Jong-Hyouk Lee

Anonymous Authentication for Wireless Body Area Networks With Provable Security

Advances in wireless communications, embedded systems, and integrated circuit technologies have enabled the wireless body area network (WBAN) to become a promising networking paradigm. Over the last decade, as an important part of the Internet of Things, we have witnessed WBANs playing an increasing role in modern medical systems because of its capabilities to collect real-time biomedical data through intelligent medical sensors in or around the patients’ body and send the collected data to remote medical personnel for clinical diagnostics. WBANs not only bring us conveniences but also bring along the challenge of keeping data’s confidentiality and preserving patients’ privacy. In the past few years, several anonymous authentication (AA) schemes for WBANs were proposed to enhance security by protecting patients’ identities and by encrypting medical data. However, many of these schemes are not secure enough. First, we review the most recent AA scheme for WBANs and point out that it is not secure for medical applications by proposing an impersonation attack. After that, we propose a new AA scheme for WBANs and prove that it is provably secure. Our detailed analysis results demonstrate that our proposed AA scheme not only overcomes the security weaknesses in previous schemes but also has the same computation costs at a client side.

Cost analysis of IP mobility management protocols for consumer mobile devices

The rapid progress being made in mobile device technologies that enable consumers can enjoy Internet based multimedia/business services in travel will rely on IP mobility management protocols for enabling mobile services. The performance of mobility management protocols will largely effect on consumers¿ experiences. In this paper, an analytical cost model is developed for evaluating the performance of the existing IP mobility management protocols including the recently developed Proxy Mobile IPv6 (PMIPv6); they are analyzed and compared in terms of signaling cost, packet delivery cost, tunneling cost, and total cost. The conducted results identify each mobility management protocol¿s strengths and weaknesses that could be used to facilitate decision-making for consumer network design. In addition, suggestions for developing further PMIPv6 improvements are provided.

Comparative Handover Performance Analysis of IPv6 Mobility Management Protocols

IPv6 mobility management is one of the most challenging research topics for enabling mobility service in the forthcoming mobile wireless ecosystems. The Internet Engineering Task Force has been working for developing efficient IPv6 mobility management protocols. As a result, Mobile IPv6 and its extensions such as Fast Mobile IPv6 and Hierarchical Mobile IPv6 have been developed as host-based mobility management protocols. While the host-based mobility management protocols were being enhanced, the network-based mobility management protocols such as Proxy Mobile IPv6 (PMIPv6) and Fast Proxy Mobile IPv6 (FPMIPv6) have been standardized. In this paper, we analyze and compare existing IPv6 mobility management protocols including the recently standardized PMIPv6 and FPMIPv6. We identify each IPv6 mobility management protocols characteristics and performance indicators by examining handover operations. Then, we analyze the performance of the IPv6 mobility management protocols in terms of handover latency, handover blocking probability, and packet loss. Through the conducted numerical results, we summarize considerations for handover performance.

Performance Analysis of PMIPv6-Based NEtwork MObility for Intelligent Transportation Systems

While host mobility support for individual mobile hosts (MHs) has been widely investigated and developed over the past years, there has been relatively less attention to NEtwork MObility (NEMO). Since NEMO Basic Support (NEMO-BS) was developed, it has been the central pillar in Intelligent Transport Systems (ITS) communication architectures for maintaining the vehicles Internet connectivity. As the vehicle moves around, it attaches to a new access network and is required to register a new address obtained from the new access network to a home agent (HA). This location update of NEMO-BS often results in unacceptable long handover latency and increased traffic load to the vehicle. To address these issues, in this paper, we introduce new NEMO support protocols, which rely on mobility service provisioning entities introduced in Proxy Mobile IPv6 (PMIPv6), as possible mobility support protocols for ITS. As a base protocol, we present PMIPv6-based NEMO (P-NEMO) to maintain the vehicles Internet connectivity while moving and without participating in the location update management. In P-NEMO, the mobility management for the vehicle is supported by mobility service provisioning entities residing in a given PMIPv6 domain. To further improve handover performance, fast P-NEMO (FP-NEMO) has been developed as an extension protocol. FP-NEMO utilizes wireless L2 events to anticipate the vehicles handovers. The mobility service provisioning entities prepare the vehicles handover prior to the attachment of the vehicle to the new access network. Detailed handover procedures for P-NEMO and FP-NEMO are provided, and handover timing diagrams are presented to evaluate the performance of the proposed protocols. P-NEMO and FP-NEMO are compared with NEMO-BS in terms of traffic cost and handover latency.

Enhanced three-factor security protocol for consumer USB mass storage devices

The Universal Serial Bus (USB) is an extremely popular interface standard for computer peripheral connections and is widely used in consumer Mass Storage Devices (MSDs). While current consumer USB MSDs provide relatively high transmission speed and are convenient to carry, the use of USB MSDs has been prohibited in many commercial and everyday environments primarily due to security concerns. Security protocols have been previously proposed and a recent approach for the USB MSDs is to utilize multi-factor authentication. This paper proposes significant enhancements to the three-factor control protocol that now makes it secure under many types of attacks including the password guessing attack, the denial-of-service attack, and the replay attack. The proposed solution is presented with a rigorous security analysis and practical computational cost analysis to demonstrate the usefulness of this new security protocol for consumer USB MSDs.

One-to-Many Authentication for Access Control in Mobile Pay-TV Systems

In traditional authentication schemes for access control in mobile pay-TV systems, one-to-one delivery is used, i.e., one authentication message per request is delivered from a head-end system (HES) to a subscriber. The performance of one-to-one delivery for authentication is not satisfactory as it requires frequent operations which results in high bandwidth consumption. To address this issue, one-to-many authentication for access control in mobile pay-TV systems was developed. It requires only one broadcasted authentication message from a HES to subscribers if there are many requests for the same service in a short period of time. However, later it was revealed that the one-to-many authentication scheme was vulnerable to an impersonation attack, i.e., an attacker without any secret key could not only impersonate the mobile set (MS) to the HES but also impersonate the HES to the MS. Then, a new scheme has been recently introduced for secure operations of one-to-many authentication. However, as shown in this paper, the recent work for one-to-many authentication is still vulnerable to the impersonation attack. To mitigate this attack, in this paper, a new scheme for one-to-many authentication using bilinear pairing is proposed that eliminates security weaknesses in the previous work. Results obtained depict that the new improved scheme in this paper provides better performance in terms of computation and communication overheads.摘要创新点(1))对一个经典的一对多认证协议的安全性进行分析, 提出了一种有效的冒充攻击;(2)提出了一个安全高效的面向移动付费电视系统中访问控制的一对多认证协议;(3)给出了新的一对多认证协议的安全性分析和性能分析。摘要在面向移动付费电视系统中访问控制的传统认证协议中,一对一的交易方式被广泛应用,即:每收到一个请求, 前端系统都会发一个认证消息给用户。 频繁的操作导致很高的网络带宽消耗, 使得一对一的认证协议的性能并不能令人满意。 为了解决这个问题, 科研人员在 2009 年提出了一个面向移动付费电视系统中访问控制的一对多认证协议。当在一段时间内收到多个对相同服务的请求时, 前端系统只需要广播一个认证消息。 后来, 科研人员指出这个一对多认证协议不能抵抗冒充攻击, 即: 攻击者可以冒充移动设备从前端系统获取服务, 也可以冒充前端系统提供恶意服务。 随后, 科研人员提出了一个新的一对多认证协议。 本文发现, 新提出的这个协议仍然不能抵抗冒充攻击。本文利用双线性对构造了一个新的一对多认证协议。 该协议不仅可以克服以往协议的安全性问题, 还具有更好的计算和通讯性能。

Intelligent Mobile Video Surveillance System as a Bayesian Coalition Game in Vehicular Sensor Networks: Learning Automata Approach

In a mobile video surveillance system (MVSS), an efficient approach is required, so that captured video can be transmitted to its final destination under tight constraints of delay and accuracy. This paper presents a new intelligent MVSS using the concepts of Bayesian coalition game and learning automata (LA). These LA are assumed to be the players in a game and are deployed on vehicles. Coalition among players is formed using the Bayesian Coalition Game Theory. To decrease the delay that occurred during transmission of captured video to the nearest access points, the best path is chosen based on a new metric called Path Score, which is computed by each player in the game. For each action performed by the automata, their actions may be rewarded or penalized by a value, which is defined as a sequence, with respect to the inputs provided from the stochastic environment. According to the reward or penalty received from the environment, the automata update their action probability vector. After 15 iterations, a Nash equilibrium is achieved in the game by defining a twice-differentiable function in Banach spaces, and convergence of sequence is proved using the Cauchy convergence theorem. The performance of the proposed scheme is found to be better in comparison to the other state-of-the-art schemes, with respect to various performance evaluation metrics.

Anonymous two-factor authentication for consumer roaming service in global mobility networks

As a mechanism to secure access to a global mobility network (GLOMONET), authentication for consumer roaming service is an essential technology. Moreover, as mobile consumers are getting concerned about how much information network providers gather about them, privacy preservation is a serious concern these days. In this paper, a new authentication scheme is presented that provides a robust anonymous two-factor authentication for consumer roaming service in GLOMONETs. Detailed operational phases of the proposed scheme are provided. Security analysis is provided to confirm that the proposed scheme provides anonymity, authentication, and perfect forward secrecy. In addition, the proposed scheme is analyzed whether it withstands various attacks.

Lightweight ECC Based RFID Authentication Integrated with an ID Verifier Transfer Protocol

The radio frequency identification (RFID) technology has been widely adopted and being deployed as a dominant identification technology in a health care domain such as medical information authentication, patient tracking, blood transfusion medicine, etc. With more and more stringent security and privacy requirements to RFID based authentication schemes, elliptic curve cryptography (ECC) based RFID authentication schemes have been proposed to meet the requirements. However, many recently published ECC based RFID authentication schemes have serious security weaknesses. In this paper, we propose a new ECC based RFID authentication integrated with an ID verifier transfer protocol that overcomes the weaknesses of the existing schemes. A comprehensive security analysis has been conducted to show strong security properties that are provided from the proposed authentication scheme. Moreover, the performance of the proposed authentication scheme is analyzed in terms of computational cost, communicational cost, and storage requirement.

Peer-to-Peer Cooperative Caching for Data Dissemination in Urban Vehicular Communications

Vehicular communications are becoming an emerging technology for safety control, traffic control, urban monitoring, pollution control, and many other road safety and traffic efficiency applications. All these applications generate a lot of data which should be distributed among communication parties such as vehicles and users in an efficient manner. On the other hand, the generated data cause a significant load on a network infrastructure, which aims at providing uninterrupted services to the communication parties in an urban scenario. To make a balance of load on the network for such situations in the urban scenario, frequently accessed contents should be cached at specified locations either in the vehicles or at some other sites on the infrastructure providing connectivity to the vehicles. However, due to the high mobility and sparse distribution of the vehicles on the road, sometimes, it is not feasible to place the contents on the existing infrastructure, and useful information generated from the vehicles may not be sent to its final destination. To address this issue, in this paper, we propose a new peer-to-peer (P2P) cooperative caching scheme. To minimize the load on the infrastructure, traffic information among vehicles is shared in a P2P manner using a Markov chain model with three states. The replacement of existing data to accommodate newly arrived data is achieved in a probabilistic manner. The probability is calculated using the time to stay in a waiting state and the frequency of access of a particular data item in a given time interval. The performance of the proposed scheme is evaluated in comparison to those of existing schemes with respect to the metrics such as network congestion, query delay, and hit ratio. Analysis results show that the proposed scheme has reduced the congestion and query delay by 30% with an increase in the hit ratio by 20%.