• Title/Summary/Keyword: IPsec(Internet Protocol Security)

Search Result 52, Processing Time 0.029 seconds

Introduction to IPSEC(Internet Protocol Security) (인터넷 보안 프로토콜 IPSEC)

  • Choi, Y.B.;Hwang, S.O.;Lee, J.S.;Yoon, K.S.;Kim, M.J.
    • Electronics and Telecommunications Trends
    • /
    • v.14 no.6 s.60
    • /
    • pp.51-63
    • /
    • 1999
  • IPSEC (Internet Protocol Security) is a network layer security protocol that is designed to support secure TCP/IP environment over the Internet considering flexibility, scalability, and interoperability. IPSEC primarily supports security among hosts rather than users unlike the other security protocols. Recently, IPSEC is emphasized as one of the important security infrastructures in the NGI (Next Generation Internet). It also has suitable features to implement VPN (Virtual Private Network) efficiently and its application areas are expected to grow rapidly. In this paper, the basic concepts and related standard documents of IPSEC will be introduced.

Design of the Security Evaluation System for Internet Secure Connectivity Assurance Platform (인터넷 패킷 보호 보증 플랫폼에서의 보안성 평가 시스템 설계)

  • 김상춘;한근희
    • Journal of KIISE:Information Networking
    • /
    • v.31 no.2
    • /
    • pp.207-216
    • /
    • 2004
  • IPsec protocol has been developed to provide security services to Internet. Recently IPsec is implemented on the various operating systems Hence, it is very important to evaluate the stability of the Ipsec protocol as well as other protocols that provide security services. However, there has been little effort to develop the tools that require to evaluate the stability of IPsec protocols. Therefore, in this paper, we develope the security requirements and suggest a security evaluation system for the Internet packet protection protocols that provide security services at the If level that can be used to check if the security protocols Provide the claimed services correctly This system can be used as debugging tool for developing IPsec based security system.

Lightweight IPsec protocol for IoT communication environments (IoT 통신 환경을 위한 경량 IPsec 프로토콜 연구)

  • Song, In-A;Oh, Jeong-Hyeon;Lee, Doo-Won;Lee, Young-Seok
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.11 no.1
    • /
    • pp.121-128
    • /
    • 2018
  • Internet of Things architecture connected to the Internet is a technology. However, Many paper research for the lightweight Protocol of IoT Environment. In these Paper excluded secure problem about protocol. So Light weight Protocol has weakness of secure in IoT environment. All of IoT devices need encryption algorithm and authentication message code for certain level of security. However, IoT environment is difficult to using existing security technology. For this reason, Studies for Lightweight IPsec is essential in IoT environment. For Study of Lightweight IPsec, We analyze existing protocols such as IPsec, 6LoWPAN for IEEE 802.15.4 layer and Lightweight IPsec based 6LoWPAN. The result is to be obtained for the lightweight IPsec protocols for IoT environment. This protocol can compatible with Internet network.

An Implementation and Performance Evaluation of IPsec System engaged IKEv2 Protocol Engine (IPsec System에서 IKEv2 프로토콜 엔진의 구현 및 성능 평가)

  • Kim, Sung-Chan;Chun, Jun-Ho;Jun, Moon-Seog
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.5
    • /
    • pp.35-46
    • /
    • 2006
  • The current Internet Key Exchange protocol(IKE) which has been used for key exchange of security system was pointed out the faults of scalability, speed, efficiency and stability. In this research, we tried to resolve those faults, and implemented the newly designed IKEv2 protocol in the IPsec test bed system. In the trend of network expansion, the current Internet Key Exchange protocol has a limitation of network scalability, so we implemented the new Internet Key Exchange protocol as a recommendation of RFC proposal, so as to resolve the fault of the key exchange complexity and the speed of authentication process. We improved the key exchange speed as a result of simplification of complex key exchange phase, and increased efficiency with using the preexistence state value in negotiation phase.

Analysis of the IPsec Internet Key Exchange (IKE) Protocol (IPsec의 키 교환 방식에 대한 안전성 분석)

  • 주한규
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.10 no.4
    • /
    • pp.33-46
    • /
    • 2000
  • IPsec is a protocol suite to protect the data communication between computers on internet and many VPNs(Virtual Private Networks) use IPsec protocol. IKE protocol is used to exchange keys in IPsec. Formal analysis method is used increasingly in computer science to increase the reliability of a system. In this paper, the IKE protocol is analyzed formally. This paper shows that IKE with Authentication with Signature and Authentication with Pre-Shared Key is safe, but Authentication with Public Key Encryption and A Revised Method of Authentication with Public Key Encryption are safe only with the assumption that a participant has the correct public key of the correspondent. To make sure that a participant has the correct public key of the correspondent, the usage of certificate is recommended.

Issues and Security on IPSec: Survey (IPSec 보안 이슈와 대응 방안)

  • Hong, Sunghyuck
    • Journal of Digital Convergence
    • /
    • v.12 no.8
    • /
    • pp.243-248
    • /
    • 2014
  • IPSec provides two services that are authentication header and Encapsulating Security Payload(ESP). In this research work, security issues on the Internet and the basic concept of IPSec are described. Security issues on the Internet are presented and proposed a possible solution for DDoS attack using IPSec. Therefore, this research will be able to contribute for building secure communication against DDoS attack.

A Study on the Performance Improvement of the Security Transmission Using the SSFNet (SSFNet을 이용한 보안전송 성능개선에 관한 연구)

  • Ryu, Jung-Eun;Ryu, Dong-Ju;Lee, Taek-Hee
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • v.9 no.2
    • /
    • pp.811-815
    • /
    • 2005
  • IPSec(Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPSec is providing authentication, integrity and confidentiality security services. The specifications for Internet Key Exchange(IKEv1) were released to the world. Some criticisms of IKEv1 were that it was too complex and endeavored to define too much functionality in one place. Multiple options for multiple scenarios were built into the specification. The problem is that some of the included scenarios are rarely if ever encountered. For IPsec to work, the sending and receiving devices must chare a Public Key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley(ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates. This thesis is a study on the performance improvement of the security transmission using the SSFNet(Scalable Simulation Framework Network Models)

  • PDF

Implementation of IPSec Cryptographic Processor Based AMBA Architecture (AMBA(Advanced Microcontroller Bus Architecture) 기반의 IPSec 암호 프로세서의 구현)

  • Hwang, Jae-Jin;Choi, Myung-Ryul
    • Proceedings of the KIEE Conference
    • /
    • 2004.11c
    • /
    • pp.123-125
    • /
    • 2004
  • The importance for Internet security has being increased and the Internet Protocol Security (IPSec) standard, which incorporates cryptographic algorithms, has been developed as one solution to this problem. IPSec provides security services in IP-Layer using IP Authentication Header (AH) and IP Encapsulation Security Payload (ESP). In this paper, we propose IPSec cryptographic processor design based AMBA architecture. Our design which is comprised Rijndael cryptographic algorithm and HAMC-SHA-1 authentication algorithm supports the cryptographic requirements of IP AH, IP ESP, and any combination of these two protocols. Also, our IPSec cryptographic processor operates as AMBA AHB Slave. We designed IPSec cryptographic processor using Xilinx ISE 5.2i and VHDL, and implemented our design using Xilinx's FPGA Vertex XCV600E.

  • PDF

A Dynamic Key Lifetime Change Algorithm for Performance Improvement of Virtual Private Networks (가상사설망의 성능개선을 위한 동적 키 재생성 주기 변경 알고리즘)

  • HAN, Jong-Hoon;LEE, Jung Woo;PARK, Sung Han
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.42 no.10 s.340
    • /
    • pp.31-38
    • /
    • 2005
  • Ipsec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the internet. Internet Key Exchange (IKE) is a protocol that is used to negotiate and provide authenticated keying materials in a protected manner for Security Associations (SAs). In this paper, we propose a dynamic key lifetime change algorithm for performance enhancement of virtual private networks using IPSec. The proposed algorithm changes the key lifetime according to the number of secure tunnels. The proposed algorithm is implemented with Linux 2.4.18 and FreeS/WAN 1.99. The system employing our proposed algorithm performs better than the original version in terms of network performance and security.

A Study on safe transmission technique that IPsec of MIPv6 base (MIPv6 기반 IPsec을 이용한 보안전송 기법에 관한 연구)

  • Moon, In-Tack;Ryu, Dong-Ju;No, Bong-Nam
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2003.11c
    • /
    • pp.2013-2016
    • /
    • 2003
  • 최근 무선인터넷의 활발한 보급화에 더불어 이동성 단말을 이용한 전자상거래 등이 활발하게 이루어짐에 따라서 개인 데이터 보호 및 안전한 통신을 보장 받으려는 모바일 사용자들의 요구가 급속히 증가하고 있다. 이는 무선매체의 공개성에 따른 보안침해의 용이성과 단말이 이동함에 따른 보안 체계 구축의 복잡성에 기인한다. 이러한 이유로 최근 이동성 단말의 통신에서 보안이 중요한 영역으로 인식되고 있다. 따라서 본 논문에서는 이러한 모바일 환경 특히 향후 전개될 MIPv6(Mobile Internet Protocol version 6) 환경에서의 안전한 데이터 전송을 위해 IP 계층 보안 프로토콜인 IPsec(Internet Protocol security)을 이용한 이동 단말의 안전한 데이터 전송을 테스트하고 향후 MIPv6 에서의 보안성 향상을 위한 방안들을 모색해 보고자 한다.

  • PDF