• Journal of Advanced Marine Engineering and Technology
• /
• v.40 no.10
• /
• pp.906-915
• /
• 2016

In this study, a network monitoring system, including a secure 460-Network and a 460-Gateway, is designed and developed according with the requirements of the IEC (International Electro-Technical Commission) 61162-460 network standard for the safety and security of networks on board ships. At present, internal or external unauthorized access to or malicious attack on a ship's on board systems are possible threats to the safe operation of a ship's network. To secure the ship's network, a 460-Network was designed and implemented by using a 460-Switch, 460-Nodes, and a 460-Gateway that contains firewalls and a DMZ (Demilitarized Zone) with various application servers. In addition, a 460-firewall was used to block all traffic from unauthorized networks. 460-NMS (Network Monitoring System) is a network-monitoring software application that was developed by using an simple network management protocol (SNMP) SharpNet library with the .Net 4.5 framework and a backhand SQLite database management system, which is used to manage network information. 460-NMS receives network information from a 460-Switch by utilizing SNMP, SNMP Trap, and Syslog. 460-NMS monitors the 460-Network load, traffic flow, current network status, network failure, and unknown devices connected to the network. It notifies the network administrator via alarms, notifications, or warnings in case any network problem occurs. Once developed, 460-NMS was tested both in a laboratory environment and for a real ship network that had been installed by the manufacturer and was confirmed to comply with the IEC 61162-460 requirements. Network safety and security issues onboard ships could be solved by designing a secure 460-Network along with a 460-Gateway and by constantly monitoring the 460-Network according to the requirements of the IEC 61162-460 network standard.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.871-874
• /
• 2011

The fast emerging of network technology and the high demand of computing resources have prompted many organizations to outsource their storage and computing needs. Cloud based storage services such as Microsoft's Azure and Amazon's S3 allow customers to store and retrieve any amount of data, at anytime from anywhere via internet. The scalable and dynamic of the cloud storage services help their customer to reduce IT administration and maintenance costs. No doubt, cloud based storage services brought a lot of benefits to its customer by significantly reducing cost through optimization increased operating and economic efficiencies. However without appropriate security and privacy solution in place, it could become major issues to the organization. As data get produced, transferred and stored at off premise and multi tenant cloud based storage, it becomes vulnerable to unauthorized disclosure and unauthorized modification. An attacker able to change or modify data while data inflight or when data is stored on disk, so it is very important to secure data during its entire life-cycle. The traditional cryptography primitives for the purpose of data security protection cannot be directly adopted due to user's lose control of data under off premises cloud server. Secondly cloud based storage is not just a third party data warehouse, the data stored in cloud are frequently update by the users and lastly cloud computing is running in a simultaneous, cooperated and distributed manner. In our proposed mechanism we protect the integrity, authentication and confidentiality of cloud based data with the encrypt- then-upload concept. We modified and applied proxy re-encryption protocol in our proposed scheme. The whole process does not reveal the clear data to any third party including the cloud provider at any stage, this helps to make sure only the authorized user who own corresponding token able to access the data as well as preventing data from being shared without any permission from data owner. Besides, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data, our scheme also protect the data integrity by using hash function.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.4
• /
• pp.42-50
• /
• 2009

Ubiquitous computing technology is widely used in not only our everyday lives but also in education, medical care, military, environment and administration. RFID system, the basis of ubiquitous, is in the spotlight which can be an alternative solution of a bar code recognition system and magnetic system as they basically have practicality and security issues. An electronic authentication named smart-key system is recently concerned by an alternative solution of the security unit for an automobile. RFID system which has a general purpose is also in the limelight by an application technology. In this paper we designed vehicle smart key system with general-propose RFID system that is already in use. First, we designed control unit and RFID card reader for vehicle smart key system. Then we propose an algorithm and prove that the vehicle key system is controllable by showing the result of implementing and testing, after installing. Also security level is enlarged by proposing a authentication protocol between RFID reader and control unit.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.7
• /
• pp.1831-1853
• /
• 2012

By sending periodically short bursts of traffic to reduce legit transmission control protocol (TCP) traffic, the low-rate denial of service (LDoS) attacks are hard to be detected and may endanger covertly a network for a long period. Traditionally, LDoS detecting methods mainly concentrate on the attack stream with feature matching, and only a limited number of attack patterns can be detected off-line with high cost. Recent researches divert focus from the attack stream to the traffic anomalies induced by LDoS attacks, which can detect more kinds of attacks with higher efficiency. However, the limited number of abnormal characteristics and the inadequacy of judgment rules may cause wrong decision in some particular situations. In this paper, we address the problem of detecting LDoS attacks and present a scheme based on the fluctuant features of legit TCP and acknowledgment (ACK) traffic. In the scheme, we define judgment criteria which used to identify LDoS attacks in real time at an optimal detection cost. We evaluate the performance of our strategy in real-world network topologies. Simulations results clearly demonstrate the superiority of the method proposed in detecting LDoS attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.5B
• /
• pp.549-556
• /
• 2011

In this paper, high performance radio buoy system for inshore and deep sea fishery is proposed and implemented. Binary FSK modulation technique is used for real-time communication & control between buoys and buoy finder, and optimum access protocol is adopted for minimizing the power consumption of radio buoy system. Using the GPS and sensor techniques, location and environments of radio buoy can be accurately monitored and traced by the mother ship. Developed buoy system with 10 W transmitting power can cover over 120km coastal range and operate more than 73 days of battery life. Proposed digital coding methods can also assure high security from burglary and loss.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.7
• /
• pp.1721-1736
• /
• 2013

Black and gray hole attack is one kind of routing disturbing attacks and can bring great damage to the network. As a result, an efficient algorithm to detect black and gray attack is important. This paper demonstrate an adaptive approach to detecting black and gray hole attacks in ad hoc network based on a cross layer design. In network layer, we proposed a path-based method to overhear the next hop's action. This scheme does not send out extra control packets and saves the system resources of the detecting node. In MAC layer, a collision rate reporting system is established to estimate dynamic detecting threshold so as to lower the false positive rate under high network overload. We choose DSR protocol to test our algorithm and ns-2 as our simulation tool. Our experiment result verifies our theory: the average detection rate is above 90% and the false positive rate is below 10%. Moreover, the adaptive threshold strategy contributes to decrease the false positive rate.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.1
• /
• pp.49-56
• /
• 2004

With the growing usage of the networks, the users in the Internet uses some kinds of web server. They confused that each web server uses the different user ID and passwords. To solve these problems, SSO (Single Sign-On) solution is introduced. We presents the modeling methods which are efficiently constructed the network management models. We constructed the intrusion detection systems and firewalls using the SSO. This architecture is efficient to manage the network usage and control. SSO solution designed on the small scale Intranet. CA server in the 550 that depends on PKI (Public Key Infrastructure) is used to issue the certificates. SHTTP based on SSL (Secure Socket Layer) is used to protect the data between certificate server and the intranet users.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.8B
• /
• pp.755-761
• /
• 2004

Currently, Wireless LAN(WLAN) service is widely deployed to provide high speed wireless Internet access through the mobile stations such as notebook and PDA. To provide enhanced security and user access control in the public WLAN area, WLAM access points should have the capability of IEEE 802.1x-based user authentication and authorization functionality. In this paper, we provide a brief understanding of IEEE 802. 1x standards and related protocols likeEAPoL(Extended Authentication Protocol Over LAN), EAP, RADIUS and describe how the IEEE 802.1x is designed and implemented in our embedded linux-based WLAN AP which is named i-WiNG.(Intelligent Wireless Internet Gateway).

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.846-864
• /
• 2017

Software Defined Network (SDN) realizes management and control over the underlying forwarding device, along with acquisition and analysis of network topology and flow characters through south bridge protocol. Data path Identification (DPID) is the unique identity for managing the underlying device, so forged DPID can be used to attack the link of underlying forwarding devices, as well as carry out DoS over the upper-level controller. This paper proposes a dynamic defense method based on Client-Puzzle model, in which the controller achieves dynamic management over requests from forwarding devices through generating questions with multi-level difficulty. This method can rapidly reduce network load, and at the same time separate attack flow from legal flow, enabling the controller to provide continuous service for legal visit. We conduct experiments on open-source SDN controllers like Fluid and Ryu, the result of which verifies feasibility of this defense method. The experimental result also shows that when cost of controller and forwarding device increases by about 2%-5%, the cost of attacker's CPU increases by near 90%, which greatly raises the attack difficulty for attackers.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.33-38
• /
• 2015

Cloud storage server do not detect duplication of conventionally encrypted data. To solve this problem, Convergent Encryption has been proposed. Recently, various client-side deduplication technology has been proposed. However, this propositions still cannot solve the security problem. In this paper, we suggest a secure source-based deduplication technology, which encrypt data to ensure the confidentiality of sensitive data and apply proofs of ownership protocol to control access to the data, from curious cloud server and malicious user.