Chang-Seop Park

On certificate-based security protocols for wireless mobile communication systems

Mutual authentication and session key exchange protocols based on certificates for the wireless mobile communication/computing system are proposed. First, two improved versions for the conventional certificate-based systems are proposed, and an offline authentication mechanism based on the dynamic certificate is introduced. Then, an end-to-end internetwork-authenticated session key exchange protocol, which preserves a private communication between two mobile users, is finally proposed. In designing the security protocols proposed, the low computational power of the mobile stations and the low bandwidth of the wireless networks are considered.

Authentication protocol providing user anonymity and untraceability in wireless mobile communication systems

A method of integrating user authentication with anonymity and untraceability is presented based on the secret-key certificate and the algebraic structure of error-correcting codes. Authentication protocol proposed here provides a means for the authentication server to avoid the requirement of maintaining a secure database of user secrets. Especially, since the proposed protocol uses a symmetric-key cryptography and eliminates the key management problem, it is efficient and convenient for both the hardware-limited users and the authentication server.

Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patients life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physicians treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

Two-way Handshake protocol for improved security in IEEE 802.11 wireless LANs

Based on a fact that the 4-way Handshake protocol in IEEE 802.11 is not robust against a DoS (Denial of Service) attack, a new 2-way Handshake protocol is proposed, which is more secure and efficient than the 4-way Handshake protocol. Both protocols are used to derive a session key to protect the data frames, as well as providing mutual authentication between a mobile station and an access point, and key confirmation. In contrast to using random numbers to derive the session key in the 4-way Handshake protocol, a loosely synchronized sequence number is used in the proposed 2-way Handshake protocol. The two protocols are also compared in terms of the security and performance.

Secure and Energy-Efficient Join-Leave Operations in ZigBee Network

Since security plays an important role in several ZigBee applications, such as Smart Energy and medical sensor applications, ZigBee Specification includes various security mechanisms to protect ZigBee frames and infrastructure. Among them, the Join and Leave operations of ZigBee are investigated in this paper. The current Join-Leave operation is protected by the network key (a kind of group key). We claim it is not adequate to employ the network key for such purpose, and propose a new Join-Leave operation protected by the application link key (a kind of pairwise key), which is based on a more efficient key management scheme than that of ZigBee. Hence, the original Join operation consists of a total of 12 command frames, while the new Join operation consists of only 6 command frames. In particular, the security of the proposed Join-Leave operation is equivalent to or better than that of the original Join-Leave operation. The new Join-Leave operation is extensively analyzed in terms of security and efficiency, and compared with the original Join-Leave operation of ZigBee.

Enhanced Security Scheme to Support Secure and Fast ASN-anchored Mobility in Mobile WiMAX

Without providing a proper security measure to the handover procedure in Mobile WiMAX, several security attacks can be mounted. Even though security schemes have been previously proposed for this purpose, they are still vulnerable to several security attacks due to fatal design flaws. A newly proposed security scheme in this paper is based on the framework of authentication domain and concept of handover ticket. A method of establishing security associations within the authentication domain is proposed, and a lightweight security measure to protect the management messages associated with the handover is also proposed. Especially, using the handover ticket, the new security scheme can defend against a Redirection Attack arising from a compromised base station. The new security scheme is comparatively analyzed with the previous security schemes in terms of Replay, Session Hijacking, Man-In-The-Middle, and Redirection attacks.

A Secure and Efficient ECQV Implicit Certificate Issuance Protocol for the Internet of Things Applications

For the purpose of securing mutual communication, Internet of Things (IoT) applications should establish a security association in advance for two or more sensor devices acting as the roles of sensors and actuators. Even though the X-509-based public key certificate can be a viable solution for such purpose, it is not efficient to employ in the IEEE 802.15.4 network, since it is too large to be loaded in IEEE 802.15.4 frames. So, the elliptic-curve Qu–Vanstone (ECQV) implicit certificate has been employed for lightweight security association establishment for the IoT environment. However, it is mandatory to secure the transaction between the sensor device requesting the certificate and the certificate authority. The previous ECQV certificate issuance protocol has several weaknesses, in terms of security and efficiency. In this paper, we propose a new ECQV certificate issuance protocol that addresses the security problems of the previous protocol. Our protocol design is based on integration into the secure join protocol of the IEEE 802.15.4, where we employ a cryptographically generated address for security bootstrapping to secure the join and certificate issuance protocol. We extensively analyze and compare our protocol with the previous protocol in terms of security and performance.

Authenticated fast handover scheme in the hierarchical mobile IPv6

In this paper, we design and propose an efficient and secure authentication method for global and local binding update in HMIPv6 as well as for fast handover in HMIPv6. Also, we introduce a group key management scheme among MAP and ARs in a MAP domain and use a ticket to authenticate local binding update message. We analyze the security and for the comparison with other schemes, analyze performance using the random-walk mobility model and present numerical results based on it.

A Key Management Scheme for Secure Mobile IP Registration Based on AAA Protocol

We introduce a new hierarchical key management scheme which can be applied for secure Mobile IP registration protocol. Contrary to the previous schemes, AAA protocol used for registration key distribution is separated from the base registration protocol, so that the registration key distribution can be simplified and the delay caused by the AAA protocol can be avoided. Also proposed is the non-repudiation service based on a hash chain, which is useful for secure auditing.

MIPv6 binding update protocol secure against both redirect and dos attacks

We propose a new binding update (BU) protocol between mobile node (MN) and correspondent node (CN) for the purpose of preventing redirect attacks and DoS attacks observed from the existing BU protocols and enhancing the efficiency of the BU protocol. Home agent plays a role of both authentication server validating BU message and session key distribution center for MN and CN. Also proposed is stateless Diffie-Hellman key agreement based on cryptographically generated address (CGA). Security of our proposed protocol is analyzed and compared with other protocols.