• Annual Conference of KIPS
• /
• 2003.11c
• /
• pp.1775-1778
• /
• 2003

최근 인터넷과 네트워크 환경의 발달로 인한 전자상거래의 활성화는, 전송되는 정보의 기밀성과 무결성을 제공하기 위해 암호 기술을 요구한다. 이러한 암호 기술의 안전성은 암호학적 키에 의존하며, 사용자의 수가 증가함에 따라 안전하고 효율적인 키 관리 모델의 필요성이 대두되고 있다. 본 논문에서는 일반적인 공개키 기반구조(PKI : Public Key Infrastructure)기반 키 관리 시스템에서 키 관리 서버에 집중되어 있는 서비스들을 Proxy 서버에 분산함으로써 키 관리 서버의 과부하 및 통신량을 줄일 수 있는 효율적인 키 관리 모델을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.661-670
• /
• 2023

With the emergence of serverless computing paradigm and the innovations of cloud technology, the structure of backend server infrastructure has evolved from on-premises to container-based serverless computing. However, an access control on the server still heavily relies on the traditional SSH protocol, which poses limitations in terms of security and scalability. This hampers user convenience and productivity in managing server infrastructure. A web shell is an interface that allows easy access to servers and execution of commands from any device with a web browser. While hackers often use it to exploit vulnerabilities in servers, we pay attention to the high portability of web shell technology for server management. This study proposes a novel proxy-based server management framework utilizing web shell technology. Our evaluation demonstrates that the proposed framework addresses the drawbacks of SSH without additional overhead, and efficiently operates large-scale infrastructures in diverse computing environments.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.287-294
• /
• 2003

Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.

• Journal of Information Technology Services
• /
• v.8 no.1
• /
• pp.165-177
• /
• 2009

This paper reviews diverse IP mobility and fast handover mechanisms for seamless Internet services. Especially, fast handover mechanisms for the Proxy Mobile IPv6( PMIPv6) are categorized according to their approaches. Then, a new fast handover PMIPv6(FH-PMIPv6) mechanism is proposed using only L3 signaling message exchange. In the proposed FH-PMIPv6 mechanism, only local mobility anchor(LMA) exchanges L3 signaling messages with mobility access gateways(MAGs) for the fast handover operation. That is, inter-MAG signalling messages are not required for the fast handover operation. Therefore, unlike existing fast handover mechanisms, two relevant neighbouring MAGs need not set up the security association(SA) to protect fast handover related signaling messages and share SA related information. Moreover, the L3 triggering message is defined newly by standard ICMPv6 to trigger promptly the proposed mechanism. Analysis and comparison of the handover latency are performed for the proposed mechanism and existing mechanisms, which shows that the proposed FH-PMIPv6 mechanism has the favorable performance.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.4 s.42
• /
• pp.155-164
• /
• 2006

VoIP technology is Eight New Services among Ubiquitous-IT839 strategies. This paper tested wiretapping or VoIP service in connected a soft phone and LAN and WAN sections, Internet telephones and a device. IP PBX, a banner operator network to have been connected to VoIP Internet network. As a result of having experimented on wiretapping of VoIP networks, Vulnerability was found. and a wiretapping by attacks of a hacker was succeeded in a terminal and proxy and attachment points of a VoIP network like a hub to follow a CVE list. Currently applied a security plan of an each wiretapping section in viewpoints of 6 security function of Access Control. Confidentiality, Authentication. Availability, Integrity. Non-repudiation in VoIP networks named to 070. Prevented wiretapping of contents by the results, the AES encryption that executed wiretapping experiment about a packet after application of a security plan. Prevented wiretapping, and kept security and audit log. and were able to accomplish VoIP information protection to network monitoring and audit log by an access interception and qualification and message hash functions and use of an incoming refusal.

• The Journal of the Korea Contents Association
• /
• v.10 no.1
• /
• pp.46-58
• /
• 2010

The user valence of VoIP services with SIP protocol is increasing rapidly because of cheap communication cost and its conveniency. But attacker can easily modify the packet contents of SIP protocol as SIP header is transmitted by using UDP methods in text form. The reason is that SIP protocols does not provide an authentication function on the transmission session. Therefore, existing SIP protocol is very weak on SIP Packet Flooding attack etc. In order to solve like this kinds of SIP vulnerabilities, we used SIP status codes under the monitoring module for detecting SIP Flooding attacks and additionally proposed an advanced protocol where the authentication and security function is strengthened about SIP packet. We managed SIP session spontaneously in order to strengthen security with SIP authentication function and to solve the vulnerability of SIP protocol. The proposed mechanism can securely send SIP packet to solves the security vulnerability with minimum traffic transmission. Also service delay in SIP proxy servers will be minimized to solve the overload problem on SIP proxy server.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.571-574
• /
• 2002

Lenstra와 Verheul에 의해 주장된 XTR은 짧은 키 길이와 빠른 연산 속도의 장점을 가지고 있기 때문에 복잡한 연산에 유용하게 사용될 수 있다. 또한 본 서명자의 부재시 위임 서명자가 대신 서명할 수 있는 대리 서명은 본 서명자가 대리 서명시 사용 될 비밀 정보를 생성하여 대리 서명자에게 전송한다. 대리 서명자는 전송된 비밀 정보의 유용성을 판별한 후 유용하다면 이 정보를 사용하여 서명하게 된다. 이러한 대리 서명 과정에서 발생하는 연산들은 XTR을 이용하여 속도의 향상을 가져올 수 있고, 짧은 키 길이로 동일한 안정성을 가진다. 따라서 유선에서 뿐만 아니라 무선에서도 효율성을 가질 수 있다.

• The KIPS Transactions:PartD
• /
• v.10D no.1
• /
• pp.153-160
• /
• 2003

Recently, deployments of firewalls and NATs ire increasing to provide network security features or to solve the problem of public IP shortage. But, in these environments, peers in different firewall or NAT environments may get limited services because they cannot open direct communicate channels. This can be a significant problem in pure P2P environments where the peers should get or provide services by opening direct channels among themselves. In this paper, we propose a scheme for dynamically selecting a peer that fan be used as a proxy server. The proxy server supports the communication between the peers in different firewall or NAT environments. The proposed scheme is operating system independent and supports bidirectional communication among the peers in P2P environments. Additionally, the proposed scheme can distribute network traffic by dynamically allocating proxy servers to the peers that is not located in the firewall or NAT environments.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.37-48
• /
• 2008

VoIP service is a transmission of voice data using SIP protocol on IP based network, The SIP protocol has many advantages such as providing IP based voice communication and multimedia service with cheap communication cost and so on. Therefore the SIP protocol spread out very quickly. But, SIP protocol exposes new forms of vulnerabilities on malicious attacks such as Message Flooding attack and protocol parsing attack. And it also suffers threats from many existing vulnerabilities like on IP based protocol. In this paper, we propose a new Virtual Proxy Server system in front of the existed Proxy Server for anomaly detection of SIP attack and stateful management of SIP session with enhanced security. Based on stateful virtual proxy server, out solution shows promising SIP Message Flooding attack verification and detection performance with minimized latency on SIP packet transmission.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.79-82
• /
• 2006

다중 사용자 환경에서 안전한 대리서명을 설계하는 연구의 하나로, threshold 서명 방식을 대리서명에 적용한 threshold 대리서명 기법들이 최근 많이 제안되고 있다. Xue와 Cao가 2004년 발표한 threshold 대리서명 기법은 Hsu-Wu 자체인증 공개키 방식 (Self-certified public key)을 기반으로 설계된 것으로 WISA 2005, CISC 2005, ICCSA 2006에서 각각 다른 취약성이 밝혀진 바 있다. 특히 CISC 2005, ICCSA 2006에서는 각각의 공격방법에 내성을 가질 수 있도록 Xue-Cao 기법을 개선하는 방안을 같이 제시하였다. 본 논문에서는 이러한 개선안이 적용된 Xue-Cao 기법에 대해 두 가지 종류의 원서명자 위조 공격이 가능함을 보인다. 하나는 Hsu-Wu 자체인증 공개키 방식의 취약성을 이용하는 것이고 다른 하나는 Xue-Cao 기법의 서명 생성 방식의 취약성에 기반한 것이다. 이러한 공격을 통해 개선된 Xue-Cao 기법 또한 대리자 보호, 부인방지와 같은 안전성 조건을 만족하지 않음을 확인한다.