• The KIPS Transactions:PartC
• /
• v.14C no.1 s.111
• /
• pp.55-64
• /
• 2007

Behind the popularity of VoIP in these days, it may present significant security challenges in privacy and accounting. Authentication and message encryption are considered to be essential mechanisms in VoIP to be comparable to PSTN. SIP is responsible for setting up a secure call in VoIP. SIP employs TLS, DTLS or IPSec combined with TCP, UDP or SCTP as a security protocol in VoIP. These security mechanisms may introduce additional overheads into the SIP performance. However, this overhead has not been understood in detail by the community. In this paper we present the effect of the security protocol on the performance of SIP by comparing the call setup delays among security protocols. We implement a simulation of the various combinations of three security protocols and three transport layer protocols suggested for SIP. UDP with any combination of security protocols performs a lot better than the combination of TCP. TLS over SCTP may impose higher impact on the performance in average because TLS might have to open secure channels as the same number of streams in SCTP. The reasons for differences in the SIP performances are given.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.991-994
• /
• 2007

최근 컴퓨터 기술의 발전과 네트워크의 개방화 그리고 무선 모바일 통신 기술의 비약적인 보급으로 인하여 컴퓨팅 환경을 이루고 있는 각종 장치(PC, 모바일 단말, 저장장치, 네트워크 기기 등)가 다양한 형태의 보안 위협에 노출되어 데이터의 유실, 조작, 유출되어 금전적인 피해를 입거나 프라이버시 침해를 받고 있다. 이러한 문제를 근본적으로 해소하기 위하여 설립된 TCG(Trusted Computing Group)는 세계적인 IT 핵심기업들을 중심으로 구성된 비영리 단체로서 PC 혹은 모바일 기기 등의 단말과 서버 장비 그리고 저장 장치 및 네트워크로 구성된 컴퓨팅 환경에서 보안성 향상 및 데이터의 신뢰성을 제고하기 위하여 TPM(Trusted Platform Module)이라는 반도체 칩을 신뢰의 기반(root of trust)으로 한 신뢰 플랫폼을 제안하고 있다. 한편 SaaS(Software as a Service)는 패키지 형태의 소프트웨어를 네트워크 서비스 형태로 바꾸어 사용량에 비례한 요금제로 과금하는 방식을 채택하고 사용자가 온디맨드로 요청한 서비스를 적시에 제공하는 기술로 최근 전세계적으로 각광을 받고 있다. 이때 다양한 컴퓨팅 환경 안의 사용자에게 높은 신뢰성과 보안성 그리고 연속성을 갖는 SaaS 서비스를 제공하고 데이터의 무결성 및 비밀유지와 정확한 서비스 사용시간을 기록하고 업로드하는 기능들을 제공하는 SaaS 플랫폼은 TPM기반의 신뢰컴퓨팅 기술을 통하여 쉽게 구현될 수 있다. 본 논문에서는 일시적으로 네트워크와 차단된 상태의 PC 혹은 모바일 단말에서도 위의 조건들을 만족하는 SaaS 서비스를 지원하는 신뢰 플랫폼이 가져야 할 기능들에 대하여 분석-도출한 후 그러한 기능들을 제공하는 컴포넌트로 구성된 신뢰형 SaaS 사용자 플랫폼을 설계하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.39-48
• /
• 2003

AAA(Authentication, Authorization, Accounting) protocol is a framework that propose functions of AAA on multiple networks and platforms. AAA protocol is extending from previous RADIUS protocol to Diameter protocol. There are some Diameter applications for variety purpose. Diameter CMS Application makes Diameter messages more secure by using PKI. Diameter CMS Application establish DSA(Diameter Security Association) for end to end security. However the Application has some problems to establish DSA(Diameter Security Association), which can make Diameter system unstable. If one system lose DSA information for some system error - for example, reboot -, the secure communication between two nodes may not be possible. At the application such as MIP, even user registration can't be done. In this paper, we propose a mechannism for DSA re-establishment, and also show the result of the implementation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.79-89
• /
• 2004

Mobile IP Low Latency Handoffs allow greater support for real-time services on a Mobile W network by minimizing the period of time when a mobile node is unable to send or receive IP packets due to the delay in the Mobile IP Registration process. However, on Mobile IP network with AAA servers that are capable of performing Authentication, Authorization, and Accounting(AAA) services, every Registration has to be traversed to the home network to achieve new session keys, that are distributed by home AAA server, for a new Mobile IP session. This communication delay is the time taken to re-authenticate the mobile node and to traverse between foreign and home network even if the mobile node has been previously authorized to old foreign agent. In order to reduce these extra time overheads, we present a method that performs Low Latency Handoffs without requiring funker involvement by home AAA server. The method re-uses the previously assigned session keys. To provide confidentiality and integrity of session keys in the phase of key exchange between agents, it uses a key sharing method by gateway foreign agent that Performs a ousted thirty party. The Proposed method allows the mobile node to perform Low Latency Handoffs with fast as well as secure operation

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.11B
• /
• pp.920-929
• /
• 2004

Nowadays, wireless packet data services are provided over cdma2000 1x/1xEV-DO mobile communication network and Portable Internet are being standardized for users demanding higher data rate services. Portable Internet can provide high data rate services, but its service coverage is relatively small. If Portable Internet may be integrated with cdma2000 mobile networks, users are able to choose the best service according to service areas and get seamless services while they are moving around. At the same time, it is cost-effective for operators to construct and maintain the integrated network. For the purpose of effectively integrating Portable Internet into cdma2000 networks, we propose an integration scheme including network architecture, protocol architecture, functions in network elements, interfaces between them, and call-flow procedures. The integration scheme proposed in this paper adopts a tightly-coupled architecture for unified authentication/accounting and seamless services. In addition, the scheme can be implemented without modifying the existing cdma2000 mobile communication networks. It is also simple to develop the dual-mode mobile station. Through the simulation results based on the performance model for handoffs between cdma2000 and Portable Internet, it has teen validated that the proposed scheme diminishes packet losses compared with the loosely-coupled architecture.