Joon Heo

Design and Implementation of Control Mechanism for Standby Power Reduction

In other to save energy, several countries recently made laws related to standby power consumption. To success this exertion, we should consider not only power reduction of consumer electronics itself but also efficient automatic control in networked home environment. In this paper, we present a design approach and implementation result of control mechanism for standby power reduction. Proposed mechanism has the host-agent based structure and uses the IEEE 802.15.4 based ZigBee protocol for communication and security between host and agents. We verified reliability of proposed mechanism and reduction effect of standby power; also, we applied implemented device to scenario which is similar to user living pattern. Experimental results demonstrate that in the proposed mechanism, standby power consumption of Agent which is connected to consumer electronics can be reduced by 203 mW.

Efficient and Authenticated Key Agreement Mechanism in Low-Rate WPAN Environment

Generally sensor network and wireless ad hoc network use a symmetric key agreement scheme, although this mechanism has some problems, such as key management, complex network deployment and configuration. This is because the devices of sensor network have limitations such as power, memory, processor speed and implementation cost. The public key algorithms are considered to be too expensive in term of memory and processing requirements. In Low-Rate Wireless Personal Area Network (WPAN), we propose a new key agreement mechanism using the Security Manager (SM) for public key management based on the EC-MQV algorithm. And also, we define two security levels by means of devices power and security policies in the network. We have measured the performance of this mechanism and at the same time meeting the low implementation cost and low power.

A Security Mechanism for Automation Control in PLC-based Networks

In power line networks, the metering and control data can be modified by malicious attacker. We can expect that an attacker may be able to eavesdrop the transmission data, and may be able to send modified data to device for control system. This aspect is especially important if data should be used for billing or other power control purpose. In this paper, we propose a security provider using the encryption, key generation and authentication algorithm for automation system in PLC-based network. To prove the necessity and the efficiency of the proposed security mechanism, we have organized the automation metering system.

Collaborative Defense Mechanism Using Statistical Detection Method against DDoS Attacks

Distributed Denial-of-Service attack (DDoS) is one of the most outstanding menaces on the Internet. A DDoS attack generally attempts to overwhelm the victim in order to deny their services to legitimate users. A number of approaches have been proposed for defending against DDoS attacks accurately in real time. However, existing schemes have limits in terms of detection accuracy and delay if the IDRS (Intrusion Detection and Response System) deployed only at a specific location detects and responds against attacks. As in this case, it is not able to catch the characteristic of the attack which is distributed in large-scale. Moreover, the existing detection schemes have vulnerabilities to intellectual DDoS attacks which are able to avoid its detection threshold or delay its detection time. This paper suggests the effective DDoS defense system which uses the collaborative scheme among distributed IDRSs located in the vicinity of the attack source or victim network. In proposed scheme, both victim and source-end IDRS work synergistically to identify the attack and avoid false alarm rate up to great extent. Additionally, we propose the duplicate detection window scheme to detect various attacks dynamics which increase the detection threshold gradually in early stage. The proposed scheme can effectively detect and respond against these diverse DDoS attack dynamics.

Identity-based mutual device authentication schemes for PLC system

Power line communication (PLC) is a rapidly evolving technology, aiming to use electrical power lines for the transmission of data. With the expansion scale of PLC, the security issues in PLC system have been focused on as one of the challenging problems. Until now in several well-defined technical specifications, security mechanisms which are symmetric key based system have been defined and implemented; these symmetric key based security mechanism are uncomplicated ways to use in a small scale network. This paper presents public/private key distribution and device authentication schemes that adopt IBC (identity-based cryptography) concept in order to use public key based security scheme in large scale PLC system. By eliminating the needs of public key certificates, proposed scheme can reduce the complexity of deploying and managing authentication credentials.

Standby power control architecture in context-aware home networks

Standby power is the energy consumed by appliances when they are not performing their main functions or when they are switched off. In this paper, we propose a Host-Agent based standby power control architecture in context-aware home network. The proposed architecture uses the IEEE 802.15.4 based ZigBee protocol between Host and Agent for communication and security. We have made an experiment on according to various context-aware scenarios using the implemented prototype devices.

Lightweight IP Traceback Mechanism

A serious problem to fight attacks through network is that attackers use incorrect or spoofed IP addresses in attack packets. Due to the stateless nature of the internet structure, it is a difficult problem to determine the source of these spoofed IP packets. While many IP traceback techniques have been proposed, they all have shortcomings that limit their usability in practice. In this paper we propose new IP marking techniques to solve the IP traceback problem. We have measured the performance of this mechanism and at the same time meeting the efficient marking for traceback and low system overhead.

A Lightweight Identity Authentication Mechanism for Self-Organizing Wireless Sensor Networks

Rapid technological advances are being made toward developing self-organizing wireless sensor network. The essential purpose of such system is to sense the environment and inform users. Security and privacy protection are of extreme importance for many of the proposed applications of wireless sensor networks (WSNs). However, security in sensor networks is complicated by the lack of tamper-resistant hardware (to keep per-node costs low). In addition, sensor nodes have limited storage and computational resource. This paper proposes a lightweight identity authentication mechanism at the link layer for data frame in WSNs. With the proposed mechanism there are only n-bits for authentication, which can greatly reduce overhead. Statistical method and simulation results indicate that our mechanism is successful in handling MAC layer attack.

An identity authentication protocol for acknowledgment in IEEE 802.15.4 network

This paper proposes an identity authentication mechanism at the link layer for acknowledgment frame in IEEE 802.15.4 network. With the proposed mechanism there are only three bits for authentication, which can greatly reduce overhead. The encrypted bit stream for identity authentication will be transmitted to device by coordinator within association process. Statistical method indicates that our mechanism is successful in handling MAC layer attack.

An efficient and secured media access mechanism using the intelligent coordinator in low-rate WPAN environment

The convenience of IEEE 802.15.4 (Low-rate Wireless Personal Area Network) based wireless access network will lead to widespread deployment in the evolutionary computing and adaptive systems. However, this use is predicated on an implicit assumption of confidentiality and availability. In this environment, malicious device may obtain an unfair share of the channel bandwidth. For example, IEEE 802.15.4 requires nodes competing for getting access to the channel to wait for a backoff interval, randomly selected from a specified range, before initiating a transmission. Malicious devices may wait for smaller backoff intervals than well-behaved devices, thereby obtaining an unfair advantage. Such misbehavior can seriously degrade the throughput of well-behaved devices. In this paper, we proposed an intelligent coordinator, a modification to IEEE 802.15.4 specification to simplify the prevention of such malicious devices. Proposed coordinator is able to ascertain whether to apply PTP (Priority Time Period). Simulation results indicate that our prevention mechanism is successful in handling MAC layer misbehavior. We plan to foster our solution in the evolutionary computing systems through further development.