Adaptive authentication scheme for mobile devices in proxy MIPv6 networks

You, Ilsun,Lim, Jae Deok,Kim, Jeong Nyeo,Ahn, Hyobeom,Choi, Chang IET 2016 IET COMMUNICATIONS Vol.10 No.17

<P>Mobility management has become a core function in internet services and networks as mobile devices have been widely used and their capabilities have dramatically advanced. It is expected that proxy mobile IPv6 (PMIPv6), which is the most prominent solution, will play an important role in supporting these devices' mobility. To protect PMIPv6 networks, several authentication schemes have been presented. However, due to their static approach, the existing schemes failed to keep a good balance between security and efficiency. Motivated by this, the authors study an adaptive authentication scheme for mobile devices in PMIPv6 networks. In particular, the proposed scheme considers mobile nodes' context information to decide authentication strength, based on which adaptive authentication is performed. It is shown from the formal security verification and the example study that the proposed scheme is not only correct, but also achieves a good trade-off between security and efficiency</P>

SPFP: Ticket-based secure handover for fast proxy mobile IPv6 in 5G networks

You, Ilsun,Lee, Jong-Hyouk Elsevier 2017 COMPUTER NETWORKS - Vol.129 No.2

<P><B>Abstract</B></P> <P>Recently, Chuang et al. introduced a secure password authentication mechanism, called SPAM, for seamless handovers in Proxy Mobile IPv6 (PMIPv6). SPAM aimed at providing high security properties while optimizing handover latency and computation overhead, but as pointed out in this paper SPAM is vulnerable to replay and malicious insider attacks as well as the compromise of a single node. In this paper, a new Security Protocol for Fast PMIPv6, called SPFP, is proposed that provides a ticket-based secure handover for mobile nodes (MNs). In SPFP, a ticket containing authentication materials is used for fast handover authentication when an MN changes its attachment point. Moreover, the MN’s anonymity is supported for preserving location privacy. Detailed operations of initial authentication and handover authentication are presented with message flows. The formal security analysis of SPFP is provided with results of qualitative analysis and quantitative analysis.</P>

caTBUA: Context‐aware ticket‐based binding update authentication protocol for trust‐enabled mobile networks

You, Ilsun,Lee, Jong‐,Hyouk,Kim, Bonam John Wiley Sons, Ltd. 2010 International Journal of Communication Systems Vol.23 No.11

<P><B>Abstract</B></P><P>Existing binding update (BU) authentication protocols do not consider context information, such as trust, location, and current time, when verifying a mobile node's care‐of address (CoA). Instead, the correspondent node executes its own CoA validation in spite of facing a highly trusted situation or simply bypasses the CoA validation, making it difficult to maintain a reasonable trade‐off between security and efficiency. This paper applies the context‐aware concept to the BU process and proposes a new context‐aware ticket‐based binding update authentication (caTBUA) protocol. The proposed protocol dynamically performs an appropriate CoA validation based on the context information to achieve a good balance between security and efficiency. Utilizing numerical analysis to compare the performance of the proposed protocol to that of existing authentication protocols in terms of authentication cost and authentication message transmission latency confirmed that the proposed caTBUA protocol yields a better performance than the existing BU authentication protocols. Copyright © 2010 John Wiley & Sons, Ltd.</P>

Foreword of Part 1

Ilsun You,Byoung-Soo Koh 보안공학연구지원센터 2007 International Journal of Smart Home Vol.1 No.2

State of Art on Security Protocols for Fast Mobile IPv6

유일선(Ilsun You),요시아키 호리(Yoshiaki Hori),코우이치 사쿠라이(Kouichi Sakurai) 한국정보보호학회 2010 정보보호학회논문지 Vol.20 No.3

고속의 이동 IPv6 (FMIPv6: Fast Handover for Mobile IPv6) 프로토콜은 2 계층에서 지원 가능한 트리거의 도움으로 핸드오버시 발생하는 과도한 지연시간과 시그날링 메시지를 효과적으로 감소시켰다. 뛰어난 효율성에도 불구하고 FMIPv6는 다양한 공격과 위협에 노출되어 있기 때문에 이를 보호하기 위한 여러 보안 프로토콜이 제안되었다. 본 논문에서는 FMIPv6의 취약점 및 보안요구사항을 정의한 후, 이를 바탕으로 주요 보안 프로토콜의 보안특성을 비교 분석하였다. 분석결과는 본 저자들에 의해 제안되었던 프로토콜이 다른 기법에 비해 과도한 연산을 유발하지 않으며 강력한 보안성을 지니고 있다는 것을 보여 주었다. With the help of various Layer 2 triggers, Fast Handover for Mobile IPv6 (FMIPv6) considerably reduces the latency and the signaling messages incurred by the handover. Obviously, if not secured, the protocol is exposed to various security threats and attacks. In order to protect FMIPv6, several security protocols have been proposed. To our best knowledge, there is lack of analysis and comparison study on them though the security in FMIPv6 is recognized to be important. Motivated by this, we provide an overview of the security protocols for FMIPv6, followed by the comparison analysis on them. Also, the security threats and requirements are outlined before the protocols are explored. The comparison analysis result shows that the protocol presented by You, Sakurai and Hori is more secure than others while not resulting in high computation overhead. Finally, we introduce Proxy MIPv6 and its fast handover enhancements, then emphasizing the need for a proper security mechanism for them as a future work.

Secure and efficient protocol for fast handover in 5G mobile Xhaul networks

Sharma, Vishal,You, Ilsun,Leu, Fang-Yie,Atiquzzaman, Mohammed Academic Press 2018 Journal of network and computer applications Vol.102 No.-

<P><B>Abstract</B></P> <P>Mobile networks are observing an all time increase in the number of users and services. These networks have hit the 5G requisites in no time. Current service providers are aiming at resolving issues of subsisting networks by exploiting the capacity and coverage enhancement features of 5G. With a broad spectrum, it has now become more facile to accommodate an astronomically immense number of devices each having multiple applications authoritatively mandating network accessibility. Despite these advantages, such networks suffer from several issues cognate to smooth operations of fronthaul and backhaul, such as interference management, link-reliability, flatness, security and flexibility. Integrating fronthaul and backhaul together as a Xhaul is suggested as one of the efficient solutions for handling these issues. Xhaul forms integrated planes which use heterogeneous switches for high optical transmissions. Despite being efficient, Xhaul links are weak in terms of security. The situations will be more serious, particularly when a massive number of User Equipment (UE) and IoT devices are now connected to it. This issue is further raised when the terminal fortifying the fronthaul and backhaul moves leading to the formation of mobile Xhaul network. The current security solutions for WiFi, WiMax, WiBro, 4G/LTE are unable to fortify privacy and perfect forward secrecy in mobile Xhaul network, which is a quandary targeted in this paper. To resolve these issues, a novel key exchange and authentication protocol is proposed, which is capable of securing Xhaul links for a moving terminal in the network. The proposed approach is tested utilizing mobile ground node and drone as moving terminal across multiple hubs. The formal analysis utilizing BAN logic and AVISPA tool slake the security requisites and performance evaluation justifies the efficiency in comparison with the existing solutions.</P>

Secure and Energy-Efficient Handover in Fog Networks Using Blockchain-Based DMM

Sharma, Vishal,You, Ilsun,Palmieri, Francesco,Jayakody, Dushantha Nalin K.,Li, Jun IEEE 2018 IEEE communications magazine Vol.56 No.5

<P>Modern fog network architectures, empowered by IoT applications and 5G communications technologies, are characterized by the presence of a huge number of mobile nodes, which undergo frequent handovers, introducing a significant load on the involved network entities. Considering the distributed and flat nature of these architectures, DMM can be the only viable option for efficiently managing handovers in these scenarios. The existing DMM solutions are capable of providing smooth handovers, but lack robustness from the security point of view. Indeed, DMM depends on external mechanisms for handover security and uses a centralized device, which has obvious security and performance implications in flat architectures where hierarchical dependencies can introduce problems. We propose a new DMM schema based on the blockchain, capable of resolving hierarchical security issues without affecting the network layout, and also satisfying fully distributed security requirements with less consumption of energy.</P>

Resource-based mobility management for video users in 5G using catalytic computing

Sharma, Vishal,You, Ilsun,Kumar, Ravinder Elsevier 2018 Journal of Computer Communications Vol.118 No.-

<P><B>Abstract</B></P> <P>The upcoming 5G era emphasizes on a dramatic increase in the transmission rate of smartphone traffic. With more users operating at high rates, the type of data shared over the network is going to be complex and a majority of it will include video traffic. Such complex structure of traffic and heavy load over the components of the network are difficult to control. Further, the mobility of users adds up to this issue and makes it difficult to manage and operate the network without any breakdown. Thus, it important to control traffic as well as manage the mobility of users to provide efficient communication, which can support video traffic at high delivery rates. This paper proposes a novel resource-based mobility management approach for 5G networks comprising video users. A novel resource sharing paradigm, termed as “Catalytic Computing”, provides efficient management of user mobility as well as network resources. The proposed approach relies on Homogeneous discrete Markov model for user mobility patterns and a novel n-step algorithm for congestion prediction and selection of optimal routes between the serving terminals. An activation energy based handover mechanism is also presented in this paper, which reduces the handover latency in comparison with the existing solutions. The evaluation presented in the paper suggests that the proposed approach provides a minimum of 5.9 ms, maximum of 9.1 ms and an average of 6.5 ms latency during handoffs.</P>

Efficient Management and Fast Handovers in Software Defined Wireless Networks Using UAVs

Sharma, Vishal,Song, Fei,You, Ilsun,Chao, Han-Chieh IEEE 2017 IEEE network Vol.31 No.6

<P>Compared to traditional networking, SDN has better controllability and visibility for network components, which enable better management by using the common controller. In this article, the standard architecture of SDN is enhanced to utilize UAVs as on-demand forwarding switches. The proposed approach can achieve efficient management and fast handovers by decreasing the handover latency, E2E delay, and signaling overheads. The illustrated scenarios will help in understanding the impact of existing handover approaches in the next generation wireless networks, especially the upcoming 5G, which includes small cells, UAVs, UEs, and so on. The simulation study shows that scenarios with both UAVs and small cells perform better than scenarios with only small cells. The results in this article show that the proposed SDN-based handover scenarios perform better than the existing 4G-LTE handover for UAVs.</P>

마이크로소프트의 차세대 암호 라이브러리 구조에 관한 연구 및 오류-검출 도구 구현

이경률(Kyungroul Lee),유일선(Ilsun You),임강빈(Kangbin Yim) 한국정보보호학회 2016 정보보호학회논문지 Vol.26 No.1

본 논문은 마이크로소프트사의 CAPI를 대체하기 위하여 제안된 CNG의 구조와 특징, 프로그래밍 기법을 분석하였다. CNG는 플러그인 구조 기반의 독립된 모듈들로 구성되어 있기 때문에 구현해야 할 함수 및 기능의 범위를 최소화할 수 있어 개발비용과 확장 용이성 부분에서 CNG의 우수성을 잘 설명하고 있다. 또한, 확장성과 함께 최신의 암호화 알고리즘 및 감사 기능, 커널 모드 지원이 기업 및 공공기관 등의 환경에서 핵심 암호화 서비스로의 역할을 할 수 있게 한다. 따라서 이러한 기능들을 기반으로 기업과 공공기관이 조직 고유의 보안 요구사항에 맞게 CNG를 확장할 수 있도록 CNG 암호 라이브러리 구조에 대하여 분석하였다. 또한, 분석 결과를 기반으로 CNG 라이브러리를 활용하는 프로그램의 오류를 검출하기 위한 도구를 구현하였다. This paper introduces a structure, features and programming techniques for the CNG(Cryptography API: Next Generation), which is the substitution of the CAPI(Cryptography API) from Microsoft. The CNG allows to optimize a scope of functions and features because it is comprised of independent modules based on plug-in structure. Therefore, the CNG is competitive on development costs and agility to extend. In addition, the CNG supports various functions for the newest cryptographic algorithm, audit, kernel-mode programming with agility and possible to contribute for core cryptography services in a new environment. Therefore, based on these advantageous functions, we analyze the structure of CNG to extend it for the enterprise and the public office. In addition, we implement an error-detection tool for program which utilizes CNG library.