• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1998.12a
• /
• pp.183-190
• /
• 1998

네트워크의 보안문제는 트래픽의 증가요인의 하나로 작용한다. 본 논문에서 키 분배와 인증 문제를 해결하면서 트래픽을 증가를 억제할 수 있는 키 관리 시스템을 제안하였다. 인터넷의 도메인 방식을 이용한 제안된 키 관리 시스템은, 기존의 키 관리 시스템인 중앙 집중형 키 관리 및 분산형 키 관리 시스템의 문제점을 개선할 수 있을 뿐 아니라 이들 시스템과 혼용하여 사용할 수 있을 것으로 판단된다. 키의 인증기관은 각각의 도메인에 존재하는 키 분배 센터 내에 분산시켜 상위 도메인으로부터 인증을 받게 되므로 인증 수준을 다중으로 할 수 있으며 단일화 된 인증기관의 위험을 해결할 수 있다.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.612-614
• /
• 1998

DNS는 인터넷상에서 도메인 네임과 IP 주소간의 상호 전환의 동작을 수행하는 시스템이다. DNS상에서 도메인 네임이나 IP 주소를 요청하는 질의나 이에 대한 응답은 네트워크상에서 UDP를 사용한 메시지 형식으로 전송한다. 이때 제 3자의 개입에 의한 조작의 가능성이 있다. 이러한 질의와 응답 메시지의 조작을 방지하고자 RFS2065에서는 RSA 공개키 방식을 사용하였다. RSA 공개키 방식은 현제 국내에서 직접사용하기에는 많은 애로 사항이 있으며 속도 측면에서 좋지 않은 면을 보여준다. 본 논문에서는 Pseudonoise Sequence와 MD5를 사용하여 DNS 상에서의 안전한 질의 응답을 가능하게 하고자 한다. Pseudonoise Sequence와 MD5를 사용함으로써 메시지를 암오화하지않아도 되며 또한 많은 계산을 요구하지 않는다. 메시지에 Pseudonoise Sequence를 기입하고, 그 메시지의 MD5를 송수신 측에서 검사함으로써 제 3자 개입에 의한 조작 방지와 메시지 데이터의 무결성을 보할 수 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.04b
• /
• pp.959-962
• /
• 2002

DNSSEC은 IETF에서 논의중인 DNS 보안 표준으로서, DNS에 있어 가장 큰 잠재적 위협인 '도메인 네임에 대응되는 IP주소의 위변조 위협에 대응하기 위해 논의되고 있는 표준이다. 최근 네트워크 환경에서의 최상의 암호화 기법으로 자리잡은 공개키 암호화 기법을 이용하여, 도메인 Zone에 서명을 하여, 이러한 Zone 메시지를 받아보았을 때, 서명을 검증함으로서, DNS메시지가 중간에 위 변조없이 적정한 소스로부터 왔다는 것을 확인하는 것이다. 본 논문에서는 DNSSEC에서 가능한, 계층적 인증방식을 .KR 하위 도메인네임에서 활용할 수 있는 방안으로서, secure resolver를 이용한 도메인네임의 인증을 제시하였다.

• The Journal of the Korea Contents Association
• /
• v.7 no.4
• /
• pp.20-29
• /
• 2007

Although E-mail system is considered as a most important communication media, 'Spam' is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Therefore advanced anti-spam techniques are required to basically reduce its transmission volume on sender mail server or MTA, etc. In this study, we propose a new sender authentication model with encryption function based on modified DomainKey with SMS for Spam mail protection. From the SMS message, we can get secret information used for verification of its real sender on e-mail message. And by distributing this secret information with SMS like out-of-band channel, we can also combine proposed modules with existing PGP scheme for secure e-mail generation and authentication steps. Proposed scheme provide enhanced authentication function and security on Spam mail protection function because it is a 'dual mode' authentication mechanism.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.119-128
• /
• 2002

In case certification between user and service provider is achieved, problem that user's identity is revealed is occurring by social issue, so it was presented identity escrow scheme to solve these problem. In identity escrow scheme, the issuer who have correct user's identity transmits securely anonymity authentication information to user, and user achieves authentication phase with service provider keeping oneself anonymity using this. In this paper, we present requirement for security and trusty of identity escrow scheme and propose new mechanism that can security this. Also, propose method that service provider can deliver securely contents to user and propose mechanism that improve that support ky recovery at encryption communication that using secret key that it was generated by key agreement between users.

• Journal of KIISE:Information Networking
• /
• v.29 no.2
• /
• pp.109-116
• /
• 2002

Through the increment of requirement for group oriented communication services, on the open network, the multicast infrastructure has become a widely discussed researching topic. However the research of the security properties that safety, efficiency and scaleability in a multicast structure, has not been enough. In this study, we discuss conventional multicast key management structures and propose a scalable secure multicast key management structure based on PKI(Public Key Infrastructure), IPSec, domain subgroup and structural two mode scheme. Also we certify to the usability of new proposed scheme from comparing it with conventional schemes in the part of safety, efficiency and scaleability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.89-103
• /
• 2001

Through the increment of requirement for group oriented communication services, the multicast infrastructure based on a wire and wireless network has become a widely discussed researching topic. However the research of the security properties safety, efficiency and scaleability in a multicast structure, has not been enough. In this study, we propose a scalable secure multicast key management structure based on PKI(Public Key Infrastructure), IPSec, domain subgroup and structural two mode scheme to provide a integrated multicast service. Also we discuss and propose the digital nominative group signature a refreshing method for satisfying the security and trusty on the network. At the base of this work we certify to the usability of new proposed scheme from comparing it with conventional schemes in the part of safety, efficiency and scaleability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.43-52
• /
• 2005

MIPv4 supports node mobility, manages MN's binding list and provides seamless communication through registration protocol. Since the registration protocol usually operating in the wireless environment involves authenticating MNs, it is a general approach to introduce the AAA infrastructure as key distribution center for the purpose of authentication. In this paper, we propose an efficient registration protocol with lightweight AAA based on domain key. Proposed protocol also withstands various replay attacks, and provides non-repudiation service for the accounts of the usage of the network service.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.3
• /
• pp.99-114
• /
• 2012

Proxy Mobile IPv6 (PMIPv6) has received considerable attention between telecommunications and the Internet communities and does not require active participation of the Mobile Node (MN) by way of network-based mobility management. The PMIPv6 domain is studying establishment in progress to support extensively a number of MN by using a low handover latency. In this research, we are propose a novel 3S scheme for building Scalable and Secure and Seamless PMIPv6 domains. In the proposed scheme, all of Mobility Access Gateway (MAG) are acting as the Local Mobility Anchor (LMA) and composing a virtual ring with another MAG. General hashing is used in the efficient distribution-mapping between each MN and the MN's LMA of all MAGs. And, MAG and MN are authenticated using the symmetric key. Through mathematical analysis, we verifies the safety, scalability, and seamless service for 3S. Also, we're propose a handover procedure of 3S and show better than the existing schemes in terms of handover latency.

• KIISE Transactions on Computing Practices
• /
• v.23 no.4
• /
• pp.232-237
• /
• 2017

The Maritime Cloud is a technology that enables the seamless exchange of information between several communication links in the maritime domain. Although research on The Maritime Cloud security is still at an early stage, furthering this knowledge is vital to securing the marine environment. In this paper, we propose a method for secure data transmission through The Maritime Cloud domain. The proposed technique, based on the "secret sharing" scheme, is delivered through specifically-dedicated geocasting software. Thus, only authorized vessels can restore the original information. The proposed method is safe from so-called "sniffing" and "man-in-the-middle" attacks.