• 디지털산업정보학회논문지
• /
• 제10권3호
• /
• pp.161-169
• /
• 2014

Wireless Ad Hoc Network is suitable for emergency situations such as and emergency, disaster recovery and war. That is, it has a characteristic that can build a network and use without help of any infrastructure. However, this characteristic is providing a cause of many security threats. In particular, routing attack is not applied the existing routing methods as it is and it is difficult to determine accurately whether nodes that participate in routing is malicious or not. The appropriate measure for this is necessary. In this paper, we propose a secure routing technique through a zone architecture-based node authentication in order to provide efficient routing between nodes. ZH node is elected for trust evaluation of the member nodes within each zone. The elected ZH node issues a certification of the member nodes and stores the information in ZMTT. The routing involvement of malicious nodes is blocked by limiting the transfer of data in the nodes which are not issued the certification. The superior performance of the proposed technique is confirmed through experiments.

• 디지털산업정보학회논문지
• /
• 제13권4호
• /
• pp.13-23
• /
• 2017

In order to protect personal information and important information (confidential information, sales information, user information, etc.) in the internal network, companies and organizations apply encryption to the Server-To-Server or Server-To-Client communication section, And are experiencing difficulties due to the increasing number of known attacks and intelligent security attacks. In order to apply the existing S / W encryption technology, it is necessary to modify the application. In the financial sector, "Comprehensive Measures to Prevent the Recurrence of Personal Information Leakage in the Domestic Financial Sector" has been issued, and standard guidelines for financial computing security have been laid out, and it is required to expand the whole area of encryption to the internal network. In addition, even in environments such as U-Health and Smart Grid, which are based on the Internet of Things (IoT) environment, which is increasingly used, security requirements for each collection gateway and secure transmission of the transmitted and received data The requirements of the secure channel for the use of the standard are specified in the standard. Therefore, in this paper, we propose a secure encryption algorithm through mutual authentication and grouping for each node through H / W based Network Control Server (NCS) applicable to internal system and IoT environment provided by enterprises and organizations. We propose a protocol design that can set the channel.

• 정보처리학회논문지:컴퓨터 및 통신 시스템
• /
• 제11권4호
• /
• pp.119-126
• /
• 2022

본 연구는 폐쇄망에서 효율적이고 안전하게 패키지 관리 시스템을 사용하기 위해서 고려해야 할 할 중요 요소들과 그 방법론 들을 제시하는 것을 목적으로 한다. 관련 선행 연구의 분석을 통해 기존 패키지 관리에서 보안성을 위해 고려해야 할 사항들을 살펴보고, 이를 바탕으로 폐쇄망이라는 특수한 상황에서 고려해야 할 세부 방법들을 제안한다. 구체적으로, 새로운 패키지 관리 도구의 개발, 물리적 저장매체 활용, 로컬 백업 저장소 활용, 패키지 업데이트 및 다운그레이드 일괄 처리의 방법을 제안한다.

• International Journal of Computer Science & Network Security
• /
• 제24권4호
• /
• pp.11-25
• /
• 2024

The proliferation of IoT devices has presented an unprecedented challenge in managing device identities securely and efficiently. In this paper, we introduce an innovative Hybrid Blockchain-Based Approach for IoT Identity Management that prioritizes both security and efficiency. Our hybrid solution, strategically combines the advantages of direct and indirect connections, yielding exceptional performance. This approach delivers reduced latency, optimized network utilization, and energy efficiency by leveraging local cluster interactions for routine tasks while resorting to indirect blockchain connections for critical processes. This paper presents a comprehensive solution to the complex challenges associated with IoT identity management. Our Hybrid Blockchain-Based Approach sets a new benchmark for secure and efficient identity management within IoT ecosystems, arising from the synergy between direct and indirect connections. This serves as a foundational framework for future endeavors, including optimization strategies, scalability enhancements, and the integration of advanced encryption methodologies. In conclusion, this paper underscores the importance of tailored strategies in shaping the future of IoT identity management through innovative blockchain integration.

• 인터넷정보학회논문지
• /
• 제12권2호
• /
• pp.123-133
• /
• 2011

본 논문은 영상감시용 네트워크 카메라가 원격지에 설치됨으로써 보안 환경 및 갱신으로부터 소외되어 발생하는 보안 취약성을 지적하고 이를 해결하기 위한 방안으로 네트워크 카메라로의 안전한 접속을 대행하기 위한 보안 프락시 서버 구조를 제안한다. 제안한 서버는 보안 네트워크상에 위치하여 대규모 네트워크 카메라 군에 대한 접속정보를 은닉하고 보안 관리자를 통하여 접속을 시도하는 클라이언트를 인증한다. 또한 그룹 키를 기반으로 하는 영상정보의 암호화 및 키의 갱신 기능을 통하여 영상정보에 대한 등급 지정과 클라이언트에 대한 등급별 안전한 영상 서비스를 제공한다. 제안한 서버를 다중의 네트워크 카메라를 대상으로 구현하여 실험함으로써 네트워크 카메라에 직접 접속하는 경우와 동등한 품질의 영상 서비스를 유지하면서 네트워크 카메라를 안전하게 보호할 수 있음을 확인하였다. 본 연구의 결과를 통하여 임의 접근이 가능한 기존의 네트워크 카메라에 대하여 안전하고 일관된 통합관리가 가능해질 것으로 사료된다.

• Journal of Information Processing Systems
• /
• 제13권1호
• /
• pp.152-173
• /
• 2017

Mobile phones are the most common communication devices in history. For this reason, the number of mobile subscribers will increase dramatically in the future. Therefore, the determining the location of a mobile station will become more and more difficult. The mobile station must be authenticated to inform the network of its current location even when the user switches it on or when its location is changed. The most basic weakness in the GSM authentication protocol is the unilateral authentication process where the customer is verified by the system, yet the system is not confirmed by the customer. This creates numerous security issues, including powerlessness against man-in-the-middle attacks, vast bandwidth consumption between VLR and HLR, storage space overhead in VLR, and computation costs in VLR and HLR. In this paper, we propose a secure authentication mechanism based new mobility management method to improve the location management in the GSM network, which suffers from a lot off drawbacks, such as transmission cost and database overload. Numerical analysis is done for both conventional and modified versions and compared together. The numerical results show that our protocol scheme is more secure and that it reduces mobility management costs the most in the GSM network.

• 디지털산업정보학회논문지
• /
• 제12권3호
• /
• pp.75-85
• /
• 2016

MANET is a network composed only mobile network having limited resources and has dynamic topology characteristics. Therefore, every mobile node acts as a route and delivers data by using multi-hop method. In particular, group communication such as multicast is desperately needed because of characteristics such as battery life of limited wireless bandwidth and mobile nodes. However, the multicast technique can have different efficient of data transmission according to configuring method of a virtual topology by the movement of the nodes and the performance of a multicast can be significantly degraded. In this paper, the region based security multicast technique is proposed in order to increase the efficiency of data transmission by maintaining an optimal path and enhance the security features in data transmission. The group management node that manages the state information of the member nodes after the whole network is separated to area for efficient management of multicast member nodes is used. Member node encrypts using member key for secure data transmission and the security features are strengthened by sending the data after encrypted using group key in group management node. The superiority of the proposed technique in this paper was confirmed through experiments.

• 한국콘텐츠학회논문지
• /
• 제18권8호
• /
• pp.102-108
• /
• 2018

비 보안영역의 외부인터넷과 보안영역의 내부업무망간에 적용된 기존의 망간 자료전송기술을 빌딩시설관리 SCADA시스템 제어망에 그대로 적용할 경우에 다양한 문제들이 도출된다. 기존의 망간 자료전송기술은 모든 데이터를 대상으로 블랙리스트 기반의 보안기법이 적용되기 때문에 고 복잡성 및 고 비용이 수반된다. 하지만, 빌딩시설관리 SCADA제어시스템에서 유통되는 데이터의 특성은 소수의 정형적인 제어 데이터가 반복성과 주기성을 갖기 때문에 이를 대상으로 화이트리스트 기반의 보안기법 적용이 가능하다. 이를 통해서 망간 자료전송에 적용된 보안기술이 단순화되어 저 비용으로 빌딩시설관리 SCADA시스템 제어망 구축이 가능하다. 본 논문에서는 이러한 문제점들을 정리하고 이를 해결하는 방안을 제시하여 빌딩시설관리 SCADA제어시스템에 특화된 빌딩 제어망 구축방안을 제안하였다.

• Journal of Advanced Marine Engineering and Technology
• /
• 제40권10호
• /
• pp.906-915
• /
• 2016

In this study, a network monitoring system, including a secure 460-Network and a 460-Gateway, is designed and developed according with the requirements of the IEC (International Electro-Technical Commission) 61162-460 network standard for the safety and security of networks on board ships. At present, internal or external unauthorized access to or malicious attack on a ship's on board systems are possible threats to the safe operation of a ship's network. To secure the ship's network, a 460-Network was designed and implemented by using a 460-Switch, 460-Nodes, and a 460-Gateway that contains firewalls and a DMZ (Demilitarized Zone) with various application servers. In addition, a 460-firewall was used to block all traffic from unauthorized networks. 460-NMS (Network Monitoring System) is a network-monitoring software application that was developed by using an simple network management protocol (SNMP) SharpNet library with the .Net 4.5 framework and a backhand SQLite database management system, which is used to manage network information. 460-NMS receives network information from a 460-Switch by utilizing SNMP, SNMP Trap, and Syslog. 460-NMS monitors the 460-Network load, traffic flow, current network status, network failure, and unknown devices connected to the network. It notifies the network administrator via alarms, notifications, or warnings in case any network problem occurs. Once developed, 460-NMS was tested both in a laboratory environment and for a real ship network that had been installed by the manufacturer and was confirmed to comply with the IEC 61162-460 requirements. Network safety and security issues onboard ships could be solved by designing a secure 460-Network along with a 460-Gateway and by constantly monitoring the 460-Network according to the requirements of the IEC 61162-460 network standard.

• 한국멀티미디어학회논문지
• /
• 제11권4호
• /
• pp.504-515
• /
• 2008

유선 네트워크의 빠른 전송속도 및 다양한 서비스와 무선의 편리성 및 이동성이 결합되어 새로운 서비스 영역을 창출하고 사용자와 서비스 제공자 모두에게 새로운 변화를 가져올 신기술로 유/무선 통합 시대가 전개되고 있다. 유/무선 통합 서비스 중에서 네트워크의 통합은 이기종 네트워크간 연동에 의한 네트워크 융합과 네트워크상에서 전송기술간 융합으로써 매주 중요한 부분을 차지하고 있다. 이러한 상황 속에서 이기종 네트워크의 융합은 서로 다른 네트워크의 융합으로 인해 기존의 보안 기술 및 통신 기술을 그대로 적용하기가 매우 어려우며, 보안 측면에서도 많은 취약점을 내포하고 있다. 기존의 동종 네트워크에서 사용자의 인증 및 키 관리와는 다르게 이기종 네트워크간의 사용자 인증 및 키 관리는 새로운 기술이 필요한 실정이며 또한 동종 네트워크에서 이기종 디바이스간의 보안 기술 확립은 매우 중요한 사항이라 할 수 있다. 본 논문에서는 이기종 네트워크 환경에서의 안전하고 효율적인 키 관리를 제안하여, 이기종 네트워크 디바이스간의 안전한 통신을 제공 할 수 있다.