Jaeduck Choi

A handover authentication using credentials based on chameleon hashing

This letter proposes a handover authentication scheme using credentials based on chameleon hashing. The main challenges in handover authentication are to provide robust security and efficiency. The main idea of this letter is that credentials generated using the collision resistant hash function provide an authenticated ephemeral Diffie-Hellman key exchange only between a mobile node and an access point without communicating with an authentication server whenever a handover authentication occurs. Our scheme supports robust key exchange and efficient authentication procedure.

A Security Framework with Strong Non-Repudiation and Privacy in VANETs

This paper proposes a security framework with strong non-repudiation and privacy using new approach of ID-based cryptosystem in VANETs. To remove the overheads of certificate management in PKI, security frameworks using an ID-based cryptosystem are proposed. These systems, however, cannot guarantee strong non-repudiation and private communication since they suffer from the inherent weakness of an ID-based cryptosystem like the key escrow problem. The key idea of this paper is that the ID of the third-party is used as the verifier of vehicles ID and self-generated RSA public key instead of using the ID of the peers. Our scheme provides strong nonrepudiation and privacy preservation without the inherent weaknesses of an ID-based cryptosystem in VANETs. Also, the proposed scheme is efficient in terms of signature and verification time for safety-related applications.

A Secure and Efficient Handover Authentication Based on Light-Weight Diffie-Hellman on Mobile Node in FMIPv6

This letter proposes a secure and efficient handover authentication scheme that requires a light-weight Diffie-Hellman operation at mobile nodes. Our scheme provides more enhanced securities like the PFS, PBS, and so on than the existing security-context-transfer schemes. Also, the mobile node delegates the exponent operation for the DH to the access router to reduce computational cost on it.

A Fast and Efficient Handover Authentication Achieving Conditional Privacy in V2I Networks

This paper proposes a fast and efficient handover authentication with conditional privacy in V2I networks. One of the main challenges for achieving secure V2I communications is to accomplish a fast and efficient handover authentication for seamless IP-based services. Anonymous authentication with authority traceability is another important security issue. The basic idea is that a handover authentication occurs only between a vehicle and a roadside unit to reduce the cost of authentication time and communication overhead. After performing the handover authentication, the roadside unit notifies an AAA server of the authentication result and vehicles pseudonym ID, which does not affect the fast handover authentication. The proposed scheme is more efficient than the existing schemes in terms of authentication time and communication overhead. In addition, our work is the first study on conditional privacy preservation during a handover process in V2I networks.

Mutual Identification and Key Exchange Scheme in Secure VANETs Based on Group Signature

This paper proposes an identilication and key exchange scheme in secure VANETs based on group signature. Security requirements such as authentication, conditional privacy, non-repudiation, and confidentiality are required to satisfy various vehicular applications. Although the existinig group sIgnature schemes are suitable for secure vehicular communications, they do not provide mutual identification and key exchange for data confidentiality. The principal idea of this paper is that the proposed scheme allows only one credential to authenticate ephemeral Diffie-Hellman parameters generated be all the session keys. Our scheme achieves security requirements for various VANET-based applications.

Evidence Collecting System from Car Black Boxes

This demonstration shows how to effectively collect and manage information obtained from car black boxes in vehicular networks. The car black box is a vehicle-based CCTV which records video images, sound, GPS position, speed, and time. These data can be used for accurate car accident investigation and some public crimes prevention. However, there are important issues such as user privacy and a data management for a vehicle-based CCTV records. The proposed evidence collection system can reduce driver privacy concerns and communication and management overheads. Our contribution is that we propose a feasible and useful scenario for public safety.

A lightweight authentication and hop-by-hop security mechanism for SIP network

This paper proposes a lightweight authentication and hop-by-hop security scheme between the SIP UA and server. Although a number of security schemes for authentication and key exchange in SIP network are proposed, they still suffer from heavy computation overhead on the UApsilas side. The SIP UA in the proposed scheme delegates cryptographically computational operations such as the exponentiation operation or point multiplication to the SIP server without degrading security strength. Our scheme supports the user authentication and SIP signaling protection against potential threats instead of the HTTP digest and TLS between the SIP UA and server. The proposed scheme is more efficient than the existing schemes in terms of computation overhead.

IPSec support in NAT-PT scenario for IPv6 transition

Applying IPSec in NAT-PT environment for end-to-end security fails due to the problems caused by the IP header conversion in NAT-PT server. The IP header conversion causes the receiver to fail to verify the TCP/UDP checksum and the ICV value of the AH header. This study analyses potential problems in applying the IPSec between the IPv6-only node and an IPv4-only node, and proposes a solution to enable the receiver successfully ver-ify the IPSec packet. We also analyze that why the existing NAT-traversal so-lutions in IPv4 fails in NAT-PT environment.

Digital Evidence Acquisition Scheme using the Trusted Third Party in Smart Grid Infrastructure

Considerable number of major countries have put great efforts to leverage the efficiency of power consumption using Smart Grid in order to resolve the critical issues with drastical growing demands regarding electricity, the crisis of environmental pollution and so on. There has been increasing number of researches to construct Smart Grid in Korea as well. The threats of cyber terror attacks which might cause national crisises in terms of economy and society have been climbing up because of the fact that Smart Grid employs bi-directional communications embedding the cyber threats from existing/legacy communication networks. Consequently, it is required to build concrete response processes including investigation and analysis on cyber breaches into Smart Grid. However, the digital evidence acquisition techniques do not suffice to be deployed in Smart Grid systems despite of the fact that the techniques, against cyber breaches into well-known networks, have been studied in plenty of time. This work proposes a novel digital evidence acquisition scheme appropriate to Smart Grid systems through intensive investigation of the evidence acquisition requirements in Smart Grid and the historical evidence acquisition methods.

Demonstration of Spam and Security Mechanism in SIP-Based VoIP Services

This demonstration presents spam scenarios and a lightweight security mechanism for protecting spam calls in SIP-based VoIP services. Generally, VoIP providers have been applying only the HTTP digest scheme to authenticate a UA. They may be not consider protecting SIP signaling between the light-weight UA and the SIP proxy using the TLS mechanism since it suffers from the heavy overhead for computation on the resource-constrained UA. Therefore, the spammer can send SIP messages such as INVITE or 200 OK directly to the UA or the SIP proxy, and then communicate with the user by establishing a media channel. This paper demonstrates several spam scenarios when the TLS mechanism is not established at the light-weight SIP UA. Besides, we will show that these spam calls can be protected by using our proposed security scheme instead of TLS mechanism.