HyunGon Kim

Protection Against Packet Fragmentation Attacks at 6LoWPAN Adaptation Layer

The IPv6 over low-power wireless personal area network (6LoWPAN) typically includes devices that work together to connect the physical environment to real-world applications, e.g., wireless sensors. However, since, in some cases, security may be requested at the application layer as need, and then, security problems should be identified such as security threats model, threats analysis, attack scenarios, and light-weight security algorithms etc. This paper presents an analysis of security threats to the 6LoWPAN adaptation layer from the point of view of IP packet fragmentation attacks. And to protect replay attacks being occurred by IP packet fragmentations and to guarantee packet freshness, we also propose a protection mechanism against packet fragmentation attacks. The mechanism uses timestamp and nonce options that are added to the fragmented packets at the 6LoWPAN adaptation layer.

Understanding computer security behavioral intention in the workplace: An empirical study of Korean firms

Purpose – In organizations today, protecting information and computer assets from attacks or disaster has become one of the top managerial issues. The purpose of this paper is to propose and empirically test a comprehensive model of computer security behaviors of individuals in the workplace. Design/methodology/approach – The model was developed based on the reference disciplines of the theory of reasoned action, moral obligation, protection motivation theory (PMT), and organizational context factors. The measurements for the variables in the model, including computer security behavioral intention were adapted from prior studies, and their reliability and validity were verified by a confirmatory factor analysis. The model was empirically analyzed by structural equation modeling with respect to data from 162 employees in a number of organizations in Korea. Findings – The results indicate that moral obligation and organizational norms along with attitude toward computer security behavior have significant im...

Diffie-Hellman key based authentication in proxy mobile IPv6

Wireless communication service providers have been showing strong interest in Proxy Mobile IPv6 for providing network-based IP mobility management. This could be a prominent way to support IP mobility to mobile nodes, because Proxy Mobile IPv6 requires minimal functionalities on the mobile node. While several extensions for Proxy Mobile IPv6 are being developed in the Internet Engineering Task Force, there has been little attentions paid to developing efficient authentication mechanisms. An authentication scheme for a mobility protocol must protect signaling messages against various security threats, e.g., session stealing attack, intercept attack by redirection, replay attack, and key exposure, while minimizing authentication latency. In this paper, we propose a Diffie-Hellman key based authentication scheme that utilizes the low layer signaling to exchange Diffie-Hellman variables and allows mobility service provisioning entities to exchange mobile nodes profile and ongoing sessions securely. By utilizing the low layer signaling and context transfer between relevant nodes, the proposed authentication scheme minimizes authentication latency when the mobile node moves across different networks. In addition, thanks to the use of the Diffie-Hellman key agreement, pre-established security associations between mobility service provisioning entities are not required in the proposed authentication scheme so that network scalability in an operationally efficient manner is ensured. To ascertain its feasibility, security analysis and performance analysis are presented.

Secure and low latency handoff scheme for proxy mobile IPv6

Recently wireless 3rd generation mobile telecommunication service providers have been showing strong interest in network-based localized mobility management. This could be a prominent way to support IP mobility to mobile nodes, because it requires minimal functionality on the mobile node. However, there is a limited understanding of security provisioning, security infrastructure, low latency handoff, and deployment scenarios, etc. With the fundamental aim low latency handoff in the proxy Mobile IPv6, we introduce a new approach to minimize handoff latency which could eliminate time required for re-authentication by AAA server while the mobile node is roaming across the localized Proxy Mobile IPv6 domains. From a security perspective, this allows mobile access gateways to exchange mobile nodes policy profile and ongoing session securely using a variant of the Diffie-Hellman key agreement. To learn its feasibility, security analysis and handoff latency compared to existing handoff schemes are presented. The result shows that latency of the proposed handoff scheme is relatively lower than latency of the handoff scheme across Proxy Mobile IPv6 domains. This provides the confidentiality and integrity of a mobile nodes policy profile and ongoing sessions in the exchange phase additionally.

Regional CRL Distribution Based on the LBS for Vehicular Networks

To protect the members of the vehicular networks from malicious users and malfunctioning equipments, certificate revocation list (CRL) should be distributed as quickly and efficiently as possible without over-burdening the network. The common theme among existing methods in the literature to reduce distribution time is to reduce the size of the CRL, since smaller files can be distributed more quickly. Our proposal has been concerned with the problem of how to reduce the size of CRL effectively. We propose a regional CRL distribution method that introduces partitioned CRLs corresponding to certificate authority (CA) administrative regions. A regional CRL includes only neighbouring vehicle’s revoked certificates and distributed to vehicles within one CA region. Consequently, since there is no need to process full CRLs by all vehicles, the method can reduce computational overhead, long authentication delay, message signature and verification delay, and processing complexity imposed by full CRL distribution methods.

Nomadic Device Based CRL Acquisition Method for Vehicular Networks

Distributing a Certificate Revocation List (CRL) quickly to all vehicles in the system requires a very large number of road side units (RSUs) to be deployed and maintained by the CA. In reality, initial deployment stage of vehicular networks would be characterized by limited infrastructure as a result in very limited vehicle to infrastructure communication. However, every vehicle wants the most recent CRLs to protect itself from malicious users and malfunctioning equipments, as well as to increase the overall security of the vehicle networks. To address this challenge, we propose a nomadic device based CRL acquisition method using nomadic device’s communication capability with cellular networks. When a vehicle could not directly communicate with nearby RSUs, the nomadic device acts as a security mediator to perform vehicle’s security functions continuously through cellular networks. Therefore, even if RSUs are not deployed or sparsely deployed, vehicle’s security threats could be minimized by receiving the most recent CRLs in a reasonable time.

Design and Implementation of TPEG Based RFID Application Service

This paper presents the design of the TPEG-RFID event container and the results of a trial implementation. With regard to the designed TPEG-RFID event container, an example of its coding rules providing for RFID based bus-line information is presented. Implementation details of DMB data server and user terminal are also designed as software functional blocks. The presented implementation is an attempt to verify the feasibility of the designed TPEG-RFID application service system. In particular, the RFID based bus-line information service is specified. The test results show that users could utilize the current location based RFID application services with the designed system.

Implementation of credit-control authorization with embedded mobile IPv6 authentication

In next generation wireless networks, an application must be capable of rating service information in real-time and prior to initiation of the service it is necessary to check whether the end users account provides coverage for the requested service. However, to provide prepaid services effectively, credit-control should have minimal latency. In an endeavor to support real-time credit-control for Mobile IPv6 (MIPv6), we design an architecture model of credit-control authorization. The proposed integrated model combines a typical credit-control authorization procedure into the MIPv6 authentication procedure. We implement it on a single server for minimal latency. Thus, the server can perform credit-control authorization and MIPv6 authentication simultaneously. Implementation details are described as software blocks and units. In order to verify the feasibility of the proposed model, latency of credit-control authorization is measured according to various Extensible Authentication Protocol (EAP) authentication mechanisms. The performance results indicate that the proposed approach has considerably low latency compared with the existing separated models, in which credit-control authorization is separated from the MIPv6 authentication.