• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.917-920
• /
• 2008

The Internet Key Exchange (IKE) protocol is most widely used as a security key exchange protocol on the Internet. Security policies used by the IKE protocol must be configured in advance, however the complex options and manual settings cause inconvenience. This paper proposes an automatic configuration method for the IKE protocol based on X.509 certificate. Security policies are embedded in the certificate, read, and added into the IKE configuration file by a negotiation assistant module in order to achieve automatic IKE configuration. Our proposed method reduces the complexity of configuration process and improves the adaptability of the IKE protocol.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.811-815
• /
• 2005

IPSec(Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPSec is providing authentication, integrity and confidentiality security services. The specifications for Internet Key Exchange(IKEv1) were released to the world. Some criticisms of IKEv1 were that it was too complex and endeavored to define too much functionality in one place. Multiple options for multiple scenarios were built into the specification. The problem is that some of the included scenarios are rarely if ever encountered. For IPsec to work, the sending and receiving devices must chare a Public Key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley(ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates. This thesis is a study on the performance improvement of the security transmission using the SSFNet(Scalable Simulation Framework Network Models)

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2009.01a
• /
• pp.377-380
• /
• 2009

VoIP기반의 음성통화가 기존 PSTN망을 대체하여 빠르게 확산되고 있다. 이러한 IP기반의 음성통신은 IP 네트워크가 가진 보안 취약점을 그대로 가지고 있어 이에 대한 보완이 필요하다. IPsec은 IP망에서 보안을 제공하는 프로토콜로 데이터의 기밀성 및 무결성을 제공한다. 한편, 서비스 제공자는 적절한 과금 및 서비스 중재 및 부가 서비스 제공을 위해 통신에 사용된 암호화 키를 획득할 수 있어야 한다. 본 논문에서는 IPsec의 키 교환 프로토콜인 Internet Key Exchange v2를 수정하여 서비스 제공자와 통신하는 양 단말이 동시에 키 교환을 수행하도록 한다. 이 방식을 통하여 서비스 제공자가 키 생성에 참여함으로서 Men in the middle 공격을 효과적으로 막을 수 있고, 부가 서비스를 제공할 수 있는 발판을 마련할 수 있다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.199-202
• /
• 2003

IPsec is a standardization way for protection of IP packets in network layer and it is composed of three protocols that is AH(Authentication Header), ESP(Encapsulation Security Protocol) and IKE(Internet Key Exchange). Before doing encryption and decryption using AH or ESP protocols, both of communicating entities have to share same key safely. IKE protocol works automatically. But it has less interoperability because IKE protocol is not simple. A work which standardize IKEv2 has been done up to now. In this article, we will examine the Cryptographic Algorithms of IKEv2, and describe the AES usage with IPsec, based on the IETF Draft document.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.12
• /
• pp.3366-3383
• /
• 2012

Reliance on the Internet has introduced Voice over Internet Protocol (VoIP) to various security threats. A reliable security protocol and an authentication scheme are thus required to prevent the aforementioned threats. However, an authentication scheme often demands additional cost and effort. Accordingly, a security framework for known participants in VoIP communication is proposed in this paper. The framework is known as Randomness-Optimized Self-Securing (ROSS), which performs authentication automatically throughout the session by optimizing the uniqueness and randomness of the communication itself. Elliptic Curve Diffie-Hellman (ECDH) key exchange and Salsa20 stream cipher are utilized in the framework correspondingly to secure the key agreement and the communication with low computational cost. Human intelligence supports ROSS authentication process to ensure participant authenticity and communication regularity. The results show that with marginal overhead, the proposed framework is able to secure VoIP communication by performing reliable authentication.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.3
• /
• pp.956-970
• /
• 2015

In this paper, we study the design of network coding for the generalized transmit scheme in multiple input multiple output Y channel, where K users wish to exchange specified and shared information with each other within two slots. Signal space alignment at each user and the relay is carefully constructed to ensure that the signals from the same user pair are grouped together. The cross-pair interference can be canceled during both multiple accessing channel phase and broadcasting channel phase. The proposed signal processing scheme achieves the degrees of freedom of ${\eta}(K)=K^2$ with fewer user antennas.

• IE interfaces
• /
• v.10 no.3
• /
• pp.23-31
• /
• 1997

Exchange of product model data becomes a key issue in the globalized enterprise environment. Sharing heterogeneous information resides in diverse information resources is not easy. To share automotive product information among different organizations, a reliable neutral information standard and communication methods are needed. World wide sharing of automotive product information can be implemented based on the STEP AP214, the standard for exchange of automotive product model through its whole life cycle. This paper suggests an automotive PDM implemented on the internet and based on the STEP AP214. Physical files containing design data can be shared on the internet using JAVA applets and VRML.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.11
• /
• pp.2874-2892
• /
• 2013

Since security plays an important role in several ZigBee applications, such as Smart Energy and medical sensor applications, ZigBee Specification includes various security mechanisms to protect ZigBee frames and infrastructure. Among them, the Join and Leave operations of ZigBee are investigated in this paper. The current Join-Leave operation is protected by the network key (a kind of group key). We claim it is not adequate to employ the network key for such purpose, and propose a new Join-Leave operation protected by the application link key (a kind of pairwise key), which is based on a more efficient key management scheme than that of ZigBee. Hence, the original Join operation consists of a total of 12 command frames, while the new Join operation consists of only 6 command frames. In particular, the security of the proposed Join-Leave operation is equivalent to or better than that of the original Join-Leave operation. The new Join-Leave operation is extensively analyzed in terms of security and efficiency, and compared with the original Join-Leave operation of ZigBee.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.4
• /
• pp.91-98
• /
• 2012

A group key exchange (GKE) protocol is designed to allow a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. Among the many protocols is Yi et al.'s password-based GKE protocol in which each participant is assumed to hold their individual password registered with a trusted server. A fundamental requirement for password-based key exchange is security against off-line dictionary attacks. However, Yi et al.'s protocol fails to meet the requirement. In this paper, we report this security problem with Yi et al.'s protocol and show how to solve it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.481-496
• /
• 2021

It is imperative to migrate the current public key cryptosystem to a quantum-resistance system ahead of the realization of large-scale quantum computing technology. The National Institute of Standards and Technology, NIST, is promoting a public standardization project for Post-Quantum Cryptography(PQC) and also many research efforts have been conducted to apply PQC to TLS(Transport Layer Security) protocols, which are used for Internet communication security. In this paper, we propose a scenario in which a server and multi-clients share session keys on TLS by using the parallelized NTRU which is PQC in the key exchange process. In addition, we propose a method of accelerating NTRU using GPU and analyze its efficiency in an environment where a server needs to process large-scale data simultaneously.