• Annual Conference of KIPS
• /
• 2011.04a
• /
• pp.844-847
• /
• 2011

Wireless mesh network (WMN) is a type of mobile ad-hoc network consists of wireless router, mobile clients and gateway which connects the network with the Internet. To provide security in the network it is required to encrypt the message sent among the communicating nodes in such way so that only legitimate user can retrieve the original data. Several security mechanisms have been proposed so far to enhance the security of WMN. However, there still exists a need for a comprehensive mechanism to prevent attacks in data communication. Considering the characteristic of mesh network, in this paper we proposed a public key cryptography based security architecture to establish a secure key agreement among communicating nodes in mesh network. The proposed security architecture consists of two major sections: client data protection and network data protection. Client data protection deals with the mutual authentication between the client and the access router and provide client to access router encryption for data confidentiality using standard IEEE 802.11i protocol. On the other hand, network data protection ensures encrypted routing and data transfer in the multi hop backbone network. For the network data protection, we used the pre-distributed public key to form a secure backbone infrastructure.

• Journal of the Optical Society of Korea
• /
• v.20 no.3
• /
• pp.335-342
• /
• 2016

We demonstrate an optical asynchronous transfer mode/wavelength division multiplexing (OATM/WDM) optical access network, using a router based on an optical header decoder to conduct next-generation communications. The router consists of a decoder or hardware analysis processing of the header bit and switches. The router in the OATM/WDM optical access network is a key technology by which to satisfy subscribers’ requests, including reliability, cost efficiency, high speed, large-capacity transmission, and elevated information security. In this study, we carry out experiments in which a header decoder delivers to 16 and 32 subscribers with a single wavelength in the router. These experiments confirm the decoder’s successful operation via hardware using 4 and 5 header bits. We propose that this system may significantly contribute toward the realization of an optical access network that provides high-quality service to subscribers of next-generation communications.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.43-50
• /
• 2007

Electric quantity of sensor nodes is extremely limited, and the battery replacement is very difficult in wireless sensor networks. This paper proposes analytic model on energy loss in different route structure, which it is based upon the data-centric storage and the directed diffusion is energy consumption in the wireless sensor network.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.76-78
• /
• 2005

네트워크 인프라가 확대되면서 보안에 대한 중요성도 더불어 커지고 있으며, 또한 보안 게이트웨이에 대한 관심도 증가하고 있다. 본 논문에서는 소프트웨어 라우터인 Click Modular Router를 이용하여 게이트웨이에서 비정상 트래픽을 제거하는 필터링 기능과 내부 네트워크 정보를 은닉하는 기능물 제공하기 위한 트래픽 처리 구조를 제안한다.

• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.41-48
• /
• 2009

Distributed denial of service attack detection for more development and research is underway. The method of using statistical techniques, the normal packets and abnormal packets to identify efficient. In this paper several statistical techniques, using a mix of various offers a way to detect the attack. To verify the effectiveness of the proposed technique, it set packet filtering on router and the proposed DDoS attacks detection method on a Linux router. In result, the proposed technique was detect various attacks and provide normal service mostly.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.1
• /
• pp.37-43
• /
• 2003

The growing Internet business has required the acceleration of the development of security components. There are many different kinds of security components that have been developed in accordance with the appearance of various logs. Therefore, it is important that after the logs are collected they become integrated and need to Once the data from the logs have been collected form the IDS/Firewall/Router logs. It needs to be analyzed and formatted for standardization. This paper suggests designs that the log analyzation system could use in analyzing, detecting, and preventing intrusion in the various systems. Once the data has been analyzed it would be possible to Prevent further intrusion as well as trace the intrusion back to the source.

• Proceedings of the IEEK Conference
• /
• 2006.06a
• /
• pp.7-8
• /
• 2006

F-HMIPv6 is protocol that supports fast handovers for Hierarchical Mobile IPv6. Unlike HMIPv6 (Hierarchical Mobile IPv6), it sends FBU(Fast Binding Update) by predicted Router's Information for a potential handover. But, The current version of this protocol doesn't ensure impeccably between mobile node and router. To make up for the weak points of the security, we propose the architecture for F-HMIPv6 protocol to structurally reinforce the security and improve weak security of among mobile node, MAP(Mobility Anchor Point), and routers for binding update when mobile node conducts handovers.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.454-455
• /
• 2019

IDC is a server-based facility with a stable line and power supply facility that manages 20 to 30 servers in an efficiently separated rack-level subnetwork. Here, we need a way to efficiently manage servers security, firewall, and traffic on a rack-by-rack basis. If three or five kinds of commercial equipment are adopted to support this, it may be a great burden to the management cost as well as the introduction cost. Therefore, in this paper, we propose a method to implement the five functions in one rack-unit small integrated security router. In particular, IDC intends to integrate traffic shaping and IPS, which are essential technologies, and to propose the utility accordingly.

• Journal of KIISE:Information Networking
• /
• v.35 no.4
• /
• pp.345-354
• /
• 2008

Recently, small-scale mobile network which is composed of many mobile devices in a man becomes popular. Also, Examples of large-scale mobile network can be thought access networks deployed on public transportation such as ships, trains and buses. To provide seamless mobility for mobile nodes in this mobile network, binding update messages must be exchanged frequently. However, it incurs network overhead increasingly and decreases energy efficiency of mobile router. If we try to reduce the number of the messages to cope with the problem, it may happen the security -related problems conversely Thus, mobile router needs a effective algorithm to update location information with low cost and to cover security problems. In this paper, mobility management scheme based on mobile router's mobility pattern is proposed. Whenever each mobile router leaves a visiting network, it records related information as moving log. And then it periodically computes mean resident time for all visited network, and saves them in the profile. If each mobile router moves into the visited network hereafter, the number of binding update messages can be reduced since current resident time may be expected based on the profile. At this time, of course, security problems can happen. The problems, however, are solved using key credit, which just sends some keys once. Through extensive experiments, bandwidth usages are measured to compare binding update messages in proposed scheme with that in existing scheme. From the results, we can reduce about 65% of mobility-management-related messages especially when mobile router stays more than 50 minutes in a network. Namely, the proposed scheme improves network usage and energy usage of mobile router by decreasing the number of messages and authorization procedure.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.10a
• /
• pp.499-502
• /
• 2001

FreeS/WAN[l] 은 LINUX 상에서 네트워크 보안 프로토콜표준인 IPSEC을 구현한 공개 S/W이다. 현재 LINUX Project로 수행되고 있으며 1.91 version 까지 나와 있다. 라우터와 라우터간에 IPSEC을 사용하여 통신함으로써 access control, connectionless integrity, data origin authentication, protection against replays, confidentiality의 서비스를 보장받을 수 있고, 또한 이러한 서비스들은 IP 계층에서 제공되기 때문에 IP 계층뿐만 아니라 그 이상의 계층에 대한 보호를 제공한다. [2] 본 논문에서는 LINUX router에 FreeS/WAN IPSEC을 설치하여 Security Gateway를 구성하고, 이 Security Gateway를 통해 전형적인 가상사설망을 구성할 수 있음을 보였다. 양단의 Security Gateway에 설치되어진 FreeS/WAN으로 VPN connection을 설정하고, 인증방법으로 RSA authentication key를 setup 하였다. IPSEC을 통하여 암호화되어진 데이터로 양단의 Gateway 구간에서 보안통신이 이루어짐을 알아본다.