• Information and Communications Magazine
• /
• v.34 no.3
• /
• pp.80-89
• /
• 2017

오늘날 사물 인터넷(Internet of Things)은 급속도로 발전하며 인간 생활 곳곳에 다양한 형태로 존재하고 있다. 이들은 대부분 개인 정보 등의 민감한 데이터들을 다루기 때문에 사물 인터넷 환경에 대한 강력한 보안을 필요로 하지만, 현재 사물 인터넷 환경은 비정상적 접근을 허용하거나 업데이트를 통한 펌웨어 변조 등의 많은 보안 취약점들을 가지고 있다. 본 논문에서는 현재 사물 인터넷 환경이 가지는 보안 문제점들을 살펴보고, 이들을 해결하기 위해 딥 러닝 기반의 이상 탐지, 로그 위/변조 탐지, 기기 무결성 검증 등의 다양한 보안 기법들이 집약된 보안 게이트웨이인 SIOT를 제안한다. SIOT는 저성능의 사물 인터넷 기기들이 충분한 보안 기능들을 탑재할 수 없음에 주목하여 다수의 보안 기능들을 효율적으로 통합하여 제공하는 새로운 사물 인터넷 보안 프레임워크로써, 지속되는 사물 인터넷 보안 연구에 큰 기여를 할 것으로 기대한다.

• Convergence Security Journal
• /
• v.5 no.2
• /
• pp.19-27
• /
• 2005

As home network is increasing to use, home network industry is developing too. Also, it is to be a popular subject in the network's topics. In this reasons, home network become a important thing because home gateway function is working between access network and home network. In the home network, it relates on the personal computer, home pad, and digital television. But, home gateway is not prepared standard point about techniques. Therefore, many kind of technique want to try for developing of home gateway's functions. Usually, we use ID/PASSWORD method in network control system. But, we found a lot of problems about classical network system while we experienced Jan/25 big trouble. We are considering about that home network system are using same network net. Therefore, seriously we have to check about security and safety at the home network's environment. This report focus on the home network's environment to control for using and efficiency and then it wants to find ways to protect from the internal and external attacks. Existing ID/PASSWORD method it used a electronic signature and the security against the approach from of external watch, the MIB structure of role base and the security of the Home network which leads the authority control which is safe even from the Home network inside it strengthened it used compared to it proposed.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.2
• /
• pp.240-249
• /
• 2002

In the course of Internet proliferation, many network-related technologies are examined for possible growth and evolution. The use of Internet-based technologies in private networks has further fuelled the demand for network-based applications. The most promising among the new paradigms is use of mobile agents. The mobile agent is capable of migrating autonomously from node to node in the network, to perform some computation on behalf of the user. The mobile agent paradigm is attractive alternative to traditional client-server programming for a significant class of network-centric applications. It also however, suffers from a major drawback, namely, the potential for malicious attacks, abuse of resources pilfering of information, and other security issues. These issues are significantly hampering the acceptance of the mobile-agent paradigm. This paper describe the design & implementation of secure mobile agent gateway that split and merge the agent cede with security policy database. This mechanism will promote the security in mobile agent systems and mobile agent itself.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.2
• /
• pp.67-72
• /
• 2001

An efficient encryption mechanism for transmitting voice packets on the Internet was proposed in this study. The VPN approach of encrypting all the packets through a gateway increases delay and delay jitter that may degrade the quality of service (QoS) in real-time communications. A user-controlled secure Internet phone, therefore. was designed and implemented. The secure phone enables the user to apply encryption to his own call when necessary, and reduces security overheads on the gateway.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.53 no.3
• /
• pp.76-88
• /
• 2016

Machine to Machine (M2M) is a technology that presents communication between two or more devices with or without human intervention. M2M communications can be applied for various use cases such as environmental monitoring, health care, smart metering and etc. In most use cases, M2M utilizes sensor nodes to collect data from the intended environment and the data is transmitted back to M2M application through other devices (gateways, sink nodes). In some use cases, M2M devices are being designed to store and process sensor data for improving the reliability of the service; Gateways and sink nodes are also intended to store and process the gathered data from sensor nodes. This kind of approach is very challenging for both academy and industry. In order to enhance the performance of this approach, in this paper, we propose our Common Service Security Platform (CSSP) for M2M devices and gateways. CSSP platform presents solutions for the devices and gateways by making them operate more accurately and efficiently. Besides, we present a comparative analysis of communication protocols and present their performance in accordance with selected metrics.

• Journal of Korea Society of Industrial Information Systems
• /
• v.7 no.4
• /
• pp.59-65
• /
• 2002

Payment systems in EC need confidentiality, integrity, non-repudiation. All transactions between cardholders and merchants must be authorized by a payment gateway in SET protocol. RSA secret key operation which requires heavy computation takes the most part of the time for payment authorization. For the reason, a heavy traffic of payment authorization requests from merchants causes the payment gateway to execute excessive RSA secret key operations, which may cause the bottleneck of the whole system. To resolve this problem, One-Time Password technique is applied to payment authorization step of the SET protocol.

• Journal of Korea Game Society
• /
• v.2 no.1
• /
• pp.55-61
• /
• 2002

유 무선환경에서 침입 패턴이 다양화되고, 모바일의 편리성이 강조되면서 네트워크 대역폭이 다양한 전송 기반을 요구하고 있다. 그리고 무선기반의 자료가 급증하고 있어, 무선환경에서의 침입탐지시스템 성능에 문제가 될 수 있다. 그러므로 게이트웨이를 근간으로 한 무선전송 기반을 보호하고, 컴퓨터 운영체제 상에 내재된 보안상의 결함을 보호하기 위하여 기존의 운영체제 내에 보안 기능을 추가한 운영체제이며, 커널의 핵심 부분을 인지하여 무선기반의 시스템 사용자에 대한 식별 및 인증, 강제적 접근 통제, 임의적 접근 통제, 해킹 대응 등의 보안 기능 요소들을 갖추게 하여 보안성에 강한 시스템 유지를 요구한다. 그러므로 감시대상의 정보를 미리 알고, WAP환경하에서 감시대상에 유효한 침입패턴만을 검사하도록 침입패턴 데이터베이스를 분리하는 모델을 제시하여, 이러한 문제점에 대한 해결책을 제시하고자 하였다. 따라서 기존 침입탐지시스템의 패턴 데이터베이스를 분석하였고, 이를 적절히 분리하여 이를 다시 운영체제에 반영하는 기법이다. 그리고 이를 제시한 모델을 검증하고자 실제 구현과 실험을 통해 이를 검증하였다.

• Journal of Korea Spatial Information System Society
• /
• v.3 no.2 s.6
• /
• pp.53-61
• /
• 2001

The GIS Network consists of the Clearinghouse Network Gateway and Clearinghouse Node and Geo-spatial Data Server. Recently with the development of Information and Network technologies, GIS Network should be needed to be more secure than ever. In this paper, we proposed the effective access control method for the distributed GIS network. PKI (Public Key Infrastructure) Technologies are used for access control and security for transmission on Geo-spatial data

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.845-848
• /
• 2002

IPsec 기술은 양단간 보안은 물론, 모드, 암호 프로토콜, 다양한 암호화 알고리즘들의 조합을 통해서 다양하고 계층적인 보안 서비스를 제공한다. VPN 서비스가 제공되는 가장 일반적인 유형은 원격 접속자의 공동 인트라넷에 대한 접근을 허용하는 것이다. 하지만 NAT(Network Address Translation) 기술이 호텔과 같이 원격 접속자가 주로 사용하는 곳은 물론 홈 게이트웨이와 같은 네트워크 장치에 널리 사용되고 있어 IPsec 을 통한 양단간 통합 보안 서비스를 제공하는데 치명적인 장애가 발생한다. 따라서 본 논문에서는 IPsec 기술을 NAT 상의 네트워크에 적용할 때 발생하는 문제점과 기존의 해결 방안에 대해서 언급하고 이들의 장 단점을 분석한다. 또한 효율적으로 IPsec 기술을 NAT 네트워크 상에 적용할 수 있는 새로운 연동 방안을 제시함으로써 네트워크 구조에 독립적인 보안 서비스를 제공하고자 한다.

• The KIPS Transactions:PartC
• /
• v.14C no.5
• /
• pp.403-410
• /
• 2007

For reliable sensor network communication, secure data transmission mechanisms are necessary. In our work, for secure communication, we cluster the network field in hexagonal shape and deploy nodes according to Gaussian distribution. After node deployment, clusterheads and gateway nodes in each cluster play the role of aggregating and delivering the sensed data with suity information all the way to the base station. Our mechanism decreases the overhead and provides food performance. It also has resilience against various routing attacks.