• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.11-21
• /
• 2004

To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.131-139
• /
• 2012

The cloud storage has the client lend and use the device as a form of service rather than owning it, and thus the client pays the charge for the service that he or she actually uses, making it beneficial over the self-managed data center. When the storage service is provided on public cloud, however, the clients does not have any control over the user data, which brings a problem of violating data confidentiality. In this paper, we propose a gateway that works between the public cloud and the client for the purpose of guaranteeing the confidentiality of user data stored in cloud. The gateway encrypts or decrypts, and then delivers the user data without the client's intervention. In addition, it provides the function of exchanging keys to allow the client to access through another gateway. The proposed idea has been tested on a commercial public cloud and verified to satisfy security and compatibility.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.1493-1496
• /
• 2001

최근, 네트워크의 사용 증가에 따른 보안의 필요성이 대두되어 암호 사용이 급속히 확산되고 있다. 그러나, 암호는 본래 가지고 있는 키 관리의 어려움 때문에 여러 가지 문제가 발생할 수 있다. 이러한 암호의 사용이 야기하는 역기능을 해소하고 순기능을 지향하기 위해 키 복구에 대한 연구가 활발히 진행되고 있으며, 지금까지 많은 키 복구 기술들이 제시되어왔다. 본 논문에서는 IPSec(IP Security)로 구현된 Host-to-Gateway VPN(Virtual Private Network) 환경 하에서 SG(Security Gateway)와 호스트 사이에 연결이 중단되었을 경우 이에 따른 연결 복구에서의 시간적 소모를 줄이기 위한 방안으로 키 복구 기술을 이용한 메커니즘을 제안한다. 키 복구 방식을 기반으로 한 메커니즘은 VPN에서 SG와 호스트 사이의 터널 형성을 위한 세션 정보를 분실할 경우에 대해 세션 정보를 미리 저장해두고, 필요시 이전 연결 상태를 복구 할 수 있다. 제안한 키 복구 메커니즘은 기존 SG를 확장하여, IPSec 기반의 Host-to-Gateway VPN에서 세션 복구에 따른 시간적 지연을 해결한다.

• Journal of Internet Computing and Services
• /
• v.23 no.2
• /
• pp.9-17
• /
• 2022

In this paper, we propose a secure smart home network model and a novel cryptographic protocol called the Smart Home Security Protocol (SHSP). Authentication, key distribution, and encryption functions are properly supported in order to make a smart home secure, and a residential gateway (RG) plays a central role in performing these functions. According to the characteristics of networks and attached devices, we classify smart homes into three different types of sub-networks and these networks are interconnected with one another by the RG. Depending on a sub-network, we use different types of secure schemes to reduce the burden of the process and the delay in devices while it provides proper security functions. The proposed secure smart home model is implemented and verified by using a variety of embedded system environments.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2006.05a
• /
• pp.761-764
• /
• 2006

We have developed a new remote-configurable firewall system that provides secure and easy-to-use access to home-network appliances such as network cameras, PVRs, and home file servers, through the internet. With a simple web browser operation, remote users can dynamically open and close the firewall of the home gateway. The firewall rule creation is based on an authentication of the remote client, and thus only packets from the authorized client can pass through the firewall, we analyses the sorority design for home gateway in ubiquitous surroundings.

• Smart Media Journal
• /
• v.8 no.4
• /
• pp.17-24
• /
• 2019

As IoT technology is widely used in industrial environments, its environmental security issues are becoming more important. In such a context, studies utilizing hardware security functions are being actively carried out. However, previous studies did not consider the performance degradation that occurs when using hardware security functions in IoT environment. Gateway devices that are mainly used in IoT environments are often resource-limited. Utilizing hardware security in such an environment can cause serious performance degradation as the number of IoT devices connected to the gateway increases. Therefore, in this paper, we propose a data classification scheme to efficiently utilize hardware security functions in resource limited environment. We implement a platform with the proposed technique using ARM Trustzone. Performance degradation due to the hardware security functions is measured through experiments on the implemented platform and compared with the performance as of when the proposed technique is applied.

• Journal of Information Processing Systems
• /
• v.5 no.3
• /
• pp.117-130
• /
• 2009

By providing ubiquitous Internet connectivity, wireless networks offer more convenient ways for users to surf the Internet. However, wireless networks encounter more technological challenges than wired networks, such as bandwidth, security problems, and handoff latency. Thus, this paper proposes new technologies to solve these problems. First, a Security Access Gateway (SAG) is proposed to solve the security issue. Originally, mobile terminals were unable to process high security calculations because of their low calculating power. SAG not only offers high calculating power to encrypt the encryption demand of SAG's domain, but also helps mobile terminals to establish a multiple safety tunnel to maintain a secure domain. Second, Robust Header Compression (RoHC) technology is adopted to increase the utilization of bandwidth. Instead of Access Point (AP), Access Gateway (AG) is used to deal with the packet header compression and de-compression from the wireless end. AG's high calculating power is able to reduce the load on AP. In the original architecture, AP has to deal with a large number of demands by header compression/de-compression from mobile terminals. Eventually, wireless networks must offer users "Mobility" and "Roaming". For wireless networks to achieve "Mobility" and "Roaming," we can use Mobile IPv6 (MIPv6) technology. Nevertheless, such technology might cause latency. Furthermore, how the security tunnel and header compression established before the handoff can be used by mobile terminals handoff will be another great challenge. Thus, this paper proposes to solve the problem by using Early Binding Updates (EBU) and Security Access Gateway (SAG) to offer a complete mechanism with low latency, low handoff mechanism calculation, and high security.

• Journal of National Security and Military Science
• /
• s.9
• /
• pp.257-282
• /
• 2011

In this paper, we propose an architecture design of military operation system utilizing cellular networks. The main contribution of this paper is to provide a cost-effective military operation solution for ground forces, which is based on IT(information technology). By employing the cellular phones of officers' and non-commissioned officers' as the tools of operational communication, the proposed system can be constructed in the minimum duration and be built on the four components: command and control system, gateway, security system, and terminal(cell phone). This system is most effective for the warfare of limited area, but the effectiveness does not decrease under the total war covering the whole land of Korea. For the environmental change of near future, expanded architecture is also provided to utilize the functionalities of smart phones.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.11 no.6
• /
• pp.543-548
• /
• 2001

In the case of mobile internet service using WAP it was connected to http protocol using WAP Gateway, So users take increased cost of mobile internet service. And it was generated inner security problem because it watched user information in the WAP Gateway. To solve this problem we use java language Which is independant of platform and low cost and intensely security an downloadable application. Additional , Using socket connection. Wire.Wireless Messaging system(WWMS) will connect real time between PC-Client and Mobile-Client, Mobile-Client and Mobile-Client, and so on. In this paper, as design and implementation of multi-platform wire.wireless messaging use J2Me. It will be foundation do develop various mobile application in the future.

• Journal of Digital Convergence
• /
• v.19 no.10
• /
• pp.287-293
• /
• 2021

Recently, public certificates issued by nationally-recognized certification bodies have been abolished, and internet companies have issued their own common certificates as certification authority. The Electronic Signature Act was amended in a way to assign responsibility to Internet companies. As the use of a joint certificate issued by Internet companies as a certification authority is allowed, it is expected that the fraud damage caused by the theft of public key certificates will increase. We propose an authentication model that can be used in a security gateway that combines PKI with a blockchain with integrity and security. and to evaluate its practicality, we evaluated the security of the authentication model using Sugeno's hierarchical fuzzy integral, an evaluation method that excludes human subjectivity and importance degree using Delphi method by expert group. The blockchain-based joint certificate is expected to be used as a base technology for services that prevent reckless issuance and misuse of public certificates, and secure security and convenience.