for establishing session keys. Then, we propose an advanced protocol to satisfy the specified requirements and verify the superiority of our protocol over the existing protocols through the detailed analysis.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.10
• /
• pp.79-88
• /
• 2012

In this paper, we design a mutual authentication protocol which divided sessions from an authenticated session are updated periodically. And in order to minimize the traffic overhead for session authentication, we also introduce dynamic session management according to sampling rate of medical sensor type. And randomize the divided session time. This model has the effect of blocking the integrity and confidentiality intrusion of rogue gateway. Moreover, efficiency is provided through medical data to be transmitted have different sampling rate. In order to evaluate this model, it was embodied and experimented in TinyOS 2.1 environment. The result, we got an overall validity from three types of experiment.

• Journal of Internet Computing and Services
• /
• v.7 no.6
• /
• pp.157-174
• /
• 2006

Ajax interaction model changes the posture of web application to become a stateful over HTTP. Ajax applications are long-lived inthe browser. XMLHTTPRequest (XHR) is used to facilitate the data exchange. Using HTTPS over this interaction is not viable because of the frequency of data exchange. Moreover, switching of protocols form HTTP to HTTPS for sensitive information is prohibited because of server-of-origin policy. The longevity, constraint, and asynchronous features of Ajax application need to hove a different authentication and session fondling mechanism that invoke re-authentication. This paper presents an authentication and session management scheme using Ajax. The scheme is design lo invoke periodic and event based re-authentication in the background using digest authentication with auto-generated password similar to OTP (One Time Password). The authentication and session management are wrapped into a framework called AWASec (Ajax Web Application Security) for coupling to avoid broken authentication and session management.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.11 s.353
• /
• pp.159-167
• /
• 2006

IEEE 802.11i standard specifies full authentication and preauthentication for secure handoff in 802.11 wireless LAN (WLAN). However, the full authentication is too slow to provide seamless services for handoff users, and preauthentication may fail in highly populated WLAN where it is highly probable that the cache entry of a preauthenticated user is evicted by other users before handoff. In this paper, we propose a fast and secure handoff scheme by reducing authentication and key management delay in the handoff process. When a user handoffs, security context established between the user and the previous access point (AP) is forwarded from the previous AP to the current AP, and the session key is reused before the handoff session terminates. The freshness of session key is maintained by regenerating session keys after handoff session is terminated. The proposed scheme can achieve considerable reduction in handoff delay with providing the same security level as 802.1X authentication by letting an AP authenticate a handoff user before making an robust security network association (RSNA) with it.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.7B
• /
• pp.464-468
• /
• 2005

The DVR industry has been grown with their own, proprietary systems without the need of standards because the security products are independently installed in small scale and the communication needs are very limited. The industry might have tighter security than having standardized products, but the appearance of IP surveillance and the need of communications with IP products such as IP Phones and IP-PBX made the standardization unavoidable. In this paper, we built an IP surveillance system with SIP based session control and investigated the applications of it other than the security itself.

• Journal of Korea Multimedia Society
• /
• v.18 no.5
• /
• pp.631-640
• /
• 2015

Recently CCTV system is installed widely purpose to enhanced physical security, gathering criminal evidence and management of facilities. In spite of supporting strong management function, CCTV system has weak security function. Therefore high security management function is required. Generally it's not easy to control the devices under NAT using a NMS(Network Management System). So we design and implement alive check algorithm of CCTV devices under NAT using DVRNS address resolution and TCP session check. We evaluated and analyzed of developed system on real environment which includes about 100 DVRs under NAT. As a result of test, it showed that device alive check and DVRNS address resolution were well performed without any error.