• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.1-13
• /
• 2012

This study aims to analyze actual conditions of the present national defense information network operation, the structure and management of the system, communication lines, security equipments for the lines, the management of network and software, stored data and transferred data and even general vulnerable factors of our army tactical C4I system. Out of them, by carrying out an extensive analysis of the army tactical C4I system, likely to be the core of future information warfare, this study suggested plans adaptive to better information security, based on the vulnerable factors provided. Firstly, by suggesting various information security factor technologies, such as VPN (virtual private network), IPDS (intrusion prevention & detection system) and firewall system against virus and malicious software as well as security operation systems and validation programs, this study provided plans to improve the network, hardware (computer security), communication lines (communication security). Secondly, to prepare against hacking warfare which has been a social issue recently, this study suggested plans to establish countermeasures to increase the efficiency of the army tactical C4I system by investigating possible threats through an analysis of hacking techniques. Thirdly, to establish a more rational and efficient national defense information security system, this study provided a foundation by suggesting several priority factors, such as information security-related institutions and regulations and organization alignment and supplementation. On the basis of the results above, this study came to the following conclusion. To establish a successful information security system, it is essential to compose and operate an efficient 'Integrated Security System' that can detect and promptly cope with intrusion behaviors in real time through various different-type security systems and sustain the component information properly by analyzing intrusion-related information.

• Journal of KIISE:Computing Practices and Letters
• /
• v.5 no.6
• /
• pp.782-792
• /
• 1999

효과적인 ATM 망의 관리는 연결 지향 환경, 다양한 서비스 등급, 대규모 트래픽, 가상 망 구성 그리고 여러가지 트래픽 유형 등과 같은 다양한 ATM 특성을 다룰 수 있어야만 한다. 이를 위해 ATM 포럼에서는 ATM 장치, 사설망, 공중망 및 그들간의 상호작용을 지원하기 위한 ATM 망 관리 참조 모델을 정의하였으며, 그 중 하나가 서로 다른 판매자로부터의 ATM 장비들간의 상호동작성을 보장하기 위해 SNMP 기반 망 관리 프로토콜을 통해 상호 연결된 인터페이스를 관리할 수 있도록 정의된 통합 지역 관리 인터페이스(ILMI) 프로토콜이다. ILMI의 목적은 두 인접한 ATM 장치로 하여금 그들 간에 공통의 ATM 링크에 대한 동작 파라메타를 자동적으로 구성할 수 있도록 함으로서, 관리자에 의해 수동 구성이 아닌 ATM 장치 상호간의 플러그 앤 플러그 기능을 지원하는데 있다. 본 논문에서는 이러한 ILMI 기술을 바탕으로 공중망 ATM 교환기에 연결된 가입자의 물리 인터페이스, ATM 계층 인터페이스, VPC 및 VCC의 구성 및 상태 정보를 효율적으로 관리하며, 가입자 시스템의 ATM 주소를 자동으로 등록, 관리할 수 있도록 하는 가입자 인터페이스 관리 시스템(SIMS)을 설계하고, 구현하였다. Abstract An effective ATM management must address the various features of ATM such as connection-oriented environment, varying class of service, large scale traffic, virtual network configurations and, and multiple traffic types. For this, ATM network management reference model defined by ATM Forum describes the various types of network management needed to support ATM devices, private networks, public networks, and the interaction between them. One of these types is Integrated Local Management Interface (ILMI) defined to manage interconnected interface through SNMP-based network management protocol for ensuring the interoperability of ATM devices from different vendors. The purpose of ILMI is to enable two adjacent ATM devices to automatically configure the operation parameters of the common ATM link between them and then to provide a Plug and Plug function to any ATM devices with not a passive configuration by manager but a automatic configuration. This paper design and implement a Subscriber Interface Management System (SIMS) which provide automatic registration and management of ATM address of subscriber system and efficiently manages physical interface of subscriber who is connected to public ATM switch, ATM layer interface, configuration information and status information of VPC and VCC.

• Journal of KIISE:Information Networking
• /
• v.34 no.5
• /
• pp.348-359
• /
• 2007

The conventional mobile VPN services assumed the mobile communications occur between the MN in foreign networks and the CN in the home network. However, if a MN wants to communicate with another MN in a foreign network, it could degrade the performance of the mobile VPN service because of the triangular routing problem. In this paper, we propose a route optimization mechanism based on the mobile VPN using an x-HA allocated by diameter MIP in order to support the efficient communication between the mobile VPN users in foreign networks. The i-HA maintains the VPN-TIA as well as the x-HoA as the CoAs to solve the security problem and to provide an efficient route optimization simultaneously. Moreover, we proposed revised IPSec tunnel configuration to reduce the IPSec tunnel overheads at a MN when the MN communicates with several MNs in the foreign networks at the same time. The VPN server, a security management entity in the home network, notifies an additional IPSec tunnel establishment between the x-HAs where the communication peers are registered. The simulation result showed that the proposed scheme decreases the end-to-end packet delay time and improves the throughput after the handoff compared to the existing mechanism.

• Journal of the Korean Society for information Management
• /
• v.19 no.1
• /
• pp.23-46
• /
• 2002

With explosively increasing digital contents, library and Information center should have a new role between knowledge providers and knowledge users as information brokering organization. Electronic transaction system should be required for performing this brokering service since economic value is added to information and knowledge in information society. The developments and changes around library are keeping up with increasing building digital library and digitalizing printed sources. With the rapidly changing circumstances, the Internet is currently witnessing an explosive growth. By serving as a virtual information resource. the Internet can dramatically change the way business is conducted and Information is provided. However because of features o( the Internet like openness and information sharing, it has fundamental vulnerabilities in security issues. For Instance, disclosure of private information and line eavesdropping such as password, banking account, transaction data on network and so on are primary obstruction factors to activation of digital contents delivery on network. For high network security and authentication, this paper looks at smart card technologies and proposes multi-authentication protocol based on smart card on open network, implements and analyzes it.

• Korean Security Journal
• /
• no.61
• /
• pp.59-85
• /
• 2019

In the reality that the boundary between the real world and the virtual world disappears with the 4th Industrial Revolution, cyber crimes that occur beyond time and space have clear limitations in fulfilling their duties only with the police force of government organizations established under the real law system. The research method of this thesis is based on the literature research and the experience of security work. The purpose of this paper is to establish a social system where collective intelligence of each social field can participate voluntarily to respond to cyber crimes occurring beyond the time and space before the law and institutionalization. In addition, the social system in which collective intelligence in each social sector can participate voluntarily was established to define crime types in cyberspace in real time and to prevent crimes defined by the people themselves and the counter-measures had been proposed in order to form social consensus. First, it is necessary to establish a collective intelligent network-type cyberpolice volunteer system. The organization consists of professors of security and security related departments at universities nationwide, retired public officials from the National Intelligence Service, the National Police Agency, and the National Emergency Management Agency, security companies and the organizations, civilian investigators, security & guard, firefighting, police, transportation, intelligence, security, national security, and research experts. Second, private sector regulation should be established newly under the Security Business Act. Third, the safety guard of the collective intelligent cyberpolice volunteer system for the stability of the people's lives should strengthen volunteer work. Fourth, research lessons and legal countermeasures against cybercrime in advanced countries should be introduced. Fifth, the Act on the Protection of Personal Information, the Act on Promotion of Information and Communication Network Utilization and Information Protection, the Act on the Utilization and Protection of Credit Information, and the Special Act on the Materials and Parts Industry should be amended. Sixth, police officers should develop cybercrime awareness skills for proactive prevention activities.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.3B
• /
• pp.339-348
• /
• 2004

Packet classification is an important factor to support various services such as QoS guarantee and VPN for users in Internet. Packet classification is a searching process for best matching rule on rule tables by employing multi-field such as source address, protocol, and port number as well as destination address in If header. In this paper, we propose hardware based packet classification algorithm by employing tree bitmap of multi-bit trio. We divided prefixes of searching fields and rule into multi-bit stride, and perform a rule searching with multi-bit of fixed size. The proposed scheme can reduce the access times taking for rule search by employing indexing key in a fixed size of upper bits of rule prefixes. We also employ a marker prefixes in order to remove backtracking during searching a rule. In this paper, we generate two dimensional random rule set of source address and destination address using routing tables provided by IPMA Project, and compare its memory usages and performance.

• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.747-754
• /
• 2004

Today, wireless LANs are widely deployed in various places such as corporate office conference rooms, industrial warehouses, Internet-ready classrooms, etc. However, new concerns have been raised regarding suity. Currently, both virtual private network(VPN) and WEP are used together as a strong authentication mechanism. While security is increased by using VPN and WEP together, unnecessary redundancy occurs causing power consumption increase and authentication speed decrease in the authentication process. In this paper a new synchronization protocol for authentication is proposed which allows simple authentication, minimal power consumption at the mobile station, and high utilization of authentication stream. This is achieved by using one bit per a frame authentication, while main authentication process including synchronization is handled by access points. Computer simulation reveals that the proposed scheme significantly improves the authentication efficiency in terms of the number of authenticated frames and authentication speed compared with an earlier protocol employing a similar authentication approach.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.4B
• /
• pp.298-305
• /
• 2003

In this paper, we proposed a high performance lookup controller for IP packet forwarding engine of ATM based label edge routers. The lookup controller is designed to provide services such as MPLS, VPN, ELL, and RT services as well as the best effort. For high speed searching for IP addresses, we employed a TCAM based hardware search device not using traditional algorithmic approaches. We also implement lookup control functions into FPGA for fast processing of packet header and lookup control. The proposed lookup controller is designed to support differenciated services for users and to process in pipelined mechanism for performance improvement. A two-step search scheme is also applied to perform lookup for the key combined with multi-field of packet header. We found that the proposed lookup controller provides the performance of about 16M packets per second through simulations.

• Journal of KIISE:Information Networking
• /
• v.33 no.3
• /
• pp.277-287
• /
• 2006

Most of the existing broadband access networks based on DSL, cable modem, and Ethernet support the best-effort internet access service, and adopt the flat rate pricing mechanism. It is almost impossible to provide the differentiated communication services, in current broadband access networks, for the different users and/or the different application services. Currently, however, the advances in multimedia, communication, and security technologies push the interactive and/or streaming multimedia services and VPN services to be widely deployed over Internet, and they require more QoS-sensitive services than the best-effort service. Though various QoS technologies such as RSVP-based IntServ and DiffSern were already developed and under standardization in Internet world, it is impractical to replace the existing QoS-unaware access networks with the QoS-enabled ones at a time to deploy QoS-sensitive services. In this paper, after analyzing current broadband access network architectures and the status of QoS support, we propose a practical approach to support multimedia QoS in the broadband access networks. The approach will be based on the integration of the differentiated pricing and the DiffServ technology. And it will be a step-wise approach to support backward compatibility with the legacy broadband access networks as much as possible.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.585-600
• /
• 2012

Security issues in online games are increasing as the online game industry grows. Real money trading (RMT) by online game users has become a security issue in several countries including Korea because RMT is related to criminal activities such as money laundering or tax evasion. RMT-related activities are done by professional work forces, namely gold-farmers, and many of them employ the automated program, bot, to gain cyber asset in a quick and efficient way. Online game companies try to prevent the activities of gold-farmers using game bots detection algorithm and block their accounts or IP addresses. However, game bot detection algorithm can detect a part of gold-farmer's network and IP address blocking also can be detoured easily by using the virtual private server or IP spoofing. In this paper, we propose a method to detect gold-farmer groups by analyzing their connection patterns to the online game servers, particularly information on their routing and source locations. We verified that the proposed method can reveal gold-farmers' group effectively by analyzing real data from the famous MMORPG.