• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1586-1589
• /
• 2005

GUMF (Global User Management Framework) that is proposed in this research can be applied to next generation network such as BcN (Broadband convergence Network), it is QoS guaranteed security framework for user that can solve present Internet's security vulnerability. GUMF offers anonymity for user of service and use the user's real-name or ID for management of service and it is technology that can realize secure QoS. GUMF needs management framework, UMS (User Management System), VNC (Virtual Network Controller) etc. UMS consists of root UMS in country dimension and Local UMS in each site dimension. VNC is network security equipment including VPN, QoS and security functions etc., and it achieves the QoSS (Quality of Security Service) and CLS(Communication Level Switching) functions. GUMF can offer safety in bandwidth consumption attacks such as worm propagation and DoS/DDoS, IP spoofing attack, and current most attack such as abusing of private information because it can offer the different QoS guaranteed network according to user's grades. User's grades are divided by 4 levels from Level 0 to Level 3, and user's security service level is decided according to level of the private information. Level 3 users that offer bio-information can receive secure network service that privacy is guaranteed. Therefore, GUMF that is proposed in this research can offer profit model to ISP and NSP, and can be utilized by strategy for secure u-Korea realization.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2089-2092
• /
• 2003

홈 네트워킹 기술을 이용하면 가정내의 각각의 기기를 연결하고, 인터넷에 동시에 접속할 수 있다. 뿐만 아니라 홈 네트워킹 기술로 연결된 가정 기기들은 상호운용이 가능하며 인터넷을 통해 외부에서도 가정내의 기기를 제어할 수 있다. 그러나 이러한 외부로부터의 제어 가능성으로 인하여 홈 네트워크에 대한 접근 및 제어에 대한 인증의 필요성이 대두되었을 뿐만 아니라 전자상거래의 증가 및 VPN을 이용한 자택근무의 증가로 인하여 홈 네트워크의 보안도 중요한 관리요소에 포함되었다. 본 논문에서는 흠 네트워크 보안 및 관리를 위한 홈 네트워크 관제 센터의 구조 및 설계에 대하여 기술한다. 기존의 흠 게이트웨이에 집중되었던 흠 네트워크 관리기능과 방화벽이나 사용자 인증 등의 보안 기능을 홈 네트워크 관제 센터로 이동함으로써 보안관리의 편리성 제공 및 홈 게이트웨이의 부하를 줄일 수 있을 뿐만 아니라 좀 더 완벽한 홈 네트워크 보안을 제공할 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.33-46
• /
• 2000

IPsec is a protocol suite to protect the data communication between computers on internet and many VPNs(Virtual Private Networks) use IPsec protocol. IKE protocol is used to exchange keys in IPsec. Formal analysis method is used increasingly in computer science to increase the reliability of a system. In this paper, the IKE protocol is analyzed formally. This paper shows that IKE with Authentication with Signature and Authentication with Pre-Shared Key is safe, but Authentication with Public Key Encryption and A Revised Method of Authentication with Public Key Encryption are safe only with the assumption that a participant has the correct public key of the correspondent. To make sure that a participant has the correct public key of the correspondent, the usage of certificate is recommended.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.1-7
• /
• 2004

The growth of incidents on the Internet has reflected growth of the internet itself and growth of the computing Power. while in Previous years, external attacks tended to originate from those interested trend in exploring the Internet for its own sake and testing their skills, there is an increasing trend towards intrusions motivated by financial, Political, and military objectives. so, attacks on the nation's computer infrastructures are becoming an increasingly serious problem. Even though the problem is ubiquitious, government agencies are particularly appealing targets and they tend to be more willing to reveal such events than commercial organizations. The threat of damage made necessity of security's recognition, as a result, many researches have been carried out into security of system actively. Intrusion Detection technology is detection of intrusion using audit data differently from using traditional simple filtering and informs manager of it. It has security manager of system deal with the intrusion more quickly. but, cause current environment of Internet manager can't doing response Intrusion alert immediately That's why IPS needed. IPS can response automatically the intrusion alert. so, manager is more comfortable and can response quickly.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.4B
• /
• pp.444-454
• /
• 2004

To support diverse transmission requirements of multimedia applications, Quality of Service (QoS) should be provided in the Internet, where only the best-effort service is available. In this paper, we describe our recent effort on the implementation and verification of an extendable and flexible QoS allocation and resource management system based on the bandwidth broker model for realizing the IETF differentiated service (DiffServ). Focusing on the bandwidth issue over single administrative domain, the implemented system provides real-time resource reservation and allocation, delayed call admission control, simple QoS negotiation between sewer and users, and simple resource monitoring. The implemented system is verified by evaluating the performance of a resource-intensive application over the real-world testbed network.

• Convergence Security Journal
• /
• v.5 no.2
• /
• pp.51-56
• /
• 2005

Service operating management to keep stable and effective environment according as user increase and network environment of the Internet become complex gradually and requirements of offered service and user become various is felt constraint gradually. To solve this problem, invasion confrontation system through proposed this log analysis can be consisted as search of log file that is XML's advantage storing log file by XML form is easy and fast, and can have advantage log files of system analyze unification and manages according to structure anger of data. Also, created log file by Internet Protocol Address sort by do log and by Port number sort do log, invasion type sort log file and comparative analysis created in other invasion feeler system because change sort to various form such as do log by do logarithm, feeler time possible.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.5
• /
• pp.195-201
• /
• 2013

The government has invested much budget for 5years to do the Smart-education and operate digital textbook services since 2011. The private enterprises also decided to focus on constructing Smart learning system by investing much budget. If these systems are constructed nationwide and therefore can access to cyber university by using smart devices, we can reduce the information gap and study online lectures to get a grade whenever, whoever and wherever we want to. However, these convenient systems can cause serious problems like falsifying grades by hacking if security systems are weak. In this paper, we formulated cyber university which is secured in terms of security. For this, we simulated the smart-learning system which strengthened the security, considering code algorithm and encryption technique.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.7
• /
• pp.73-80
• /
• 2009

Internet accidents have skyrocketed every year. It always has been threatened by the methods such as hacking and Spyware. The majority of security accident is formed of the loss of authentication information, and the internal user who is not authorized. The importance of security is also emphasized when someone tries to do something accessing to the main information system. Accordingly, Biometrics has been used in many ways. OTP, however, must have a few devices accessing to several systems, and Biometrics involve some risk of mis-recognition rate and mis-denial rate. It also has the risk possible to access to the main information system when losing OTP. This research reduced risks about the loss as separating RFID leader for mobile, Tag and the accessor's cellular phone, and is about pseudo random validation key generated from the administration system through contact with RFID leader for mobile and Tag. As sending the key to user's cell phone which is already registered, security is strengthened more than existing connection methods through the ID and password. RFID for mobile not generalized to the present has been studied as a tool accessing to the main information system.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.21-26
• /
• 2004

The growth of incidents on the Internet has reflected growth of the internet itself and growth of the computing power. while in previous years, external attacks tended to originate from those interested trend in exploring the Internet for its own sake and testing their skills, there is an increasing trend towards intrusions motivated by financial, political, and military objectives. so, attacks on the nation's computer infrastructures are becoming an increasingly serious problem. Even though the problem is ubiquitious, government agencies are particularly appealing targets and they tend to be more willing to reveal such events than commercial organizations. The threat of damage made necessity of security's recognition, as a result, many researches have been carried out into security of system actively. Intrusion Detection technology is detection of intrusion using audit data differently from using traditional simple filtering and informs manager of it. It has security manager of system deal with the intrusion more quickly. but, cause current environment of Internet manager can't doing response Intrusion alert immediately. That's why IPS needed. IPS can response automatically the intrusion alert. so, manager is more comfortable and can response quickly.

• Journal of Aerospace System Engineering
• /
• v.13 no.4
• /
• pp.1-9
• /
• 2019

Integration of satellites with diverse missions, such as broadcast-communication, earth, meteorologicaland marine observations, and navigation, is vulnerable. The problems of the currently constructed ground station network were analyzed by constructing the test environment. Based on this, we designed a network that was capable of operating multiple satellites by one ground station. In addition, we proposed an interface and network configuration method with domestic and foreign ground stations. The network linking the domestic and foreign ground stations was composed of KREONET (Korea Research Environment Open Network) and GLORIAD (Global Ring Network for Advanced Application Development) of the KISTI(Korea Institute of Science and Technology Information). The internal network consists of VPN (Virtual Private Network), DMZ(De-Militarized Zone), and 1-way USB and so forth. By constructing the network by using the proposed method, harmful data, such as virus inflow and infection, can be blocked.