• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.10 s.340
• /
• pp.31-38
• /
• 2005

Ipsec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the internet. Internet Key Exchange (IKE) is a protocol that is used to negotiate and provide authenticated keying materials in a protected manner for Security Associations (SAs). In this paper, we propose a dynamic key lifetime change algorithm for performance enhancement of virtual private networks using IPSec. The proposed algorithm changes the key lifetime according to the number of secure tunnels. The proposed algorithm is implemented with Linux 2.4.18 and FreeS/WAN 1.99. The system employing our proposed algorithm performs better than the original version in terms of network performance and security.

• Journal of KIISE:Information Networking
• /
• v.34 no.5
• /
• pp.348-359
• /
• 2007

The conventional mobile VPN services assumed the mobile communications occur between the MN in foreign networks and the CN in the home network. However, if a MN wants to communicate with another MN in a foreign network, it could degrade the performance of the mobile VPN service because of the triangular routing problem. In this paper, we propose a route optimization mechanism based on the mobile VPN using an x-HA allocated by diameter MIP in order to support the efficient communication between the mobile VPN users in foreign networks. The i-HA maintains the VPN-TIA as well as the x-HoA as the CoAs to solve the security problem and to provide an efficient route optimization simultaneously. Moreover, we proposed revised IPSec tunnel configuration to reduce the IPSec tunnel overheads at a MN when the MN communicates with several MNs in the foreign networks at the same time. The VPN server, a security management entity in the home network, notifies an additional IPSec tunnel establishment between the x-HAs where the communication peers are registered. The simulation result showed that the proposed scheme decreases the end-to-end packet delay time and improves the throughput after the handoff compared to the existing mechanism.

• The KIPS Transactions:PartC
• /
• v.11C no.1
• /
• pp.11-20
• /
• 2004

Mobile IP is designed to provide IP services to roaming nodes. Mobile users take advantage of this protocol to obtain the services as if they were connected to their home network. In many cases mobile users is connected through a wireless link and is protected by corporation's firewall in virtual Private network. In order to have a successful deployment of Mobile IP as an extension of a private network, security services should be provided as if the mobile node were attached to its home network. In this paper, we propose the security mechanism of combining Mobile IP and IPSec tunnels, which can provide secure traversal of firewall in a home network. The simulation results show that the proposed mechanism provides the secure and efficient communication.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1157-1160
• /
• 2004

현재 사용되고 있는 대부분의 메신저는 서버에 로그 온할 때 패스워드를 RC5등으로 암호화해서 보내지만 패스워드 크래킹 프로그램들이 많이 알려져 있어 안전하지 못하다. 또한 로그 온한 후 통신하는 두 호스트들 간의 전송되는 정보가 아무런 보호 장치 없이 네트워크를 통해 전송되어 제3자에 의한 도청이 가능하게 된다. 따라서 전송되는 정보의 암호화를 포함하는 안전한 메신저 서비스의 필요성이 대두되고 있다. 본 논문에서 제안된 안전한 메신저는 동일한 키 사이즈를 갖는 다른 공개키 암호체계보다 훨씬 강하다고 알려져 있는 타원곡선 암호체계를 이용하여 빠르고 효율적이며 높은 안전도를 나타내는 패스워드 키 교환 방식을 설계하였고, 사용자간에 IPSec프로토콜을 사용하여 효율적인 데이터 전송이 가능하고 또한 보안성을 높이기 위한 방법으로 Host-to-Host간의 데이터가 인터넷에서 가상의 파이프를 통해 전달되도록 터널 모드를 제시하였다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.6
• /
• pp.1038-1044
• /
• 2006

Tunneling technique does a role to network authentication or the preservation support of date at high-speed network In order to this, IPsec, SOCKS V5 or GRE tunneling protocol have been using. This paper embodies the offer base of communication service by changing routing route to special IP band for connection interception of harmful service md according to user's needs, by changing routing route to special service at high-speed network. So we measure and analysis action principle of GRE with GRE protocol, the result apply to a service of connection control and authentication base.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.1
• /
• pp.53-60
• /
• 2015

Satellite signal is excellent broadband, can provide the same information in a wide range, but there is a disadvantage that much less of the security level of the data. Therefore, supplementation of safety is a serious problem than anything in the satellite communication. In this paper, it was simulated by applying ARIA in encryption technique and by applying transport mode, tunnel mode in security header AH and ESP in order to examine the effect of IPsec VPN. In addition, we had compare with general services that do not apply encryption in order to analyze the impact of the encryption algorithm. Channel, by applying the Markov channel and adding AWGN, is constituted a satellite communication environment. In case of retransmission based error control scheme, we applied Type-II HARQ scheme and Type-III HARQ scheme which are performance is a good way in recently, and it is constituted by a turbo code and BPSK modulation scheme. we were analyzed performance in BER and Throughput in order to compare the simulation more effectively.

• Journal of KIISE:Information Networking
• /
• v.29 no.1
• /
• pp.77-85
• /
• 2002

The surge in use of networks has recently increased demands for cryptography. Cryptography, however, can cause various problems because of difficulty of key management. A lot of researchers have been concentrating on the key recovery technique to eliminate the reverse effect of using these kinds of security and to promote positive aspects of using it. They have suggested many key recovery techniques up to the present. we propose a mechanism as a solution, which are employed to reduce the time needed to reconnect SG and the host in Host-to-Gateway in VPNs supporting IPsec, in case they are disconnected. This new mechanism using KRFSH stores information at each session in advance so that users can recall the session information when needed to rebuild the tunnel between SG and the host in a VPN. As a result, the mechanism built into SG will solve the problems above in host-to-gateway VPNs using IPsec.

• The KIPS Transactions:PartC
• /
• v.8C no.6
• /
• pp.721-730
• /
• 2001

Nowadays corporation networks are growing rapidly and they are needed to communicate with branch offices. Therefore, a VPN (Virtual Private Network) appears to reduce the cost of access and facilitate to manage and operate the enterprise network. Along with this trend, many studies have been done on VPN. It is important that the performance issues should be considered when VPN protocols are applied. However, most of them are limited on the tunneling methods and implementation of VPN and a few studies are performed on how installation of VPN affects the network. Therefore, in this paper, a testbed is constructed and VPN protocols are installed on it. Real traffic is generated and transmitted on the testbed to test how installing a VPN affects the network. As a result, layer 3 VPN protocol shows lower network performance than layer 2 VPN protocols. And we realize that the combination of L2TP and IPSec is the better method to install VPN than using IPSec only in the aspects of performance and security.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2006.05a
• /
• pp.517-521
• /
• 2006

초고속 통신망에서 터널링 기법은 네트워크 인증 및 데이터의 보안 지원에 있다. 이를 위해 IPSec, SOCKS V5 및 GRE 터널링 프로토콜 등을 사용하고 있다. 본 논문은 초고속 통신망에서 특정 IP 대역에 대하여 라우팅 루트를 변경 시켜 유해 서비스 접속 차단 및 이용자 Needs에 따라 특정 서비스에 대한 라우팅 루트를 변경시켜 이용자가 원하는 선택적인 서비스 제공 기반을 구현하고자 하였다. 이를 위해 접속 제어 및 인증 기반의 서비스를 제공할 수 있는 GRE 프로토콜을 이용한 동작 원리를 측정 분석하고, 그 결과를 적용하고자 한다.

• Journal of KIISE:Information Networking
• /
• v.32 no.4
• /
• pp.452-461
• /
• 2005

In the star VPN (Virtual Private Network) topology, the traffic between the communicating two CPE(Customer Premise Equipment) VPN GW(Gateway)s nay be inefficiently transferred. Also, the Center VPN GW nav erperience the overload due to excessive packet processing overhead. As a solution to this problem, a direct tunnel can be established between the communicating two CPE VPN GWs using the IKE (Internet Key Exchange) mechanism of IPSec(IP Security). In this case, however, the tunnel establishment and management nay be complicated. In this paper, we propose a mechanism called' SVOT (Star VPN On-demand Tunnel)', which automatically establishes a direct tunnel between the communicating CPE VPN GWs based on demand. In the SVOT scheme, CPE VPN GWs determine whether it will establish a direct tunnel or not depending on the traffic information monitored. CPE VPN GW requests the information that is necessary to establishes a direct tunnel to the Center VPN GW Through a simulation, we investigate the performance of the scheme performs better than the SYST scheme with respect to scalability, traffic efficiency and overhead of Center VPN GW, while it shows similar performance to the FVST with respect to end-to-end delay and throughput.