• Title, Summary, Keyword: IPSec

Search Result 258, Processing Time 0.043 seconds

An User Authorization Mechanism using an Attribute Certificate in the IPSec-VPN System (IPSec-VPN 시스템에서의 속성 인증서를 이용한 사용자 접근 제어 방안)

  • 강명희;유황빈
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.5
    • /
    • pp.11-21
    • /
    • 2004
  • To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).

Study on WP-IBE compliant Mobile IPSec (WP-IBE 적용 Mobile IPSec 연구)

  • Choi, Cheong Hyeon
    • Journal of Internet Computing and Services
    • /
    • v.14 no.5
    • /
    • pp.11-26
    • /
    • 2013
  • In the wireless Internet, it is so restrictive to use the IPSec. The MIPv4 IPSec's path cannot include wireless links. That is, the IPSec of the wireless Internet cannot protect an entire path of Host-to-Host connection. Also wireless circumstance keeps a path static during the shorter time, nevertheless, the IKE for IPSec SA agreement requires relatively long delay. The certificate management of IPSec PKI security needs too much burden. This means that IPSec of the wireless Internet is so disadvantageous. Our paper is to construct the Mobile IPSec proper to the wireless Internet which provides the host-to-host transport mode service to protect even wireless links as applying excellent WP-IBE scheme. For this, Mobile IPSec requires a dynamic routing over a path with wireless links. FA Forwarding is a routing method for FA to extend the path to a newly formed wireless link. The FA IPSec SA for FA Forwarding is updated to comply the dynamically extended path using Source Routing based Bind Update. To improve the performance of IPSec, we apply efficient and strong future Identity based Weil Pairing Bilinear Elliptic Curve Cryptography called as WP-IBE scheme. Our paper proposes the modified protocols to apply 6 security-related algorithms of WP-IBE into the Mobile IPSec. Particularly we focus on the protocols to be applied to construct ESP Datagram.

An IPSec Accelerator for the High-performance Virtual Private Networks

  • Ryu, Dae-Hyun;Na, Jong-Whoa;Shin, Seung-Jung;Jang, Seung-Ju;Kim, Jung-Tae
    • Journal of information and communication convergence engineering
    • /
    • v.1 no.1
    • /
    • pp.48-52
    • /
    • 2003
  • A cost efficient IPSec Accelerator board utilizing a crypto chip and an entry-level Linux PC for the high performance VPN is presented in this paper. The IPIP (IP-over-IP tunneling) processing, encryption & decryption processing, HASH processing, and the integrity test functions of IPSec are processed in the IPSec Accelerator board. The proposed IPSec Accelerator has demonstrated successful execution of the required functions of the IPSec packet processing and verified its performance by processing the IPSec packets at the rate of over 1 Gbps.

Issues and Security on IPSec: Survey (IPSec 보안 이슈와 대응 방안)

  • Hong, Sunghyuck
    • Journal of Digital Convergence
    • /
    • v.12 no.8
    • /
    • pp.243-248
    • /
    • 2014
  • IPSec provides two services that are authentication header and Encapsulating Security Payload(ESP). In this research work, security issues on the Internet and the basic concept of IPSec are described. Security issues on the Internet are presented and proposed a possible solution for DDoS attack using IPSec. Therefore, this research will be able to contribute for building secure communication against DDoS attack.

Secure VPN Performance in IP Layers (IP계층에서의 VPN 전송성능에 관한 연구)

  • 임형진;권윤주;정태명
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.26 no.11C
    • /
    • pp.102-112
    • /
    • 2001
  • This paper analyzes Security Performance and Processing Performance to measure performance between nodes by using AH and ESP protocol. IPsec VPN provides application with security service implemented in IP Layer while traffic cost and packet processing time it increased by encryption, decryption and authentication in AH and ESP. We measured overall packet processing time and IPsec module processing time. The result of the efficiency test showed that the factors of influencing electrical transmission efficiency were the size of electrical transmission packets, codes used for tunnelling, authentication functions, CPU velocity of host7, and the embodiment of IPsec; for a high capacity traffic, IPsec transmission was not appropriate, because transmission velocity was delayed by more than ten times in comparison with Non-IPsec.

  • PDF

The Design of The IPSec Association Simplification Scheme by Pre-Association Information Deployment (사전 협약 정보 배포를 이용한 IPSec 협약 간소화 기법의 설계)

  • Kim, Kwang Hyun;Gyeong, Gyehyeon;Zhen, Zhao;Eom, Young Ik
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • /
    • pp.1246-1249
    • /
    • 2007
  • IP(Internet Protocol)프로토콜에 기밀성과 무결성을 지원해 주기 위해 IPSec(IP Security) 프로토콜이 등장하였다. 이러한 IPSec 프로토콜은 안전한 통신채널을 만들기 위해 IKE(Internet Key Exchange) 프로토콜을 사용하고 있지만, IKE 프로토콜에서 이루어지는 협약단계의 복잡성 문제로 인하여 IPSec 프로토콜을 사용 할 수 없는 상황이 생기고 있다. 본 논문은 이러한 상황을 해결하기 위해 협약단계를 간소화 시킨 P-IPSec(이하 Premade IPSec)프로토콜을 제시한다. P-IPSec 프로토콜은 사전정보의 협약단계의 어려움을 줄이기 위해 IPSec 세션 설정에 참여하는 호스트들이 협상을 해야 하는 사전정보를 목적지 호스트에서 결정, 전송하는 방식을 사용하고 있다. P-IPSec 프로토콜은 사전정보 협상과 배포의 복잡성 문제로 인하여 IPSec 통신을 하지 못하는 호스트들에게 IPSec 통신을 할 수 있는 수단을 제공해 준다.

  • PDF

Design of the Security Evaluation System for Internet Secure Connectivity Assurance Platform (인터넷 패킷 보호 보증 플랫폼에서의 보안성 평가 시스템 설계)

  • 김상춘;한근희
    • Journal of KIISE:Information Networking
    • /
    • v.31 no.2
    • /
    • pp.207-216
    • /
    • 2004
  • IPsec protocol has been developed to provide security services to Internet. Recently IPsec is implemented on the various operating systems Hence, it is very important to evaluate the stability of the Ipsec protocol as well as other protocols that provide security services. However, there has been little effort to develop the tools that require to evaluate the stability of IPsec protocols. Therefore, in this paper, we develope the security requirements and suggest a security evaluation system for the Internet packet protection protocols that provide security services at the If level that can be used to check if the security protocols Provide the claimed services correctly This system can be used as debugging tool for developing IPsec based security system.

Design of a Security System to Defeat Abnormal IPSec Traffic in IPv6 Networks (IPv6 환경에서 비정상 IPSec 트래픽 대응 보안 시스템 설계)

  • Kim Ka-Eul;Ko Kwang-Sun;Gyeong Gye-Hyeon;Kang Seong-Goo;Eom Young-Ik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.4
    • /
    • pp.127-138
    • /
    • 2006
  • The IPSec is a basic security mechanism of the IPv6 protocol, which can guarantee an integrity and confidentiality of data that transmit between two corresponding hosts. Also, both data and communication subjects can be authenticated using the IPSec mechanism. However, it is difficult that the IPSec mechanism protects major important network from attacks which transmit mass abnormal IPSec traffic in session-configuration or communication phases. In this paper, we present a design of the security system that can effectively detect and defeat abnormal IPSec traffic, which is encrypted by the ESP extension header, using the IPSec Session and Configuration table without any decryption. This security system is closely based on a multi-tier attack mitigation mechanism which is based on network bandwidth management and aims to counteract DDoS attacks and DoS effects of worm activity.

The Aliasing IPsec Network Mechanism for Solving an Overlapping Network Problem in the IPSec-VPN (IPsec-VPN에서의 네트워크 중복 문제 해결을 위한 IPsec 네트워크 별칭 기법)

  • Park Jaesung;Chun Junho;Jun Moon-Seog
    • Proceedings of the Korean Information Science Society Conference
    • /
    • /
    • pp.160-162
    • /
    • 2005
  • IPsec Tunnel Mode를 이용하여 보안 네트워크를 구축 시, 네트워크 구성이 중복된 경우에는 중복되지 않도록 재구성해야 하는 문제가 있다. 본 논문에서는 IPSec Tunnel Mode 통신을 하고자 하는 두 네트워크가 중복된 경우, IPSec 네트워크 별칭 기법을 통하여, 이전 네트워크의 구성을 변경하지 않고 통신할 수 있는 방안을 제시한다.

  • PDF

IPSec Key Recovery for IKEv2 (IKEv2를 지원하는 IPSec 에서의 키 복구 설계)

  • Rhee, Yoon-Jung;Kim, Chul-Soo;Lee, Bong-Gyu
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.11 no.4
    • /
    • pp.1260-1265
    • /
    • 2010
  • IPSec is the security protocol that do encryption and authentication service to IP messages on network layer of the internet. This paper presents the key recovery mechanism that is applied to IKEv2 of IPSec for mobile communication environments. It results to have compatibility with IPSec and IKEv2, reduce network overhead, and perform key recovery without depending on key escrew agencies or authorized party.