• Electronics and Telecommunications Trends
• /
• v.20 no.2 s.92
• /
• pp.83-92
• /
• 2005

유비쿼터스 환경의 현실화와 일반화의 시발점인 홈 네트워크 기술은 PC와 노트북, 프린터, 냉장고, DTV, 오디오/비디오를 포함하는 댁내의 모든 가전기기들을 하나의 네트워크로 연결함으로써 사용자가 언제 어디에 있든 인터넷을 이용하여 댁내의 상황을 모니터링하고 모든 기기들을 제어할 수 있게 해주는 기술이다. 현재 대부분의 기업들은 각자 회사의 네트워크를 보호하기 위하여 방화벽(firewall)이나 침입탐지시스템(intrusion detection system) 및 가상 사설망(virtual private network) 등의 방어책을 응용하고 있지만, 홈 네트워크는 기업과 비교하여 규모면에서나 보안 기술에 대한 고려 및 응용이 활발하지 않다. 이러한 다양한 보안 정책은 다가올 유비쿼터스 홈 네트워크 환경에서의 중추적 역할을 해야 될 홈 서버의 중요한 역할 중 하나이다. 따라서 본 문서의 유비쿼터스 홈 네트워크 환경에서 홈 서버의 보안 요구사항 및 구현방안들을 살펴 본다.

• Journal of information and communication convergence engineering
• /
• v.1 no.1
• /
• pp.48-52
• /
• 2003

A cost efficient IPSec Accelerator board utilizing a crypto chip and an entry-level Linux PC for the high performance VPN is presented in this paper. The IPIP (IP-over-IP tunneling) processing, encryption & decryption processing, HASH processing, and the integrity test functions of IPSec are processed in the IPSec Accelerator board. The proposed IPSec Accelerator has demonstrated successful execution of the required functions of the IPSec packet processing and verified its performance by processing the IPSec packets at the rate of over 1 Gbps.

• Journal of KIISE:Information Networking
• /
• v.29 no.1
• /
• pp.31-39
• /
• 2002

The VPN(Virtual Private Network) is a private network constructed logically on a public network infrastructure. There have been numerous studies to support the VPN services by using different technologies such as IP in IP, GRE, L2TP, MPLS and so on. Among these technologies, MPLS has shown many merits in aspects of QoS, security, and management, compared with other technologies. As an enhancement of the VPN that is controlled by MPLS PE(Provider Edge) routers, this paper presents the VPN controlled by MPLS CE(Customer Edge) routers. The functional architecture of the CE based VPN and operations of the CE routers are described along with the performance comparison of CE based MPLS VPN. It has been shown that the CE based VPN has more advantages than PE based VPN with respect to independency, scalability, security, and complexity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.3
• /
• pp.3-12
• /
• 2001

In this course of Internet proliferation, many network-related technologies are examined for possible growth and evolution. The use of Internet-based technologies is private networks has further fuelled the demand for network-based applications. The most promising among the new paradigms is the use of mobile agents. The mobile agent is capable of migrating autonomously form node to node in the network, to perform some computations on behalf of the user. The mobile agent paradigm is attractive alternative to traditional client-server programming for a significant class of network-centric applications. It does however, suffer. from a major drawback namely, the potential for malicious attacks, abuse of resources, pilfering of information, and other security issues. These issues are significantly hampering the acceptance of the mobile-agent paradigm. This paper describes the design of a secure mobile agent gateway 7hat can split and merge the agent code with security policy database on the VPN. This mechanism will promote security in the mobile agent systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.5
• /
• pp.1871-1890
• /
• 2021

The transition toward a contactless society has been rapidly progressing owing to the recent COVID-19 pandemic. As a result, the IT environment of organizations and enterprises is changing rapidly; in particular, data security is expanding to the private sector. To adapt to these changes, organizations and companies have started to securely transfer confidential data to residential PCs and personally owned devices of employees working from home or from other locations. Therefore, organizations and companies are introducing streaming data services, such as the virtual desktop infrastructure (VDI) or cloud services, to securely connect internal and external networks. These methods have the advantage of providing data without the need to download to a third terminal; however, while the data are being streamed, attacks such as screen shooting or capturing are performed. Therefore, there is an increasing interest in prevention techniques against screen capture threats that may occur in a contactless environment. In this study, we analyze possible screen capture methods in a PC and a mobile phone environment and present techniques that can protect the screens against specific attack methods. The detection and defense for screen capture of PC applications on Windows OS and Mac OS could be solved with a single agent using our proposed techniques. Screen capture of mobile devices can be prevented by applying our proposed techniques on Android and iOS.

• Journal of KIISE:Information Networking
• /
• v.33 no.3
• /
• pp.277-287
• /
• 2006

Most of the existing broadband access networks based on DSL, cable modem, and Ethernet support the best-effort internet access service, and adopt the flat rate pricing mechanism. It is almost impossible to provide the differentiated communication services, in current broadband access networks, for the different users and/or the different application services. Currently, however, the advances in multimedia, communication, and security technologies push the interactive and/or streaming multimedia services and VPN services to be widely deployed over Internet, and they require more QoS-sensitive services than the best-effort service. Though various QoS technologies such as RSVP-based IntServ and DiffSern were already developed and under standardization in Internet world, it is impractical to replace the existing QoS-unaware access networks with the QoS-enabled ones at a time to deploy QoS-sensitive services. In this paper, after analyzing current broadband access network architectures and the status of QoS support, we propose a practical approach to support multimedia QoS in the broadband access networks. The approach will be based on the integration of the differentiated pricing and the DiffServ technology. And it will be a step-wise approach to support backward compatibility with the legacy broadband access networks as much as possible.

• Journal of KIISE:Information Networking
• /
• v.34 no.5
• /
• pp.348-359
• /
• 2007

The conventional mobile VPN services assumed the mobile communications occur between the MN in foreign networks and the CN in the home network. However, if a MN wants to communicate with another MN in a foreign network, it could degrade the performance of the mobile VPN service because of the triangular routing problem. In this paper, we propose a route optimization mechanism based on the mobile VPN using an x-HA allocated by diameter MIP in order to support the efficient communication between the mobile VPN users in foreign networks. The i-HA maintains the VPN-TIA as well as the x-HoA as the CoAs to solve the security problem and to provide an efficient route optimization simultaneously. Moreover, we proposed revised IPSec tunnel configuration to reduce the IPSec tunnel overheads at a MN when the MN communicates with several MNs in the foreign networks at the same time. The VPN server, a security management entity in the home network, notifies an additional IPSec tunnel establishment between the x-HAs where the communication peers are registered. The simulation result showed that the proposed scheme decreases the end-to-end packet delay time and improves the throughput after the handoff compared to the existing mechanism.

• The KIPS Transactions:PartC
• /
• v.9C no.1
• /
• pp.123-134
• /
• 2002

The requirement for QoS (Quality of Service) has become an important Issue as real-time or high bandwidth services are increasing, such as Internet Telephony, Internet broadcasting, and multimedia service etc. In order to guarantee the QoS of Internet application services, several approaches are being sought including IntServ (Integrated Service) DiffServ(Differentiated Srvices), and MPLS(Multi-Protocol Label Switching). In this paper, we describe the performance analysis of QoS guarantee mechanism using the DiffServ. To analyze how the DiffServ performance was affected by diverse input traffic models and the weight value in WFQ(Weighted Fair Queueing), we simulated and performed performance evaluation under a random, bursty, and self-similar input traffic models and for diverse input parameters. leased on the results of performance analysis, it was confirmed that significant difference exist in packet delay and loss depending on the input traffic models used. However, it was revealed that QoS guarantee is possible to the EF (expedited Forwarding) class and the service separation between RF and BE (Best Effort) classes may also be achieved. Next, we discussed the performance synthesis problem. (i. e. derived the conservation laws for a DiffServ networks, and analysed the performance variation and dynamic behavior based on the resource allocation (i.e., weight value) in WFQ.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.6
• /
• pp.1449-1454
• /
• 2015

Virtualization lacks capabilities for enabling the application to scale efficiently because of new applications components which are raised to be configured on demand. In this paper, we propose an architecture that affords mobile app based on nomadic smartphone using not only mobile cloud computing-cloudlet architecture but also a dedicated platform that relies on using virtual private mobile networks to provide reliable connectivity through LTE(Long Term Evolution) wireless communication. The design architecture lies with how the cloudlet host discovers service and sends out the cloudlet IP and port while locating the user mobile device. We demonstrate the effectiveness of the proposed architecture by implementing an android application responsible of real time analysis by using a vehicle to applications smartphone interface approach that considers the smartphone to act as a remote users which passes driver inputs and delivers outputs from external applications.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.5
• /
• pp.1097-1103
• /
• 2015

In order to build network infrastructure to implement the aforementioned advantages enabling smart device users to work anywhere, professional support and expensive VPN devices are required. This is a barrier to supplying VPN devices to small and medium-sized institutes. To address this issue, this study aims to implement OpenVPN, OpenSSH and iproute based on the OpenWRT platform which is an embedded OS for open networks in affordable open wired/wireless gateway H/W platforms to support the inter-network VPN. In addition, the network environment can be maintained optimal by applying a "multi-queuing real-time traffic shaping technology" to VPN tunnels, although channel quality changes.