• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.835-838
• /
• 2015

최근 IT기술이나 하드웨어 기술이 발달함에 따라 공격자의 능력 또한 크게 향상되었다. 이런 공격자를 막기 위해 많은 암호 프로토콜을 사용하여 상호 인증을 하고 암호화 통신을 하거나 PKI 시스템 등을 통해 상호인증을 통한 방어를 하고 있다. 암호화 통신을 할 때 사용되는 AES 알고리즘은 암호학적 안정성과 성능 우수성을 인정받아 국제적으로 많이 활용 되고 있다. 국내에서는 최근 LEA 암호 알고리즘이 개발되었고 AES와 같은 암호학적 안정성 또한 인정받았다. 본 논문에서는 다양한 트래픽 양과 암호화 통신의 유무에 따라 공격자의 존재 유무를 실제 서비스를 하는 서버나 클라이언트가 감지 할 수 있는지에 대해 확인해 보고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.285-287
• /
• 2024

개인정보 및 네트워크 데이터 보호 등의 목적으로 암호화 통신이 보급됨에 따라 암호화 통신 바탕의 IoT기반 인프라 및 서비스가 급속히 구축, 확산되고 있다. 이러한 암호화 통신은 기존 네트워크 장비로는 내용 확인이 불가능하다는 점을 악용하여 악성코드를 은닉하고, 탐지기법을 우회하기 위한 수단으로 사용하는 사례가 꾸준히 발생하고 있다. 암호화 트래픽 분석 기술이란 암호화 통신에서 발생한 트래픽을 해독하지 않고 분석하는 기술로 암호화 통신을 악용한 사례에 대응하기 위한 수단으로써 그 필요성이 대두되고 있다. 본 논문에서는 암호화 통신과 암호화 트래픽에 대해 설명하고 암호화 트래픽 분석 기술의 연구 동향에 대해 분석한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.127-138
• /
• 2006

The IPSec is a basic security mechanism of the IPv6 protocol, which can guarantee an integrity and confidentiality of data that transmit between two corresponding hosts. Also, both data and communication subjects can be authenticated using the IPSec mechanism. However, it is difficult that the IPSec mechanism protects major important network from attacks which transmit mass abnormal IPSec traffic in session-configuration or communication phases. In this paper, we present a design of the security system that can effectively detect and defeat abnormal IPSec traffic, which is encrypted by the ESP extension header, using the IPSec Session and Configuration table without any decryption. This security system is closely based on a multi-tier attack mitigation mechanism which is based on network bandwidth management and aims to counteract DDoS attacks and DoS effects of worm activity.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.1
• /
• pp.253-260
• /
• 2008

This paper is based on the ubiquitous network of telematics technology, equipped with a black box to the car by a unique address given to IPv6. The driver's black box at startup and operation of certification, and the car's driving record handling video signals in real-time sensor signals handling to analyze the records. Through the recorded data is encrypted transmission, and the Ubiquitous network of base stations, roadside sensors through seamless mobility and location tracking data to be generated. This is a file of Transportation Traffic Operations Center as a unique address IPv6 records stored in the database. The car is equipped with a black box used on the road go to Criminal cases, the code automotive black boxes recovered from the addresses and IPv6, traffic records stored in a database to compare the data integrity verification and authentication via secure. This material liability in the courtroom and the judge Forensic data are evidence of the recognition as a highly secure. convenient and knowledge in the information society will contribute to human life.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.190-195
• /
• 2018

Recently, Due to the ongoing increase in cyber attacks and the improved awareness of privacy protection, most Internet services encrypt the traffic by using security protocols. Existing security protocols usually have additional layer between transport layer and application layer, and they incur additional costs because of encrypting all the traffic transmitted. This results in unnecessary performance degradation because it also encrypts data that does not require confidentiality. In this paper, we propose TCP OENC(Optional Encryption) which enables users of the application layer to optionally encrypt only confidential data. TCP OENC operates by TCP option to allow the application layer to encrypt the TCP stream transmitted only on demand. And it ensures transparency between the TCP layer and the application layer. To verify this, we verified that TCP OENC optionally encrypts the stream of TCP session on the embedded board. And then analyzed the performance of the encrypted stream by measuring the elapsed time.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.77-85
• /
• 2019

As the Internet continues to evolve, cyber attacks are becoming more precise and covert. Anonymous communication, which is used to protect personal privacy, is also being used for cyber attacks. Not only it hides the attacker's IP address but also encrypts traffic, which allows users to bypass the information protection system that most organizations and institutions are using to defend cyber attacks. For this reason, anonymous communication can be used as a means of attacking malicious code or for downloading additional malware. Therefore, this study aims to suggest a method to detect and block encrypted anonymous communication as quickly as possible through artificial intelligence. Furthermore, it will be applied to the defense to detect malicious communication and contribute to preventing the leakage of important data and cyber attacks.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.10
• /
• pp.2164-2170
• /
• 2011

Rapid surge in date quantity lead to increase in storage demand from corporate. The existing SAN with fiber channel is being changed to IP-based SAN environment due to installment and maintenance cost. But the IP-based network still have some similar security problems as existing TCP/IP network. Also, for the security reasons of storage traffic, data are encrypted, but with the existing system, data larger than 10G can't be handled. To address security and speed issue, this paper proposes to a structure applied to IP SAN environment with Parallel Structure Word-based FSR (PS-WFSR) as hardware.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.19 no.1
• /
• pp.23-30
• /
• 2023

According to the government's plan for cloud conversion and integration of information resources for administrative and public institutions, work is underway to convert administrative and public institutions to the cloud by 2025. In addition, in the private sector, companies in many fields, including finance, are already using cloud services, and the usage is expected to expand more and more. As a result, changes have occurred in security control activities using security systems, it is required to secure visibility for encrypted traffic when building a cloud control environment. In this paper, an analysis was conducted on the way to provide visibility in the cloud service environment. Ways to provide visibility in the cloud service environment include methods of using load balancer, methods of using security systems, and methods of using equipment dedicated to SSL/TLS decryption. For these methods, Performance comparison was performed in terms of confidentiality, functionality (performance), cost. Through this, the pros and cons of each visibility provision method were presented.

• Journal of KIISE:Information Networking
• /
• v.37 no.5
• /
• pp.317-326
• /
• 2010

Nowadays, transmission bandwidth for network traffic is increasing and the type is varied such as peer-to-peer (PZP), real-time video, and so on, because distributed computing environment is spread and various network-based applications are developed. However, as PZP traffic occupies much volume among Internet backbone traffics, transmission bandwidth and quality of service(QoS) of other network applications such as web, ftp, and real-time video cannot be guaranteed. In previous research, the port-based technique which checks well-known port number and the Deep Packet Inspection(DPI) technique which checks the payload of packets were suggested for solving the problem of the P2P traffics, however there were difficulties to apply those methods to detection of P2P traffics because P2P applications are not used well-known port number and payload of packets may be encrypted. A proposed algorithm for identifying P2P heavy traffics based on flow transport parameters and behavioral characteristics can solve the problem of the port-based technique and the DPI technique. The focus of this paper is to identify P2P heavy traffic flows rather than all P2P traffics. P2P traffics are consist of two steps i)searching the opposite peer which have some contents ii) downloading the contents from one or more peers. We define P2P flow patterns on these P2P applications' features and then implement the system to classify P2P heavy traffics.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2B
• /
• pp.250-262
• /
• 2004

In IPv6 environment, the Internet Telephony, VoD(Video on Demand) and high capacity file exchange service will be more increased than IPv4. Therefore, the strict guarantee of QoS based on End-to-End and differentiated quality control schemes are simultaneously required. This paper proposes the flow control schemes on IPv6 network that the traffic is identified by flow and the QoS of multi-service is improved by QoS information in IPv6 hop-by-hop option header. The object of flow control includes not only non-default QoS traffic, which uses the flow label, but also best-effort or encrypted traffic. Therefore, the guarantee of real-time service is strengthened and the flow, which abuses unnecessarily the network resources, is effectively controlled. Also, this paper proposes the mapping scheme between the flow and MPLS by reflecting the minimum change of the existed network resource and the status of backbone network of ISP(Internet Service Provider). In the simulation result, It is shown that the proposed scheme is effective in the side of QoS on real-time services and utilization of backbone resources.