• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.2
• /
• pp.15-26
• /
• 2021

Recently, as the introduction of cloud, mobile, and IoT has become active, there is a growing need for technology development that can supplement the limitations of traditional security solutions based on fixed perimeters such as firewalls and Network Access Control (NAC). In response to this, SDP (Software Defined Perimeter) has recently emerged as a new base technology. Unlike existing security technologies, SDP can sets security boundaries (install Gateway S/W) regardless of the location of the protected resources (servers, IoT gateways, etc.) and neutralize most of the network-based hacking attacks that are becoming increasingly sofiscated. In particular, SDP is regarded as a security technology suitable for the cloud and IoT fields. In this study, a new access control system was proposed by combining SDP and hash tree-based large-scale data high-speed signature technology. Through the process authentication function using large-scale data high-speed signature technology, it prevents the threat of unknown malware intruding into the endpoint in advance, and implements a kernel-level security technology that makes it impossible for user-level attacks during the backup and recovery of major data. As a result, endpoint security, which is a weak part of SDP, has been strengthened. The proposed system was developed as a prototype, and the performance test was completed through a test of an authorized testing agency (TTA V&V Test). The SDP-based access control solution is a technology with high potential that can be used in smart car security.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.7
• /
• pp.1613-1620
• /
• 2011

CSD is IEEE Stan없rd 802.15.4b based Container Security Device which is proposed by the U.S Department of Home Security. It is mounted inside the container to sense opening of the container door. ConTracer is the CSD which is developed in this research whose major features are sensing door opening status as well as history inquiring on internal environment and shock to the container by mounting the temperature/humidity/shock sensors. Moreover, its RFID frequency bandwidth uses 2.4GHz 10 correspond actively to the radio regulations used by different countries. This. paper introduces the development trend of CSD, compares the ConTracer which is developed thru this research and other company's CSD, and introduces CSD System which is designed and established using ConTracer. Finally, the implemented CSD System is verified by applying the demonstration service to container distribution between Korea and Japan.

• Journal of the Korea Computer Industry Society
• /
• v.9 no.1
• /
• pp.11-20
• /
• 2008

Home network service, which is a part of Ubiquitous application service provides remote control and monitoring service, other appliance and peristaltic service, security service of appliance is connected to network in the home. <중략> By using gateway which is implemented undertook control of each function and using main server for controlling and monitoring of appliance, implemented system which is able to control the appliance in home from inter/outside is implemented.

• Electronics and Telecommunications Trends
• /
• v.16 no.2 s.68
• /
• pp.40-52
• /
• 2001

본 논문은 반도체 공정이나 설계환경에 무관하게 재사용이 가능하면서 라이센스에 의해 보호되는 전자회로 설계 모듈 IP에 관한 세계적인 표준안들에 대하여 살펴본다. 현재 선진 외국의 반도체, 통신 관련 기업들은 자신들의 기능 모듈을 IP화 하는 데 있어서 1996년에 설립된 IP의 국제 표준화 단체인 VSIA의 표준안에 부합하도록 노력하고 있다. 현재까지 VSIA는 약 1,000페이지에 달하는 13종의 사양서와 표준안 및 기술문서를 개발하였으며, 전세계 200여 개의 회원기관에 공개하고 있다. 이와 같은 표준안들은 모든 회원사들이 제안하는 시스템 통합, 테스트, 혼성신호, 온칩버스, 검증, 보안 등의 표준관련 제안들을 8개의 VSIA DWG에서 심의하여 확정하며 계속적인 보완과 수정 및 추가가 진행되고 있다. 본 고는 가장 최신 버전들을 중심으로 IP의 표준화 동향을 파악 분석하고, 표준안들의 본질을 정의하였으며, VSIA 표준안에 부합 시킬 수 있는 절차를 체계화 함으로 국내의 IP 개발에 일조를 하고자 하였다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.3
• /
• pp.47-59
• /
• 2007

IPv4 NAT, which often used in households or under SOHO environments, is one of the factors that delays IPv6 propagation. As IPv4 NAT does not operate properly under the transition mechanism like ISATAP or 6to4 that acts as IPv6-in-IPv4 tunneling type, Microsoft proposed Teredo in order to resolve this issue. However, tunneling transition mechanism like Teredo has a security problem. That is, being tunneled packets have dual IP headers; general firewall systems apply the filtering rules only to the outer header but not inner header when these packets pass the firewall. Furthermore, attacks using unregistered server and relay can take place in Teredo. To resolve these problems, we propose a new packet filtering mechanism exclusively for Teredo. The proposed packet filtering mechanism was designed and implemented by using Linux Netfilter and ip6tables. Through functional and experimental performance tests, this packet filtering system was found operating properly and solving the Teredo packet filtering problems without serious performance degradation.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.4
• /
• pp.42-50
• /
• 2009

Ubiquitous computing technology is widely used in not only our everyday lives but also in education, medical care, military, environment and administration. RFID system, the basis of ubiquitous, is in the spotlight which can be an alternative solution of a bar code recognition system and magnetic system as they basically have practicality and security issues. An electronic authentication named smart-key system is recently concerned by an alternative solution of the security unit for an automobile. RFID system which has a general purpose is also in the limelight by an application technology. In this paper we designed vehicle smart key system with general-propose RFID system that is already in use. First, we designed control unit and RFID card reader for vehicle smart key system. Then we propose an algorithm and prove that the vehicle key system is controllable by showing the result of implementing and testing, after installing. Also security level is enlarged by proposing a authentication protocol between RFID reader and control unit.

• Journal of KIISE:Information Networking
• /
• v.33 no.6
• /
• pp.407-419
• /
• 2006

As substituting IPv6 network for all IPv4 network in a short time seems unattainable due to high cost and technical limitation, IPv4 and IPv6 are expected to coexist for a certain period of time. Under the co]existing environment of IPv4 and IPv6, interworking brings a number of extra security considerations even if it may have no security problem for each protocol respectively. Thus, the analysis and solutions for those various attacks toward IPv4/IPv6 interworking-related security are inevitably required for the sake of effective transition and settlement to IPv6. In this paper we carried out a proper rule of packet filtering for IPv6-in-IPv4 tunneling interworking environment to protect the IPv4/IPv6 interworking-related security attacks. Design and implementation of the packet filtering system suitable for IPv4/IPv6 tunneling environment in the form of Linux netfilter and ip6tables are also shown. Thru this study, the packet filtering system was found operating correctly ill the tunneling mechanism.

• Proceedings of the IEEK Conference
• /
• 1998.10a
• /
• pp.879-882
• /
• 1998

현재 보안 시스템으로 가장 많이 쓰이고 있는 것 중에 하나가 여러 지역의 카메라로부터 영상 신호를 받아서 하나의 모니터에 여러 영상을 분할 해서 보여주는 시스템이다. 이 시스템의 기능 중에서 가장 중요한 것은 각 지역의 영상을 실시간으로 처리해줄 수 있어야 하는데, 이를 위해서는 영상 데이터를 놓치지 않고 모두 메모리에 저장할 수 있어야 한다. 본 논문에서는 4개의 영상을 하나의 화면으로 4분할 하여 출력하기 위한 시스템을 FPGA를 사용하여 구현했다. 일반적으로 화면 분할하는 시스템은 흑백의 영상만을 출력하는데, 컬러 영상 신호인 RGB 5:6:5모드의 데이터를 사용하여 컬러 영상을 그대로 화면 분할하여 출력하는 시스템을 구성했다. 또한, 화면을 나누기 위한 PIP(Picture In Picture) 등의 전용칩은 분할 화면의 수가 늘어날수록 그 시스템의 크기가 커지므로 순수하게 FPGA를 이용하여 로직을 설계해서 직접 필드 메모리 (FIFO)를 콘트롤 하도록 설계했다. 동기화 되어 있지 않은 메모리에 저장한 각 영상 데이터를 하나의 영상화면에 동기화시키기 위한 방법으로 일정한 타이밍마다 각 영상 데이터를 선택하는 선택 알고리즘(Choice Algorithm)을 제시하여 적용하였다. 선택 알고리즘에 따라서 동기화 되어 있지 않은 메모리에 저장한 각 영상 데이터를 하나의 영상화면에 동기화 시키기위한 방법을 로직으로 구현하여 적용한 시스템을 만들어서 직접 실험 및 테스트를 실행하였다. 로직을 구현하기 위해 사용한 FPGA(Xilinx 5200 Series)는 XC5210-5이고, 비디오 데이터를 저장하기 위한 필드 메모리(FIFO)는 μPD42280-30를 사용하였는데, 좀더 여유 있는 데이터 저장을 통해 선명한 화질을 얻기 위해서는 FPGA와 메모리를 더 빠른 타입으로 사용하는 것이 바람직하다. 내용 전개를 살펴보면 제 1절에서 본 시스템의 필요성 및 개발 동기, 개발 배경등에 대해서 간단히 설명하고 제 2절에서는 전체 시스템의 구조에 대해서 설명하고 제 3절에서는 본 시스템의 구조 중에서 가장 중요한 메모리 컨트롤에 대해서 간단히 설명하고, 제 4절에서는 시스템을 구현시켜 실험 및 결과에 대해서 분석한다. 마직막으로 결론 및 향후 계획에 대해서 기술한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.933-940
• /
• 2015

IT environments such as IoT, SNS, BigData, Cloud computing are changing rapidly. These technologies add new technologies to some of existing technologies and increase the complexity of Information System. Accordingly, they require enhancing the security function for new IT services. Information Security Pre-inspection aims to assure stability and reliability for user and supplier of new IT services by proposing development stage which considers security from design phase. Existing 'Information Security Pre-inspection' (22 domains, 74 control items, 129 detail items) consist of 6 stage (Requirements Definition, Design, Training, Implementation, Test, Sustain). Pilot tests were executed for one of IT development companies to verify its effectiveness. Consequently, for some inspection items, some improvement requirements and reconstitution needs appeared. This paper conducts a study on activation of 'Information Security Pre-inspection' which aims to construct prevention system for new information system. As a result, an improved 'Information Security Pre-inspection' is suggested. This has 16 domains, 54 inspection items, 76 detail items which include some improvement requirements and reconstitution needs.

• Journal of the Korean Society for Railway
• /
• v.19 no.2
• /
• pp.159-169
• /
• 2016

The current railway control system in Korea is comprised of signaling, electric rail power, communication, and maintenance systems that are independent of each other. Further, these systems have different mediums and protocols for transmitting the field equipment data to the central control system. The Safety Supervision System has as its purpose the collecting of safety-related data from each system to predict and prevent accidents, this system utilizes standard protocol. Safety-related data need to be collected from field data transmission devices of the existing control system, the data should be collected without affecting the communication of the existing system. In this study, sniffing skill, which is typically used for network traffic monitoring or security, is used to collect data. The problems arising from the use of sniffing devices are noted, and the Packet Conversion Node is proposed as a solution to the problems. Further, functional and performance testing were completed for the prototype, and the software architecture and packet conversion process were verified.