• Proceedings of the KIEE Conference
• /
• 2004.11c
• /
• pp.123-125
• /
• 2004

The importance for Internet security has being increased and the Internet Protocol Security (IPSec) standard, which incorporates cryptographic algorithms, has been developed as one solution to this problem. IPSec provides security services in IP-Layer using IP Authentication Header (AH) and IP Encapsulation Security Payload (ESP). In this paper, we propose IPSec cryptographic processor design based AMBA architecture. Our design which is comprised Rijndael cryptographic algorithm and HAMC-SHA-1 authentication algorithm supports the cryptographic requirements of IP AH, IP ESP, and any combination of these two protocols. Also, our IPSec cryptographic processor operates as AMBA AHB Slave. We designed IPSec cryptographic processor using Xilinx ISE 5.2i and VHDL, and implemented our design using Xilinx's FPGA Vertex XCV600E.

• Journal of information and communication convergence engineering
• /
• v.1 no.1
• /
• pp.48-52
• /
• 2003

A cost efficient IPSec Accelerator board utilizing a crypto chip and an entry-level Linux PC for the high performance VPN is presented in this paper. The IPIP (IP-over-IP tunneling) processing, encryption & decryption processing, HASH processing, and the integrity test functions of IPSec are processed in the IPSec Accelerator board. The proposed IPSec Accelerator has demonstrated successful execution of the required functions of the IPSec packet processing and verified its performance by processing the IPSec packets at the rate of over 1 Gbps.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.11 no.1
• /
• pp.121-128
• /
• 2018

Internet of Things architecture connected to the Internet is a technology. However, Many paper research for the lightweight Protocol of IoT Environment. In these Paper excluded secure problem about protocol. So Light weight Protocol has weakness of secure in IoT environment. All of IoT devices need encryption algorithm and authentication message code for certain level of security. However, IoT environment is difficult to using existing security technology. For this reason, Studies for Lightweight IPsec is essential in IoT environment. For Study of Lightweight IPsec, We analyze existing protocols such as IPsec, 6LoWPAN for IEEE 802.15.4 layer and Lightweight IPsec based 6LoWPAN. The result is to be obtained for the lightweight IPsec protocols for IoT environment. This protocol can compatible with Internet network.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.6C
• /
• pp.659-667
• /
• 2003

IPsec refers to a standardized set of security protocols and algorithms which can provide the integrity, the authentication and the confidentiality services for IP packets in the Internet. Between two security gateways, IPsec provides the access control, the connectionless Integrity, data origin authentication, the anti-replay, and the confidentiality services, not only to the IP layer but also to the upper layers. In this paper, we describe a VPN (Virtual Private Network) testbed configuration using the FreeS/WAN and analyze the ISAKMP messages exchanged between the linux security gateway during the IKE SA setup. Also, we describe our development of an IPSEC encryption verification tool which can be used conveniently by VPN administrators.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.790-792
• /
• 2005

최근 급격히 증가하는 정보량으로 인해서 기업체뿐만 아니라 개인들을 위한 스토리지 수요도 폭발적으로 증가하고 있다. 이에 따라 네트워크를 통한 스토리지 서비스 수요도 점차 증가하고 있다. 기업체의 패쇄적인, 파이버 채널을 이용한 SAN은 설치 및 유지비용 등의 문제로 인해서 개인 사용자 필 소규모 사업자들에게 네트워크 스토리지를 위한 가능한 솔루션이 아니다. 이와 관련하여 IP 네트워크를 이용한 네트워크 스토리지가 많이 소개되고 있으나 IP 네트워크를 이용한 네트워크 스토리지는 외부에 의해 데이터가 변조되거나 중요한 데이터가 유출되는 등의 보안상의 문제점을 안고 있다. 이러한 네트워크 스토리지의 보안상 문제점을 해결하기 위한 기술 중 하나가 IPSec 프로토콜이다. IPSec 프로토콜은 IP 계층에서 네트워크를 통해 전송되는 패킷들을 암호화함으로써 안전한 통신을 보장하는 프로토콜이다. 본 논문은 유무선 네트워크 환경에서 IPSec이 지원하는 여러 알고리즘을 이용하여 IPSec의 성능을 측정하고 분석하여, IPSec이 네트워크 스토리지의 보안에, 적합한지를 알아본다. 특히 IPSec은 IPv6에서는 필수 기능으로 도입되기 때문에 네트워크 스토리지를 위해서 IPSec의 성능을 평가해보는 것은 의미가 있다고 생각한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.33-46
• /
• 2000

IPsec is a protocol suite to protect the data communication between computers on internet and many VPNs(Virtual Private Networks) use IPsec protocol. IKE protocol is used to exchange keys in IPsec. Formal analysis method is used increasingly in computer science to increase the reliability of a system. In this paper, the IKE protocol is analyzed formally. This paper shows that IKE with Authentication with Signature and Authentication with Pre-Shared Key is safe, but Authentication with Public Key Encryption and A Revised Method of Authentication with Public Key Encryption are safe only with the assumption that a participant has the correct public key of the correspondent. To make sure that a participant has the correct public key of the correspondent, the usage of certificate is recommended.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.6
• /
• pp.2739-2742
• /
• 2012

6LoWPAN is a standard to enable IPv6 packets to be carried on top of low power wireless networks. It needs to achieve security in 6LoWPAN, which is being defined at the 6LoWPAN working group of the IETF. IPSec is already part of IPv6, which makes it a candidate to be directly employed or adapted for WSNs. Some results showed that the adoption of IPSec is viable, and also point towards the successful design and deployment of security architecture for WSNs. IPSec requires two communicating entities to share a secret key that is typically established dynamically with the IKE. However, there are some limitations to use IKE on wireless networks. In this article, we show requirements for being Efficient Key management Mechanism for IPSec on 6LoWPAN and analyze candidate protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.41-52
• /
• 2024

Security audits of IPsec VPNs are crucial for identifying vulnerabilities caused by implementation flaws or misconfigurations, as well as investigating incidents. Nevertheless, auditing IPsec VPN presents noteworthy challenge due to the encryptiong of network contents which ensere confidentiality, integrity, authentications and more. Some researchers have suggested using man-in-the-middle(MITM) techniques to overcome this challenge. MITM techniques require direct participation in the network and prior knowledge of the pre-shared key for authentication. This causes temporary network disconnection for security audits, and it is impossible to analyse data collected before the audit. In this paper, we present an analysis technique aimed at ensuring network continuity without relying on a specific IPsec VPN topologies or authentication method. Therefore, it is anticipated that this approach will be effective, practical and adaptable for conducting IPsec VPN security

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.1083-1086
• /
• 2007

인터넷의 발전과 함께 정보보안의 중요성이 증대되고 있으며, 이에 대한 연구가 다양한 영역에서 진행되고 있다. 특히, 네트워크 계층에 적용할 수 있는 보안기술인 IPSec(Internet Protocol Security) 기술이 IETF(Internet Engineering Task Force)에서 제시되었으나, 동적 키 분배의 어려움과 초기설정을 위한 다수의 메시지 전송으로 인하여 VPN 또는 원거리 인트라넷과 같은 제한된 영역에서만 사용되고 있다. 본 논문에서는 IETF 에서 제시한 표준 IPSec 기술을 개선하여 보다 다양한 영역에서 보안통신이 가능하도록 하는 개선된 IPSec 기술을 보인다. 이 기술은 통신주체간 무인증 기능을 제공하며, 추가적으로 암호협약을 배제한 IPSec 통신이 가능하도록 함으로써, 다양한 영역에서 IPSec 기술에 기반한 보안통신이 가능하도록 지원한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.316-320
• /
• 2003

본 논문에서는 우리가 개발한 IPsec 시스템의 효율성을 위해 인터넷 키 교환 서버를 중심으로 모듈간 연동 구조와 이에 따른 수행 절차를 다룬다. 개발한 IPsec 시스템은 IP기반 단대단 보안을 위해 IPsec 엔진을 중심으로 키 관리, SADB, SPDB 모듈이 통합된 구조로 되어 있다. 따라서 각 모듈간의 효율적인 연동구조는 시스템의 전체 효율에 매우 큰 영향을 줄 수 있다. 특히, 우리의 IPsec 시스템에서 IPsec 엔진은 커널과의 통합방식으로 구현되었기 때문에 SPDB와 SADB의 구현 위치에 따른 조회의 효율성을 위해 여러 고려 사항들이 필요하다. 우리는 이러한 문제를 풀기 위해 IKE 서버에 의해 생성된 SPI를 사용한다 최종적으로 우리는 SPDB 엔트리와 SADB 엔트리 조회의 최적화 방법에 기인한 모듈간 연동구조를 제안한다.