• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10c
• /
• pp.307-309
• /
• 2004

본 논문에서는 차세대 OVPN(Optical Virtual Private Network)에서 제어 프로토콜인 LMP(Link Management Protocol)를 IPsec(If Security Protocol)을 사용하여 보안성을 제공하는 메커니즘의 문제점을 제시한다. 그리고 이에 대한 해결책으로, IPsec를 사용하지 않고 보안성을 제공하면서 빠른 속도로 처리되는 확장된 LMP 메커니즘을 제안한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.1
• /
• pp.65-73
• /
• 2006

Network based VPN(Virtual Private Network) using MPLS(Multiprotocol Label Switching) technology, called PE(Provider Edge router) based MPLS VPN, is regarded as a good solution for intranets or ext3nets because of the low cost and the flexibility of the service provision. In this paper, we describe a mechanism that allows the VPN users to move from one site to another site of the VPN network based on the BGP-E MPLS technology. This mechanism is designed for PE(Provider Edge) routers of the backbone network. PE routers connected to the VPN sites establish a new MPLS path to the mobile node after they detect movement of the mobile VPN node. The new location may belong to the same VPN or to different VPN. We desisted VPN management and control functions of the PE routers in order to interface with the Mobile IP protocol and support the QoS mechanism. The pilot implementation and performance measurement were carried out on a simulation using COVERS tool.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.3
• /
• pp.91-98
• /
• 2021

In most hacking attacks, hackers tend to access target systems in a variety of circumvent connection methods to hide their original IP. Therefore, finding the attacker's IP(Internet Protocol) from the defender's point of view is one of important issue to recognize hackers. If an attacker uses a proxy, original IP can be obtained through a program other than web browser in attacker's computer. Unfortunately, this method has no effect on the connection through VPN(Virtual Private Network), because VPN affects all applications. In an academic domain, various IP traceback methods using network equipments such as routers have been studied, but it is very difficult to be realized due to various problems including standardization and privacy. To overcome this limitation, this paper proposes a practical way to use client's network configuration temporarily until it can detect original IP. The proposed method does not only restrict usage of network, but also does not violate any privacy. We implemented and verified the proposed method in real internet with various VPN tools.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.125-136
• /
• 2011

The vulnerabilities existed in Korean electricity control systems is unexposed because it is being operated in a closed network with superior security. The threat will become greater once the closed network develops into a smart grid environment with superior intelligence. Security will have a greater impact once each household will be connected to the power plant via the smart meter. This research focuses on stable data transfer in harsh external environment and whole-nation coverage network, and suggested standardized and optimized Virtual Private Network (VPN) Gateway architecture to support Power Line Communication (PLC). The functionality and stability of the prototype has been verified with field tests. For implementation of outdoor type VPN device for smart grid, we adopted PLC low voltage remote-meter-net for data communication. Also, IPSec type tunneling and ARIA algorithm based encryption of data collected by PLC low voltage remote meter is transmitted.

• Proceedings of the KIEE Conference
• /
• 2003.11c
• /
• pp.701-704
• /
• 2003

The home network system of ubiquitous computing concept is changing present our home life as more comfortable and safe. Also, it permits that we can connect the home network system and control the appliance which is linked to the home network system without limitation in time and place. But, as other systems that use the public network like the Internet, remote control/monitoring of the home network system that use the Internet includes problems such as user's access which is not admitted and information changing. This paper presents the efficient solution about the security problem that is recognized to important problem of the home network system. Also this paper implements the security of the home network system based on the UPnP (Universal Plug and Play), adding VPN (Virtual Private Network) router that uses the IPsec to the home network system which is consisted of the ARM9 and the Embedded Linux.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.27-37
• /
• 2022

Virtual private network (VPN) services are used in various environments related to national security, such as defense companies and defense-related institutions where digital communication environment technologies are diversified and access to network use is increasing. However, the number of cyber attacks that target vulnerable points of the VPN has annually increased through technological advancement. Thus, this study identified security requirements by performing STRIDE threat modeling to prevent potential and new vulnerable points that can occur in the VPN. STRIDE threat modeling classifies threats into six categories to systematically identify threats. To apply the proposed security requirements, this study analyzed functions of the VPN and formed a data flow diagram in the VPN service process. Then, it collected threats that can take place in the VPN and analyzed the STRIDE threat model based on data of the collected threats. The data flow diagram in the VPN service process, which was established by this study, included 96 STRIDE threats. This study formed a threat scenario to analyze attack routes of the classified threats and derived 30 security requirements for each element of the VPN based on the formed scenario. This study has significance in that it presented a security guideline for enhancing security stability of the VPN used in facilities that require high-level security, such as the Ministry of National Defense (MND).

• Journal of Internet Computing and Services
• /
• v.13 no.3
• /
• pp.31-47
• /
• 2012

The mobile Virtual Private Network (MVPN) of Internet Engineering Task Force (IETF) is not designed to support NEwork MObility (NEMO) and is not suitable for real-time applications. Therefore, an architecture and protocol which supports VPN in NEMO are needed. In this paper, we proposed the cost-reduced secure mobility management scheme (CR-SeMMS) which is designed for real-time applications in conjunction with VPN and also which is based on the session initiation protocol (SIP). Our scheme is to support MVPN in NEMO, so that the session is well maintained while the entire network is moved. Further, in order to reduce the authentication delay time which considers as a delaying factor in hands-off operations, the signaling time which occurs to maintain the session is shortened through proposing the hands-off scheme adopting an authentication method based on HMAC based One Time Password (HOTP). Finally, our simulation results show the improvement of the average hands-off performance time between our proposed scheme and the existing schemes.

• Proceedings of the Korea Contents Association Conference
• /
• 2007.11a
• /
• pp.140-145
• /
• 2007

The Lambda Networking is emerging to provide the high bandwidth stably for advanced applications such as a large file transfer in High Energy Physics and an Uncompressed HDTV streaming. The User Controlled LightPath(UCLP) is a software to facilitate the Lambda Networking. The UCLP is scalable as using Web Services to define and manage network resources. In this paper, we describe how we deployed the UCLP into KREONet2 and GLORIAD-KR. We also present that the original UCLP creates only a link-level APN due to a SONET technology. As employing a Virtual LAN (VLAN) of the layer2 technology in the UCLP, we can efficiently create a network-level APN.

• The Journal of Engineering Research
• /
• v.5 no.1
• /
• pp.45-55
• /
• 2004

NAT (Network Address Translation) is an IP address modification protocol that translates private IP address into authentic Internet address. The main features of NAT are to improve network security and to save IP address. Generally speaking, in order to perform its functionality, NAT uses the address information in the packet header. Certain application protocols, however, use the information in the packet data as well as the information in the packet header to perform end-to-end communication. Therefore, to support these types of application protocols, NAT should be able to perform appropriate translation of protocol information in the packet data. In this thesis, we design and implement a method which translates virtual IP information in the packet date into real IP information by using port proxy server.

• 한국IT서비스학회:학술대회논문집
• /
• 2006.11a
• /
• pp.366-371
• /
• 2006

To compensate the loss of leased-line subscribers and the excessive increase of residential xDSL (Digital Subscriber Line) ones of KT (Korea Telecom), the paper proposes the service model by which it can reinstate the subscription ratio status through employing next generation OSS (Operations Support System) and highquality MPLS (Multiprotocol Label Switching) VPN (Virtual Private Network). It also describes diverse modules comprising NeOSS (New OSS) of KT, followed by detailed accounts regarding the service delivery process of KT VPN. Shortly visited are the primary constituents as well as configuration parameters of MPLS VPN. Finally the network topology along with a feasible service model case is presented.