Souhwan Jung

HRP: A HMAC-based RFID mutual authentication protocol using PUF

RFID is one of the promising automatic identification systems. However, RFID is vulnerable to various threats such as tracking ID, cloning attack, spoofing attack, etc. Some mutual authentication protocols utilize cryptographic functions such as hash, but retrieving efficiency is very low. A naïve challenge-response protocols based on PUF which is innovative circuit primitives require maintaining huge challenge-response pairs. Some lightweight protocols based on PUF have been reported to be broken. This paper proposes a HMAC-based mutual authentication protocol using PUF for RFID to address the problems of previous protocols as above mentioned. The proposed protocol provides robust security properties as well as efficient enough for the active tags in terms of the computation.

A Fast and Efficient Handover Authentication Achieving Conditional Privacy in V2I Networks

This paper proposes a fast and efficient handover authentication with conditional privacy in V2I networks. One of the main challenges for achieving secure V2I communications is to accomplish a fast and efficient handover authentication for seamless IP-based services. Anonymous authentication with authority traceability is another important security issue. The basic idea is that a handover authentication occurs only between a vehicle and a roadside unit to reduce the cost of authentication time and communication overhead. After performing the handover authentication, the roadside unit notifies an AAA server of the authentication result and vehicles pseudonym ID, which does not affect the fast handover authentication. The proposed scheme is more efficient than the existing schemes in terms of authentication time and communication overhead. In addition, our work is the first study on conditional privacy preservation during a handover process in V2I networks.

ESSE: efficient secure session establishment for internet-integrated wireless sensor networks

The dramatically increasing number of connected things based on Internet protocol is leading to a new concept called the Internet of Things (IoT). The Internet-integrated wireless sensor network has recently become one of the most important service targets in IoT field. To provide secure IoT services, the IETF proposed using Datagram Transport Layer Security (DTLS) as a de facto security protocol. In this paper, we examine problems that can happen when applying the DTLS protocol to the IoT, which comprises constrained devices and constrained networks. To solve the problems at hand, we separate the DTLS protocol into a handshake phase (i.e., establishment phase) and an encryption phase (i.e., transmission phase). Our approach enhances the performance of both device and network by using a way to delegate the DTLS handshake phase. The proposed scheme supports secure end-to-end communication despite using delegation.

A Demonstration of Malicious Insider Attacks inside Cloud IaaS Vendor

 Abstract—Until now, many researches have carried out analyzing the vulnerabilities as well as finding the defense strategies for malicious insider (MI) at cloud environment. However, all these previous works only considered the perspective of MI attacks that are originated from tenant side in a public cloud. Furthermore, in these existing works, the MI attack techniques are only basically and abstractly described. Without the proof of concept, MI attacks are just theoretical threats. In this paper, we consider the scenario that MI executes the attack inside the Cloud IaaS vendor. Moreover, in order to show the realistic of MI attacks in the scenario, this paper introduces three concrete MI attacks with a proof of concept implementation based on existing tools. Three introduced MI attacks in this paper are: memory scanning, template poisoning, and snapshot cracking. The demonstration result shows that MI attacks inside cloud IaaS vendor are no longer potential threats but realistic issues that we need to consider.

A hash-chain based authentication scheme for fast handover in wireless network

This paper proposes a hash-chain based authentication scheme for fast handover in wireless network (HAS). The full authentication procedure described in IEEE 802.11 is inappropriate to be applied to a handover, since it has heavy operation and delay time during handover. Though various methods were proposed to solve the problem, the existing schemes degrade the security of authentication or impose the entire administrative burden of the authentication on the authentication server. The main focus of this paper is on reducing the administrative burden of the authentication server and enhances the security strength of the fast handover authentication. The proposed scheme in this paper is robust to the attack by a compromised AP by using hash key chain between a mobile station and the authentication server. The scheme also decentralizes the administrative burden of the authentication server to other network entities.

Threat Analysis on NEtwork MObility (NEMO)

NEMO (NEtworks in MOtion), currently being standardized under IETF, addresses issues such as connectivity, reachability and session continuity for nodes in a mobile network (i.e., the whole network or subnet moving from one Internet attached point to another). While the current NEMO basic proposal is based on the MobileIPv6 standard (and therefore, it is based on the security in MIPv6 as well) and relatively stable, in this paper, we study the security issues related to the NEMO basic protocol as well as its operation. After carefully analyzing various pieces of related standard protocols (for example, MIPv6 and IPsec) and their integration under the NEMO framework, we present here a list of interesting practical attacks against NEMO and their potential security damages. Finally, we examine two simple solutions to handle some of the attacks and describe their limitations.

Impacts of security protocols on real-time multimedia communications

International Standards Committees like ITU and IETF have produced several security protocols for real-time multimedia communications. But, applying those security mechanisms may results in non-trivial degradation to real-time communications. This paper investigates the impacts of the standard security protocols on the delay, packet overhead, quality of service, and other features of real-time communications. Some of analytical and experimental results show the suitability of the security protocols.

Heterogeneous routing protocol coordinator for mobile ad hoc networks

Lots of routing protocols have been proposed in the literatures to overcome several challenges in ad hoc networks. The fundamental point we consider in this paper is that most of such protocols are generally based on the assumption that mobile nodes are functionally equivalent to each other in computing power and memory space. Moreover, all of the mobile nodes are required to use a common routing protocol to communicate with each other. However, such assumptions do not reflect the real world, even further the future oriented ubiquitous world. The ubiquitous paradigm requires networking technologies to support the heterogeneity including various capabilities to compute, amounts of storage, radio interfaces, patterns of mobility and others. In real scenario, for instance, some nodes may not want to relay packets for others owing to their power constraints. Also there might be nodes employing different routing protocols in a single communication zone. To cover some of these cases, this paper proposes a simple but efficient approach called HRPC (Heterogeneous Routing Protocol Coordinator) that works well in our previously proposed MANET architecture. HRPC is not a stand-alone routing protocol but a coordinating module for support bridging functionality between heterogeneous routing protocols in MANET. This paper also gives HRPC implementation and its demonstration results, where DYMO and OLSR routing protocols are used as an exemplified scenario to evaluate the operability of HRPC.

Secure Password Authentication for Distributed Computing

This paper describes secure password-based authentication involving a trusted third party, while the previous secure password authentication schemes focused on authentication involving two parties who shares the password. Kerberos is a well-known password-based authentication protocol involving a trusted third party. However, Kerberos is weak against the dictionary attack and suffers from a single point of failure. Additionally, Kerberos cannot provide a forward secrecy, which protects past sessions and further compromise, when a password is revealed. Our password authentication schemes provides single sign on like Kerberos and is secure against on/off-line dictionary attack. Moreover, the schemes provide a forward secrecy, and reduces the damage of the single point of failure

Android Rooting: An Arms Race between Evasion and Detection

We present an arms race between rooting detection and rooting evasion. We investigate different methods to detect rooted device at both Java and native level and evaluate the counterattack from major hooking tools. To this end, an extensive study of Android rooting has been conducted, which includes the techniques to root the device and make it invisible to the detection of mobile antimalware product. We then analyze the evasion loopholes and in turn enhance our rooting detection tool. We also apply evasion techniques on rooted device and compare our work with 92 popular root checking applications and 18 banking and finance applications. Results show that most of them do not suffice and can be evaded through API hooking or static file renaming. Furthermore, over 28000 Android applications have been analyzed and evaluated in order to diagnose the characteristics of rooting in recent years. Our study shows that rooting has become more and more prevalent as an inevitable trend, and it raises big security concerns regarding detection and evasion. As a proof of concept, we have published our rooting detection application to Google Play Store to demonstrate the work presented in this paper.