• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.811-815
• /
• 2005

IPSec(Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPSec is providing authentication, integrity and confidentiality security services. The specifications for Internet Key Exchange(IKEv1) were released to the world. Some criticisms of IKEv1 were that it was too complex and endeavored to define too much functionality in one place. Multiple options for multiple scenarios were built into the specification. The problem is that some of the included scenarios are rarely if ever encountered. For IPsec to work, the sending and receiving devices must chare a Public Key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley(ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates. This thesis is a study on the performance improvement of the security transmission using the SSFNet(Scalable Simulation Framework Network Models)

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.10d
• /
• pp.370-374
• /
• 2006

Ad-hoc 환경의 응용은 재난구조나 회의실 또는 강의실에서의 정보 교환과 같은 그룹 통에서 이용된다. Ad-hoc 환경은 무선 채널을 이용하므로 상대적인 낮은 대역폭과 높은 오류 발생률을 가지게 된다. 따라서 Ad-hoc 네트워크에서는 신뢰적인 전송이 요구된다. 이동 노드는 상대적으로 낮은 성능과 에너지의 제한으로 인해 유선 환경과 같은 신뢰적인 전송 기법을 Ad-hoc 환경에 적용하기에는 문제가 발생한다. Ad-hoc 환경의 무선 채널이 가지는 보안적인 취약성과 높은 에러율을 극복하는 신뢰적인 그룹 키 전송을 위한 재전송 기법을 제안한다. 신뢰적인 트리 형성하기 위해 n차 트리 구조를 이용한다. 손실 감지를 위한 ACK 메시지를 이용하고 손실 복구를 위한 재전송 기법에 대해 연구를 한다. 제안한 신뢰적인 그룹 키 전송을 위한 재전송 기법은 트리의 깊이의 차수가 루트 관리 노드, 서브 관리 노드와 로컬 멤버 노드로 구성되기 때문에 손실 감지와 손실 복구에 대한 연산의 오버헤드가 적다. 루트 관리 노드는 멤버 노드로부터 받은 개인키 정보를 이용하여 그룹 키를 생성하고 그룹 키 부분 정보를 서브 관리 노드에게 전송하고 서브 관리 노드에 대한 신뢰성을 책임진다. 서브 관리 노드는 루트 관리 노드로부터 받은 그룹 키 부분 정보를 로컬 멤버 노드에게 전송하고 로컬 멤버 노드에 대한 신뢰성을 책임진다. 루트 관리 노드와 서브 관리 노드를 관리 노드라 한다. 관리 노드가 신뢰적인 전송을 위해 관리하는 멤버 노드는 전체 그룹에 독립적으로 유지 가능하므로 확장성 및 효율성이 좋다. 관리 노드는 동적인 그룹에 따른 타이머를 설정함으로써 손실 감지에 대한 시간을 줄임으로써 효율적인 손실 감지 및 손실 복구를 한다. 임계값 설정으로 인한 중복 수신에 대한 오버헤드를 줄일 수 있다.신뢰성을 향상 시킬 수 있는 Load Balancing System을 제안한다.할 때 가장 효과적인 라우팅 프로토콜이라고 할 수 있다.iRNA 상의 의존관계를 분석할 수 있었다.수안보 등 지역에서 나타난다 이러한 이상대 주변에는 대개 온천이 발달되어 있었거나 새로 개발되어 있는 곳이다. 온천에 이용하고 있는 시추공의 자료는 배제하였으나 온천이응으로 직접적으로 영향을 받지 않은 시추공의 자료는 사용하였다 이러한 온천 주변 지역이라 하더라도 실제는 온천의 pumping 으로 인한 대류현상으로 주변 일대의 온도를 올려놓았기 때문에 비교적 높은 지열류량 값을 보인다. 한편 한반도 남동부 일대는 이번 추가된 자료에 의해 새로운 지열류량 분포 변화가 나타났다 강원 북부 오색온천지역 부근에서 높은 지열류량 분포를 보이며 또한 우리나라 대단층 중의 하나인 양산단층과 같은 방향으로 발달한 밀양단층, 모량단층, 동래단층 등 주변부로 NNE-SSW 방향의 지열류량 이상대가 발달한다. 이것으로 볼 때 지열류량은 지질구조와 무관하지 않음을 파악할 수 있다. 특히 이러한 단층대 주변은 지열수의 순환이 깊은 심도까지 가능하므로 이러한 대류현상으로 지표부근까지 높은 지온 전달이 되어 나타나는 것으로 판단된다.의 안정된 방사성표지효율을 보였다. $^{99m}Tc$-transferrin을 이용한 감염영상을 성공적으로 얻을 수 있었으며, $^{67}Ga$-citrate 영상과 비교하여 더 빠른 시간 안에 우수한 영상을 얻을 수 있었다. 그러므로 $^{99m}Tc$-transierrin이 감염 병소의 영상진단에 사용될 수 있을 것으로 기대된다.리를 정량화 하였다. 특히 선조체에서의 도파민 유리에 의한 수용체 결합능의 감소는 흡연에 의한 혈중 니코틴의 축

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.6
• /
• pp.197-208
• /
• 2023

In the coming future, anyone using the Internet will have more than one NFT. Unlike FT, NFT can specify the owner, and tracking management is easier than FT. Even in the 2022 survey, WPA2 is the most widely used wireless protocol worldwide to date. As it is a protocol that came out in 2006, it is a protocol with various vulnerabilities at this time. In order to use WPA2-EAP or WPA3 (2018), which were released to compensate for the vulnerabilities of WPA2, additional equipment upgrades are required for STA (station) and AP (access point, router), which are connected devices. The use of expensive router equipment solves the security part, but it is economically inefficient to be introduced in Small Office Home Office (SOHO). This paper uses NFT as a means of authentication and uses the existing WPA2 as it is without equipment upgrade, defend crack tools of WPA2 that have been widely used so far and compared to the existing WPA2, it was shown that it was not difficult to actually use them in SOHO.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.1
• /
• pp.28-38
• /
• 2007

In this paper, we implement Microsoft COM software modules for elliptic curve cryptographic applications and analyze its performance. The implemented COM software modules support all elliptic curve key exchange protocols and elliptic curve digital signature algorithm in IEEE 1363 finite fields GF(p) and GF(2m). Since the implemented software modules intend to focus on a component-based software development method, and thus it have a higher productivity and take systematic characteristics to be open outward and to be standardized. Accordingly, it enable a software to be developed easier and faster rather than a method using C library. In addition it support the Microsoft COM interface, we can easily implement secure software applications based on elliptic curve cryptographic algorithms.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1267-1275
• /
• 2017

This paper describes a design of cryptographic processor supporting 233-bit elliptic curves over binary field defined by NIST. Scalar point multiplication that is core arithmetic in elliptic curve cryptography(ECC) was implemented by adopting modified Montgomery ladder algorithm, making it robust against simple power analysis attack. Point addition and point doubling operations on elliptic curve were implemented by finite field multiplication, squaring, and division operations over $GF(2^{233})$, which is based on affine coordinates. Finite field multiplier and divider were implemented by applying shift-and-add algorithm and extended Euclidean algorithm, respectively, resulting in reduced gate counts. The ECC processor was verified by FPGA implementation using Virtex5 device. The ECC processor synthesized using a 0.18 um CMOS cell library occupies 49,271 gate equivalents (GEs), and the estimated maximum clock frequency is 345 MHz. One scalar point multiplication takes 490,699 clock cycles, and the computation time is 1.4 msec at the maximum clock frequency.

• The Journal of the Korea Contents Association
• /
• v.10 no.2
• /
• pp.14-24
• /
• 2010

Because WSNs operate with limited resources of sensor nodes, its life is extended by cluster-based routing methods. In this study, we use data on direction, distance, density and residual energy in order to maximize the energy efficiency of cluster-based routing methods. Through this study, we expect to minimize the frequency of isolated nodes when selecting a new cluster head autonomously using information on the direction of the upper cluster head, and to reduce energy consumption by switching sensor nodes, which are included in both of the new cluster and the previous cluster and thus do not need to update information, into the sleep mode and updating information only for newly included sensor nodes at the setup phase using distance data. Furthermore, we enhance overall network efficiency by implementing secure and energy-efficient communication through key management robust against internal and external attacks in cluster-based routing techniques. This study suggests the modified cluster head selection scheme which uses the conserved energy in the steady-state phase by reducing unnecessary communications of unchanged nodes between selected cluster head and previous cluster head in the setup phase, and thus prolongs the network lifetime and provides secure and equal opportunity for being cluster head.

• Journal of IKEEE
• /
• v.23 no.1
• /
• pp.58-67
• /
• 2019

A design of an elliptic curve cryptography (ECC) processor that supports both pseudo-random curves and Koblitz curves over $GF(2^m)$ defined by the NIST standard is described in this paper. A finite field arithmetic circuit based on a word-based Montgomery multiplier was designed to support five key lengths using a datapath of fixed size, as well as to achieve a lightweight hardware implementation. In addition, Lopez-Dahab's coordinate system was adopted to remove the finite field division operation. The ECC processor was implemented in the FPGA verification platform and the hardware operation was verified by Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol operation. The ECC processor that was synthesized with a 180-nm CMOS cell library occupied 10,674 gate equivalents (GEs) and a dual-port RAM of 9 kbits, and the maximum clock frequency was estimated at 154 MHz. The scalar multiplication operation over the 223-bit pseudo-random elliptic curve takes 1,112,221 clock cycles and has a throughput of 32.3 kbps.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.5
• /
• pp.27-35
• /
• 2002

In this paper, we present the structure and interaction flow between IKE server and the other modules for our IPsec System's efficiency. Our IPsec systems have several components for IP-based end-to-end security services. They are IKE, SADB and SPDB and so on, not to speak of IPsec Protocol Engine. Therefore the efficient interaction structure between them has an much influence on total system efficiency. Especially, in case of IPsec engine integrated with kernel, it is very important how IPsec engine can refer to SPDB and SADB entries efficiently according to the location of the implementation of SPDB and SADB. To solve the above problem, we use the SPI generated by IKE. Finally, we propose the interaction structure between IKE server and the other modules according to the optimization for referring to SPDB and SADB entries.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.41 no.11
• /
• pp.87-91
• /
• 2004

The continuing development of the information technology industry and wireless networking has increased the use of mobile device, which provides both portability and mobility. As follows, demands for extended services within the wireless Internet are increasing rapidly. Because it still in its initial stages of development, the wireless Internet presents continuing problems in security and limitations in the content of services. Furthermore, most mobile equipment utilizes the touch pad input method. This input method is inconvenient when a user needs to input a long sentence. This has led to the more convenient development of image selection by using a pen mouse. In order to provide security under these conditions, a HASH code may be used to transmit an array of information and input values, created by the image input at the early stages. Thus, authentication and key exchange are completed securely. Messages are encoded and transmitted, preventing both information drain by insiders and interference from outside.

• Journal of Information Technology Services
• /
• v.8 no.2
• /
• pp.117-136
• /
• 2009

Over the years a password has been used as a popular authentication method between a client and a server because of its easy-to-memorize property. But, most password-based authentication services have focused on a same password authentication scheme which provides an authentication and key exchange between a client and a server with the same password. With rapid change of communication environments in the fields such as mobile networks, home networking, etc., the end-to-end security allowing users to hold different password is considered as one of main concerns. In this paper, we consider a new authentication service of how each client with different own password is able to authenticate each other, which is a quite new service paradigm among the existing services. This new service can be used in the current or next generation network environment where a mobile user in cell A wants to establish a secure end-to-end channel with users in ceil B, C, and D using only their memorable passwords. This end-to-end security service minimizes the interferences from the operator controlled by network components. To achieve this end-to-end security, we propose an authentication and key exchange service for group users in different realm, and analyze its security in a formal way. We also discuss a generic construction with the existing authentication schemes.