• 한국전자거래학회지
• /
• 제7권1호
• /
• pp.66-74
• /
• 2002

Through the increment of requirement for EC(Electronic Commerce) oriented communication services, security multicast communications is becoming more important. However, multicast to EC environment is much different from unicast concept most network security protocols. On the network security, using mandatory access control of multilevel architecture which assigns a specific meaning to each subject, so we accomplish access control. In this way, access control security based on the information security level is proposed. A security protocol based on the architecture proposed in this paper would be utilized in security multicast communications, group key management service and leveled security service through multilevel EC security policy, Also we discuss and propose the security level scaleability and key management method on the network.

• 정보보호학회논문지
• /
• 제16권1호
• /
• pp.97-104
• /
• 2006

이동 멀티캐스트 환경에서 다수의 이동 호스트가 안전하고 효율적인 멀티캐스트를 실현하기 위해서는 호스트의 이동성 및 무선 영역의 특성을 반영하는 키관리 방법이 요구된다. 본 논문에서는 이동 네트워크 구조를 반영한 KTMM 과 WSMM을 제안한다. 호스트의 이동에 따른 핸드오프와 그룹 멤버쉽 변화로 인한 키갱신을 처리하는 키 관리 구조 및 프로토콜을 설명하고, 실험을 통하여 데이터 전송, 멤버의 가입, 멤버의 탈퇴, 핸드오프 등으로 인해 발생하는 지연 시간을 서로 비교하여 각 방법의 장단점을 분석한다.

• 정보보호학회논문지
• /
• 제12권6호
• /
• pp.47-58
• /
• 2002

안전한 멀티캐스트 서비스와 관련하여 아키텍쳐, 키분배, 송신자 인증 등에 대한 연구가 활발히 이루어지고 있지만 서비스 거부 공격이나 권한 없는 멤버에 대한 멀티캐스트 서비스 접근을 통제할 수 있는 접근통제 기술에 대한 연구는 매우 미진한 상태이다. 멀티캐스트에서의 다단계 접근통제는 비밀 원격회의나 다양한 등급을 갖는 고객에 대한 차별된 멀티미디어 서비스를 제공하는데 응용할 수 있다. 실제 멀티캐스트 네트워크를 구성할 경우, 각각의 보안등급에 따라 서로 다른 가상 네트워크를 구성하게 된다. 그러나 기존 방식은 다중 접속 네트워크 환경에서의 불법접근을 효율적으로 막지 못하고 있고 다단계 접근통제 메커니즘을 제공하고 있지 않다. 따라서, 본 논문에서는 기존 멀티캐스트 접근통제 방식을 확장하여 네트워크 계층에서의 효율적인 계층형 접근통제 방식을 제안한다. 또한 어플리케이션 계층에서의 계층형 접근통제를 위한 계층키(hierarchical key) 분배 방식과 가입 및 탈퇴가 자유로운 동적 멀티캐스트 환경에서의 효율적인 계층키 갱신 방식을 제안한다.

• 산업융합연구
• /
• 제7권1호
• /
• pp.21-31
• /
• 2009

Multicast is a network technology for the delivery of information to a group of destinations simultaneously using the most efficient strategy to deliver the messages over each link of the network only once, creating copies only when the links to the multiple destinations split. This thesis designed a group certificate that can authenticate group information safety between cores based on CBT, proposed a multicast security system that can control some security key.

• 디지털산업정보학회논문지
• /
• 제12권3호
• /
• pp.75-85
• /
• 2016

MANET is a network composed only mobile network having limited resources and has dynamic topology characteristics. Therefore, every mobile node acts as a route and delivers data by using multi-hop method. In particular, group communication such as multicast is desperately needed because of characteristics such as battery life of limited wireless bandwidth and mobile nodes. However, the multicast technique can have different efficient of data transmission according to configuring method of a virtual topology by the movement of the nodes and the performance of a multicast can be significantly degraded. In this paper, the region based security multicast technique is proposed in order to increase the efficiency of data transmission by maintaining an optimal path and enhance the security features in data transmission. The group management node that manages the state information of the member nodes after the whole network is separated to area for efficient management of multicast member nodes is used. Member node encrypts using member key for secure data transmission and the security features are strengthened by sending the data after encrypted using group key in group management node. The superiority of the proposed technique in this paper was confirmed through experiments.

• 한국정보처리학회논문지
• /
• 제7권4호
• /
• pp.1184-1192
• /
• 2000

Multicast has communication mechanism that is able to transfer voice, video for only the specific user group. As compared to unicast, multicast is more susceptive to attack such as masquerading, malicious replay, denial of service, repudiation and traffic observation, because of the multicast has much more communication links than unicast communication. Multicast-specific security threats can affect not only a group's receivers, but a potentially large proportion of the internet. In this paper, we proposed the multicast security model that is able to secure multi-group communication in CBT(Core Based Tree), which is multicast routing. And designed the multicast key distribution protocol that can offer authentication, user privacy using core (be does as Authentication Server) in the proposed model.

• 정보보호학회논문지
• /
• 제21권3호
• /
• pp.75-88
• /
• 2011

센서네트워크 환경에서 멀티캐스트는 베이스스테이션이 다수의 센서노드에게 명령 또는 쿼리를 전송할 때 사용된다. 멜티캐스트 메시지를 효율적으로 안전하게 전송하기 위하여 그룹키를 이용한 암호화 통신이 요구되며, 포획당한 노드로 인한 그룹키 노출에 강건한 그룹키 갱신기법이 필요하다. 이를 위하여 애드 혹 네트워크 환경에서 안전한 그룹키 갱신 기법이 오랫동안 연구되었다. 하지만 기존에 연구된 기법들은 센서네트워크에 적합하게 설계되지 않았으며, 안전한 그룹키 갱신하기 위한 효과적인 방법이 제안되지 못하였다. 따라서 본 논문에서는 그룹에 속한 센서노드만 새로운 그룹키 생성할 수 있는 방법을 통해서 기존의 기법에 비해 높은 안전성을 가지는 멀티캐스트 그룹키 갱신 기법을 제안한다.

• 디지털산업정보학회논문지
• /
• 제13권4호
• /
• pp.115-123
• /
• 2017

The mutual cooperation among nodes is very important because mobile nodes participating in MANET communicate with limited resources and wireless environment. This characteristic is important especially in environment that supports group communication. In order to support the secure multicast environment, it is important enough to affect performance to provide accurate authentication method for multicast group members and increase the integrity of transmitted data. Therefore, we propose a technique to provide the multicast secure communication by providing efficient authentication and group key management for multicast member nodes in this paper. The cluster structure is used for authentication of nodes in the proposed technique. In order to efficient authentication of nodes, the reliability is measured using a combination of local trust information and global trust information measured by neighboring nodes. And issuing process of the group key has two steps. The issued security group key increases the integrity of the transmitted data. The superiority of the proposed technique was confirmed by comparative experiments.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권6호
• /
• pp.2492-2512
• /
• 2018

Multicast communication can effectively reduce network resources consumption in contrast with unicast. With the advent of SDN, current researches on multicast traffic are mainly conducted in the SDN scenario, thus to mitigate the problems of IP multicast such as the unavoidable difficulty in traffic engineering and high security risk. However, migration to SDN cannot be achieved in one step, hybrid SDN emerges as a transitional networking form for ISP network. In hybrid SDN, for acquiring similar TE and security performance as in SDN multicast, we redirect every multicast traffic to an appropriate SDN node before reaching the destinations of the multicast group, thus to build up a core-based multicast tree substantially which is first introduced in CBT. Based on the core SDN node, it is possible to realize dynamic control over the routing paths to benefit traffic engineering (TE), while multicast traffic manageability can also be obtained, e.g., access control and middlebox-supported network services. On top of that, multiple core-based multicast trees are constructed for each multicast group by fully taking advantage of the routing flexibility of SDN nodes, in order to further enhance the TE performance. The multicast routing and splitting (MRS) algorithm is proposed whereby we jointly and efficiently determine an appropriate core SDN node for each group, as well as optimizing the traffic splitting fractions for the corresponding multiple core-based trees to minimize the maximum link utilization. We conduct simulations with different SDN deployment rate in real network topologies. The results indicate that, when 40% of the SDN switches are deployed in HSDN as well as calculating 2 trees for each group, HSDN multicast adopting MRS algorithm can obtain a comparable TE performance to SDN multicast.

• 한국컴퓨터정보학회논문지
• /
• 제22권12호
• /
• pp.109-116
• /
• 2017

Short-lived pseudonym certificates as vehicle identities could satisfy both security and privacy requirements. However, to remove revoked certificates especially in vehicle communications, pseudonym certificate revocation list (CRL) should be distributed resource-efficiently from a practical deployment point of view and in a timely manner. In this paper, we propose a novel CRL distribution scheme capable of CRL multicast to only activated vehicles registered to the CRL multicast group using the group communication system enabler, namely, the GCSE which is being standardized. The scheme is resource efficient by using CRL distribution paths instead of paging processes to find out multicast vehicle(s) within a certain region. The analyzed results show that the proposed scheme outperforms in terms of paging cost, packets transmission cost, and the processing cost at the respective entities compared to the existing four schemes in the literature.