• Journal of Internet Computing and Services
• /
• v.14 no.2
• /
• pp.61-71
• /
• 2013

Until now, there have been various studies against Internet worms. Most of intrusion detection and prevention systems against Internet worms use detection rules, but these systems cannot respond to new Internet worms. For this reason, a malicious process control system which uses the fact that Internet worms multicast malicious packets was proposed. However, the greater the number of servers to be protected increases the cost of the malicious process control system, and the probability of detecting Internet worms attacking only some predetermined IP addresses is low. This paper presents a security framework that can reduce the cost of the malicious process control system and increase the probability of detecting Internet worms attacking only some predetermined IP addresses. In the proposed security framework, virtual machines are used to reduce the cost of control servers and unused IP addresses are used to increase the probability of detecting Internet worms attacking only some predetermined IP addresses. Therefore the proposed security framework can effectively respond to a variety of new Internet worms at lower cost.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.143-158
• /
• 2010

The illegal leakage of enterprise digital confidential information will threaten the enterprise with bankruptcy. Today since most small-and-medium companies have no capability to fight against illegally compromising their critically confidential documents in spite of knowing the leakage of them, strongly safe distribution system of the digital confidential documents should be designed so in secure as to prevent any malicious intent of embezzlement from accessing the critical information. Current DRM-based protection system is not always perfect to protect the digital secrets, even seems to leave the secrets open. Therefore our study has analyzed the illegal leakage paths that hackers attack against and the vulnerability of the current protection systems. As result, we study the group communication based system architecture satisfying the security conditions to make even legitimate working employee keep out of the confidential documents, without performance degradation. The main idea of this architecture is to stay every secrets in encrypted form; to isolate the encrypted documents from the crypto-key; to associate every entity with one activity and to authenticate every entity with DSA-based public key system; multiple authentication method make hackers too busy to get a privilege to access the secrets with too many puzzle pieces. This paper deal with the basic architectural structure for the above issues.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.4
• /
• pp.91-98
• /
• 2012

A group key exchange (GKE) protocol is designed to allow a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. Among the many protocols is Yi et al.'s password-based GKE protocol in which each participant is assumed to hold their individual password registered with a trusted server. A fundamental requirement for password-based key exchange is security against off-line dictionary attacks. However, Yi et al.'s protocol fails to meet the requirement. In this paper, we report this security problem with Yi et al.'s protocol and show how to solve it.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.211-213
• /
• 2003

가상랜(VLAN:Virtual LAN) 기술은 멀티 캐스트 트래픽의 감소 효과가 크고, 효율적인 네트워크 보안 및 관리를 지원하므로, 대부분 최근의 상용 스위치는 가상랜 환경에서의 동작을 지원하고 있다. 가상랜 환경에서 동작하는 스위치에서 가상랜 정보를 주고받기 위하여 사용하는 프로토콜이 GARP/ GVRP(Generic Attribute Registration Protocol/GARP VALN Registration Protocol)이다. 이 프로토콜은 네트워크 환경에서 가상랜 정보가 바뀔 때마다 동적으로 각 스위치의 가상랜 정보를 설정해 줌으로써 네트워크 관리자의 수고를 덜어주며, 효율적으로 가상랜을 관리하는 방법을 지원하는 것이다. 따라서 가상랜 환경에서 동작하는 스위치는 대부분 GARP/GVRP를 내장하고 있으나, 범용 소스가 없이 생산업체 별로 자체 구현한 GARP/GVRP를 각각의 스위치에 탑재하고 있다. 본 논문은 이렇게 가상랜 환경을 지원하는 스위치에 필수적인 프로토콜인 GARP/GVRP를 리눅스 커널에 삽입 가능한 모듈 형태로 개발하였다. 또 개발한 모듈을 기가빗 이더넷 스위치(Gigabit Ethernet Switch)에 이식된 리눅스 커널에 삽입. 동작시키고 공인된 테스트 집합을 이용하여 프로토콜이 정확하게 동작함을 검증하였다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.75-85
• /
• 2016

MANET is a network composed only mobile network having limited resources and has dynamic topology characteristics. Therefore, every mobile node acts as a route and delivers data by using multi-hop method. In particular, group communication such as multicast is desperately needed because of characteristics such as battery life of limited wireless bandwidth and mobile nodes. However, the multicast technique can have different efficient of data transmission according to configuring method of a virtual topology by the movement of the nodes and the performance of a multicast can be significantly degraded. In this paper, the region based security multicast technique is proposed in order to increase the efficiency of data transmission by maintaining an optimal path and enhance the security features in data transmission. The group management node that manages the state information of the member nodes after the whole network is separated to area for efficient management of multicast member nodes is used. Member node encrypts using member key for secure data transmission and the security features are strengthened by sending the data after encrypted using group key in group management node. The superiority of the proposed technique in this paper was confirmed through experiments.

• Journal of Advanced Navigation Technology
• /
• v.13 no.5
• /
• pp.726-735
• /
• 2009

In this paper, we proposed a novel conditional access system to reduce the overhead transmission rate for messages which verify the entitlement of subscribers in bandwidth-limited system. We adapted a key update system with the tree structure which had been used for IP multicast to a group hierarchy for the subscriber groups or channel groups. We also analyzed the overhead transmission rate for periodic key update and aperiodic one for change in a subscriber. The numerical evaluations show that the proposed system can significantly reduce the overhead transmission rate for dynamic subscriber change up to several hundred thousands times for various system configuration.

• Journal of KIISE:Information Networking
• /
• v.30 no.6
• /
• pp.705-713
• /
• 2003

For group security to protect group data or to charge, group keys should be updated via key update messages when the membership of group changes. If we lose these messages, it is not possible to decrypt the group data and so this is why the recovery of lost keys is very significant. Any message lost during a certain member is logged off can not be recovered in real-time. Saving all messages and resending them by KDC (Key Distribution Center) not only requests large saving spaces, but also causes to transmit and decrypt unnecessary keys. This paper analyzes the problem of the loss of key update messages along with other problems that may arise during member login procedure, and also gives an efficient method for recovering group keys and auxiliary keys. This method provides that group keys and auxiliary keys can be recovered and sent effectively using information stored in key-tree. The group key generation method presented in this paper is simple and enable us to recover any group key without storing. It also eliminates the transmissions and decryptions of useless auxiliary keys.

• Journal of KIISE:Information Networking
• /
• v.35 no.4
• /
• pp.345-354
• /
• 2008

Recently, small-scale mobile network which is composed of many mobile devices in a man becomes popular. Also, Examples of large-scale mobile network can be thought access networks deployed on public transportation such as ships, trains and buses. To provide seamless mobility for mobile nodes in this mobile network, binding update messages must be exchanged frequently. However, it incurs network overhead increasingly and decreases energy efficiency of mobile router. If we try to reduce the number of the messages to cope with the problem, it may happen the security -related problems conversely Thus, mobile router needs a effective algorithm to update location information with low cost and to cover security problems. In this paper, mobility management scheme based on mobile router's mobility pattern is proposed. Whenever each mobile router leaves a visiting network, it records related information as moving log. And then it periodically computes mean resident time for all visited network, and saves them in the profile. If each mobile router moves into the visited network hereafter, the number of binding update messages can be reduced since current resident time may be expected based on the profile. At this time, of course, security problems can happen. The problems, however, are solved using key credit, which just sends some keys once. Through extensive experiments, bandwidth usages are measured to compare binding update messages in proposed scheme with that in existing scheme. From the results, we can reduce about 65% of mobility-management-related messages especially when mobile router stays more than 50 minutes in a network. Namely, the proposed scheme improves network usage and energy usage of mobile router by decreasing the number of messages and authorization procedure.