Mutual Authentication and Secure Session Termination Scheme in iATA Protocol

Ong, Ivy,Lee, Shirly,Lee, Hoon-Jae,Lim, Hyo-Taek The Korea Institute of Information and Commucation 2010 Journal of information and communication convergen Vol.8 No.4

Ubiquitous mobile computing is becoming easier and more attractive in this ambient technological Internet world. However, some portable devices such as Personal Digital Assistant (PDAs) and smart phones are still encountering inherent constraints of limited storages and computing resources. To alleviate this problem, we develop a cost-effective protocol, iATA to transfer ATA commands and data over TCP/IP network between mobile appliances and stationary servers. It provides mobile users a virtual storage platform which is physically resided at remote home or office. As communications are made through insecure Internet connections, security risks of adopting this service become a concern. There are many reported cases in the history where attackers masquerade as legitimate users, illegally access to network-based applications or systems by breaking through the poor authentication gates. In this paper, we propose a mutual authentication and secure session termination scheme as the first and last defense steps to combat identity thief and fraud threat in particular for iATA services. Random validation factors, large prime numbers, current timestamps, one-way hash functions and one-time session key are deployed accordingly in the scheme. Moreover, we employ the concept of hard factorization problem (HFP) in the termination phase to against fraud termination requests. Theoretical security analysis discussed in later section indicates the scheme supports mutual authentication and is robust against several attacks such as verifiers' impersonation, replay attack, denial-of-services (DoS) attack and so on.

Dynamic Load Balancing and Network Adaptive Virtual Storage Service for Mobile Appliances

Ong, Ivy,Lim, Hyo-Taek Korea Information Processing Society 2011 Journal of information processing systems Vol.7 No.1

With the steady growth of mobile technology and applications, demand for more storage in mobile devices has also increased. A lightweight block-level protocol, Internet Advanced Technology Attachment (iATA), has been developed to deliver a cost-effective storage network solution for mobile devices to obtain more storage. This paper seeks to contribute to designing and implementing Load Balancing (LB), Network Monitoring (NM) and Write Replication (WR) modules to improve the protocol's scalability and data availability. LB and NM modules are invoked to collect system resources states and current network status at each associate node (server machine). A dynamic weight factor is calculated based on the collected information and sent to a referral server. The referral server is responsible to analyze and allocate the most ideal node with the least weight to serve the client. With this approach, the client can avoid connecting to a heavily loaded node that may cause delays in subsequent in-band I/O operations. Write replication is applied to the remaining nodes through a WR module by utilizing the Unison file synchronization program. A client initially connected to node IP A for write operations will have no hindrances in executing the relevant read operations at node IP B in new connections. In the worst case scenario of a node crashing, data remain recoverable from other functioning nodes. We have conducted several benchmark tests and our results are evaluated and verified in a later section.

Dynamic Load Balancing and Network Adaptive Virtual Storage Service for Mobile Appliances

( Ivy Ong ),( Hyo Taek Lim ) 한국정보처리학회 2011 Journal of information processing systems Vol.7 No.1

With the steady growth of mobile technology and applications, demand for more storage in mobile devices has also increased. A lightweight block-level protocol, Internet Advanced Technology Attachment (iATA), has been developed to deliver a cost-effective storage network solution for mobile devices to obtain more storage. This paper seeks to contribute to designing and implementing Load Balancing (LB), Network Monitoring (NM) and Write Replication (WR) modules to improve the protocol`s scalability and data availability. LB and NM modules are invoked to collect system resources states and current network status at each associate node (server machine). A dynamic weight factor is calculated based on the collected information and sent to a referral server. The referral server is responsible to analyze and allocate the most ideal node with the least weight to serve the client. With this approach, the client can avoid connecting to a heavily loaded node that may cause delays in subsequent in-band I/O operations. Write replication is applied to the remaining nodes through a WR module by utilizing the Unison file synchronization program. A client initially connected to node IP A for write operations will have no hindrances in executing the relevant read operations at node IP B in new connections. In the worst case scenario of a node crashing, data remain recoverable from other functioning nodes. We have conducted several benchmark tests and our results are evaluated and verified in a later section.

Two Factor Authentication for Cloud Computing

Lee, Shirly,Ong, Ivy,Lim, Hyo-Taek,Lee, Hoon-Jae The Korea Institute of Information and Commucation 2010 Journal of information and communication convergen Vol.8 No.4

The fast-emerging of cloud computing technology today has sufficiently benefited its wide range of users from individuals to large organizations. It carries an attractive characteristic by renting myriad virtual storages, computing resources and platform for users to manipulate their data or utilize the processing resources conveniently over Internet without the need to know the exact underlying infrastructure which is resided remotely at cloud servers. However due to the loss of direct control over the systems/applications, users are concerned about the risks of cloud services if it is truly secured. In the literature, there are cases where attackers masquerade as cloud users, illegally access to their accounts, by stealing the static login password or breaking the poor authentication gate. In this paper, we propose a two-factor authentication framework to enforce cloud services' authentication process, which are Public Key Infrastructure (PKI) authentication and mobile out-of-band (OOB) authentication. We discuss the framework's security analysis in later session and conclude that it is robust to phishing and replay attacks, prohibiting fraud users from accessing to the cloud services.

Design and Implementation of iATA-based RAID5 Distributed Storage Servers

왕숙미,임효택,Ong, Ivy,Lim, Hyo-Taek The Korea Institute of Information and Commucation 2010 한국정보통신학회논문지 Vol.14 No.2

iATA는 TCP/IP 네트워크상에서 ATA 명령어를 전달하기 위해 개발된 블록-레벨 프로토콜로서, 모바일 기기의 스토리지 한계를 극복하기 위한 대안으로 활용 될 수 있다. 본 논문은 RAID5 분산 스토리지 서버 개념을 iATA에 적용하여 스토리지 서버의 신뢰성과 속도를 개선하고자 한다. 분산 스토리지 서버중 하나의 서버가 다운된 경우에 나머지 서버 데이터의 XOR 함수를 적용하여 데이터 회복이 가능하며 이를 통해 데이터의 신뢰성을 높일 수 있다. 벤치마킹 실험과 시험을 통해 제안된 iATA 프로토콜은 제한된 스토리지를 가지고 있는 모바일 기기상에서 효율적이 고도 신뢰성 있는 가상 스토리지 프로토콜로서 사용될 수 있음을 보여주고 있다. iATA (Internet Advanced Technology Attachment) is a block-level protocol developed to transfer ATA commands over TCP/IP network, as an alternative network storage solution to address insufficient storage problem in mobile devices. This paper employs RAID5 distributed storage servers concept into iATA, in which the idea behind is to combine several machines with relatively inexpensive disk drives into a server array that works as a single virtual storage device, thus increasing the reliability and speed of operations. In the case of one machine failed, the server array will not destroy immediately but able to function in a degradation mode. Meanwhile, information can be easily recovered by using boolean exclusive OR (XOR) logical function with the bit information on the remaining machines. We perform I/O measurement and benchmark tool result indicates that additional fault tolerance feature does not delay read/write operations with reasonable file size ranged in 4KB-2MB, yet higher data integrity objective is achieved.

Practical Attacks on Hybrid Group Key Management for SOHAN

Liew, Jiun-Hau,Ong, Ivy,Lee, Sang-Gon,Lim, Hyo-Taek,Lee, Hoon-Jae The Korea Institute of Information and Commucation 2010 Journal of information and communication convergen Vol.8 No.5

Lim et al. proposed a Hybrid Group Key Management scheme for Hierarchical Self-Organizing Sensor Network in 2008 to provide a secure way to pass down the group key for cluster-based communication. This paper presents two practical attacks on the scheme proposed by Lim et al. by tampering sensor nodes of a cluster to recover necessary secret keys and by exploiting the IDS employed by the scheme. The first attack enables a long-term but slow data fabrication while other attack causes more severe DoS on the access to cluster sensor nodes.