• Proceedings of the Korean Society of Computer Information Conference
• /
• 2017.01a
• /
• pp.129-130
• /
• 2017

DoS 공격은 증가하고 있지만 비용이 많이 들다보니 제대로 된 방어를 하지 못 하고 공격을 당하는 경우도 많다. 저렴한 DoS 방어 시스템의 필요성이 절실하다. 본 논문에서는 저 대역폭 DoS 공격을 방어하는 시스템 개발을 하고자 한다. 방어시스템의 물리적 구조는 듀얼 홈 게이트웨이 구조를 사용하며, DoS 탐지 방법으로는 일반적인 상황에서의 인 바운드되는 프로토콜별 패킷의 값을 세어 그 값을 평균값과 비교하여 탐지하며, 1초 단위로 IP와 SYN, FIN 플래그 값을 세어 그 값을 평균값과 비교하여 탐지하며, 2초 단위로 IP와 SYN, FIN 플래그 값을 세어 임계값을 넘어서면 차단하는 방식을 사용한다.

• Proceedings of the IEEK Conference
• /
• 2000.11b
• /
• pp.172-175
• /
• 2000

In this paper, we address the requirement of VHDL parser for design rule checker, and the structure and implementing method of design rule checker which checks if IP design is valuable to reuse. This checker builds the grammar trees from the design rules, and the internal graphs representation from IP design data. It maps the nodes of the grammar trees and the internal graphs to check if it violates the design rules. The design rule checker can do the cross reference between source codes and error messages to find error position easy.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2000.11a
• /
• pp.498-501
• /
• 2000

본 논문에서는 TCP(Transmission Control Protocol) 프로토콜의 약점을 이용해 최근 대두되고 있는 IP Spoofing공격, SYN Flooding공격, DoS(Denial of Service)공격에 대응하기 위해 TCP 프로토콜에서 순서번호 생성의 단순함을 극복하고자 하였다. 이러한 방안으로 난수, 순서번호, 접속 요구 IP의 공개키를 이용하여 일회용 키를 생산 분배 하였다. 여기서 발생된 일회용 패스워드를 접속 요구 IP에 할당함으로써 순서번호에 암호화 및 IP 민중을 통한 시스템의 보안 수준을 높이고자 하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.789-801
• /
• 2018

Currently widely used IP cameras provide the ability to control IP cameras remotely via mobile devices. To do so, the IP camera software is installed on the website specified by the camera manufacturer, and authentication is performed through the password between the IP camera and the mobile device. However, many products currently used do not provide a secure channel between the IP camera and the mobile device, so that all IDs and passwords transmitted between the two parties are exposed. To solve these problems, we propose an authentication and key exchange protocol using ID-based signature scheme. The proposed protocol is characterized in that (1) mutual authentication is performed using ID and password built in IP camera together with ID-based signature, (2) ID and password capable of specifying IP camera are not exposed, (3) provide forward-secrecy using Diffie-Hellman key exchange, and (4) provide security against external attacks as well as an honest-but-curious manufacturer with the master secret key of the ID-based signature.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.11a
• /
• pp.624-627
• /
• 2002

In this thesis, a method of solving the IP(Internet Protocol) address collision problem on the Web browser in the TCP/IP based on LAN(Local Area Network). These days a number of computers are increasing in geometrical progression, but general users who are not experts are lack of the knowledge about TCP/IP address, and they may use not only their own but also other users' TCP/IP addresses by mistake or intentionally. For the more they may use IP address which is the same as network equipments and then the situation will cause the whole network to be disturbed. As the result it may be happened that not only the original users' network but also the whole users' one do not operate properly in the LAN.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.11a
• /
• pp.916-919
• /
• 2002

In this thesis, a method of solving the IP(Internet Protocol) address collision problem on the Web browser in the TCP/IP based on LAN(Local Area Network).These days a number of computers are increasing in geometrical progression, but general users who are not experts are lack of the knowledge about TCP/IP address, and they may use not only their own but also other users' TCP/IP addresses by mistake or intentionally. For the more they may use IP address which is the same as network equipments and then the situation will cause the whole network to be disturbed. As the result it may be happened that not only the original users'network but also the whole users' one do not operate properly in the LAN.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.431-433
• /
• 2010

VoIP is a communication technique can be used anywhere you can find wifi signal and it costs much lower than conventional mobile service. However, security of VoIP is not as robust as former, the converse could be easily intercepted and attacked especially in MANETs which the attackers access easier than in wired networks. Sercurity of VoIP system in MANETs is an important issue nowadays. In this paper, a typical attack method of VoIP systems in MANETs is described and we implement how to prevent it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.107-114
• /
• 2003

In this paper, we propose an efficient mutual authentication and key distribution protocol for cdma2000 packet data service which uses Mobile U access method with DIAMETER AAA(Authentication, Authorization and Accounting) infrastructure. The proposed scheme provides an efficient mutual authentication between MN(Mobile Node) and AAAH(home AAA server), and a secure session-key distribution among Mobile If entities. The proposed protocol improves the efficiency of DIAMETER AAA and satisfies the security requirements for authentication and key distribution protocol. Also, the key distributed by the proposed scheme can be used to generate keys for packet data security over 1xEV-DO wireless interface, in order to avoid a session hijacking attack for 1xEV-DO packet data service.

• Review of KIISC
• /
• v.24 no.1
• /
• pp.45-52
• /
• 2014

서비스 거부 공격 (Denial of Service Attack)은 현재 사이버테러와 맞물려 중요한 이슈로 자리 잡고 있다. 응용계층에서부터 네트워크계층에 이르기까지 다양한 프로토콜들의 취약점을 이용하는 DoS 공격은 공격대상을 서비스 불가능 상태에 빠뜨려 작게는 서버다운에서 크게는 국가적인 보안위험을 야기 시키고 있다. 본 논문은 TCP/IP 기반 네트워크에서 DoS 공격에 대하여 취약점이 있는 응용계층, 전송계층, 및 네트워크 계층 프로토콜들의 보안 취약점을 분석한다. 또한 다양한 프로토콜 취약점들을 활용한 기존 서비스 거부 공격 사례를 분석함으로써 궁극적으로는 DoS 공격을 예측하고 공격 발생 시 신속한 대응책을 마련에 활용될 수 있는 정보를 제공하고자 한다.

• Journal of the Korea Convergence Society
• /
• v.3 no.3
• /
• pp.7-12
• /
• 2012

mVoIP (mobile Voice over Internet Protocol) service is a technology to transmit voice data through an IP network using mobile device. mVoIP provides various supplementary services with low communication cost. It can maximize the availability and efficiency by using IP-based network resources. In addition, the users can use voice call service at any time and in any place, as long as they can access the Internet on mobile device easily. However, SIP on mobile device is exposed to IP-based attacks and threats. Observed cyber threats to SIP services include wiretapping, denial of service, and service misuse, VoIP spam which are also applicable to existing IP-based networks. These attacks are also applicable to SIP and continuously cause problems. In this study, we analysis the threat and vulnerability on mVoIP service and propose several possible attack scenarios on existing mobile VoIP devices. Based on a proposed analysis and vulnerability test mechanism, we can construct more enhanced SIP security mechanism and stable mobile VoIP service framework after eliminating its vulnerability on mobile telephony system.