• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1206-1209
• /
• 2007

IP-TV 서비스는 통신/방송 융합서비스로서 데이터 스트림이 송출되는 Server로부터 QoS가 보장되는 IP망을 통해 디지털 영상 방송이나 양방향 서비스를 가입자 단말까지 제공하는 서비스이다. IP-TV 서비스는 보안을 위해 CAS(Conditional Access System)를 사용하고, 또한 효율적인 콘텐츠의 전송을 위해 IP Multicast를 사용하게 된다. 보안 기능이 제공되지 않는 IP Multicast는 익명성을 허용하게 하여 eavesdropping, denial of service(DoS) Attack등이 가능하고, 또한 AAA(Authentication, Accounting, Authorization) 기능이 제공되지 않는다. IP-TV에서는 보안을 제공하기위해 Application 계층에서 CAS를 운용하게 되는데, 이는 Network계층에서 보안문제를 해결하는 것 보다 비효율적이다. 본 논문에서는 기존의 IGMP프로토콜을 확장, 개선하여 상호인증을 통해 CAS Server와 연계하여 IP-TV에 적합하게 만든 프로토콜을 제시함으로서, 이와 같은 문제점들을 해결하였다.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.48 no.1
• /
• pp.84-91
• /
• 2011

To develop the new network, the future network architecture is studied. Since the mobile devices are also advanced, they need for the mobility protocols. The one of the protocols, Fast handovers for proxy MIPv6(PFMIPv6) has studied by the Internet Engineering Task Force(IETF). Since PFMIPv6 adopts the entities and the concepts of fast handovers for MIPv6(FMIPv6) in proxy MIPv6(PMIPv6), it reduces the packet loss. Although the conventional scheme has proposed that it cooperated with an Authentication, Authorization and Accounting (AAA) infrastructure for authentication of a mobile node in PFMIPv6, it has the drawbacks such as high signaling cost and long handover latency. To reduce the signaling cost and the handover latency, we propose an enhanced authentication scheme in Fast handover for Proxy MIPv6. The proposed scheme reduces the handover latency and the signaling cost because the registration procedure and the authentication procedure are simultaneously performed. We also compare the proposed scheme with the conventional scheme in terms of the signaling cost and the handover latency.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.481-492
• /
• 2008

With the advancement of the Internet and networks, the combination of wired/wireless technologies is spreading rapidly since it enables the creation of new services and provides new features to both users and service providers. In such wired/wireless integrated services, network integration is very important because such systems are integrated by a linkage between heterogeneous networks and they involve an integration of transmission technologies across networks. In this situation, existing security and communication technologies are unsuitable since the network are integrated with heterogeneous networks. The network may also have several security vulnerability. Also, form of service that users offer will be service for roaming user. In these service, we must provide fast authentication and security at roaming. Therefore in this paper we proposed roaming and AAA mechanism in heterogeneous network environment. Our system provides secure communication and efficiency.

• Journal of Internet Computing and Services
• /
• v.5 no.3
• /
• pp.25-33
• /
• 2004

Mobile IP Low Latency Handoffs(l) allow greater support for real-time services on a Mobile IP network by minimizing the period of time when a mobile node is unable to send or receive IP packets due to the delay in the Mobile IP Registration process. However, on Mobile IP network with AAA servers that are capable of performing Authentication, Authorization, and Accounting(AAA) services, every Registration has to be traversed to the home network to achieve new session keys, that are distributed by home AAA server, for a new Mobile IP session. This communication delay is the time taken to re-authentication the mobile node and to traverse between foreign and home network even if the mobile node has been previously authorized to old foreign agent. In order to reduce these extra time overheads, we present a method that performs Low Latency Handoffs without requiring further involvement by home AAA server. The method re-uses the previously assigned session keys. To provide confidentiality and integrity of session keys in the phase of key exchange between agents, it uses a key sharing method by gateway foreign agent that performs a trusted thirty party. The proposed method allows the mobile node to perform Low Latency Handoffs with fast as well as secure operation.

• 한국정보통신설비학회:학술대회논문집
• /
• 2004.08a
• /
• pp.328-333
• /
• 2004

SK Telecom은 2000년 10월 세계 최초로 기존 IS-95A/B망에서 지원하였던 속도인 14.4Kbps나 56Kbps 보다 훨씬 빠른 최고 144Kbps로 무선인터넷이 가능한 CDMA2000 IX를 상용화 하였다. 또한, 2002년 1월에는 CDMA2000 IX보다 15배 이상 빠른 최대 2.4Mbps가 가능한 동기식 3세대 망인 CDMA2000 IxEV-DO를 세계 최초로 상용화 하였다. 이러한 초고속 무선 인터넷 서비스를 위해서 패킷 데이터 처리에 필수적인 PDSN(Packet Data Serving Node), HA(Home Agent), AAA(Authentication, Authorization and Accounting) 등의 노드들로 구성된 Packet Core Network(이하 PCN)이 도입되었으며, 이에 대한 운용 및 관리 방안이 중요한 issue로 등장하였다. 본 논문에서는 기존의 음성 서비스 관리를 위한 망관리 시스템(Network Management System)과는 다른 개념으로 관리되어야 할 패킷 서비스를 위한 NMS 구축 방안을 제시하고, 필수적인 관리 정보 및 서비스 관리를 위한 방향을 제시한다.

• Journal of Communications and Networks
• /
• v.7 no.2
• /
• pp.192-206
• /
• 2005

Integration of mobile networks and Internet has started with 2.5 generation of mobile cellular networks. Internet traffic is today dominant traffic type worldwide. The hanger for higher data rates needed for data traffic and new IP based services is essential in the development of future wireless networks. In such situation, even 3G with up to 2 Mbit/s has not provided data rates that are used by Internet users with fixed broadband dial-up or through wired local area networks. The solution to provide higher bit rates in wireless access network has been found in wireless LAN although initially it has been developed to extend wired LAN into wireless domain. In this paper, we propose and describe a solution created for interoperability between mobile cellular network and WLAN. The integration between two networks, cellular and WLAN, is performed on the authentication, authorization, and accounting, i.e., AAA side. For that purpose we developed WLAN access controller and WLAN AAA gateway, which provide gateway-type access control as well as charging and billing functionalities for the WLAN service. In the development process of these elements, we have considered current development stadium of all needed network entities and protocols. The provided solution provides cost-effective and easy-to-deploy PLMN-WLAN Internetworking scenario.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.709-710
• /
• 2009

IT 기술은 인터넷 및 휴대 디바이스의 발전으로 인해 유비쿼터스 환경으로 발전해 나가고 있다. 이와 같은 변화는 사용자들에게 다양한 서비스를 제공될 것이며, 사용자들은 모바일 디바이스를 이용하여 이동하면서도 서비스를 받고자 하는 요구가 증대되고 있다. 그러나 현재의 발전 예상과 다양한 서비스와는 반대로 무선 환경이라는 특성으로 인해 기존의 유선망보다 다양한 위협사항 및 취약점을 가지고 있다. 즉 무선 환경에서 모바일 디바이스에 대한 스니핑, 도청, 서비스거부 공격, 중간자 공격, 비인가 장비 공격, 악성소프트웨어 감영 등의 보안 취약성을 내포하고 있으며, 또한 기존의 무선 환경이 가지는 위협사항을 그대로 가지고 있어 모바일 디바이스 보안에 대한 연구는 매우 중요한 실정이다. 이러한 문제점을 해결하는 방안으로 기존의 유선망뿐만 아니라 비약적으로 발전하고 있는 무선망의 WiBro, Mobile IP 등과 같은 다양한 서비스 및 프로토콜 상에서 안전하고 신뢰성 있는 인증 인가 과금을 체계적으로 제공하도록 경량화된 디바이스 보안 기술에 대한 연구를 수행하고자 한다.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.9
• /
• pp.39-45
• /
• 2009

When Mobile IPv6 is deployed in commercial network, a mobile node needs AAA services for an authentication, authorization and accounting. AAA and Mobile IPv6 are protocols which are operated independently. Then schemes which merge these protocols have been emerged. These schemes can enable a mobile node to establish a security association between the mobile node and a home agent and to perform a binding update for the home agent using AAA authentication request. But these schemes introduce many signal messages and long handover latency during the handover, since Route Optimization mode for Mobile Ipv6 is performed using Return Routability procedure. To solve this problem, we propose a scheme for Route Optimization mode that the home agent performs the binding update for a correspondent node via the AAA infrastructure between the home agent and the correspondent node instead of Return Routability procedure. For performance evaluation, we analyze signal message transmission costs and handover latencies during handover. We show performance improvement of the proposed scheme which reduces handover latency as 61% compared with the existing scheme.

• The KIPS Transactions:PartC
• /
• v.19C no.2
• /
• pp.99-118
• /
• 2012

In PMIPv6-based network, mobile nodes can be made smaller and lighter because the network nodes perform the mobility management-related functions on behalf of the mobile nodes. The one of the protocols, Fast Handovers for Proxy Mobile IPv6(FPMIPv6)[1] has studied by the Internet Engineering Task Force(IETF). Since FPMIPv6 adopts the entities and the concepts of Fast Handovers for Mobile IPv6(FMIPv6) in Proxy Mobile IPv6(PMIPv6), it reduces the packet loss. Conventional scheme has proposed that it cooperated with an Authentication, Authorization and Accounting(AAA) infrastructure for authentication of a mobile node in PMIPv6, Despite the best efficiency, without begin secured of signaling messages, PMIPv6 is vulnerable to various security threats such as the DoS or redirect attAcks and it can not support global mobility between PMIPv. In this paper, we analyze Kang-Park & ESS-FH scheme, and then propose an Enhanced Security scheme for FPMIPv6(ESS-FP). Based on the CGA method and the pubilc key Cryptography, ESS-FP provides the strong key exchange and the key independence in addition to improving the weaknesses for FPMIPv6. The proposed scheme is formally verified based on Ban-logic, and its handover latency is analyzed and compared with that of Kang-Park scheme[3] & ESS-FH and this paper propose inter-domain fast handover sheme for PMIPv6 using proxy-based FMIPv6(FPMIPv6).

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.12C
• /
• pp.1258-1267
• /
• 2003

As the need for stable and high speed wireless Internet service Brows, the wireless LAN service provider hurries to preempt wireless LAN service market. IAPP(InterAccess Point protocol) is defined to be able to provide a secure handoff mechanism of wireless LAN terminal information between AP(Access Point)s, and the related IEEE standard is IEEE 802.11f. For the secure handoff of wireless LAN terminal, it is necessary to transfer terminal's authentication & accounting information securely from old AP to new AP IEEE 802.11f recommends RADIUS server as IAPP server which authenticates AP and provides information for secure channel between APs. This paper proposes IAPP server using Diameter protocol to overcome the limit of RADIUS sewer, and describes about the interaction between server components and integration method with the current IAPP client system.