Beom-Hwan Chang

Preserving Identity Privacy in Wireless Mesh Networks

Wireless mesh network (WMN) has emerged as a key technology for a numerous number of applications because of its ease of deployment, low cost and flexibility of use. WMN infrastructure is a multihop network where mostly the nodes are static in nature. Preserving identity privacy is an important issue in this type of multihop WMN which has been given a little attention in the research community. Compromising privacy may lead an attacker to reveal users identity, his profiles and gain information about mobility. In this paper, we present an anonymous authentication scheme between mesh client and mesh router for preserving identity privacy and security in data communication in WMN. We have also shown the security and performance analysis of the proposed scheme.

The Vulnerability Assessment for Active Networks; Model, Policy, Procedures, and Performance Evaluations

Active Networks (ANs) are novel approaches to providing flexibility in the both network and service. ANs are realized with deployment of active nodes over network. For composing an active node, new components are required but may invite potential vulnerabilities. Many network-based attacks using vulnerabilities of new components can easily spread over network, because of the mobility of active packets. In order to prevent those attacks at the early stages, vulnerability assessment model for active networks is required. Because existing vulnerability models have limitations to be applied in ANs, we propose the Scalable Vulnerability Assessment Model (SVAM) that can efficiently manage vulnerable nodes in ANs. This approach provides good scalability by distributed vulnerability scanning mechanism based on policy and fast adaptability by automated deployment of new vulnerability scanning code.

Active security management based on secure zone cooperation

Due to its open protocol, the Internet has revolutionized computer networks, but this revolution brings new risks and threats. The best way to protect computer networks is to prevent attackers from intruding, using fast automated procedures. However, the current state of protection is insufficient, because providing for all attacks or preventing unknown types of attack is almost impossible, and the methods used are manual. We solve this problem by using active security management, based on sharing information about attacks and cooperation between organizations. Secure Zone Cooperation, a framework that establishes mutual collaboration and cooperation between trusted zones, can protect systems and networks from potential attacks. This framework can predict and respond to attacks by exchanging security information and cooperating with each zone. It is a dynamic, powerful security architecture that rapidly enables security policy to be updated and response modules to be deployed.

SVAM: The Scalable Vulnerability Analysis Model based on active networks

Active networks are novel approach to providing the flexibility in the network and service by allowing the network infrastructure to be programmable by using active packet, in which a traditional packet is replaced by a program which controls a behavior of nodes in the network. However, active packet may create new vulnerabilities at active node and attacks using those vulnerabilities can spread over network by mobility of active packet easily and rapidly. To be beforehand with preventing these attacks, we need the more scalable model than existing vulnerability analysis model. We present the Scalable Vulnerability Analysis Model which can manage vulnerable nodes quickly and efficiently in active networks. This approach provides good scalability by distributed vulnerability checking mechanism based on policy and fast adaptability by automated deploying mechanism of new vulnerability checking code. This approach will be suitable in large scale active networks.

A Study on Survivability of Node using Response Mechanism in Active Network Environment

Existing security solutions such as Firewell and IDS (Intrusion Detection System) have a trouble in getting accurate detection rate about new attack and can not block interior attack. That is, existing securuty solutions have various shortcomings. Shortcomings of these security solutions can be supplemented with mechanism which guarantees an availability of systems. The mechanism which guarantees the survivability of node is various, we approachintrusion telerance using real time response mechanism. The monitoring code monitors related resources of system for survivability of vulnerable systm continuously. When realted resources exceed threshold, monitoring and response code is deployed to run. These mechanism guarantees the availability of system. We propose control mathod about resource monitoring. The monitoring code operates with this method. The response code may be resident in active node for availability or execute a job when a request is occurred. We suggest the node survivability mechanism that integrates the intrusion tolerance mechanism that complements the problems of existing security solutions. The mechanism takes asvantage of the automated service distribution supported by Active Network infrastructure instead of passive solutions. The mechanism takes advantage of the automated service distribution supported by Active Network infrastructure instead of passive system reconfiguration and patch.