• 한국정보통신설비학회:학술대회논문집
• /
• 2009.08a
• /
• pp.208-210
• /
• 2009

Currently, Wireless LAN(WLAN) service is widely deployed to provide high speed wireless Internet access through the mobile stations such as notebook and PDA. To provide enhanced security and user access control in the public WLAN area, WLAN access points should have the capability of IEEE 802.1x-based user authentication and authorization functionality. In this paper, we provide a brief understanding of IEEE 802.1x standards and related protocols like EAPOL(Extended Authentication Protocol Over LAN), EAP, RADIUS and describe how the IEEE 802.1x is designed and implemented in our embedded linux-based WLAN AP which is named i-WiNG. (Intelligent Wireless Internet Gateway). For the network security and user authenti -cation purposes, a supplicant who wants to access Internet should be authorized to access the AP port using the EAPOL.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.12B
• /
• pp.1474-1480
• /
• 2011

Recently the mobile IPTV service has been spread through the wireless LAN(WLAN). In order to provide the commercial mobile IPTV service through the WLAN, re-authentication for the mobile IPTV terminal is required whenever the mobile terminal roams between APs(Access Points). The most popular one of the authentication protocol standards for the wired and/or wireless LAN is IEEE 802.1X. However IEEE 802.1X takes much time to authenticate the terminal and is not adequate for the seamless mobile IPTV service. We introduce the session key and separate the user authentication and the hardware authentication. And we strengthen the device authentication by the initial registration. By these, the proposed authentication protocol reduces the authentication time and can protect the authentication key securely.

• International Journal of Contents
• /
• v.2 no.4
• /
• pp.12-18
• /
• 2006

The number of wireless public network user is increasing rapidly. Security problem for user authentication has been increased on existing wireless network such as IEEE802.11 based Wireless LAN. As a solution, IEEE802.1x (EAP-MD5, EAP-TLS, EAP-TTLS), X.509, protocol or security system was suggested as a new disposal plan on this problem. In this study, we overview main problem on existing EAP-MD5 authentication mechanism on Wireless LAN and propose a SMS(Short Message Service) based secure authentication and accounting mechanism for providing security enhanced wireless network transactions.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.5
• /
• pp.39-48
• /
• 2016

One of the major trends of automotive networking architecture is the introduction of automotive Ethernet. Ethernet is already used in single automotive applications (e.g. to connect high-data-rate sources as video cameras), it is expected that the ongoing standardization at IEEE (IEEE802.3bw - 100BASE-T1, respectively IEEE P802.3bp - 1000BASE-T1) will lead to a much broader adoption in future. Those applications will not be limited to simple point-to-point connections, but may affect Electric/Electronic(EE) Architectures as a whole. It is agreed that IP based traffic via Ethernet could be secured by application of well-established IP security protocols (e.g., IPSec, TLS) combined with additional components like, e.g., automotive firewall or IDS. In the case of safety and real-time related applications on resource constraint devices, the IP based communication is not the favorite option to be used with complicated and performance demanding TLS or IPSec. Those applications will be foreseeable incorporate Layer-2 based communication protocols as, e.g., currently standardized at IEEE[13]. The present paper reflects the state-of-the-art communication concepts with respect to security and identifies architectural challenges and potential solutions for future Ethernet Switch-based EE-Architectures. It also gives an overview and provide insights into the ongoing security relevant standardization activities concerning automotive Ethernet. Furthermore, the properties of non-automotive Ethernet security mechanisms as, e.g., IEEE 802.1AE aka. MACsec or 802.1X Port-based Network Access Control, will be evaluated and the applicability for automotive applications will be assessed.

• Review of KIISC
• /
• v.13 no.1
• /
• pp.77-91
• /
• 2003

무선랜에서의 보안문제는 크게 두가지 측면에서 지적할 수 있는데, 첫 번째는 승인된 사용자에게만 접속을 허용하는 접속에 관한 보안이며, 다른 하나는 스니퍼 등을 이용해 무선랜을 통해 전송되는 내용 자체를 몰래 보는 도청 행위를 방어할 수 있는 보안이다. 특히 유선 네트워크와 달리 무선랜에서는 AP(Access Point)만 설치되어 있는 곳이면 누구나 쉽게 AP를 통해 네트워크를 이용할 수 있다. 이에 따라 무선랜에서 보다 중요성이 강조되는 보안문제는 접속에 관한 보안, 즉 사용자 인증이라고 할 수 있다. 그러나 무선랜 표준인 IEEE802.11b에서의 인증은 사용자 인증이 아닌 디바이스 인증에 머물고 있는 실정이며, 이 또한 매우 취약하다. 이에 따라 IEEE802.1x가 강력한 사용자 인증을 제공할 수 있는 메커니즘으로 개발되었다. IEEE802.1x에서는 EAP-TLS, LEAP, PEAP 등의 다양한 사용자 인증 메커니즘의 사용이 가능하다. 이러한 사용자 인증메커니즘은 모두 공개키 암호기술을 이용하고 있어 무선랜 환경에서의 PKI 구축이 요구된다. 본 고에서는 무선랜에서의 사용자 인증 메커니즘에 대해서 알아보고, 유선 네트워크와는 다른 특성을 갖는 무선랜 환경에서 PKI 구축시 고려해야 할 사항들에 대해서 분석하였다.

• International Journal of Contents
• /
• v.14 no.1
• /
• pp.39-44
• /
• 2018

Today, cars have developed into intelligent automobiles that combine advanced control equipment and IT technology to provide driving assistance and convenience to users. These vehicles provide infotainment services to the driver, but this does not improve the safety of the driver. Accordingly, V2X communication, which forms a network between a vehicle and a vehicle, between a vehicle and an infrastructure, or between a vehicle and a human, is drawing attention. Therefore, various techniques for improving channel estimation performance without changing the IEEE 802.11p standard have been proposed, but they do not satisfy the packet error rate (PER) performance required by the C-ITS service. In this paper, we analyze existing channel estimation techniques and propose a new channel estimation scheme that achieves better performance than existing techniques. It does this by applying the updated matrix for the data pilot symbol to the construct data pilot (CDP) channel estimation scheme and by further performing the interpolation process in the frequency domain. Finally, through simulations based on the IEEE 802.11p standard, we confirmed the performance of the existing channel estimation schemes and the proposed channel estimation scheme by coded PER.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.9
• /
• pp.271-282
• /
• 2015

In the business environment BYOD(Bring Your Own Device) is used and being expanded continuously. According to a survey conducted by Cisco in 2012 on 600 companies, 95% of them are already permitting the use of BYOD in their work environments so that productivity of their employees has improved as a result. Gartner predicted that the use of BYOD will be caused new security threat. They also suggested to introduce NAC(Network Access Control) to resolve this threat, to separate network zone based on importance of their business, to establish the policy to consider user authority and device type, and to enforce the policy. The purpose of this paper is to design and implement the NAC for granular access control based on IEEE(Institute of Electrical and Electronics Engineers) 802.1X and DHCP(Dynamic Host Configuration Protocol) fingerprinting, and to analyze the performance on BYOD environment.

• Journal of Korea Multimedia Society
• /
• v.11 no.8
• /
• pp.1101-1110
• /
• 2008

Nespot provides a convenient wireless internet connection service. The existing IEEE 802.1X EAP-MD5 authentication mechanism can be achieved based on ID/password information for a wireless connection. The Nespot system offers an advanced accounting and authorization procedure for providing wireless user authentication mechanism. However, many problems were found on the existing Nespot EAP-MD5 mechanism such as a ill value exposure, a leakage of personal information on wireless authentication procedure and a weakness on Nespot mutual authentication mechanism. Therefore, we analyzed the limitation of the existing IEEE 802.1X EAP-MD5 certification system, and suggested a one-time session key based authentication mechanism. And then we offered a simplified encryption function on the Nespot certification process for providing secure mutual authentication process.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1329-1332
• /
• 2002

최근에 공공장소에서의 보다 안정적이고 고속의 무선 인터넷 접속에 대한 욕구가 커지면서 무선랜에 대한 수요가 많아지고 있고, 유무선 사업자들은 무선랜 시장을 선점하기 위해서 서비스를 서두르고 있다. 이와 같은 무선랜환경에서 안전하게 사용자를 인증하고 서비스를 제공하기 위해서 802.1x 표준이 정의되었다. 이와 같은 802.1x 표준의 관리를 위한 MIB 구조가 IEEE 802.1x MIB에 정의되어 있다. 본 논문에서는 무선단말 사용자를 인증시켜 주고 무선랜서비스를 허가해주는 authenticator의 입장에서 AP를 관리하기 위한 관리 시스템을 위의 MIB 을 기준으로 해서 설계하고 구현하였다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.6C
• /
• pp.601-606
• /
• 2005

Recently with the high expectation of voice over WLAN service, to supped fast inter-AP security transition in WLAN AP is one of the most actively investigating issues. It is also very important to minimize inter-AP security transition latency, while maintaining constantly the secure association from old AP when a station transits to new AP. Hence, this paper first defines secure transition latency as a primary performance metric of AP system in WLAN supporting IEEE802.11i, 802.1x, and 802.11f, and then presents low latency inter-AP security transition mechanism and its security FSM whose objective is to minimize inter-AP transition latency. Experiment shows that the proposed scheme outperforms the legacy 802.1X AP up to $79\%$ with regard to the transition latency.