• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.782-785
• /
• 2011

최근의 분산 서비스 거부(DDoS) 공격 방법은 점점 더 자동화, 다양화되고 있으며, 단순한 개별 기업에 대한 공격에서부터 국가간의 사이버전쟁으로까지 그 영역이 확대되고 있다. DDoS 공격은 이미 2000 년도 이전부터 발생해온 오래된 공격이고, 이를 방어하기 위한 다양한 DDoS 공격 방어 시스템을 구축하고 있음에도 불구하고 아직까지 이를 효과적으로 차단하지 못하고 있다. 이는 그간 DDoS 공격 방어 시스템이 공격이 시작되었을 때 개개의 공격 패턴을 탐지하고 차단하는 방법으로 발전해 왔기 때문이다. 따라서 좀 더 효과적인 DDoS 공격 대응을 위해 공격 트래픽이 발송되기 전에 클라이언트에서부터 공격에 대응하는 방안이 필요하다. 이에 본 논문에서는 사용자 인증을 통하여 등록된 사용자임을 검증하고, 클라이언트와 인증장비간의 인증을 통해 인증된 사용자의 트래픽만 허용하는 매커니즘을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1413-1416
• /
• 2008

최근 들어 IEEE 802.11 WLAN 서비스에 대한 수요의 증가와 함께 WLAN 환경에서 실시간 멀티미디어 서비스를 이용하려는 사용자의 관심이 날로 증가하고 있다. 그러나 IEEE 802.11i 의 보안 정책은 MS 의 이동이 빈번하게 발생하는 WLAN 환경에서 끊김 없는 실시간 멀티미디어 서비스를 제공하기에는 핸드오프 지연 시간이 너무 길다. 본 논문은 DoS 공격에 취약한 기존 802.11i 에서의 4-way Handshake 를 대체하는 신속하고 효율적인 인증 및 세션키 분배 메커니즘을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1262-1265
• /
• 2007

인터넷 및 디바이스의 발달과 유비쿼터스 환경이 도래함에 따라 모바일 디바이스를 이용하여 서비스를 제공받고자 하는 수요는 급속도로 증가하고 있다. 유비쿼터스 환경에서 모바일 디바이스가 이기종 네트워크로 이동하여 언제, 어디서, 누구에게나 끊김없는 서비스를 제공하기 위해서는 이기종 네트워크간의 통신 및 디바이스간의 데이터 통신이 가능해야 한다. 그러나 동종 네트워크에서의 보안 기술 및 통신 기술로는 이기종 네트워크에 적용했을 때 확장성 및 안전성에 많은 문제가 따른다. 따라서 이기종 네트워크 로밍 환경에서 안전하고 효율적인 인증 메커니즘을 제안하였다.

• The KIPS Transactions:PartC
• /
• v.8C no.1
• /
• pp.75-87
• /
• 2001

The Conditional Access System is the complete system for ensuring that broadcasting services are only accessible to those who are entitled to receive them. Four major parts to this system are scrambling, descrambling, authentication and encryption. For the proper operation, which means hard-to- break and uninterrupted service, secure key management and efficient delivery mechanism are very important design factors to this system. Performance analysis is another important factor to this system that is used in massive subscriber environment. In this thesis, one of the secure and efficient key management mechanisms is proposed. For the secrecy of this mechanism, hierarchical stacking of keys and key generation matrix are proposed. For the proof of efficient delivery of those keys, simulation results and performance analysis. which is based on queuing analysis, are presented. Lastly, optimal key generation and delivery period, maximal and minimal key deliver time, and communication capacity for data collection are presented for various subscriber volume.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.817-820
• /
• 2003

With a great improvement of computers and Network communication skills, we can exchange information quickly. There have been many researches on the subject how to guarantee the information security by security mechanism and cryptography schemes. Nowadays, many people in this area show their interest in money transfer systems between accounts, which can provide a secure mechanism in which people can send money to the legitimate party or person safe. However, we have teamed many ways to distort messages and repudiate the malicious activity in mail systems based on SSL mechanism. It is very likely that important information which must be kept in secret is laid exposed to un_authorized user. Accordingly, to provide stronger security service, researches on electronic payment system which tan guarantee the security characteristics such as confidentiality, integrity, user authentication, Non-repudiation, are strongly needed. In this paper, we analize the characteristics of the previous researches in this field, and also propose a securer electronic payment system based on ECC algorithm.

• The Journal of the Korea Contents Association
• /
• v.8 no.6
• /
• pp.54-65
• /
• 2008

When DDoS attack is achieved, malicious host discovering is more difficult on wireless network than existing wired network environment. Specially, because wireless network is weak on wireless user authentication attack and packet spoofing attack, advanced technology should be studied in reply. Integrated Access Device (IAD) that support VoIP communication facility etc with wireless routing function recently is developed and is distributed widely. IAD is alternating facility that is offered in existent AP. Therefore, advanced traffic classification function and real time attack detection function should be offered in IAD on wireless network environment. System that is presented in this research collects client information of wireless network that connect to IAD using AirSensor. And proposed mechanism also offers function that collects the wireless client's attack packet to monitoring its legality. Also the proposed mechanism classifies and detect the attack packet with W-TMS system that was received to IAD. As a result, it was possible for us to use IAD on wireless network service stably.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.129-141
• /
• 2010

In digital computing environment, for the mal functions in appliances and system errors, the unaccepted intrusion should be occurred. The evidence collecting technology uses the system which was damaged by intruders and that system is used as evidence materials in the court of justice. However the collected evidences are easily modified and damaged in the gathering evidence process, the evidence analysis process and in the court. That’s why we have to prove the evidence’s integrity to be valuably used in the court. In this paper, we propose a mechanism for securing the reliability and the integrity of digital evidence that can properly support the Computer Forensics. The proposed mechanism shares and manages the digital evidence through mutual authenticating the damaged system, evidence collecting system, evidence managing system and the court(TTP: Trusted Third Party) and provides a secure access control model to establish the secure evidence management policy which assures that the collected evidence has the corresponded legal effect.

• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.654-662
• /
• 2002

As the Internet technology becomes a major information infrastructure, an emerging problem is the tremendous increase of malicious computer intrusions. The present Intrusion Detection System (IDS) serves a useful purpose for detecting such intrusions, but the current situation requires more active response mechanism other than simple detection. This paper describes a multi-agent based tracing system against the intruders when the system is attacked. The focus of the study lies on the secure communication mechanism for the agent message communication. We have extended parameters on the KQML protocol, and apt)lied the public key encryption approach, The limitation might be the requirements of two-way authentication for every communication through the broker agent. This model ma)r not improve the efficiency, but it provides a concrete secure communication. Also this is one important factor to protect the agent and the tracing server during the tracing process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.81-92
• /
• 2009

Recently, there is a drastic increase in users interested in real-time multimedia services in the WLAN environment, as the demand of IEEE 802.11 WLAN-based services increases. However, the handoff delay based on 802.11i security policy is not acceptable for the seamless real-time multimedia services provided to MS frequently moving in the WLAN environment, and there is a possibility of DoS attacks against session key derivation process and handoff mechanism. In this paper, a secure and efficient handoff mechanism in the centralized WLAN environment is introduced to solve the security problems. The 4-way Handshake for both mutual authentication and session key derivation is replaced by the 2-way Reassociation process.

• Journal of Digital Contents Society
• /
• v.19 no.4
• /
• pp.837-844
• /
• 2018

Recently, the cloud technology has made dynamical network changes by enabling the construction of a logical network without building a physical network. Despite recent research on the cloud, it is necessary to study security functions for the identification of fake virtual network functions and the encryption of communication between entities. Because the VNFs are open to subscribers and able to implement service directly, which can make them an attack target. In this paper, we propose a virtual public key infrastructure mechanism that detects a fake VNFs and guarantees data security through mutual authentication between VNFs. To evaluate the virtual PKI, we built a management and orchestration environment to test the performance of authentication and key generation for data security. And we test the detection of a distributed denial of service by using several AI algorithms to enhance the security in NFV.