Abstract: A method and apparatus for authenticating a sensor node in a sensor network. The method for authenticating a sensor node by a first sink node in a sensor network includes receiving an authentication request using an authentication ticket from the sensor node, identifying a second sink node which has issued the authentication ticket, decoding the authentication ticket using a group key, which is previously stored in correspondence to the second sink node to confirm the validity of the authentication ticket, when the second sink node is included in a neighboring node list, normally processing authentication for the sensor node, generating an authentication ticket using a group key of the first sink node, and transmitting the generated authentication ticket to the sensor node.

Abstract: Disclosed a system and method for mutual authentication between a node and a sink in a sensor network. At least one sink periodically creates a neighboring sink list including information on at least one adjacent sink, and the sink requests node authentication to a base station when receiving an authentication request from the node and transmits its own neighboring sink list to the node when the node authentication has been completed. When the node moves and requests authentication to another sink, the another sink stores a neighboring sink list received from the node, determines if a node-authenticable sink exists in its own neighboring sink list according to the authentication request, and requests re-authentication of the node to the node-authenticable sink when the node-authenticable sink exists, so that re-authentication between the node and the sink is easily performed.

Abstract: An apparatus and method for providing data packet security in a wireless sensor network including a plurality of sensor nodes. The apparatus includes a memory unit for storing a plurality of node characteristic information and a plurality of settable security status information, each of the node characteristic information corresponding to at least one of the settable security status information; and a control unit for examining the node characteristic information of the control unit, if a data packet generation request is made, detecting the security status information corresponding to the examined node characteristic information from the memory unit, and generating data packets including the detected security status information.

Abstract: A system for providing security in a mobile Microwave Access (WiMAX) network system is constructed with a licensed certification authority providing a certificate and a first encryption module storing the certificate provided by the licensed certification authority, encrypting a traffic encryption key and a message generated by the first encryption module with the stored certificate, and transmitting the encrypted traffic encryption key and message to a destination. When receiving a message encrypted with a traffic encryption key, the first encryption module decrypts the received message with the traffic encryption key generated by the first encryption module and processes the message. The system is further constructed with a second encryption module.

Abstract: A method, apparatus and system for displaying topology information of a wireless sensor network includes a plurality of sensor nodes. The method typically includes: receiving node information collected and extracted from the sensor nodes; comparing the received node information with stored node information; computing, when the received node information is unequal to the stored node information, visualization information on a sensor node whose information is not present in the stored node information; and displaying the sensor nodes on concentric circles using the visualization information.

Abstract: A method for preventing a replay attack is provided. A prime number is mutually exchanged between a main node and children nodes. The main node generates a Prime Sequence Code Matrix (PSCM) corresponding to the prime number, notifies the children nodes of sequence orders corresponding to the children nodes. The main node selects an arbitrary value of a Prime Sequence Code-1 (PSC1) among a series of values corresponding to an arbitrary node in the PSCM. The arbitrary node computes a Prime Sequence Code-2 (PSC2) subsequent to receiving the PSC1 using a sequence order received from the main node and the prime number. The PSC2 is transmitted to the main node. The main node compares the received PSC2 with the PSCM. The method can be easily applied by supplementing a weakness for a replay attack on the basis of an IEEE 802.15-4-2006 standard and minimizing system load.

Abstract: A mobility header compression method and system for an IPv6-based LoWPAN is provided for supporting IPv6 mobility to the IPv6-based LoWPAN checks a packet carrying data and a first and a second headers containing transmission information about the data to determine whether the second header contains a compressed Internet Protocol version 6 (IPv6) information. When the second header contains a compressed IPv6 information, ands followed by a mobility header, a mobility support-indicative field of the first header is set to indicate that the second header is followed by the mobility header and the rest of the fields of the second header are compressed except for the mobility header-indicative field. A mobility information-indicative field of the mobility header is set to indicate inclusion of mobility information; and the rest of the fields of the mobility header are compressed except for the mobility information-indicative field.

Abstract: A mobility management system and method is provided for efficiently support mobility to an IPv6 based LoWpan. The mobility management method for Internet Protocol version 6 (IPv6) based personal area network (PAN) moving with a mobile router according to the present invention includes detecting, at a mobile terminal, movement of the mobile router; determining whether the movement is an intra-network movement or an inter-network movement, transmitting, when the movement is an intra-network movement, a neighbor discovery request message to a gateway of a currently attached network and receiving a neighbor discovery response message containing a temporary address transmitted by the gateway in response to the neighbor discovery request message. When the movement is an inter-network movement, the gateway receives the binding acknowledgement message from a home agent and establishes a bidirectional tunnel with the home agent.

Abstract: A method and system for detecting a suspicious frame in a wireless sensor network that includes: a plurality of sensor nodes, for sending sensed data and data regarding an upper-level node and cluster head node. A data collecting node receives data from the sensor nodes, sends information, and extracts data received from the sensor nodes. A first probability of occurrence of the routing path is computed with respect to training frames, and a second probability of occurrence of a source routing path is computed using the first probability. The second probability is compared with a reference value, and displays an indication notifying an abnormality of the source node according to when the second probability and the reference value.

Abstract: A medium access control (MAC) frame provision method establishes security in an IEEE 802.15.4 network. A MAC frame is generated, which includes a MAC header, a payload field, and a frame check sequence (FCS) field, the payload field including relevant main data according to a frame type defined in the MAC header. A disguised decoy data sequence number (DSN) is generated and inserted into the MAC header. A real DSN, which is a corresponding transmission sequence number of the MAC frame, is generated and inserted into the payload field. The MAC frame is transmitted, including the encrypted payload field, to a counterpart node. A MAC ACK frame acknowledges reception of the transmitted MAC frame; and a DSN is compared in the received MAC ACK frame with the real DSN. An authentication of the counterpart node is performed when the received MAC ACK frame is equal to the real DSN.

Abstract: A method for controlling a camera through a Multi-Hop-based wireless sensor network includes: sensing whether an event occurs or not in a corresponding area and transmitting position information on the corresponding area and type information on the event, converting the received position information on the event into a movement control signal for the camera, calculating camera driving values in a left/right direction and an up/down direction using the converted signal, controlling a zoom-in operation of the camera lens using the calculated camera driving values according to the received event type and photographing an object located in the corresponding direction, and transmitting the photographed images over the outer network.

Abstract: A method for transmitting/receiving data with transfer obligation delegated in a Wireless Sensor Network (WSN) reduces the time and power spent by a transmitting apparatus to wait for acknowledgment that a data transfer was successful. The method for transmitting data from a transmitting end to a receiving end through a set transfer route by multiple data transmit/receive apparatuses provided in a Wireless Sensor Network (WSN), typically includes the steps of: performing temporary storage of data to be transmitted on receiving a request to transmit data; requesting a data transmit/receive apparatus, existing on a next route, to transmit data while transmitting data to a data transmit/receive apparatus which is set as a transfer route; and confirming the delivery of the data to the data transmit/receive apparatus set as the transfer route, and then deleting the temporarily stored data frame.

Abstract: A method and apparatus for transmitting/receiving data in a Wireless Sensor Network (WSN). The method typically includes the steps of: ascertaining characteristics of data whose transfer is requested; ascertaining a Link Quality Indication Value (LQIV); determining a level of a link state in consideration of the characteristics of the data and the LQIV; and controlling the link transfer of the data in consideration of the level of the link state. The apparatus includes a module for transmitting/receiving data in the network layer thereof having a link level determination unit for predefining a level of a link state, depending on characteristics of data and a Link Quality Indication Value (LQIV) to store a predefined level of the link state, and to determine a level of the link state. A link control unit controls the link transfer of the data in consideration of the determined level of the link state.

Abstract: A method and system to perform a handover using mutual authentication in a Wireless Broadband (WiBro) network includes: generating a temporary number of a mobile station needing handover from a first base station to a second base station and requesting a handover from the first base station; transferring a handover request message, including a field for storing the temporary number of the mobile station, from the first base station to the second base station according to the handover request of the mobile station; transferring a handover response message, including respective fields for storing the mobile station's temporary number and the second base station's certification encoded using an authentication key received from an authentication server, from the second base station to the first base station; verifying the encoded temporary number of the mobile station and the encoded certification of the second base station in the handover response message transferred from the second base station, and transferrin

Abstract: In a method and system for preventing IPv6 packet forgery in an Internet Protocol version 6 (IPv6)-Internet Protocol version 4 (IPv4) network of a dual stack transition mechanism (DSTM) environment, a DSTM server receives a request for assignment of an IPv4 address from a DSTM node. The DSTM server determines whether the request is reasonable using a previously stored dynamic address table, assigns the IPv4 address to the DSTM node when the request is reasonable, and updates the dynamic address table to have mapping information of the IPv4 address assigned to the DSTM node. The DSTM server then transmits the assigned IPv4 address to the DSTM node, and transmits the updated dynamic address table to a DSTM border router so as to synchronize its dynamic address table with a dynamic address table of the DSTM border router.

Abstract: In a system and method for detecting network intrusion, the system comprises: a packet capturer which captures at least one packet on a network; a preprocessor which provides feature values dependent on features of each packet captured by the packet capturer; and a learning engine for classifying patterns dependent on the feature values provided by the preprocessor into two different pattern sets, and for selecting one pattern set having more elements from the pattern sets as a reference set so as to detect network intrusion. The network intrusion detection system and method do not depend on historical data according to known attack patterns, and thus not only detect a changed attack pattern but also efficiently detect network intrusion.