Heung-Youl Youm

PAK-based Binding Update Method for Mobile IPv6 route optimization

This paper proposes an efficient and secure binding update authentication method for mobile IPv6 route optimization between a mobile node and its correspondent node. The proposed scheme assumes that the MN(Mobile Node) shares the password with the CN(Correspondent Node) and incorporates the PAK(Password-based Authenticated Key Exchange) protocol to authenticate the BU(Binding Update) message and derives the session key. Therefore, our proposed method can avoid the need of external security infrastructure like PKI (Public Key Infrastructure) and protect against the attacker who resides on the path sharing the same data link with CN.

Secure Authenticated Key Exchange protocol based on EC using Signcryption Scheme

A Signcryption proposed by Yuliang Zheng in 1997 is a hybrid public key primitive that combines a digital signature and an encryption. It provides more efficient method than a straightforward composition of a signature scheme with an encryption scheme. In a mobile communication environment, the authenticated key agreement protocol should be designed to have lower computational complexity and memory requirements. Therefore, in this paper, our proposed method that efficient authenticated key exchange protocol using Signcryption scheme and based on EC using Signcryption in mobile and wireless network. And we analyze computational cost and security requirements of proposed protocol.

Analysis of Personal Information Protection Circumstances based on Collecting and Storing Data in Privacy Policies

A field of privacy protection lacks statistical information about the current status, compared to other fields. On top of that, since it has not been classified as a concrete separate field, the related survey is only conducted as a part of such concrete areas. Furthermore, this trend of being regarded as a part of fields such as informatization, information protection and law will continue in the near future. In this paper, a novel and practical way for collecting and storing a big amout of data from 110,000 privacy policies by data controller is proposed and the real analysis results is also shown. The proposed method can save time and cost compared with the traditional survey-based method while maintaining or even advancing the accuracy of results and speediness of process. The collected big personal data can be used to set up various kinds of statistical models and they will play an important role as a breakthrough of observing the present status of privacy information protection policy. The big data concept is incorporated into the privacy protection and we can observe the method and some results throughout the paper.

An IP traceback mechanism against mobile attacker for IPv6 and PMIPv6

Many IP traceback mechanisms have been proposed to identify the source of cyber-attacks in the IPv4-based network, the so-called Internet. However, most of existing traceback work is focused on responding to cyber-attacks in the IPv4-based network. Currently, the IPv4-based network is gradually transitioning to the Next Generation Network based on IPv6. In addition, considering the importance of mobility of a portable computer and/or machine, practical traceback techniques applicable to IPv6 and Mobile IPv6 environment will become more important in the near future. In this paper, we review typical existing traceback mechanisms and PMIPv6 technique briefly and propose a traceback mechanism which can identify the source of mobile attackers in IPv6 and PMIPv6 network.

Improvements of Information Security Level in Electronic Financial Infrastructure(By Analyzing Information Security Management Level)

In recent years, security incidents such as personal information leakage, homepage hacking, DDoS and etc. – targeting finance companies(banks, securities companies, credit card companies, insurance companies and etc.) have increased steadily. In this paper, we analyze problems of information security management level in the existing electronic financial infrastructure from perspective of compliance and information security certification system and propose improvements to enable sustainable high level of information security activities under a comprehensive management system for the financial sector characteristics using ISMS, SECU-STAR and CNIVAM system.

Digital Legal Seal for Message Authentication Code

A digital legal seal device according to an embodiment includes a sensor part including a plurality of sensors for scanning a two-dimensional barcode; a processing part for generating a hash-based message authentication code from barcode data obtained by scanning the two-dimensional barcode through the plurality of sensors; and a display part for displaying a part of the hash-based message authentication code generated from the barcode data. So, it is possible to protect messages from hackers.