• Journal of Communications and Networks
• /
• v.13 no.6
• /
• pp.583-590
• /
• 2011

Full-mesh IPSec tunnels pass through a black ("unsecure") network (B-NET) to any red ("secure") networks (RNETs). These are needed in military environments, because they enable dynamically changing R-NETs to be reached from a BNET. A dynamically reconfiguring security policy database (SPD) is very difficult to manage, since the R-NETs are mobile. This paper proposes advertisement process technologies in association with the tunnel gateway's protocol that sends 'hello' and 'prefix advertisement (ADV)' packets periodically to a multicast IP address to solve mobility and security issues. We focus on the tunnel gateway's security policy (SP) adaptation protocol that enables R-NETs to adapt to mobile environments and allows them to renew services rapidly soon after their redeployment. The prefix ADV process enables tunnel gateways to gather information associated with the dynamic changes of prefixes and the tunnel gateway's status (that is, 'down'/restart). Finally, we observe two different types of performance results. First, we explore the effects of different levels of R-NET movements on SP adaptation latency. Next, we derive the other SP adaptation latency. This can suffer from dynamic deployments of tunnel gateways, during which the protocol data traffic associated with the prefix ADV protocol data unit is expected to be severe, especially when a certain tunnel gateway restarts.

• The KIPS Transactions:PartC
• /
• v.14C no.1 s.111
• /
• pp.55-64
• /
• 2007

Behind the popularity of VoIP in these days, it may present significant security challenges in privacy and accounting. Authentication and message encryption are considered to be essential mechanisms in VoIP to be comparable to PSTN. SIP is responsible for setting up a secure call in VoIP. SIP employs TLS, DTLS or IPSec combined with TCP, UDP or SCTP as a security protocol in VoIP. These security mechanisms may introduce additional overheads into the SIP performance. However, this overhead has not been understood in detail by the community. In this paper we present the effect of the security protocol on the performance of SIP by comparing the call setup delays among security protocols. We implement a simulation of the various combinations of three security protocols and three transport layer protocols suggested for SIP. UDP with any combination of security protocols performs a lot better than the combination of TCP. TLS over SCTP may impose higher impact on the performance in average because TLS might have to open secure channels as the same number of streams in SCTP. The reasons for differences in the SIP performances are given.

• The Journal of the Korea Contents Association
• /
• v.6 no.6
• /
• pp.56-63
• /
• 2006

Key recovery has been the subject of a lot of discussion, of much controversy and of extensive research. Key recovery, however, might be needed at a corporate level, as a form of key management. The basic observation of the present paper is that cryptographic solutions that have been proposed so far completely ignore the communication context. IPSec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the Internet. We propose example to provide key recovery capability by adding key recovery information to an IP datagram. It is possible to take advantage of the communication environment in order to design key recovery protocols that are better suited and more efficient.

• Journal of KIISE:Information Networking
• /
• v.36 no.3
• /
• pp.184-190
• /
• 2009

WiBro has advantages when both WLAN and 3G UMTS are adopted. Much research is being carried out in this area. However, the WiBro specification does not consider end-to-end security. Hence, another security protocol has to be adopted to support secure communication. Most previous research only focused on WiBro MAC performance improvement or security. In this paper, we adopt a security protocol such as IPsec, TLS, and DTLS, well known end-to-end security protocols, to make full use of WiBro in the IP network. Using NS-2 we simulated the adoption of end-to-end security protocol and evaluated performance and usability. Simulation shows DTLS had some performance advantages. All the protocols, TLS and IPsec are also suitable for use in WiBro.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.5
• /
• pp.27-35
• /
• 2002

In this paper, we present the structure and interaction flow between IKE server and the other modules for our IPsec System's efficiency. Our IPsec systems have several components for IP-based end-to-end security services. They are IKE, SADB and SPDB and so on, not to speak of IPsec Protocol Engine. Therefore the efficient interaction structure between them has an much influence on total system efficiency. Especially, in case of IPsec engine integrated with kernel, it is very important how IPsec engine can refer to SPDB and SADB entries efficiently according to the location of the implementation of SPDB and SADB. To solve the above problem, we use the SPI generated by IKE. Finally, we propose the interaction structure between IKE server and the other modules according to the optimization for referring to SPDB and SADB entries.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.11a
• /
• pp.622-625
• /
• 2006

The basic observation of the present paper is that cryptographic solutions that have been proposed so far completely ignore the communication context. IPSec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the Internet. We propose example to provide key recovery capability by adding key recovery information to an IP datagram. It is possible to take advantage of the communication environment in order to design key recovery protocols that are better suited and more efficient.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.4
• /
• pp.1260-1265
• /
• 2010

IPSec is the security protocol that do encryption and authentication service to IP messages on network layer of the internet. This paper presents the key recovery mechanism that is applied to IKEv2 of IPSec for mobile communication environments. It results to have compatibility with IPSec and IKEv2, reduce network overhead, and perform key recovery without depending on key escrew agencies or authorized party.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.811-815
• /
• 2005

IPSec(Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPSec is providing authentication, integrity and confidentiality security services. The specifications for Internet Key Exchange(IKEv1) were released to the world. Some criticisms of IKEv1 were that it was too complex and endeavored to define too much functionality in one place. Multiple options for multiple scenarios were built into the specification. The problem is that some of the included scenarios are rarely if ever encountered. For IPsec to work, the sending and receiving devices must chare a Public Key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley(ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates. This thesis is a study on the performance improvement of the security transmission using the SSFNet(Scalable Simulation Framework Network Models)

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.1
• /
• pp.66-76
• /
• 2017

As the IoT communication environment has been established, communications that utilize not only high-spec machines but also low-spec machines are increasing, but security threats are increasing, too. In recent times, a lot of papers have attempted to reduce the weight of IP layer security techniques such as IPsec and IKEv2 for low-spec machines. Typically, Smyslov proposed Lightweight IKEv2 protocol which is used in IoT environment. However, This proposed protocol had compatibility problem with IKEv2 protocol, So, It is hard to be expected to be used in IoT communication environment. Unlike the Smyslov's protocol, this paper proposed Lightweight IKEv2 protocol which can be compatible of IKEv2 protocol and applied lossless compression algorithm to payload. To suggest lightweight IKEv2 protocol, this paper analyzed IKEv2 protocol and existed lightweight IKEv2 protocol. Furthermore, This paper proved that proposed protocol is more efficient than existed lightweight IKEv2 protocol through performance evaluation as a method.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.2013-2016
• /
• 2003

최근 무선인터넷의 활발한 보급화에 더불어 이동성 단말을 이용한 전자상거래 등이 활발하게 이루어짐에 따라서 개인 데이터 보호 및 안전한 통신을 보장 받으려는 모바일 사용자들의 요구가 급속히 증가하고 있다. 이는 무선매체의 공개성에 따른 보안침해의 용이성과 단말이 이동함에 따른 보안 체계 구축의 복잡성에 기인한다. 이러한 이유로 최근 이동성 단말의 통신에서 보안이 중요한 영역으로 인식되고 있다. 따라서 본 논문에서는 이러한 모바일 환경 특히 향후 전개될 MIPv6(Mobile Internet Protocol version 6) 환경에서의 안전한 데이터 전송을 위해 IP 계층 보안 프로토콜인 IPsec(Internet Protocol security)을 이용한 이동 단말의 안전한 데이터 전송을 테스트하고 향후 MIPv6 에서의 보안성 향상을 위한 방안들을 모색해 보고자 한다.