• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.951-958
• /
• 2004

Nowadays NGN is developed for supporting the e-Commerce, Internet trading, e-Government, e-mail, virtual-life and multimedia. Internet gives us the benefit of remote access to the information but causes the attacks that can break server and modify information. Since 2000 Nimda, Code Red Virus and DSoS attacks are spreaded in Internet. This attack programs make tremendous traffic packets on the Internet. In this paper, we designed and developed the Bandwidth Controller in the gateway systems against the bandwidth saturation attacks. This Bandwidth con-troller is implemented in hardware chipset(FPGA) Virtex II Pro which is produced by Xilinx and acts as a policing function. We reference the TBF(Token Bucket Filter) in Linux Kernel 2.4 and implemented this function in HDL(Hardware Description Language) Verilog. This HDL code is synthesized in hardware chipset and performs the gigabit traffic in real time. This policing function can throttle the traffic at the rate of band width controlling policy in bps speed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.8
• /
• pp.1500-1510
• /
• 2007

In recent, rapid and accurate processing for logistics have been required, according as logistics has grown dramatically. Especially, identifying, locating, or tracking objects in ports are important, because ports are gateways to extended markets. In this paper, we describe the design and implementation of a smart tag system for ubiquitous port logistics. Our solution consists of three parts: an active RFID to identify objects, an electronic container seal to charge with security of containers, and a RTLS system to locate objects. Because identification technology for logistics can be read by heterogenous systems, compliance with the international standard is one of the most critical issues. This paper introduces the method to maintain compliance with ISO, and conducts some verifications. In addition, we analyze the system performance such as lifetime, identification rate, and time for multiple tag identification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.79-89
• /
• 2004

Mobile IP Low Latency Handoffs allow greater support for real-time services on a Mobile W network by minimizing the period of time when a mobile node is unable to send or receive IP packets due to the delay in the Mobile IP Registration process. However, on Mobile IP network with AAA servers that are capable of performing Authentication, Authorization, and Accounting(AAA) services, every Registration has to be traversed to the home network to achieve new session keys, that are distributed by home AAA server, for a new Mobile IP session. This communication delay is the time taken to re-authenticate the mobile node and to traverse between foreign and home network even if the mobile node has been previously authorized to old foreign agent. In order to reduce these extra time overheads, we present a method that performs Low Latency Handoffs without requiring funker involvement by home AAA server. The method re-uses the previously assigned session keys. To provide confidentiality and integrity of session keys in the phase of key exchange between agents, it uses a key sharing method by gateway foreign agent that Performs a ousted thirty party. The Proposed method allows the mobile node to perform Low Latency Handoffs with fast as well as secure operation

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.11-21
• /
• 2004

To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.81-91
• /
• 2012

Presently in 2011, there are countless attacking tools oriented to invading security on the internet. And most of the tools are possible to conduct the actual invasion. Also, as the program sources attacking the weaknesses of PS3 were released in 2010 and also various sources for attacking agents and attacking tools such as Stuxnet Source Code were released in 2011, the part for defense has the greatest burden; however, it can be also a chance for the defensive part to suggest and develop methods to defense identical or similar patterned attacking by analyzing attacking sources. As a way to cope with such attacking, this study divides the network areas targeted for attack based on load balancing by the approach gateways and communication lines according to the defensive policies by attacking types and also suggests methods to multiply communication lines. The result of this paper will be provided as practical data to realize defensive policies based on high hardware performances through enhancing the price competitiveness of hardware infrastructure with 2010 as a start.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.3
• /
• pp.440-448
• /
• 2021

This paper presents problems of network technology in smart grid and implements a blockchain-based LoRa multi-hop network to solve them. Since some smart grid applications are operated in harsh environments, it is difficult to establish communication infrastructure. We propose a LoRa network with multi-hop using the Flooding routing protocol. Smart grid environment composes an independent network using various power grid protocols depending on the application. Since this has a problem that an independent infrastructure must be established for each network, a single gateway device supports multiple power grid protocols to implement a method for network integration. Lastly, the author applied Hyperledger-based blockchain to the LoRa network to ensure the integrity of data in a smart grid environment, and strengthened security by physically distributing it. After constructing the three suggestions on the actual test bed, we confirmed that the network operates normally through experiments.

• Journal of KIISE:Information Networking
• /
• v.34 no.5
• /
• pp.405-422
• /
• 2007

Recently, according to the network environment, there are many researches for home network. Nowadays, in home network, the method that access control policy is managed for each home device by using ACL is popular, and EAM (Extranet access management) is applied as a solution. In addition, the research about secure OS is ongoing based on open operating system and the research of user authentication mechanisms for home network using home server is also in progress. However, these researches have some problems as follows; First, the transmission scope of expected access technology in home network is wide, so unauthenticated outside terminal can access the home network. Second, user is inconvenient because user need to set the necessary information for each device. Third, user privacy and convenience are not considered. OSGi provides a service platform for heterogeneous technologies in home network environment. Here, user access control is one of the core parts which should have no problems such as above items, but there are no concrete researches yet. Thus in this paper, we propose an access control policy management framework and access control operation based on RBAC for user access control in home network environment in which OSGi service platform is operated. First, we list the consideration which is not clearly mentioned in OSGi standard, and then we solve these above problems through new framework. In addition, we propose the effective and economical operation method which reduces the policy change frequency for user access control by using RBAC concept though limited resource of home gateway. Besides, in this paper, these proposed policies are defined separately as user-role assignment policy and permission-role assignment policy, and user decide their own policies. In conclusion, we provide the scheme to enhance the user convenience and to solve the privacy problem.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.12C
• /
• pp.1193-1200
• /
• 2005

In this paper, we proposed an image hiding method which decreases the amount of calculation encrypting partial data rather than the whole image data using a discrete wavelet transform and a linear scalar quantization which have been adopted as the main technique in JPEG2000 standard and then implemented the proposed algorithm to hardware. A chaotic system was used instead of encryption algorithms to reduce further amount of calculation. It uses a method of random changing method using the chaotic system of the data in a selected subband. For ciphering the quantization index it uses a novel image encryption algorithm of cyclical shifting to the right or left direction and encrypts two quantization assignment method (Top-down coding and Reflection coding), made change of data less. The experiments have been performed with the proposed methods implemented in software for about 500 images. The hardware encryption system was synthesized to find the gate-level circuit with the Samsung $0.35{\mu}m$ Phantom-cell library and timing simulation was performed, which resulted in the stable operation in the frequency above 100MHz.

• Proceedings of the Korea Technology Innovation Society Conference
• /
• 2003.11a
• /
• pp.23-40
• /
• 2003

초고속인터넷 접속서비스 시장이 성숙 단계에 접어듬으로써 성장세는 급격히 둔화되고 경쟁환경은 심화되는 과정에서 통신사업자들이 기존의 신규가입자 유치 위주의 정책에서 벗어나 초고속인터넷 가입자 인프라를 기반으로 새로운 부가 서비스 및 차별화 된 서비스의 개발을 통해 가입자 확대 및 ARPU(Average Revenue Per Unit)를 중대 시킬 수 있는 수익원 개발이 절실하다. 이러한 상황하에서 통신방송 융합 서비스는 통신사업자에게 기회와 위협이라는 상반된 현상으로 다가오고 있다. TV-based VOD 서비스는 보다 양질의 멀티미디어 서비스를 원하는 고객의 수요와 신규 고객을 유치하고 가입자를 Lock-in 시키며, 타 통신 사업자의 고객을 자사 고객으로 전환시키고자 하는 차별화 전략의 일환으로 도입되기 시작하였고, 또한 ARPU를 증대 시키고 다양한 수익원 개발의 일환으로 인터넷 접속서비스 외에 부가가치를 창출 할 수 있는 Killer Service로서 주목을 받고 있다. TV VOD 사업이 성공적으로 국내 시장에 정착될 경우, 통신사업자에게는 여러 형태의 수익원 발굴이 가능할 것으로 예상된다. 즉 가입비, 월 이용료, 부가 사용료 등과 같은 포괄적인 형태의 가입비가 주된 수익원이 될 것이이며, pay-per-view(PPV) 형태의 이용료 역시 주된 수익원이 될 것이다. 이 외에도 셋톱박스, 홈게이트웨이/서버 등과 같은 단말기의 임대와 판매를 통한 수익 창출방안과 다른 서비스들과 마찬가지로 광고도 중요한 수익원천으로 활용 할 수 있을 것이며 또한 미디어업체 또는 CP(contents provider)를 대상으로, 보안, 인증, 과금, 결제, 회원 관리, 이용정보 제공 서비스 등도 사업자의 수익원으로 활용할 이 있을 것이다. TV-based VOD 서비스는 망 진화에 따른 차세대 초고속인터넷 서비스 기술인 VDSL이나 Advanced 케이블모뎀을 이용 DVD 급 고화질의 TV-based VOD 서비스가 시작되면서 ARPU를 증대 시키고 다양한 수익원 개발의 일환으로 인터넷 접속서비스 외에 부가가치를 창출 할 수 있는 Killer Service로서 VOD서비스가 주목을 받고 있다. TV-based VOD 서비스는 가입자망의 진화 와 밀접하게 연관되어 전개되는 서비스로 Post-ADSL에 대한 예측과 VOD에 서비스에 대한 설문조사 결과를 토대로 하여 예측 한 바에 의하면 Post-ADSL 가입자는 2003년 153만명에서 2004년 444만으로 증가하고 2006년 987만 명에 이를 것으로 전망되고, VOD서비스 가입의향도 16%에서 2006년 34% 까지 증가하는 것으로 나타났다. 따라서 VOD서비스 가입자는 2003년 24만 명에서 2004년 98만으로 증가하고 2006년 335만 명으로 증가하는 것으로 예측되었다.