• The KIPS Transactions:PartC
• /
• v.11C no.3
• /
• pp.361-370
• /
• 2004

All active nudes which have no physically direct connection with each other in If network must be able to compose and manage network topology Informations. Besides one active program can be performed by the active nodes when every active packet for this program is transmitted without any loss of packets. Also the active packets should be transmitted effectively to minimize the transmission delay and securely from threatens. In this thesis, the discovery scheme of active nodes is adapted for active nodes in IP networks to compose and manage the topology information. The scheme for the efficient, reliable and secure transmission of active packets is also proposed. The sequence number is assigned to every active packet. If a receiver detects the loss of active packet checking the sequence number, the receiver requests the retransmission of the lost packet to the previous active node. kiter receiving an active packet and adapting security and reliability schemes, intermediate active nodes not only copy and send the Packet Instantly but also apply some suity mechanisms to it. And the active packet transmission engine is proposed to provide these transmission schemes The simulation of the adapted active node discovery scheme and the proposed active packet transmission engine is performed. The simulation results show that the adapted active node discovery scheme is efficient and the proposed active engine has the low latency and the high performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.97-105
• /
• 2008

The various mutations of the malicious codes are fast generated on the network. Also the behaviors of them become intelligent and the damage becomes larger step by step. In this paper, we suggest the method to select the useful measures for the detection of the codes. The method has the advantage of shortening the detection time by using header data without payloads and uses connection data that are composed of TCP/IP packets, and much information of each connection makes use of the measures. A naive estimator is applied to the probability distribution that are calculated by the histogram estimator to select the specific measures among 80 measures for the useful detection. The useful measures are then selected by using relative entropy. This method solves the problem that is to misclassify the measure values. We present the usefulness of the proposed method through the result of the detection experiment using the detection patterns based on the selected measures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.119-129
• /
• 2011

TCP-related Flooding attacks still dominate Distributed Denial of Service Attack. It is a great challenge to accurately detect the TCP flood attack in hish speed network. In this paper, we propose the NIC_Cookie logic implementation, which is a kind of security offload engine against TCP-related DDoS attacks, on network interface card. NIC_Cookie has robustness against DDoS attack itself and it is independent on server OS and external network configuration. It supports not IP-based response method but packet-level response, therefore it can handle attacks of NAT-based user group. We evaluate that the latency time of NIC_Cookie logics is $7{\times}10^{-6}$ seconds and we show 2Gbps wire-speed performance through a benchmark test.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.44 no.7 s.361
• /
• pp.71-80
• /
• 2007

This paper describes an efficient hardware design of WiBro security processor (WBSec) supporting for the security sub-layer of WiBro wireless internet system. The WBSec processor, which is based on AES (Advanced Encryption Standard) block cipher algorithm, performs data oncryption/decryption, authentication/integrity, and key encryption/decryption for packet data protection of wireless network. It carries out the modes of ECB, CTR, CBC, CCM and key wrap/unwrap with two AES cores working in parallel. In order to achieve an area-efficient implementation, two design techniques are considered; First, round transformation block within AES core is designed using a shared structure for encryption/decryption. Secondly, SubByte/InvSubByte blocks that require the largest hardware in AES core are implemented using field transformation technique. It results that the gate count of WBSec is reduced by about 25% compared with conventional LUT (Look-Up Table)-based design. The WBSec processor designed in Verilog-HDL has about 22,350 gates, and the estimated throughput is about 16-Mbps at key wrap mode and maximum 213-Mbps at CCM mode, thus it can be used for hardware design of WiBro security system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1325-1336
• /
• 2012

In the past about 10 different kinds of malicious code were found in one day on the average. However, the number of malicious codes that are found has rapidly increased reachingover 55,000 during the last 10 year. A large number of malicious codes, however, are not new kinds of malicious codes but most of them are new variants of the existing malicious codes as same functions are newly added into the existing malicious codes, or the existing malicious codes are modified to evade anti-virus detection. To deal with a lot of malicious codes including new malicious codes and variants of the existing malicious codes, we need to compare the malicious codes in the past and the similarity and classify the new malicious codes and the variants of the existing malicious codes. A former calculation method of the similarity on the existing malicious codes compare external factors of IPs, URLs, API, Strings, etc or source code levels. The former calculation method of the similarity takes time due to the number of malicious codes and comparable factors on the increase, and it leads to employing fuzzy hashing to reduce the amount of calculation. The existing fuzzy hashing, however, has some limitations, and it causes come problems to the former calculation of the similarity. Therefore, this research paper has suggested a new comparison method for malicious codes to improve performance of the calculation of the similarity using fuzzy hashing and also a classification method employing the new comparison method.

• ETRI Journal
• /
• v.36 no.5
• /
• pp.865-875
• /
• 2014

Voice phishing (vishing) uses social engineering, based on people's trust in telephone services, to trick people into divulging financial data or transferring money to a scammer. In a vishing attack, a scammer often modifies the telephone number that appears on the victim's phone to mislead the victim into believing that the phone call is coming from a trusted source, since people typically judge a caller's legitimacy by the displayed phone number. We propose a system named iVisher for detecting a concealed incoming number (that is, caller ID) in Session Initiation Protocol-based Voice-over-Internet Protocol initiated phone calls. Our results demonstrate that iVisher is capable of detecting a concealed caller ID without significantly impacting upon the overall call setup time.

• Proceedings of the IEEK Conference
• /
• 2002.07a
• /
• pp.571-574
• /
• 2002

In a recent wireless network environments, dynamic host configuration protocol (BHCP) service is used to assign IP addresses to mobile terminals. In IPv6 networks, it is necessary to introduce the concept of handoff to support a seamless service to mobile terminals. In a general soft handoff technique used by code-division multiple acces (CDMA) communication systems, the powers received to base station are simply compared to determine which base station will handle the signal to and from each mobile termins. However, in IPv6 network, to transmit data-oriented services, it is necessary to support an enhanced soft handoff technique with more security and quality of service. In this paper, we propose a scheme to reduce a signaling process of handoff in IPv6 network. Also, we propose a technique to reduce wasted reservation resources and to guarantee quality of service (QoS) using DHCP.

• Journal of Korea Multimedia Society
• /
• v.17 no.6
• /
• pp.697-705
• /
• 2014

For enhancing network efficiency, content-centric networking (CCN) allows network nodes to temporally cache a transmitted response message(Data) and then to directly respond to a request message (Interest) for previously cached contents. Also, CCN is designed to utilize a hierarchical content-name for transmitting Interest/Data instead of a host identity like IP address. This content-name included in Interest/Data reveals both content information itself and the structure of network domain of a content source which is needed for transmitting Interest/Data. To make matters worse, This content-name is human-readable like URL. Hence, through analyzing the content-name in Interest/Data, it is possible to analyze the creator of the requested contents. Also, hosts around the requester can analyze contents which are asked by the requester. Hence, for securely implementing CCN, it is essentially needed to make the content-name illegible. In this paper, we propose content-name encoding schemes for CCN so as to make the content-name illegible and evaluate the performance of our proposal.

• Review of KIISC
• /
• v.28 no.2
• /
• pp.5-11
• /
• 2018

지능형 지속 위협(Advanced Persistent Threat) 공격은 Intrusion Kill Chain과 같은 일련의 단계로 구성되어 있기 때문에 특정 단계가 차단되면 공격은 실패하게 된다. Moving Target Defense(MTD)는 보호대상의 주요 속성(네트워크, 운영체제, 소프트웨어, 데이터)을 변화시켜 Intrusion Kill Chain을 구성하는 각 단계를 차단하는 능동적 사전 보안 기술이다. MTD 전략 중에서 네트워크 주소 변이(Network Address Mutation) 기술은 보호대상의 네트워크 주소(IP. Port)를 능동적으로 변이하는 기술로써, Intrusion Kill Chain의 첫 단계인 정찰(Reconnaissance) 행위에 소요되는 비용을 급격하게 증가시킬 수 있는 효율적인 보안 기술이다. 본 논문은 네트워크 주소 변이 기술 분야의 관련 연구들을 살펴보고 네트워크 주소 변이 기술 설계 시 고려해야하는 보안 요구사항과 기능 요구사항을 제안한다.

• Communications of the Korean Mathematical Society
• /
• v.22 no.1
• /
• pp.65-74
• /
• 2007

Suppose that $\mu$ is a finite positive Borel measure on bounded symmetric domain $\Omega{\subset}\mathbb{C}^n\;and\;\nu$ is the Euclidean volume measure such that $\nu(\Omega)=1$. Suppose 1 < p < $\infty$ and r > 0. In this paper, we will show that the norms $sup\{\int_\Omega{\mid}k_z(w)\mid^2d\mu(w)\;:\;z\in\Omega\}$, $sup\{\int_\Omega{\mid}h(w)\mid^pd\mu(w)/\int_\Omega{\mid}h(w)^pd\nu(w)\;:\;h{\in}L_a^p(\Omega,d\nu),\;h\neq0\}$ and $$sup\{\frac{\mu(E(z,r))}{\nu(E(z,r))}\;:\;z\in\Omega\}$$ are are all equivalent. We will also show that the inclusion mapping $ip\;:\;L_a^p(\Omega,d\nu){\rightarrow}L^p(\Omega,d\mu)$ is compact if and only if lim $w\rightarrow\partial\Omega\frac{\mu(E(w,r))}{\nu(E(w,r))}=0$.