• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.9B
• /
• pp.1342-1349
• /
• 2010

Full-mesh IPSec tunnels, which constitute a black network, are required so that the dynamically changing PT (Plain Text) networks can be reachable across the black network in military environments. In the secure and mobile black networks, dynamically re-configuring IPSec tunnels and security policy database (SPD) is very difficult to manage. In this paper, for the purpose of solving mobility and security issues in military networks, we suggest the relating main technologies in association with DMIDP (Dynamic Multicast-based IPSec Discovery Protocol) based on existing IPSec ESP (Encapsulating Security Payload) tunnels and IPSec key managements. We investigate the main parameters of the proposed DMIDP techniques and their operational schemes which have effects on mobility and analyze operational effectivemess of the DMIDP with proposed parameters.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.85-96
• /
• 2008

Neighbor Discovery(ND) protocol is used to exchange an information of the neighboring nodes on the same link in the IPv6 protocol environment. For protecting the ND protocol, firstly utilizing Authentication Header(AH) of the IPsec protocol was proposed. But the method has some problems-uses of key exchange protocol is not available and it is hard to distribute manual keys. And then secondly the SEcure Neighbor Discovery(SEND) protocol which protects all of the ND message with digital signature was proposed. However, the digital signature technology on the basis of public key cryptography system is commonly known as requiring high cost, therefore it is expected that there is performance degradation in terms of the availability. In the paper, to improve performance of the SEND protocol, we proposed a modified CGA(Cryptographically Generated Address) which is made by additionally adding MAC(Media Access Control) address to the input of the hash function. Also, we proposed cache mechanism. We compared performance of the methods by experimentation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.241-244
• /
• 2003

Recently, IETF Mobile IP WG focus on security problem issues in Mobile IPv6 and provide appropriate protocol to solve them. These include the protections of Binding Updates both to home agents and correspondent nodes, prefix discovery messages and transporting data packets. In Mobile IPv6, control traffics between home agents and mobile nodes uses IPsec to avoid that mobile nodes and correspondent nodes may be vulnerable to attacks. It is used, however, Return Routability procedure for correspondent node to assure that the right mobile node is sending the messages. In this paper, we propose method of IPser processing to protect messages between home agents and mobile nodes.

• Proceedings of the IEEK Conference
• /
• 2006.06a
• /
• pp.771-772
• /
• 2006

IPv6 nodes use the Neighbor Discovery Protocol (NDP) to discover other nodes on the link, to determine their link-layer addresses to find routers, and to maintain reachability information about the paths to active neighbors. If not secured, NDP is vulnerable to various attacks. This document specifies security mechanisms for NDP. Unlike those in the original NDP specifications, these mechanisms do not use IPsec.