• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.2
• /
• pp.103-111
• /
• 2010

For that reason, more and more growing of the internet speed, many kind of the multimedia as if the voice, a letter, a photograph, a moving picture are appearance and integration of the internet as if the wireless internet, the CATV, a satellite is forming. Today, many changes in the communication environment are occurrence. therefore a demands of the user keep up increase. so, in this paper, we developed the SOHO IP-PBX embedded which can automatically exchange the call. the developed IP-PBX have many functions as if the exchange call function, the gateway function, the PSTN backup function, the FAX function, the VPN function, etc. and verified it by an experiment on the rules in KT.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.04a
• /
• pp.949-952
• /
• 2016

클라우드 기반 IoT 환경에서 광범위하게 설치된 디바이스는 보안성 강화 또는 기능 수정을 위해 소프트웨어를 원격에서 갱신할 필요가 있다. 디바이스는 하드웨어 자원과 네트워크 성능이 한정적이기 때문에 갱신 과정에서 발생하는 네트워크 트래픽을 줄여야하며 서비스가 중지되는 시간을 줄이기 위해 갱신 소요시간을 단축시켜야 한다. 이를 해결하기 위해 본 논문에서는 갱신 과정에서 가상화 기술을 이용하여 이미지를 계층화 하고, 캐싱하는 방식을 이용한 소프트웨어 갱신 프레임워크를 제안한다. 이미지 계층화는 소프트웨어와 종속 파일을 담은 이미지 파일의 수정, 변경, 추가된 부분을 새로운 계층으로 생성하고 관리하는 것을 일컫는다. 캐싱은 갱신 과정에서 서버에서 전송한 이미지를 게이트웨이에 저장하고 다른 디바이스가 갱신을 요청하면 저장된 이미지를 서버를 거치지 않고 전송하는 것을 말한다. 이를 적용하여 새로운 계층만 전송하고, 중복된 데이터의 전송을 줄여 네트워크 트래픽 발생량을 줄이고, 설치 파일의 용량을 줄여 갱신 소요시간을 줄인다. 본 논문에서 제안하는 프레임워크는 트래픽 발생량과 갱신 소요시간이 기존 방식에 비해 감소한다.

• Information and Communications Magazine
• /
• v.32 no.7
• /
• pp.63-71
• /
• 2015

클라우드 컴퓨팅이란 공유된 IT 자원을 네트워크 상에서 가상화를 통하여 독립적으로 사용할 수 있는 개념으로 저탄소 녹색시대를 위한 에너지 절감 솔루션이다. 특히 비용 절감이 필수적인 기업과 공공기관 등에서 IT 자원의 개별적 소유에 시간과 비용을 투입하지 않고 사용한만큼의 비용을 지불할 수 있다. 이에 정부에서는 2015년 9월부터 시행되는 클라우드법 제정을 통하여 클라우드 컴퓨팅의 활성화를 적극 장려하고 있다. 그러나 신뢰성있는 서비스 제공을 위해서는 보안성, 성능, 안정성 제공을 위한 네트워크 기능의 한계 극복이 필수적이다. 이에 본 논문에서는 언제 어디서나 다양한 기기로 업무를 수행할 수 있는 모바일 스마트워크가 가능하도록 하는 단말과 기업망, 클라우드를 안전하게 연결하는 가상 사설 클라우드(Virtual Private Cloud) 네트워킹 구조를 제안한다. 본 구조에서는 클라우드 내에서 사설 주소의 중복 문제 해결을 위하여 위치 주소와 아이디 분리 프로토콜 기반 위에 기업망 등의 엔터프라이즈 ID 개념을 적용하여 주소 확장성을 제공하였다. 또한 이러한 기술을 적용한 VPC 매니저, 서비스 게이트웨이 및 에이전트로 구성된 VPC 네트워킹 솔루션으로 테스트베드를 구축하고 그 운용 경험을 통해서 실 사업자망에 적용 가능한 비즈니스 모델 도출이 가능할 것으로 기대한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.2
• /
• pp.15-26
• /
• 2021

Recently, as the introduction of cloud, mobile, and IoT has become active, there is a growing need for technology development that can supplement the limitations of traditional security solutions based on fixed perimeters such as firewalls and Network Access Control (NAC). In response to this, SDP (Software Defined Perimeter) has recently emerged as a new base technology. Unlike existing security technologies, SDP can sets security boundaries (install Gateway S/W) regardless of the location of the protected resources (servers, IoT gateways, etc.) and neutralize most of the network-based hacking attacks that are becoming increasingly sofiscated. In particular, SDP is regarded as a security technology suitable for the cloud and IoT fields. In this study, a new access control system was proposed by combining SDP and hash tree-based large-scale data high-speed signature technology. Through the process authentication function using large-scale data high-speed signature technology, it prevents the threat of unknown malware intruding into the endpoint in advance, and implements a kernel-level security technology that makes it impossible for user-level attacks during the backup and recovery of major data. As a result, endpoint security, which is a weak part of SDP, has been strengthened. The proposed system was developed as a prototype, and the performance test was completed through a test of an authorized testing agency (TTA V&V Test). The SDP-based access control solution is a technology with high potential that can be used in smart car security.

• Journal of KIISE:Computer Systems and Theory
• /
• v.31 no.1_2
• /
• pp.27-40
• /
• 2004

The OSGi service platform has several characteristics as in the followings. First, the service is deployed in the form of self-installable component called service bundle. Second, the service is dynamic according to its life-cycle and has interactions with other services. Third, the system resources of a home gateway are restricted. Due to these characteristics of a home gateway, there are a lot of rooms for malicious services can be Installed, and further, the nature of service can be changed. It is possible for those service bundles to influence badly on service gateways and users. However, there is no service bundle authentication mechanism considering those characteristics for the home gateway In this paper, we propose a service bundle authentication mechanism considering those characteristics for the home gateway environment. We design the mechanism for sharing a key which transports a service bundle safely in bootstrapping step that recognize and initialize equipments. And we propose the service bundle authentication mechanism based on MAC that use a shared secret created in bootstrapping step. Also we verify the safety of key sharing mechanism and service bundle authentication mechanism using a BAN Logic. This service bundle authentication mechanism Is more efficient than PKI-based service bundle authentication mechanism or RSH protocol in the service platform which has restricted resources such as storage spaces and operations.

• The KIPS Transactions:PartD
• /
• v.10D no.3
• /
• pp.559-566
• /
• 2003

As cell phone and PDA have been in common use recently, there is a growing tendency to utilize the mobile terminals for M-Commerce. The information security and the receipt of e-trade are very important to support reliable digital transactions in wireless environment as in wired environment. Even though some work such as WML digital signature and WPKI has been studied for M-Commerce, there are several problems on the aspects of the functional limitation of the mobile terminals and the unsecure data transformation of WAP gateway. In this study we have designed and implemented a prototype system of issuing and verifying the electronic receipt that guarantees authentication, data integrity and non-repudiation for secure mobile e-commerce. Moreover, we have enhanced the system performance by letting the trusted independent server verify and manage the electronic receipt.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.5
• /
• pp.9-17
• /
• 2015

The development of wireless communication technology and change in the ICT market has led to the development of the M2M service and technology. Under these circumstances, the M2M environment has been the focus of communication environment construction between machines without control or direct intervention of human being. With characteristics of wireless communication environment, the possibility of being exposed to numerous security threats and safe communication security technology have becoming an issue an important requirements for problems such as data exposure, forgery, modulation, deletion, and privacy. This research analyzes requirements of trapdoor collision hash, generates keys between groups under the M2M environment by using the specificity of trapdoor, and suggests technology to exchange keys with session keys. Further, it also suggests techniques to confirm authentication of device and gateway in accordance with group key generation. The techniques herein suggested are confirmed as safe methods in that they have attack resistance such as Masquerade Attack, Man-in-the-Middle Attack, and Replay Attack in the group communication block by using the speciality of collision message and collision hash.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.3
• /
• pp.605-614
• /
• 2012

Nowadays u-healthcare which is very sensitive to the character of user's information among other ubiquitous computing field is popular in medical field. u-healthcare deals extremely personal information including personal health/medical information so it is exposed to various weaknees and threats in the part of security and privacy. In this paper, RFID based patient's information protecting protocol that prevents to damage the information using his or her mobile unit illegally by others is proposed. The protocol separates the authority of hospital(doctor, nurse, pharmacy) to access to patient's information by level of access authority of hospital which is registered to management server and makes the hospital do the minimum task. Specially, the management server which plays the role of gateway makes access permission key periodically not to be accessed by others about unauthorized information except authorized information and improves patient's certification and management.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.7
• /
• pp.1471-1477
• /
• 2003

In order to realize the Gbps VPN system, however, newer and more advanced technologies are required to enable wire-rate processing across a wide range of functions and layers. While it is generally accepted that a software soluTion on general-purpose processors cannot scale to process these functionsa wire rate, the KEY POINT is that a software solution on general-purpose processors is the most practical way by which these security allocationscan be developed. Many of these security functions require application layer processing on the content of the packets, and the very nature of application layer software development is characterized by relatively large code size with a high need for portability an flexibility. We have analysed the consideration and specification for realizing Gbps VPN system. from this work. we can obtain a technology of originality.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.9-17
• /
• 2019

As the IoT environment becomes more popular, the safety of the M2M environment, which establishes the communication environment between objects and objects without human intervention, becomes important. Due to the nature of the wireless communication environment, there is a possibility of exposure to security threats in various aspects such as data exposure, falsification, tampering, deletion and privacy, and secure communication security technology is considered as an important requirement. In this paper, we propose a new method for group key generation and exchange using trap hash collision hash in existing 'M2M communication environment' using hash collision, And a mechanism for confirming the authentication of the device and the gateway after the group key is generated. The proposed method has attack resistance such as spoofing attack, meson attack, and retransmission attack in the group communication section by using the specificity of the collision message and collision hash, and is a technique for proving safety against vulnerability of hash collision.