Kijoon Chae

An energy-efficient sensor routing scheme for home automation networks

In the emerging ubiquitous home, sensors are placed everywhere in the house and collect various physical data such as temperature, humidity, and light to provide information to consumer electronics devices. The devices are then automatically activated if necessary. For example, the ventilator works when the air is foul and the heating system performs according to the weather and the existence of people in the house. Because sensors have limited battery power, energy-efficient routing is important. In this paper, we present a new sensor routing scheme that provides energy-efficient data delivery from sensors to the home base station. The proposed scheme divides the home area into sectors and locates a manager node to each sector. The manager node receives collected data from sensors and delivers the data to the base station through the shortest path of the 2-dimensional (x, y) coordinates. Performance results show that the proposed scheme reduces energy consumption significantly compared with conventional sensor routing schemes.

A Combined Data Mining Approach for DDoS Attack Detection

Recently, as the serious damage caused by DDoS attacks increases, the rapid detection and the proper response mechanisms are urgent. However, existing security mechanisms do not provide effective defense against these attacks, or the defense capability of some mechanisms is only limited to specific DDoS attacks. It is necessary to analyze the fundamental features of DDoS attacks because these attacks can easily vary the used port/protocol, or operation method. In this paper, we propose a combined data mining approach for modeling the traffic pattern of normal and diverse attacks. This approach uses the automatic feature selection mechanism for selecting the important attributes. And the classifier is built with the theoretically selected attribute through the neural network. And then, our experimental results show that our approach can provide the best performance on the real network, in comparison with that by heuristic feature selection and any other single data mining approaches.

An Energy-Efficient Sensor Routing with low latency, scalability in Wireless Sensor Networks

Energy efficiency, low latency, scalability are important requirements for wireless sensor networks. Specially, because sensor nodes are usually battery powered, and highly resource constrained, energy- efficient routing sensor routing scheme with low latency, scalability in wireless sensor networks is very important. In this paper, we present a sensor routing scheme, EESR (energy-efficient sensor routing) that provides energy-efficient data delivery from sensors to the base station. The proposed scheme divides the area into sectors and locates a manager node to each sector. The manager node receives collected data from sensor devices in its corresponding sector and then transfers the data to the base station through the shortest path of the 2-dimensional (x, y) coordinates. In this process, we use relative direction based routing in the 2- dimensional (x, y) coordinates in wireless sensor networks. Via analysis and simulation, we show that the proposed scheme achieve significant energy savings and outperform idealized transitional schemes (e.g., broadcasting, directed diffusion, clustering) under the investigated scenarios.

A ticket-based AAA security mechanism in mobile IP network

This paper deals with an IP based mobility with AAA. In particular the problem of secure and efficient mobility service is investigated for Internet service providers and mobile wireless users. For this aim, in this paper, we propose a novel AAA service mechanism using a ticket that can support authentication and authorization for the mobile node and reduce delay and risk in authenticating a mobile node in Mobile IPv6. The extended AAA infrastructure, AAA Broker model, is also proposed for reducing delay in binding updates. The simulation results show that the use of tickets for a mobile node in AAA model reduces the latency and increases the security efficiency and the AAA Broker model minimizes the latency by reducing the exchange messages.

Denial-of-service (DoS) detection through practical entropy estimation on hierarchical sensor networks

Wireless sensor networks face acute security concerns in applications. To achieve security in sensor networks, it is important to be able to defend against denial-of-service (DoS) attack recently considered as an extremely threatening attack. In this paper, we propose a DoS detection method via practical entropy estimation on hierarchical sensor networks reflecting the resource constraints of sensors. In order to enhance the accuracy of detection even in the various deployments of attack agents, we deploy hierarchically entropy estimators according to network topology, and a main estimator synthesizes localized computation. This entropy estimator is simplified by only multiplication calculation instead of logarithm, in addition to providing higher estimation precision of entropy compared to the conventional entropy estimation. Our simulation results indicate that this hierarchical defense is a feasible method

An enhanced key management using ZigBee Pro for wireless sensor networks

In this paper, we propose an enhanced key management mechanism using ECDH(Elliptic Curve Diffie-Hellman) and subMAC for wireless sensor networks using ZigBee. ZigBee consumes low power and provides security in wireless sensor networks. ZigBee Pro enhances security and supports a large number of applications. Despite enhanced security, ZigBee Pro has vulnerabilities of key management, i.e., weakness of key distribution. We use ECDH for secure key distribution and subMAC to overcome the weakness of ECDH, i.e., no authentication and no prevention of man-in-the-middle attack. Using subMAC, we provide the authentication for transmitted messages and prevent man-in-the-middle attack and replay attack. Simulation results show our approach using ECDH and subMAC in ZigBee Pro is more efficient than existing ZigBee Pro in terms of run time and energy consumption. We prove security is enhanced.

An Efficient Security Management in IPv6 Network via MCGA

IPv6 has appeared for solving the address exhaustion of IPv4 and for guaranteeing the problems of security and QoS. It occurs because of the unexpected new attacks of IPv6 as well as the existing attacks of IPv4 because of the increasing address space to 128 bits and the address hierarchies for efficient network management and additions of the new messages between nodes and routers like neighbor discovery and auto address configuration for the various comfortable services. For the successful transition from IPv4 to IPv6, we should get the secure compatibility between IPv4 hosts or routers working based on secure and systematic policy and IPv6. The network manager should design security technologies for efficient management in IPv4/IPv6 co-existence network and IPv6 network and security management framework designation. In this paper, we inspected the characteristics of IPv4 and IPv6, study the security requirement for efficient security management of various attacks, protocol, service in IPv4/IPv6 co-existence and IPv6 network, and finally suggest solution about security vulnerability of IPv6 network in considering MCGA (modified cryptographically generated address).

An efficient data fusion and assurance mechanism using temporal and spatial correlations for home automation networks

In this paper, we propose an efficient and accurate data fusion mechanism through temporal and spatial correlations for Home Automation Networks. Data fusion is a process to decrease the transmission number of similar sensory values, thus its importance is in the spotlight because energy efficiency is a main issue on the networks. In order to reduce the transmission amount of data, each device decides whether to send new sensing data or not after comparing it with previous sensing values(temporal correlation) and the last transmitted value of the neighbor device(spatial correlation) which is a one-hop range via a predetermined user threshold. Our mechanism includes a commit and assurance process for security enhancement. For the performance evaluation of our mechanism, we use the temperature data measured on real networks and extend them using Gaussian distribution in order to obtain the more test data sets. The simulation results show that using both types of correlations is more efficient than just using one type for data fusion in terms of the data transmission amount and accuracy. Moreover, our simulation for the commit and assurance process demonstrates only slightly more energy.

The chamois component-based knowledge engineering framework

A prototype software framework and research testbed exploits recent findings in knowledge engineering to power an electronic commerce application. Chamois combines two main components. The infrastructure component consists of software products and prototype modules that provide key knowledge engineering technologies. The application component uses the infrastructure as a data and knowledge resource. We chose the primary application, an electronic commerce system, as our validation candidate because it includes various functional components that use the underlying knowledge engineering technology. These components include personalization, security, quality-of-service transmission of multimedia data, querying, and XML document management.

A fast defense mechanism against IP spoofing traffic in a NEMO environment

The boundary of a distributed denial of service attack, one of the most threatening attacks in a wired network, now extends to wireless mobile networks, following the appearance of a DDoS attack tool targeted at mobile phones. Many protocols and architectures for mobile networks were designed without regard to the possibility of a DDoS attack. Moreover, the existing defense mechanisms against such attacks in a wired network are not effective in a wireless mobile network, because of differences in their characteristics. In this paper, we propose a fast defense mechanism against IP spoofing traffic for mobile networks. IP spoofing is one of the features of a DDoS attack against which it is most difficult to defend. Among the various mobile networks, we focus on the Network Mobility standard that is being established by the NEMO Working Group in the IETF. Our defense consists of the following five processes: speedy detection, filtering of attack packets, identification of attack agents, isolation of attack agents, and notification of neighboring routers. We simulated and analyzed the effects on normal traffic of moving attack agents, and the results of applying our defense to a mobile network. Our experimental results show that our mechanism provides a robust defense.