A Secure Multi-receivers E-mail Protocol

Baoyuan Kang,Danhui Xu 보안공학연구지원센터 2016 International Journal of Multimedia and Ubiquitous Vol.11 No.11

In open decentralized networks, it is important to make certain data available to only a selected group of users. For example, in a secure e-mail system, a user may send an e-mail to multiple receivers at once. Recently, Chen proposed a secure multicast key protocol for e-mail system based on Chinese Remainder Theorem. They claimed that their protocol provide perfect forward secrecy and ensure confidentiality and authentication. But, in this paper, we show that Chen’s protocol suffers from the sender and the e-mail server impersonation attacks and mail content confidentiality attack. Moreover, we give an improvement to Chen’s protocol. To contribute a secure multireceiver e-mail protocol, we propose a novel protocol by adopting Lagrange polynomial interpolation. We also discuss the security of the novel multireceiver e-mail protocol. Our protocol provides the perfect forward secrecy and resists unknown key-share attack, replay attack, sender impersonation attack, e-mail server impersonation attack and mail content confidentiality attack.

표준 AIS 프로토콜 분석을 통한 보안 AIS 프로토콜 제안

이정수(Jung-Su Lee),허욱(Ouk Heo),김재환(Jae-Hwan Kim),정성욱(Sung-Wook Chung) 한국정보전자통신기술학회 2016 한국정보전자통신기술학회논문지 Vol.9 No.1

최근 몽골 선적 화물선 침몰사고, 진도 세월호 여객선 침몰사고 등 해양 사고는 끊임없이 발생하고 있다. 이러한 해양 사고 발생 건수를 줄이기 위해 국제표준에 따라 국내선박은 AIS(Automatic Identification System) 시스템을 의무장착하고 있다. AIS 시스템은 선박 항해를 위한 정보들의 통신 프로토콜 체계이나 프로토콜 분석결과 표준 AIS 프로토콜은 보안성을 전혀 고려하지 않고 있음을 알 수 있다. 또한, The FUNcuve Dongle Pro+라는 위성 통신 수신기를 이용하면 손쉽게 AIS 무선 프로토콜을 Hijacking 할 수 있다. 따라서 본 논문에서는 AIS 시스템의 표준 프로토콜의 보안 취약점을 분석하고 안전한 선박통신을 위해 송수신자의 MAC Address를 표기하여 신뢰성을 확보하고, VPN Tunnelling 암호화 기법을 이용하여 DATA 전송 시 안전한 전송을 할 수 있는 프로토콜에 대해 제안한다. 그리고 본 논문에서 제안하는 프로토콜 구조를 사용하는 경우, 통신정보의 Hijacking 발생시 보다 안전한 데이터 송수신을 할 수 있음을 확인한다. 그래서 제안된 보안 AIS 프로토콜을 통하여 앞으로의 선박 안전 기술에 영향을 미칠 것으로 기대된다. Recently, marine accidents such as the sinking accident Mongol freighter ship and the sinking accident of Sewol ferry in Jindo continuously happen. In order to decrease the number of these marine accidents, Korean ships are obliged to follow the AIS(Automatic Identification System) system. The AIS protocol includes all information for sailing ships. However, the standard AIS protocol does not provide any security function, In addition, it is possible to hijack the standard AIS protocol in case of using a satellite communication device called FUNcuve Dongle Pro+. Therefore, this paper analyzes weak points of the security in the standard AIS protocol. Furthermore, this paper ensures reliability by marking the MAC Address of sender and receiver for secure communication and suggests the protocol that can securely send data, using the VPN Tunnelling method. Therefore, the suggested AIS protocol provides the secure communication to the AIS protocol and protect the messages in the AIS protocol, which can serve safe voyages by decreasing the marine accidents.

An eCK-secure Authenticated Key Exchange Protocol without Random Oracles

( Daisuke Moriyama ),( Tatsuaki Okamoto ) 한국인터넷정보학회 2011 KSII Transactions on Internet and Information Syst Vol.5 No.3

Two-party key exchange protocol is a mechanism in which two parties communicate with each other over an insecure channel and output the same session key. A key exchange protocol that is secure against an active adversary who can control and modify the exchanged messages is called authenticated key exchange (AKE) protocol. LaMacchia, Lauter and Mityagin presented a strong security definition for public key infrastructure (PKI) based two-pass protocol, which we call the extended Canetti-Krawczyk (eCK) security model, and some researchers have provided eCK-secure AKE protocols in recent years. However, almost all protocols are provably secure in the random oracle model or rely on a special implementation technique so-called the NAXOS trick. In this paper, we present a PKI-based two-pass AKE protocol that is secure in the eCK security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and does not rely on implementation techniques such as the NAXOS trick.

IPv6 네트워크에서 SEND 프로토콜의 구현

안개일,나재훈,An, Gae-Il,Nah, Jae-Hoon 한국통신학회 2007 韓國通信學會論文誌 Vol.32 No.7b

IPv6 유무선 로컬 네트워크에서 이웃하는 호스트와 라우터를 발견하기 위한 목적으로 ND (Neighbor Discovery) 프로토콜이 제안되었다. 그러나 ND 프로토콜은 악의 있는 사용자가 프로토콜 메시지를 위조하여 정상적인 호스트나 라우터로 위장하는 것이 가능하기 때문에 네트워크 공격에 취약한 문제를 가지고 있다. ND 프로토콜을 보호하기 위한 목적으로 SEND (Secure Neighbor Discovery) 프로토콜이 제안되었다. SEND 프로토콜은 주소 소유권 증명, 메시지 보호, 재현 공격 방지, 그리고 라우터 인증 메커니즘을 제공한다. 본 논문에서는 IPv6 네트워크상에서 핵심적으로 운용될 프로토콜중의 하나인 SEND 프로토콜을 설계 및 구현하다. 또한 본 논문에서 구현한 SEND 프로토콜을 IPv6 네트워크상에서 실험함으로써 SEND 프로토콜의 공격 방어 능력과 프로토콜의 성능을 평가하고 분석한다. Neighbor Discovery (ND) protocol was proposed to discover neighboring hosts and routers in IPv6 wire/wireless local networks. ND protocol, however, has a problem that it is vulnerable to network attacks because ND protocol allows malicious users to impersonate other legitimate hosts or routers by forging ND protocol messages. To address the security problem, Secure Neighbor Discovery (SEND) protocol was proposed. SEND protocol provides address ownership proof mechanism, ND protocol message protection mechanism, reply attack prevention mechanism, and router authentication mechanism to protect ND protocol. In this paper, we design and implement SEND protocol in IPv6 local networks. And also, we evaluate and analyze the security vulnerability and performance of SEND protocol by experimenting the implemented SEND protocol on IPv6 networks.

PV2JAVA: Automatic Generator of Security Protocol Implementations Written in Java Language from the Applied PI Calculus Proved in the Symbolic Model

Bo Meng,Yitong Yang,Jinli Zhang,Jintian Lu,Dejun Wang 보안공학연구지원센터 2016 International Journal of Security and Its Applicat Vol.10 No.11

In order to get the security protocol implementations written in programming language from formal languages in secure way, firstly, the model of implementation generation from security protocol implementations written in formal language is presented; Apart from that, an automatic generator PV2JAVA is developed, which can transform security protocol implementations written in the Applied PI calculus proved in the symbolic model into security protocol implementations written in Java language ; Finally, the method of software testing is used to provide a strong confidence in the correctness of the automatic generator PV2JAVA through five typical security protocols.

SSL과 패스워드 기반의 신용카드 간편결제 프로토콜

김선범(Seon Beom Kim),김민규(Min Gyu Kim),박종환(Jong Hwan Park) 한국정보보호학회 2016 정보보호학회논문지 Vol.26 No.3

현재 국내에서는 다양한 신용카드 간편결제 프로토콜이 제시되고 있다. 제시되는 프로토콜의 특징은 사용자 인증을 위해 공인인증서 대신 패스워드를 사용하고, ActiveX를 통해 별도의 보안모듈을 설치할 필요가 없다는 것이다. 본 논문에서는 표준화된 보안 프로토콜인 SSL(Secure Socket Layer)과 패스워드 인증을 이용하여 두 개의 새로운 간편결제 프로토콜을 제안한다. 첫 번째는 온라인 쇼핑몰과 PG(Payment Gateway)가 다른 경우로써 국외의 페이팔(PayPal)을 이용한 간편결제와 유사하고, 두 번째는 온라인 쇼핑몰과 PG가 같은 경우로써 국외의 아마존(Amazon)에서 제공하는 결제방식과 유사하다. 제안되는 두 개의 프로토콜 모두 온라인 쇼핑 시, 쇼핑과정과는 독립된 별도의 사전등록절차를 요구하지 않고 쇼핑과정에서 자연스럽게 등록 및 결제를 처리할 수 있다. 또한 로그인 패스워드와는 다른 결제 패스워드를 입력하도록 하여 안전성을 향상시켰다. 본 논문에서 제시한 프로토콜은 현재 다양한 업체에서 제시하는 간편결제 프로토콜을 보다 더 정확하게 이해하고, 그 안전성을 분석하는데 도움이 될 것이다. Recently, a plenty of credit card payment protocols have been proposed in Korea. Several features of proposed protocols include: using passwords for user authentication in stead of official certificate for authenticity, and no need to download additional security module via ActiveX into user’s devices. In this paper, we suggest two new credit card payment protocols that use both SSL(Security Socket Layer) as a standardized secure transaction protocol and password authentication to perform online shopping and payment. The first one is for the case where online shopping mall is different from PG(Payment Gateway) and can be compared to PayPal-based payment methods, and the second one is for the case where online shopping mall is the same as PG and thus can be compared to Amazon-like methods. Two proposed protocols do not require users to perform any pre-registration process which is separate from an underlying shopping process, instead users can perform both shopping and payment into a single process in a convenient way. Also, users are asked to input a distinct payment password, which increases the level of security in the payment protocols. We believe that two proposed protocols can help readers to better understand the recent payment protocols that are suggested by various vendors, and to analyze the security of their payment protocols.

Application-based Classification and Comparison of Secure Routing Protocols in Wireless sensor Networks

Imran A. Khan,Farooq Ahmad,Waleed Akram Baig,Mudasser Naseer 한국산학기술학회 2015 SmartCR Vol.5 No.3

Wireless Sensor Networks is an emergent field in computer network domains, and routing plays a key role in every wireless sensor network. In a wireless sensor network, an adversary can disturb the entire network by attacking routing services. These attacks are relatively easy to deploy against a wireless sensor network as opposed to traditional wired networks, because of the unattended nature of the deployment of sensor nodes. In the case of wireless sensor networks, the compromised routing messages result in the diffusion of incorrect routing information, which can disrupt network behavior. When considering these realities, securing a routing protocol is a key objective of every wireless sensor network. In this paper, we analyze different secure routing protocols and do a comprehensive survey in terms of their application areas, key distribution schemes, authentication schemes, basic security requirements, and their defense against different attacks. To make our survey more precise, we categorized the secure routing protocols into four groups: secure data-centric, secure hierarchical, secure location-based, and secure quality-of-service routing protocols. All secure routing protocols discussed in this survey paper fall under these four categories.

학술포럼 : 나고야-쿠알라룸푸르 추가의정서의 성립과정과 향후과제 -유전자변형생물체(LMO)의 환경방출사례를 중심으로-

박기주 ( Ki Ju Park ) 한남대학교 과학기술법연구소 2011 과학기술법연구 Vol.17 No.2

On 16 October 2010, a new international treaty, the Nagoya- Kuala Lumpur Supplementary Protocol on Liability and Redress to the Cartagena Protocol on Biosafety, was adopted at one of the largest intergovernmental meetings ever held on the safe use of modern biotechnology. The adoption of the new treaty was generated from the end of the five-day meeting of the governing body of the Cartagena Protocol on Biosafety (known as the Conference of the Parties serving as the meeting of the Parties to the Protocol or COP-MOP 5) and concluded six years of negotiations. The new supplementary Protocol provides international rules and procedure on liability and redress for damage to biodiversity resulting from living modified organisms The term "liability" is normally related with the obligation under the applicable law to provide for compensation for damage resulting from an action for which that person is deemed to be responsible. Liability and redress in the context of the Protocol concerns the question of what would happen if the transboundary movement of living modified organisms (LMOs) has caused damage. The issue of liability and redress for damage resulting from the transboundary movements of LMOs was one of the themes on the agenda during the negotiation of the Biosafety Protocol. The negotiators were, however, unable to reach any consensus regarding the details of a liability regime under the Protocol. The matter was, nevertheless, considered both critical and urgent. As a result, an enabling clause to that effect was included in the final text of the Protocol. The Protocol itself is not perfect for parties to lead their legislation. There are many problems to legislate this Protocol as new act for LMO`s damage. In this regard, legislator should focus on the purpose of this Protocol and deliberate its workable legal mechanism. Legislator should study distinctive features of LMO in legislation process and adopt effective civil procedure, civil liability system, buren of proving and financial security. It is anticipated that we will have amounts of obstacles in legislating this Protocol as effective and workable act for LMO`s damage. However, legislator should endeavor to establish and develop this Protocol as enforcing act for the safe use of LMO and the development of modern biotechnology.

WSN을 위한 클러스터 헤드의 멀티 홉 통신기반의 보안 향상된 라우팅 프로토콜

배장식,이명훈 보안공학연구지원센터 2018 보안공학연구논문지 Vol.15 No.2

Reducing node energy consumption and improving network security are two major goals in designing routing protocols. In this paper, a security enhanced routing protocol based on multi-hop communication of cluster head is designed. The proposed protocol is based on the LEACH protocol, layering the network into clusters, and evaluating the cluster head and the nodes of the cluster to enhance security. Multi-hop communication between cluster heads reduces the energy consumption of the cluster head node due to communication with the base station and improves the security on the routing path by using a traffic feedback detection mechanism. The simulation results show that the proposed protocol can balance the energy consumption of communication between cluster heads, extend the lifetime of wireless sensor networks and improve the security of the network. 무선 센서 네트워크에서 라우팅 프로토콜을 설계 할 때 노드의 에너지 소비를 줄이고 네트워크 안정성을 향상시키는 것이 주요한 목표이다. 본 논문에서는 클러스터 헤드의 멀티 홉 통신을 기반으로 하는 보안이 강화된 라우팅 프로토콜은 제안하였다. 제안 프로토콜은 LEACH를 기반으로 하여 네트워크를 클러스터로 계층화 하고 클러스터 헤드와 클러스터의 노드는 보안을 강화하기 위해 서로 평가한다. 클러스터 헤드 사이의 멀티 홉 통신은 기지국과의 통신으로 인한 클러스터 헤드의 에너지 소비를 줄이는 동시에, 트래픽정보 역전달 기법을 도입하여 통신경로상의 보안을 향상시켰다. 시뮬레이션 결과는 제안 프로토콜이 클러스터 헤드의 통신 에너지 소비를 균형 있게 유지하여 네트워크의 수명을 연장하며 네트워크의 보안을 향상시킬 수 있음을 보여준다.

Secure and Efficient Tag Searching in RFID Systems using Serverless Search Protocol

Sheikh I. Ahamed,Farzana Rahman,Endadul Hoque,Fahim Kawsar,Tatsuo Nakajima 보안공학연구지원센터 2008 International Journal of Security and Its Applicat Vol.2 No.4

In the coming pervasive society, Radio Frequency Identification(RFID) Tags will be affixed within every product and object including human. This technology is anticipated to be a major technology which will be utilized by several pervasive services where these tags will be used to identify various objects. However, the use of RFID tags may create new threats to the security and privacy of individuals holding RFID tags. Therefore, widespread deployment of RFID systems preserving users’ privacy and data integrity is a major security challenge of the coming year. That is why research related to privacy preserving authentication is growing. And the envision is that: RFID systems can intermingle into human lives if they can offer practical, low cost and secured mechanisms for tag authentication which has been in the midst of researcher’s interest for almost a decade. One extension of RFID authentication is RFID tag searching. Any RFID authentication protocol which provides adequate security and privacy can be used for RFID tag searching. However, when the number of tags within a system will increase, the overall data collection cost will also increase. Therefore, more efficient tag searching method is needed. RFID search protocol can play a major role for tag searching which has not been given much attention so far. But we firmly believe that in near future tag searching will be a significant issue. In this paper we propose a lightweight and serverless RFID tag searching protocol. This protocol can search a particular tag efficiently without server’s intervention. Furthermore they are secured against major security threats.