• Title/Summary/Keyword: Integrated Security Engine

Search Result 19, Processing Time 0.022 seconds

Integrated Security Management Framework for Secure Networking

  • Jo, Su-Hyung;Kim, Jeong-Nyeo;Sohn, Sung-Won
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2003.10a
    • /
    • pp.2174-2177
    • /
    • 2003
  • Internet is exposed to network attacks as Internet has a security weakness. Network attacks which are virus, system intrusion, and deny of service, put Internet in the risk of hacking, so the damage of public organization and banking facilities are more increased. So, it is necessary that the security technologies about intrusion detection and controlling attacks minimize the damage of hacking. Router is the network device of managing traffic between Internets or Intranets. The damage of router attack causes the problem of the entire network. The security technology about router is necessary to defend Internet against network attacks. Router has the need of access control and security skills that prevent from illegal attacks. We developed integrated security management framework for secure networking and kernel-level security engine that filters the network packets, detects the network intrusion, and reports the network intrusion. The security engine on the router protects router or gateway from the network attacks and provides secure networking environments. It manages the network with security policy and handles the network attacks dynamically.

  • PDF

Efficient Integrated Design of AES Crypto Engine Based on Unified Data-Path Architecture (단일 데이터패스 구조에 기반한 AES 암호화 및 복호화 엔진의 효율적인 통합설계)

  • Jeong, Chan-Bok;Moon, Yong-Ho
    • IEMEK Journal of Embedded Systems and Applications
    • /
    • v.7 no.3
    • /
    • pp.121-127
    • /
    • 2012
  • An integrated crypto engine for encryption and decryption of AES algorithm based on unified data-path architecture is efficiently designed and implemented in this paper. In order to unify the design of encryption and decryption, internal steps in single round is adjusted so as to operate with columns after row operation is completed and efficient method for a buffer is developed to simplify the Shift Rows operation. Also, only one S-box is used for both key expansion and crypto operation and Key-Box saving expended key is introduced provide the key required in encryption and decryption. The functional simulation based on ModelSim simulator shows that 164 clocks are required to process the data of 128bits in the proposed engine. In addition, the proposed engine is implemented with 6,801 gates by using Xilinx Synthesizer. This demonstrate that 40% gates savings is achieved in the proposed engine, compared to individual designs of encryption and decryption engine.

A Development of Central Policy Database for managing Heterogeneous Firewall Systems (이종의 침입 차단시스템 관리를 위한 중앙 정책 데이터베이스 개발)

  • Lee, Dong-Young;Chung, Tai-Myoung
    • The KIPS Transactions:PartD
    • /
    • v.9D no.6
    • /
    • pp.1063-1070
    • /
    • 2002
  • With a remarkable growth and expansion of Internet, the security issues emerged from intrusions and attacks such as computer viruses, denial of services and hackings to destroy information have been considered as serious threats for Internet and the private networks. To protect networks from intrusions and attacks, many vendors have developed various security systems such as firewalls and intrusion detection systems. However, managing these systems individually demands too much work and high cost. Thus, integrated and autonomous security management for various security products has become more important. In this paper, we present the architecture of the WISMSF (Web-based Integrated Security Management System for Firewalls) and the merits of centralized approach for managing heterogeneous firewalls and implement the prototype of the central policy database that is a component of the WISMSF engine. The WISMSF engine supports an integrated view for policies, the integrity of polities and the easy recovery and addition of policies. And also, we define the policy conflicts of WISMSF and present the policy recovery process to support to the policies consistence.

A Development of Web-based Integrated Security Management System for Firewalls (웹 기반의 방화벽 통합 보안 관리 시스템 개발)

  • Lee, Dong-Young;Kim, Dong-Soo;Hong, Seung-Sun;Chung, Tai-Myoung
    • The Transactions of the Korea Information Processing Society
    • /
    • v.7 no.10
    • /
    • pp.3171-3181
    • /
    • 2000
  • With a remarkable growth and expansionof Internet, the security issues emerged from intrusions and attacks such as computer viruses, dental of servives and backings to destroy intormation have been considered as serious threats for Internet and the provate networks. To protect networks from those attacks, many nendors have developed various security systems such as firewalls, intrusion detection systems, and access control systems. However managing those systems individually requres too much work and high cost. Thus, integrated security managemanet and eatabliashment of consistent security policy for various security products has become more important. In this paper, we propose integrated security manabement system called WISMSF(Web based Integrated Security Management System for Fireswalls) to monitor and contro various kinds of firewalls WISMSF consists of three components-clients, integrated engine, and agents. It supports the transparent management functions of security products, easy ways of defining security policies, and simple expansion of managed ranges.

  • PDF

The Implementation of IPsec Engine integrated IP Layer on Linux (리눅스 커널에서 IP 계층에 통합된 IPsec 엔진 구현)

  • 박소희;나재훈
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2001.11a
    • /
    • pp.228-231
    • /
    • 2001
  • 인터넷의 활용이 급속하게 증가하여 인터넷에서의 정보보호에 대한 필요성이 대두되면서 표준화된 인터넷 정보보호 프로토콜인 IPsec이 등장하게 되었다. 이러한 IPsec은 현재 여러 가지 플랫폼에서 구현되고 있으며, 이러한 구현은 일반적으로 IP 계층에 통합하는 방법, BITS, BITW 중 하나의 방법론을 선택하고 있다. BITW는 outboard crypto processor를 사용하여 물리적인 인터페이스 카드 내에 IPsec을 구현하는 방법으로 효율성이 문제가 되므로 본 논문에서는 IP 계층에 통합하는 방법과 BITS 방법을 중심으로 장단점을 분석한다. 이에 본 논문은 리눅스 커널 상에서 IPsec을 구현하기 위해 리눅스 커널 모듈을 분석하고 가장 효율적이라 생각되는 IP 계층에 통합된 IPsec을 구현하는 방법을 제안한다.

  • PDF

Development of a Gateway System for Social Network Services

  • Kwon, Dongwoo;Jung, Insik;Lee, Shinho;Kim, Hyeonwoo;Ju, Hongtaek
    • Journal of Communications and Networks
    • /
    • v.17 no.2
    • /
    • pp.118-125
    • /
    • 2015
  • In this paper, we propose a method to reduce mobile social network services (SNSs) traffic using a mobile integrated SNS gateway (MISG) to improve network communication performance between the mobile client and SNS servers. The gateway connects the client and SNS servers using the contents adapter and the web service adapter and helps to improve communication performance using its cache engine. An integrated SNS application, the user's client, communicates with the gateway server using integrated SNS protocol. In addition, the gateway can alert the client to new SNS contents because of the broker server implemented by the message queuing telemetry transport protocol. We design and develop the modules of the gateway server and the integrated SNS application. We then measure the performance of MISG in terms of content response time and describe the result of the experiment.

A study on Interaction of IKE protocol engine in IPsec System (IPsec 시스템에서 IKE 프로토콜 엔진의 연동에 관한 연구)

  • 이형규;나재훈;손승원
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.5
    • /
    • pp.27-35
    • /
    • 2002
  • In this paper, we present the structure and interaction flow between IKE server and the other modules for our IPsec System's efficiency. Our IPsec systems have several components for IP-based end-to-end security services. They are IKE, SADB and SPDB and so on, not to speak of IPsec Protocol Engine. Therefore the efficient interaction structure between them has an much influence on total system efficiency. Especially, in case of IPsec engine integrated with kernel, it is very important how IPsec engine can refer to SPDB and SADB entries efficiently according to the location of the implementation of SPDB and SADB. To solve the above problem, we use the SPI generated by IKE. Finally, we propose the interaction structure between IKE server and the other modules according to the optimization for referring to SPDB and SADB entries.

Building a Mobile AR System Based on Visual SLAM (Visual SLAM 기반의 모바일 증강현실 시스템 구축)

  • Song, Ju Eun;Kook, Joongjin
    • Journal of the Semiconductor & Display Technology
    • /
    • v.20 no.4
    • /
    • pp.96-101
    • /
    • 2021
  • The SLAM market is growing rapidly with advances in Machine Learning, Drones, Augmented Reality technologies. However, due to the absence of an open source-based SLAM library for developing AR content, most SLAM researchers are required to conduct their own research and development to customize SLAM. In this paper, we propose an opensource-based Mobile Markerless AR System by building our own pipeline based on Visual SLAM. To implement the Mobile AR System of this paper, it uses ORB-SLAM3 and Unity Engine and We experimented with running our system in a real environment and confirming it in the Unity Engine's Mobile Viewer. Through this experimentation, we can verify that the Unity Engine and the SLAM System are tightly integrated and communicate smoothly. Also, we expect to accelerate the growth of SLAM technology through this research.

The content based standard data search technology under CALS integrated data environment (국방 CALS 통합 데이터 환경을 위한 내용 기반의 표준 데이터 검색 기술 개발)

  • Jeong, Seung-Uk;U, Hun-Sik
    • Journal of National Security and Military Science
    • /
    • s.2
    • /
    • pp.261-283
    • /
    • 2004
  • To build up the military strength based on information oriented armed forces, the Korean ministry of national defense (MND) promotes the defense CALS (Continuous Acquisition and Life cycle Support) initiative for the reductions of acquisition times, improvements of system qualities, and reductions of costs. These defense CALS activities are the major component of the underlying mid and long term defense digitization program and the ultimate goal of program is to bring a quick victory by providing real-time battlefield intelligence and the economical operations of the military. The concept of defense CALS is to automate the acquisition and disposition of defense systems throughout their life cycle. For implementing defense CALS, the technology for exchange and sharing CALS standard data that is created once and used many times should be considered. In order to develop an efficient CALS information exchange and sharing system, it is required to integrate distributed and heterogeneous data sources and provide systematic search tools for those data. In this study, we developed a content based search engine technology which is essential for the construction of integrated data environments. The developed technology provides the environment of sharing the CALS standard data such as SGML(Standard Generalized Markup Language) and STEP(Standard for The Exchange of Product model data). Utilizing this technology, users can find and access distributed and heterogeneous data sources without knowing its actual location.

  • PDF

Low Power Implementation of Integrated Cryptographic Engine for Smart Cards (스마트카드 적용을 위한 저전력 통합 암호화 엔진의 설계)

  • Kim, Yong-Hee;Jeong, Yong-Jin
    • Journal of the Institute of Electronics Engineers of Korea SD
    • /
    • v.45 no.6
    • /
    • pp.80-88
    • /
    • 2008
  • In this paper, the block cipher algorithms, 3-DES(Triple Data Encryption Standard), AES(Advanced Encryption Standard), SEED, HASH(SHA-1), which are domestic and international standards, have been implemented as an integrated cryptographic engine for smart card applications. For small area and low power design which are essential requirements for portable devices, arithmetic resources are shared for iteration steps in each algorithm, and a two-level clock gating technique was used to reduce the dynamic power consumption. The integrated cryptographic engine was verified with ALTERA Excalbur EPXA10F1020C device, requiring 7,729 LEs(Logic Elements) and 512 Bytes ROM, and its maximum clock speed was 24.83 MHz. When designed by using Samsung 0.18 um STD130 standard cell library, the engine consisted of 44,452 gates and had up to 50 MHz operation clock speed. It was estimated to consume 2.96 mW, 3.03 mW, 2.63 mW, 7.06 mW power at 3-DES, AES, SEED, SHA-1 modes respectively when operating at 25 MHz clock. We found that it has better area-power optimized structure than other existing designs for smart cards and various embedded security systems.