• Title/Summary/Keyword: VPNs and IPSec

Search Result 8, Processing Time 0.028 seconds

IPSec VPNs vs. SSL VPNs

  • 윤재호;권태경;천동현;임선간
    • Review of KIISC
    • /
    • v.13 no.5
    • /
    • pp.24-30
    • /
    • 2003
  • 인터넷을 비롯한 대부분의 패킷스위칭 네트워크는 IP(Internet Protocol)을 기반으로 하고 있다. 그러나, IP는 기본적으로 보안에 취약하게 설계되어 보안이 필요한 통신에 사용하는데는 어려움이 있다. IPSec(IP Security)은 IP 트래픽에 대한 이러한 보안문제를 극복하기 위해 생겨났으며, 방화벽과 결합된 형태로 가장 널리 쓰이고 있는 VPN(Virtual Private Network) 제품의 하나이다. 그러나 IPSec의 문제점이 대두되고, Web-based Service가 영역을 넓혀가면서 기존의 웹보안프로토콜인 SSL이 VPN의 새로운 형식으로 나타나고 있다. 본 고에서는 IPSec VPN과 SSL VPN의 차이점의 분석하여 정리하고자 한다.

Implementing Cipher APIs in Inter IXP 2400

  • Lee, Sang-Su;Han, Min-Ho;Kim, Jeong-Nyeo
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2005.06a
    • /
    • pp.374-376
    • /
    • 2005
  • In this paper, we presented our implementation of 3DES and HMAC-MD5 processing functionality in Intel? IXP 2400 platform. It can be used as encryption and authentication engine for VPNs such as IPsec and SSL.

  • PDF

Security Gateway Extension Mechanism for Session Recovery in Virtual Private Network (가상 사설망에서의 세션 복구 서비스를 위한 Security Gateway 확장 메커니즘)

  • Kim, Jeong-Beom;Lee, Yun-Jung;Park, Nam-Sub;Kim, Tai-Yun
    • Journal of KIISE:Information Networking
    • /
    • v.29 no.1
    • /
    • pp.77-85
    • /
    • 2002
  • The surge in use of networks has recently increased demands for cryptography. Cryptography, however, can cause various problems because of difficulty of key management. A lot of researchers have been concentrating on the key recovery technique to eliminate the reverse effect of using these kinds of security and to promote positive aspects of using it. They have suggested many key recovery techniques up to the present. we propose a mechanism as a solution, which are employed to reduce the time needed to reconnect SG and the host in Host-to-Gateway in VPNs supporting IPsec, in case they are disconnected. This new mechanism using KRFSH stores information at each session in advance so that users can recall the session information when needed to rebuild the tunnel between SG and the host in a VPN. As a result, the mechanism built into SG will solve the problems above in host-to-gateway VPNs using IPsec.

Analysis of the IPsec Internet Key Exchange (IKE) Protocol (IPsec의 키 교환 방식에 대한 안전성 분석)

  • 주한규
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.10 no.4
    • /
    • pp.33-46
    • /
    • 2000
  • IPsec is a protocol suite to protect the data communication between computers on internet and many VPNs(Virtual Private Networks) use IPsec protocol. IKE protocol is used to exchange keys in IPsec. Formal analysis method is used increasingly in computer science to increase the reliability of a system. In this paper, the IKE protocol is analyzed formally. This paper shows that IKE with Authentication with Signature and Authentication with Pre-Shared Key is safe, but Authentication with Public Key Encryption and A Revised Method of Authentication with Public Key Encryption are safe only with the assumption that a participant has the correct public key of the correspondent. To make sure that a participant has the correct public key of the correspondent, the usage of certificate is recommended.

Hash Function Processor Using Resource Sharing for IPSec Chip

  • Kang, Young-Kyu;Kim, Dae-Won;Kwon, Taek-Won;Park, Jun-Rim
    • Proceedings of the IEEK Conference
    • /
    • 2002.07b
    • /
    • pp.951-954
    • /
    • 2002
  • This paper presents the implementation of hash functions for IPSEC chip. There is an increasing interest in high-speed cryptographic accelerators for IPSec applications such as VPNs (virtual private networks). Because diverse algorithms are used in Internet, various hash algorithms are required for IPSec chip. Therefore, we implemented SHA-1, HAS-160 and MD5 in one chip. These hash algorithms are designed to reduce the number of gates. SHA-1 module is combined with HAS-160 module. As the result, the required logic elements are reduced by 27%. These hash algorithms have been implemented using Altera's EP20K1000EBC652-3 with PCI bus interface.

  • PDF

IPsec VPN Encrypted Packet Analysis Method for Contents Auditing (콘텐츠 감사를 위한 IPsec VPN 패킷 분석 기술 연구)

  • Junghyung Park;Jaenam Yoon;Jaecheol Ryou
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.1
    • /
    • pp.41-52
    • /
    • 2024
  • Security audits of IPsec VPNs are crucial for identifying vulnerabilities caused by implementation flaws or misconfigurations, as well as investigating incidents. Nevertheless, auditing IPsec VPN presents noteworthy challenge due to the encryptiong of network contents which ensere confidentiality, integrity, authentications and more. Some researchers have suggested using man-in-the-middle(MITM) techniques to overcome this challenge. MITM techniques require direct participation in the network and prior knowledge of the pre-shared key for authentication. This causes temporary network disconnection for security audits, and it is impossible to analyse data collected before the audit. In this paper, we present an analysis technique aimed at ensuring network continuity without relying on a specific IPsec VPN topologies or authentication method. Therefore, it is anticipated that this approach will be effective, practical and adaptable for conducting IPsec VPN security

Wireless LAN Security Solutions for Secure Wireless Communications

  • Kim, Su-Yong;Ahn, Duck-Ki;Roh, Jae-Sung;Oh, Chang-Reon;Cho, Sung-Joon
    • Journal of information and communication convergence engineering
    • /
    • v.1 no.4
    • /
    • pp.183-188
    • /
    • 2003
  • The $4^{th}$ generation mobile communications, through several radio access networks such as WLAN, Bluetooth, UMTS, GPRS, CDMA 1X, and IMT-2000 in the same area offering different type of coverage, will support interactive multimedia services in additions to wider bandwidths, higher bit rates, and service portability. Regardless of various radio access networks, they will also support robust security mechanisms, as well as seamless mobility and common authentication. In this paper, we give an overview of WLAN security and examine its security problems. We also explain the enhanced security schemes, such as port-based authentication, EAP, and IEEE 802.1X. For secure wireless communications, several possible security solutions are offered and evaluated in various respects to improve WLAN security. This paper will make a contribution to provide more secure wireless communications to cellular operators embracing WLAN technology as a means to generate new revenues based on data services.

Cascade Perimeter Defence Model in Multiple VPN Environment (다중 VPN 환경에서의 분산 Perimeter defence 모델에 관한 연구)

  • Lim, Hyung-J.;Kim, Tae-Kyung;Chung, Tai-M.
    • The KIPS Transactions:PartC
    • /
    • v.11C no.1
    • /
    • pp.81-88
    • /
    • 2004
  • This paper analyzed the proper methods to solve the security problems of establishing trust zone which is changed by security policy in large scale networks containing multiple VPNs. Therefore, we surveyed the vulnerability of VPN technologies, it analyzed various models suitable for trust zone. By simulations of various models, we Propose the cascade perimeter defence policy model having the neit as such an efficient transit cost and the strictly isolation for trust tone. This model can protect the trust zone from the public network by dividing the trust Tone according to each VPN group and it shows the better transit performance by cascading the position of perimeter defence policy.