• Title/Summary/Keyword: IP Security

Search Result 742, Processing Time 0.036 seconds

A GF(2163) scalar multiplier for elliptic curve cryptography (타원곡선 암호를 위한 GF(2163) 스칼라 곱셈기)

  • Jeong, Sang-Hyeok;Shin, Kyung-Wook
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2009.05a
    • /
    • pp.686-689
    • /
    • 2009
  • This paper describes a scalar multiplier for Elliptic curve cryptography. The scalar multiplier has 163-bits key size which supports the specifications of smart card standard. To reduce the computational complexity of scalar multiplication on finite field $GF(2^{163})$, the Non-Adjacent-Format (NAF) conversion algorithm based on complementary recoding is adopted. The scalar multiplier core synthesized with a $0.35-{\mu}m$ CMOS cell library has 32,768 gates and can operate up to 150-MHz@3.3-V. It can be used in hardware design of Elliptic curve cryptography processor for smart card security.

  • PDF

A Secure Route Optimization Mechanism for Mobile VPN users in Foreign Networks (모바일 VPN 사용자를 위한 보안 강화 경로 최적화 방안)

  • Kim, Kyoung-Min;Byun, Hae-Sun;Lee, Mee-Jeong
    • Journal of KIISE:Information Networking
    • /
    • v.34 no.5
    • /
    • pp.348-359
    • /
    • 2007
  • The conventional mobile VPN services assumed the mobile communications occur between the MN in foreign networks and the CN in the home network. However, if a MN wants to communicate with another MN in a foreign network, it could degrade the performance of the mobile VPN service because of the triangular routing problem. In this paper, we propose a route optimization mechanism based on the mobile VPN using an x-HA allocated by diameter MIP in order to support the efficient communication between the mobile VPN users in foreign networks. The i-HA maintains the VPN-TIA as well as the x-HoA as the CoAs to solve the security problem and to provide an efficient route optimization simultaneously. Moreover, we proposed revised IPSec tunnel configuration to reduce the IPSec tunnel overheads at a MN when the MN communicates with several MNs in the foreign networks at the same time. The VPN server, a security management entity in the home network, notifies an additional IPSec tunnel establishment between the x-HAs where the communication peers are registered. The simulation result showed that the proposed scheme decreases the end-to-end packet delay time and improves the throughput after the handoff compared to the existing mechanism.

IPTV Service Provider over FTTH (광가입자망을 통한 IPTV 서비스 제공)

  • Park In-Gyu
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.43 no.5 s.347
    • /
    • pp.7-16
    • /
    • 2006
  • IPTV is referred to the service which provide integrated IPTV services for providing video, 10/100-Mbit/sec Internet, voice, video-on-demand (VOD), and other broadband applications including home security, video conferencing, and telemedicine. All services are integrated into an IP (Internet Protocol) architecture designed specifically for Gigabit Ethernet FTTH systems, HFC or xDLC. It is absolutely necessary that telecon operators provide IP video delivery platforms that enable service providers to transform their business. With their own products, they can better manage their existing services and generate new revenues from broadcast TV, movies on demand and multimedia. Triple-play is a combination of broadcast, telephony and broadband services offered through IPTV networks. With cable operators allowed to offer a triple-play bundle, the nation's telecom operators are beginning to get a little anxious. Cable operators assert that triple-play is a must-have and natural extension of the cable service bundle. The Korean Cable TV Association asserts that the triple-play model is of paramount importance to the cable industry's future growth. But the telecom sector considers itself unfairly disadvantaged, saying they cannot compete until regulatory issues are resolved. The start of web-based television in Korea may still be some time off with a confrontation between the nation's IT regulator and broadcasting sector over the service's legal boundaries shows no signs of being resolved my time soon. korea should be is the fastest-growing provider of IPTV solutions in the industry, with over worldwide customers.

Open IPTV Platform using Overlay Multicast and Content Delivery Network (오버레이 멀티캐스트 및 콘텐츠 전달 네트워크를 적용한 개방형 IPTV 플랫폼)

  • Jung, Seung-Moon;Kang, Im-Chul;Jeon, Jin-Han
    • The Journal of the Korea Contents Association
    • /
    • v.9 no.12
    • /
    • pp.528-536
    • /
    • 2009
  • Recently, the importance of IPTV providing multimedia service over IP based networks managed to provide the required level of quality of service and experience, security, interactivity and reliability has been gradually increasing by the commercialization of its service. However, the original purposes of IPTV service - contents are produced and consumed anytime, anywhere, and over any device at the same time - have not been satisfied by service providers because most services offered by service providers depend on closed IPTV platform. In this paper, we propose an open IPTV service platform that an individual or small company can easily produce contents and offer IPTV service independently from the existing closed IPTV platform.. The proposed IPTV platform exploits overlay multicast scheme to offer reasonable service under the environment where network bandwidth and processor resource are limited. It also uses CDN-like scheme to ensure the quality of transmitted contents. The performance evaluation shows that the proposed IPTV platform has the possibility of being an open IPTV platform considering its results such as the quality of transmitted contents, the transmission rate, the channel zapping time, and so on. It also shows that proposed IPTV platform could be applied to real IPTV service with continuous enhancement of its functions and user interfaces.

Strengthening security structure of open Blockchain platform to enhance privacy protection of DApp users (DApp 사용자의 프라이버시 보호 강화를 위한 공개형 블록체인 플랫폼 보안구조 강화방안)

  • Hwang, Seonjin;Ko, DongHyun;Bahk, Taeu;Choi, Yoon-ho
    • Journal of Internet Computing and Services
    • /
    • v.21 no.3
    • /
    • pp.1-9
    • /
    • 2020
  • Along with the growth of Blockchain, DApp (Distributed Application) is getting attention. As interest in DApp grows, market size continues to grow and many developers participate in development. Many developers are using API(Application Programming Interface) services to mediate Blockchain nodes, such as Infura, for DApp development. However, when using such a service, there is a serious risk that the API service operator can violate the user's privacy by 1 to 1 matching the account address of the Transaction executed by the DApp user with the IP address of the DApp user. It can have an adverse effect on the reliability of public Blockchains that need to provide users with a secure DApp service environment. The proposed Blockchain platform is expected to provide user privacy protection from API services and provide a reliable DApp use environment that existing Blockchain platforms did not provide. It is also expected to help to activate DApp and increase the number of DApp users, which has not been activated due to the risk of an existing privacy breach.

Implementation and Validation of the Web DDoS Shelter System(WDSS) (웹 DDoS 대피소 시스템(WDSS) 구현 및 성능검증)

  • Park, Jae-Hyung;Kim, Kang-Hyoun
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.4 no.4
    • /
    • pp.135-140
    • /
    • 2015
  • The WDSS improves defensive capacity against web application layer DDoS attack by using web cache server and L7 switch which are added on the DDoS shelter system. When web DDoS attack occurs, security agents divert traffic from backbone network to sub-network of the WDSS and then DDoS protection device and L7 switch block abnormal packets. In the meantime, web cache server responds only to requests of normal clients and maintains stable web service. In this way, the WDSS can counteract the web DDoS attack which generates small traffic and depletes server-client session resource. Furthermore, the WDSS does not require IP tunneling because it is not necessary to retransfer the normal requests to original web server. In this paper, we validate operation of the WDSS and verify defensive capability against web application layer DDoS attacks. In order to do this, we built the WDSS on backbone network of an ISP. And we performed web DDoS tests by using a testing system that consists of zombie PCs. The tests were performed by three types and various amounts of web DDoS attacks. Test results suggest that the WDSS can detect small traffic of the web DDoS attacks which do not have repeat flow whereas the formal DDoS shelter system cannot.

Transmission Performance Evaluation of MPR-based Wireless Communication System Applying for Disaster Investigation (재난조사 활용을 위한 MPR기반 무선통신 전송 성능 평가)

  • Kim, Seong Sam;Shin, Dong Yoon;Noh, Hyun Ju
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.22 no.3
    • /
    • pp.754-762
    • /
    • 2021
  • Seamless wireless communication network access technology enables users to guarantee service continuity. Hence, it is necessary for disaster situations in which network service may be interrupted. The Multi-path router is a technology to improve network stability and strengthen field operability, particularly in a disaster environment where network failure can occur by providing high-performance data transmission using multi-communication networks and network security by VPN-based wireless IP. In this paper, a prototype system for an MPR-based wireless communication network was proposed to improve the operation performance for disaster field investigation applications. A comparative experiment was performed on various data transmission performances with the existing single wireless communication network. In addition, another experiment was conducted by measuring the data packet transmission and receiving performance in the existing/new wireless communication system first and then assessing the UDP transmission performance in a single router environment to understand the transmission capability of the new MPR. The experimental results showed that the sending and receiving performance was improved by approximately double that of the existing single wireless communication system. The proposed prototype system is expected to allow users to share and disseminate collected on-site data more quickly and efficiently during a disaster site investigation.

Network Architecture and Fast Vertical Handover Scheme for UMTS-WLAN Interworking (UMTS-WLAN 간 빠른 수직적 핸드오버 제공을 위한 연동망 모델 및 핸드오버 방식)

  • Kim, In-Cheol;Lee, Sung-Kuen;Kim, Eal-Lae;Park, Jin-Woo
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.32 no.8B
    • /
    • pp.492-501
    • /
    • 2007
  • UMTS-WLAN interworking approach can make the best use of the advantages of both networks by eliminating the stand-alone defects of the two services. For the interworking mechanisms of WLANs and UMTS networks, two major solutions have been proposed, namely loose coupling and tight coupling. The loose coupling approach provides separate data paths for WLAN and UMTS. On the other hand, the tight coupling provides a full integration of the WLAN network and the UMTS core network. The loose coupling has been preferred due to the simplicity and less reconfiguration requirement. However, loose coupling is worse in seamless mobility, QoS provision, and network security. In order to lessen the problems involved in the UMTS-WLAN interworking approaches, we propose a new interworking network architecture and a fast vertical handover scheme by employing Mobility Anchor(MA) for interworking between the two different networks. MA can enable authentication and session initialization before L2 handover of the mobile terminal, so that the seamless and fast vertical handover become possible. Thru analysis and numerical experiments, we proved that the proposed scheme has been validated.

Fast Multi-Phase Packet Classification Architecture using Internal Buffer and Single Entry Caching (내부 버퍼와 단일 엔트리 캐슁을 이용한 다단계 패킷 분류 가속화 구조)

  • Kang, Dae-In;Park, Hyun-Tae;Kim, Hyun-Sik;Kang, Sung-Ho
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.44 no.9
    • /
    • pp.38-45
    • /
    • 2007
  • With the emergence of new applications, packet classification is essential for supporting advanced internet applications, such as network security and QoS provisioning. As the packet classification on multiple-fields is a difficult and time consuming problem, internet routers need to classify incoming packet quickly into flows. In this paper, we present multi-phase packet classification architecture using an internal buffer for fast packet processing. Using internal buffer between address pair searching phase and remained fields searching phases, we can hide latency from the characteristic that search times of source and destination header fields are different. Moreover we guarantee the improvement by using single entry caching. The proposed architecture is easy to apply to different needs owing to its simplicity and generality.

Design of High-Speed VPN for Large HD Video Contents Transfer (대용량 HD 영상콘텐츠 고속전송 VPN(Virtual Private Network)의 설계)

  • Park, Hyoungy-Ill;Shin, Yong-Tae
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.12 no.4
    • /
    • pp.111-118
    • /
    • 2012
  • When broadcasters want immediately a variety of VOD files in a distributed server of them data centers and away contents provider, CPs of different platform to exchange high-quality HD, 3DTV video and other video files over the IP networks of high-performance that can be transferred quickly and must be configured quickly. This paper, by using an optional encryption method to complement a QoS and security of public network, suggests high speed and secure content transmission protocol such as VPN(Virtual Private Network) for large video files and big data. As configured high performance VPN, end to end devices use the best of available resources over public network by parallel transfer protocol and the secure content delivery network.