DongYeop Hwang

An OAuth based authentication mechanism for IoT networks

Internet of things (IoT) has rapidly become one of the most familiar and perhaps most discussed topic on the research field. The attention for the Internet of Things is mainly due to the new connected products intended to bring greater efficiencies and simplicity to life. Variety of IoT applications lead to equally wide variety of security issues. In this paper, we propose an approach to provide secure authentication mechanism for an IoT network which consists of various kinds of constrained devices using a security manager. This proposed approach protects IoT network from unauthenticated users with security manager using OAuth 2.0 protocol. Moreover, this approach provides flexibility in managing IoT networks. The security manager provides authentication service for multiple IoT networks, which can also help to reduce the cost overhead to maintain secure database in IoT networks.

A window-based overload control considering the number of confirmation Massages for SIP server

The widespread use of SIP has exposed a lot of vulnerabilities in this protocol. Among them, overload can cause serious problems for SIP servers. SIP overload occurs when a SIP server does not have enough resources to process messages. In this paper, we proposed effective methods to control SIP server overload based on the Window-Based overload control method, considering not only the maximum window size but also the number of confirmation messages. The proposed method contributes to control the SIP server load as a steady state. It is shown that the suggested method can change the maximum window size dynamically considering the number of confirmation messages.

Scenario and countermeasure for replay attack using join request messages in LoRaWAN

LPWAN (Low Power Wide Area Networks) technologies have been attracting attention continuously in IoT (Internet of Things). LoRaWAN is present on the market as a LPWAN technology and it has features such as low power consumption, low transceiver chip cost and wide coverage area. In the LoRaWAN, end devices must perform a join procedure for participating in the network. Attackers could exploit the join procedure because it has vulnerability in terms of security. Replay attack is a method of exploiting the vulnerability in the join procedure. In this paper, we propose a attack scenario and a countermeasure against replay attack that may occur in the join request transfer process.

Reducing positioning errors in the important access point selection method for fingerprint localization by spatial partitioning

Recently, as the interest of location based services has increased, research on indoor positioning technology has been actively conducted. In particular, methods on fingerprinting that is less affected by obstacles has become a promising approach. In this paper, we propose a method to reduce positioning errors in the important access point selection method for fingerprint localization by spatial partitioning.

Risk analysis and countermeasure for bit-flipping attack in LoRaWAN

LoRaWAN is a wireless technology optimized for low data rate and wide transmission range in IoT. Several studies have reported a security vulnerability in the LoRaWAN that could develop into an attack: bit-flipping attack. The bit-flipping attack is an attack which can change specific fields on ciphertext without decryption. In this paper, we analyze the risk of the bit-flipping attack which might occur in LoRaWAN and propose a countermeasure to prevent it.

Escalator: An Autonomous Scheduling Scheme for Convergecast in TSCH

Time Slotted Channel Hopping (TSCH) is widely used in the industrial wireless sensor networks due to its high reliability and energy efficiency. Various timeslot and channel scheduling schemes have been proposed for achieving high reliability and energy efficiency for TSCH networks. Recently proposed autonomous scheduling schemes provide flexible timeslot scheduling based on the routing topology, but do not take into account the network traffic and packet forwarding delays. In this paper, we propose an autonomous scheduling scheme for convergecast in TSCH networks with RPL as a routing protocol, named Escalator. Escalator generates a consecutive timeslot schedule along the packet forwarding path to minimize the packet transmission delay. The schedule is generated autonomously by utilizing only the local routing topology information without any additional signaling with other nodes. The generated schedule is guaranteed to be conflict-free, in that all nodes in the network could transmit packets to the sink in every slotframe cycle. We implement Escalator and evaluate its performance with existing autonomous scheduling schemes through a testbed and simulation. Experimental results show that the proposed Escalator has lower end-to-end delay and higher packet delivery ratio compared to the existing schemes regardless of the network topology.

A hybrid mode to enhance the downward route performance in routing protocol for low power and lossy networks

An IPv6 routing protocol for low power and lossy networks provides an IPv6 communication for a wide range of applications in multi-hop mesh networks. The routing protocol for low power and lossy networks defines the creation and management of downward routes with two modes of operations: storing and non-storing modes. The storing and non-storing modes have weaknesses for memory constraints and packet traffic overheads, respectively. The storing mode may cause routing failures due to constraints on memory in routers and the non-storing mode may cause packet fragmentation that can become a factor for packet delays or loss. Then the problems may degrade the downward route performance in routing protocol for low power and lossy networks. Therefore, in this article, we propose a hybrid mode that combines the advantages of the existing two modes to improve the performance of downward packet transmission in routing protocol for low power and lossy networks networks. The proposed hybrid mode uses a new routing header format. The routing information for packet delivery is distributed with the extended routing header. We implement the proposed hybrid mode in Contiki OS environment to compare with existing techniques. From the experiment, it was observed that the proposed hybrid mode can improve the performance of downward packet transmission. Therefore, with the proposed hybrid mode, it is possible to configure a network enable to be composed of many leaf nodes with constrained memory. We also discuss future works.

An ECDH-based light-weight mutual authentication scheme on local SIP

The purpose of this paper is to propose a light-weight implementation of Transport Layer Security(TLS) handshake using Elliptic Curve Diffie-Hellman(ECDH) suitable for local Session Initiation Protocol(SIP) environment. TLS is a standard for the transport layer to ensure security in hop-by-hop communication of SIP and end-to-end communication over an insecure medium like the Internet. Since TLS is a protocol based on Public Key Infrastructure(PKI), it has advantages that it basically requires to deploy the infrastructure to issue certificates and it requires more time to encrypt and decrypt data. Basic idea of this paper is to improve TLS handshake authentication mechanism to make this mechanism light-weight. Currently, authentication is performed using certificates in TLS handshake procedure. In order to reduce the execution time taken by TLS handshake, ECDH based password authentication method will be applied as a replacement of the traditional certificate-based authentication scheme. Local SIP proxy server is constructed by one machine so that it can be easy to manage user ID and password. Thus this local network configuration is suitable for applying password authentication method as proposed in this paper. Additionally, the proposed implementation of the light-weight TLS handshake scheme can effectively improve overhead occurring at SIP call set-up time.

Multi-antenna channel capacity enhancement in wireless communication

Multiple antenna systems, such as Multiple Input Multiple Output (MIMO), are an important part of modern wireless communication standards such as IEEE 802.11n (Wi-Fi), 3GPP Long Term Evolution (LTE), WiMAX, HSPA+ and future technologies. Multiple antenna techniques can be either diversity techniques or spatial multiplexing techniques. In this paper we have proposed a two-step channel capacity enhancement scheme where the channel capacities of a multiple antenna System can be enhanced by some amount without using additional transmit power or spectral bandwidth. The first step is by decomposing and factoring the channel matrix into independent orthogonal AWGN(Additive White Gaussian Noise) sub channels to minimize correlation among the transmitted streams to facilitate the channel capacity to be the algebraic sum of the independent orthogonal sub channels. The second step is by configuring transmitting and receiving antennas in such a way that the resulting channel matrix would be symmetrical. This can be achieved by exploring CSI (Channel State Information) and antenna configurations at both ends of the link. Finally, we have evaluated the performance of our proposed scheme in Matlab simulation environments using Monte Carlo simulation mechanisms for different scenarios. The simulation results show that a significant channel capacity enhancement can be brought about at the expense of some additional resources and system complexity.