• Proceedings of the Korean Society of Computer Information Conference
• /
• 2022.07a
• /
• pp.629-630
• /
• 2022

본 논문에서는 SSL VPN 장비에서 사용되는 대칭키 교환을 위한 TLS HANDSHAKE 과정 중, 중간자 공격을 방어하기 위한 공유 대칭키를 별도로 주입하는 기능을 개발한다. 일반적으로 TLS 프로토콜은 공격자에 안전하다고 알려져 있으나 TLS 중간자 공격으로 대칭키가 노출될 위험이 존재한다. 또한 양자컴퓨팅의 발전으로 비대칭키 연산 역시 노출될 가능성이 대두되고 있다. 본 논문에서는 이렇한 공격들을 효과적으로 방어 할 수 있는 양자키분배기(QKD)로 부터 넘겨받은 양자키를 TLS HANDSHAKE 과정에 넣어 주어 이 같은 공격에 안전한 시스템을 구축할 수 있도록 구현한다.

• The Transactions of the Korean Institute of Electrical Engineers D
• /
• v.53 no.9
• /
• pp.638-643
• /
• 2004

Middleware enables different networking devices and protocols to inter-operate in ubiquitous home network environments. The UPnP(Universal Plug and Play) middleware, which runs on a PC and is based on the IPv4 protocol, has attracted much interest in the field of home network research since it has versatility The UPnP, however, cannot be easily accessed via the public Internet since the UPnP devices that provide services and the Control Points that control the devices are configured with non-routable local private or Auto IP networks. The critical question is how to access UPnP network via the public Internet. The purpose of this paper is to deal with the non-routability problem in local private and Auto IP networks by improving the conventional Control Point used in UPnP middleware-based home networks. For this purpose, this paper proposes an improved Control Point for accessing and controlling the home network from remote sites via the public Internet, by adding a web server to the conventional Control Point. The improved Control Point is implemented in an embedded GNU/Linux system running on an ARM9 platform. Also this paper implements the security of the home network system based on the UPnP (Universal Plug and Play), adding VPN (Virtual Private Network) router that uses the IPsec to the home network system which is consisted of the ARM9 and the Embedded Linux.

• Journal of the Korea Convergence Society
• /
• v.11 no.10
• /
• pp.37-44
• /
• 2020

Due to the recent COVID 19 pandemic, public institutions are increasingly working from home. Working in public institutions is rapidly changing into a smart work environment where time and space constraints disappear. However, many public institutions currently lack a security model for an efficient smart work environment due to the physical network separation system that separates the Internet network and the business network. Therefore, in this paper, we describe the current limitations for implementing smart work in a physical network separation environment of public institutions, and propose a security model necessary for a work environment to supplement them. As a related study, explain SSL VPN and explain smart work business model through security model research of SDP (Software Defined Perimeter), RDP (Remote Desktop Protocol), and VDI (Virtual Desktop Infrastructure) to overcome the security limitations of SSL VPN. As a result, we intend to propose a security model for a smart work environment suitable for public institutions while complying with the physical network separation security guide.

• Convergence Security Journal
• /
• v.5 no.3
• /
• pp.1-7
• /
• 2005

Today, network is a fragile state in many threat attacks. Especially, the company serviced like internet or e-commerce is exposed to danger and targeted of attacker Therefore, it is realistic that the company use the security solution. It exist various security solution in our school network. For example, Firewall, IDS, VirusWall, VPN, etc. The administrator must manage various security solution. But it is inefficient. Therefore, we need the Management System to controll every security solution. In this paper, we deal with basic contents of security solution to manage the ESM and merits and demerits when use it. Also we suggest method that the Administrator can manage his network more efficiently and systematically by using the ESM in our school network.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.6
• /
• pp.267-273
• /
• 2011

The importance of networking capability is gaining more weight for enterprise business and high-speed Internet access with guaranteed security management is essential to companies. This paper presents a unified network security management solution to support high-speed Internet access, active security management, traffic classification and control. The presented system provides firewall, VPN, intrusion detection, contents filtering, traffic management, QoS management, and history log functions in unified manner implemented in a single appliance device located at the edge of enterprise networks. This will enable cost effective unified network security solution to companies.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.4
• /
• pp.427-434
• /
• 2004

Attacks such as hacking, a virus intimidating a system and a network are increasing recently. However, the existing system security or network management system(NMS) cannot be safe on various threats. Therefore, Firewall, IDS, VPN, LAS(Log Analysis System) establishes security system and has defended a system and a network against a threat. But mutual linkage between security systems was short and cannot prepare an effective correspondence system, and inefficiency was indicated with duplication of security. Therefore, an active security and an Enterprise Security Management came to need. An effective security network was established recently by Enterprise Security Management, Intrusion Tracking, Intrustion Induction. But an internetworking is hard for an enterprise security systems, and a correspondence method cannot be systematic, and it is responded later. Therefore, we proposes the active enterprise security management module that can manage a network safely in this paper.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.3
• /
• pp.131-138
• /
• 2008

This paper designed an Internet Convention e-Portal Information System through an experience and knowledges accumulated in case of information utilization regarding international meeting and conventions in knowledge information societies. Established the Non-stop Cluster system that was the H/W side, L4 and the applied system which was the 3-tier structure and Firewall, VPN, IDS/IPS security control system, S/W side, that utilized the WAS MVC architecture used WAS and a SOA architecture. an ASP EAI function. A user and a manager, designs and constructor, the user efficiency who were an evaluation basis of a Verification commissioner, Ubiquitous evaluated system stability. Information security anger, and evaluated former system and comparison. Therefore is evaluated to the excellent Convention e-Portal Systems that a performance 25.9% improvement consisted of compare with the existing Convention e-Portal Systems, and will contribute so as to be able to carry out-driven enemy role in development of the industrial our country Convention Ubiquitous Internet IT information Industry and International Society Conventions.

• The Journal of the Korea Contents Association
• /
• v.10 no.8
• /
• pp.84-94
• /
• 2010

ESM can do and wishes to investigate ESM software field base technology and investigate ESM software technology, market, standard and evaluation certification trend and develop evaluation model of ESM software that it becomes foundation to protect ESM software effectively that develop quality evaluation model of ESM software in this research by integration security administration system that gather fire wall, IDS, VPN etc. various kind of security solution by one. That is, because reflecting requirement of ESM software, develop evaluation module and proposed evaluation example along with method of exam.

• Journal of KIISE:Information Networking
• /
• v.30 no.2
• /
• pp.270-281
• /
• 2003

ETF made the RFCs of MPLS technologies for providing the QoS of ATM or Frame Relay and the flexibility&scalability of IP on the Internet services. IETF has been expanding MPLS technologies as a common control component for supporting the various switching technologies called GMPLS. Also, IETF has standardized the signaling protocols based on such technologies, such as LDP, CR-LDP and RSVP-TE. ETRI developed the MPLS system based on ATM switch in order to provide more reliable services, differentiated services and value-added services like the VPN and traffic engineering service on the Korea Public Sector network. We are planning on deploying model services and commercial services on that network. This paper explains the basic functions of LDP, design and development of LDP on our system, and compares with LDP development and operation on other MPLS systems made by Cisco, Juniper, Nortel and Riverstone. In conclusion, this paper deduces the future services and applications by LDP through these explanation and comparison.

• Journal of Information Processing Systems
• /
• v.6 no.1
• /
• pp.1-20
• /
• 2010

Due to the convergence of voice, data, and video, today's telecom operators are facing the complexity of service and network management to offer differentiated value-added services that meet customer expectations. Without the operations support of well-developed Business Support System/Operations Support System (BSS/OSS), it is difficult to timely and effectively provide competitive services upon customer request. In this paper, a suite of NGOSS-based Telecom OSS (TOSS) is developed for the support of fulfillment and assurance operations of telecom services and IT services. Four OSS groups, TOSS-P (intelligent service provisioning), TOSS-N (integrated large-scale network management), TOSS-T (trouble handling and resolution), and TOSS-Q (end-to-end service quality management), are organized and integrated following the standard telecom operation processes (i.e., eTOM). We use IPTV and IP-VPN operation scenarios to show how these OSS groups co-work to support daily business operations with the benefits of cost reduction and revenue acceleration.