Byung kwan Lee

An IP Traceback Protocol using a Compressed Hash Table, a Sinkhole Router and Data Mining based on Network Forensics against Network Attacks

The Source Path Isolation Engine (SPIE) is based on a bloom filter. The SPIE is designed to improve the memory efficiency by storing in a bloom filter the information on packets that are passing through routers, but the bloom filter must be initialized periodically because of its limited memory. Thus, there is a problem that the SPIE cannot trace back the attack packets that passed through the routers earlier. To address this problem, this paper proposes an IP Traceback Protocol (ITP) that uses a Compressed Hash Table, a Sinkhole Router and Data Mining based on network forensics against network attacks. The ITP embeds in routers the Compressed Hash Table Module (CHTM), which compresses the contents of a Hash Table and also stores the result in a database. This protocol can trace an attack back not only in real time using a hash table but also periodically using a Compressed Hash Table (CHT). Moreover, the ITP detects a replay attack by attaching time-stamps to the messages and verifies its integrity by hashing it. This protocol also strengthens the attack packet filtering function of routers for the System Manager to update the attack list in the routers periodically and improves the Attack Detection Rate using the association rule among the attack packets with an Apriori algorithm.

A MEP (mobile electronic payment) and IntCA protocol design

This paper proposes an MEP (Mobile Secure Electronic Payment) protocol, which uses ECC (Elliptic Curve Cryptosystem with F2m not Fp) [1, 2, 3], SHA (Secure Hash Algorithm) and BSB instead of RSA and DES. To improve the strength of encryption and the speed of processing under mobile environment, the public key and the private key of ECC are used for BSB [5, 6] algorithm, which generates session keys for the data encryption. In particular, when ECC is combined with BSB, the strength of security is improved significantly. As the process of the digital envelope used in the existing SET protocol is removed by the BSB algorithm in this paper, the processing time is substantially reduced. In particular, when authenticating each other, instead of using external CA, MEP uses IntCA (IntraCA), which is more suitable for mobile environment. In addition, the use of multiple signatures has some advantages of reducing the size of transmission data as an intermediate payment agent and avoiding the danger of eavesdropping of private keys.

HESSL (highly enhanced security socket layer) protocol

SSL (secure socket layer) is currently the most widely deployed security protocol, and consists of many security algorithms, but it has some problems on processing time and security. This paper proposes an HESSL (highly enhanced security socket layer) protocol that provides better security and processing time than an existing SSL protocol. As HESSL consists of just F/sub 2m/ ECC (elliptic curve cryptosystem), F/sub 2m/ HECC, BSB, and SHA algorithm, this protocol reduces handshaking process by concatenating a shared private key of F/sub 2m/ ECC, F/sub 2m/ HECC and proposed BSB and improves processing time. In particular, BSB algorithm provides better confidentiality than those used by SSL because of four processes of byte-exchange key, shift round key, ASCII code key and bit-xor key after selecting two blocks randomly.

An ASEP (advanced secure electronic payment) protocol design using 3BC and ECC(F/sub 2//sup m/) algorithm

Unlike SET (secure electronic transaction) protocol. We propose an ASEP (advanced secure electronic payment) protocol, which uses ECC (elliptic curve cryptosystem with F/sub 2/ not F/sub p/) [N. Koblitz, (1987), V. S Miler, (1986), G. Harper et al., (1993)], SHA (secure hash algorithm) and 3BC (block byte bit cipher) instead of RSA and DES. To improve the strength of encryption and the speed of processing, the public key and the private key of ECC are used in SBC [I. S. Cho (2002)] algorithm, which generates session keys for the data encryption. In particular, when ECC is combined with SBC, the strength of security is improved significantly. As the process of the digital envelope used in the existing SET protocol is removed by the SBC algorithm, the processing time is substantially reduced. In addition, the use of multiple signatures has some advantages of reducing the size of transmission data as an intermediate payment agent and avoiding the danger of eavesdropping of private keys.

A Healthcare Decision-Making Model Using a Classifier-Based Disease Reasoning

This paper proposes a Healthcare Decision-making Model using a Classifier-based Disease Reasoning. The proposed model consists of a Classifier-based Filtering Module (CFM) and a Disease Reasoning Module (DRM). The CFM extracts only the data necessary for a Decision-making by filtering Disease and Therapy data with a Classifier based Feature Elimination (CFE) algorithm. The DRM generates disease reasoning rules with the data extracted from the CFM by using Markov Process and makes a decision with the generated reasoning rules. The experimental result, the precision of CFE algorithm is improved better than that of the SVM by average 4.7%. In addition, the reasoning result generated by the DRM excels the C 4.5 algorithm by 2% in precision.

PGNIDS(Pattern-Graph based network intrusion detection system) design

PGNIDS(Pattern-Graph based Network Intrusion Detection System) generates the audit data that can estimate intrusion with the packets collected from network. An existing IDS(Intrusion Detection System), when it estimates an intrusion by reading all the incoming packets in network, takes more time than the proposed PGNIDS does. As this proposed PGNIDS not only classifies the audit data into alert and log through ADGM(Audit Data Generation Module) and stores them in the database, but also estimates the intrusion by using pattern graph that classifies IDPM(Intrusion Detection Pattern Module) and event type, Therefore, it takes less time to collect packets and analyze them than the existing IDS, and reacts about abnormal intrusion real time. In addition, it is possible for this to detect the devious intrusion detection by generating pattern graph.

A HIICA(Highly-Improved intra CA) design for m-commerce

HIICA(Highly-improved Intra CA) proposed in this paper is internal CA which highly improved by using OCSP(Online Certificate Status Protocol)and LDAP(Lightweight Directory Access Protocol). It provides more security and confidentiality than external CA. As HIICA is provided with certification policy from PCA(Policy Certificate Authority) and sets an special environment like subscriber registration process, it reduces additional expense and strengthens the security at the certificate request process through HIICA agent. Therefore, secure electronic payment system is optimized through HIICA design that removed the existing CA complex process and unsecure elements.

A Feature-Based Algorithm for Recognizing Gestures on Portable Computers

Pen gestures are a promising feature of pen-based user interface. Recently, as the supply of pen-based portable computers such as PDAs has increased, so has the usage of them. But they have not yet been fully exploited. In this paper we proposed a new gesture set which consists of eight gestures for editing electronic ink data and a feature-based recognition algorithm to identify gestures. We implemented GesEdit, the gesture-allowed ink editor on PDAs, to verify the proposed algorithm. A variety of experiments involving twenty users showed that the gesture recognition rate reached 99.6%. In addition, they showed that the algorithm was efficient as much portable devices as desktop computers.

Performance evaluation of a relocation method for mobile computing maintaining data consistency

Recently, a method to use replicated data on a server in order to get new data without missing any information has been studied on wireless telecommunication networks and satellite services. Static Replica Allocation (SRA) that traditional scheme has been used for the replication method on the server. This replicates the data on the replica server after a moving host has been transferred to another cell. In case the number of users is smaller than that of cells, the network of the SRA is an efficient scheme in the standpoint of access cost, and if there are few moving users, no trouble will happen. But if there are no moving users in a cell, the data will not be shared. This paper proposes new method of relocation, that is, USRA (User Select Replica Allocation) based on data consistency scheme (called USRAC) after replicating the data to the cells for the users, and also analyzes access cost according to the moving rate of mobile users, according to the access rate of mobile hosts, and according to the number of cells of mobile users and mobile hosts.