• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.11C
• /
• pp.1077-1087
• /
• 2003

In this paper, we proposed an architecture of a cryptosystem with various operating modes for the network security and implemented in hardware using the ASIC library. For configuring a cryptosystem, the standard block ciphers such as AES, SEED and 3DES were included. And the implemented cryptosystem can encrypt and decrypt the data in real time through the wired/wireless network with the minimum latency time (minimum 64 clocks, maximum 256 clocks). It can support CTR mode which is widely used recently as well as the conventional block cipher modes such as ECB, CBC and OFB, and operates in the multi-bit mode (64, 128, 192, and 256 bits). The implemented hardware has the expansion possibility for the other algorithms according to the network security protocol such as IPsec and the included ciphering blocks can be operated simultaneously. The self-ciphering mode and various ciphering mode can be supported by the hardware sharing and the programmable data-path. The global operation is programmed by the serial communication port and the operation is decided by the control signals decoded from the instruction by the host. The designed hardware using VHDL was synthesized with Hynix 0.25$\mu\textrm{m}$ CMOS technology and it used the about 100,000 gates. Also we could assure the stable operation in the timing simulation over 100㎒ using NC-verilog.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.49 no.7
• /
• pp.56-64
• /
• 2012

A smart grid is the next generation power grid which combines the existing power grid with information technology, so an energy efficient power grid can be provided. In this paper, in order to build an efficient smart grid an AMI system, which gears with the existing home network and provides an user friendly management function, is proposed. The proposed AMI system, which is based on an extended home network, consists of various functional units; smart meters, communication modules, home gateway, security modules, meter data management modules (MDMM), electric power application modules and so on. The proposed home network system, which can reduce electric power consumption and transmit data more effectively, is designed by using IEEE 802.15.4. The extended home gateway can exchange energy consumption information with the outside management system via web services. The proposed AMI system is designed to enable two-way communication between the home gateway and MDMM via the Internet. The AES(Advanced Encryption Standard) algorithm, which is a symmetric block cipher algorithm, is used to ensure secure information exchange. Even though the results in this study could be limited to our experimental environment, the result of the simulation test shows that the proposed system reduces electric power consumption by 4~42% on average compared to the case of using no control.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.5
• /
• pp.88-98
• /
• 2011

Recently, according as the importance of GIS(geography information system) database security is embossed, much researches had been achieved about GIS network security. But most such researches are weak against sourceful illegal reproductions and distributions of GIS vector data map. In this paper, we proposed an efficient layer unit contents based partial encryption technique in the vector map compression domain to prevent illegal distributions and unauthorized accesses. This method achieves a partial encryption about each central coordinate and directional parameters of a MCA(minimum coding attribute) that is created at the vector map compression processing in the vector space. First, the position encryption is applied as permutating randomly the center coordinate of each record that is minimum unit of vector map shape. And second, the direction encryption that changing shapes of vector map topography is applied as encrypting the direction of vertices's coordinates of each record. In experimental results, we confirmed that our proposed method can encipher the large volumed vector map data effectively in low computational complexity. Also, we could minimize the decline of compression efficiency that occurred by conventional contents based encryption schemes using AES or DES algorithms.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.799-808
• /
• 2003

Existing security solutions such as Firewell and IDS (Intrusion Detection System) have a trouble in getting accurate detection rate about new attack and can not block interior attack. That is, existing securuty solutions have various shortcomings. Shortcomings of these security solutions can be supplemented with mechanism which guarantees an availability of systems. The mechanism which guarantees the survivability of node is various, we approachintrusion telerance using real time response mechanism. The monitoring code monitors related resources of system for survivability of vulnerable systm continuously. When realted resources exceed threshold, monitoring and response code is deployed to run. These mechanism guarantees the availability of system. We propose control mathod about resource monitoring. The monitoring code operates with this method. The response code may be resident in active node for availability or execute a job when a request is occurred. We suggest the node survivability mechanism that integrates the intrusion tolerance mechanism that complements the problems of existing security solutions. The mechanism takes asvantage of the automated service distribution supported by Active Network infrastructure instead of passive solutions. The mechanism takes advantage of the automated service distribution supported by Active Network infrastructure instead of passive system reconfiguration and patch.

• Journal of Internet Computing and Services
• /
• v.23 no.4
• /
• pp.87-94
• /
• 2022

Recently, with the development of information and communication infrastructure, the number of Internet access devices is rapidly increasing. Smartphones, laptops, computers, and even IoT devices are receiving information and communication services through Internet access. Since most of the device operating environment consists of web (WEB), it is vulnerable to web cyber attacks using web shells. When the web shell is uploaded to the web server, it is confirmed that the attack frequency is high because the control of the web server can be easily performed. As the damage caused by the web shell occurs a lot, each company is responding to attacks with various security devices such as intrusion prevention systems, firewalls, and web firewalls. In this case, it is difficult to detect, and in order to prevent and cope with web shell attacks due to these characteristics, it is difficult to respond only with the existing system and security software. Therefore, it is an automated defense system through the collection and analysis of web shells based on artificial intelligence machine learning that can cope with new cyber attacks such as detecting unknown web shells in advance by using artificial intelligence machine learning and deep learning techniques in existing security software. We would like to propose about. The machine learning-based web shell defense system model proposed in this paper quickly collects, analyzes, and detects malicious web shells, one of the cyberattacks on the web environment. I think it will be very helpful in designing and building a security system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.747-761
• /
• 2024

Recently, modern vehicles have been controlled by Electronic Control Units (ECUs), by which the safety and convenience of drivers are highly improved. It is known that a luxury vehicle has more than 100 ECUs to electronically control its function. However, the modern vehicles are getting targeted by cyber attacks because of this computer-based automotive system. To address the cyber attacks, automotive manufacturers have been developing some methods for securing their vehicles, such as automotive Intrusion Detection System (IDS). This development is only allowed to the automotive manufacturers because they have databases for their in-vehicle network (i.e., DBC Format File) which are highly confidential. This confidentiality poses a significant challenge to external researchers who attempt to conduct automotive security researches. To handle this restricted information, in this paper, we propose a method to partially understand the DBC Format File by analyzing in-vehicle network traffics. Our method is designed to analyze Controller Area Network (CAN) traffics so that checksum signals are identified in CAN Frame Data Field. Also, our method creates a Lookup Set by which a checksum signal is correctly estimated for a given message. We validate our method with the publicly accessible dataset as well as one from a real vehicle.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.2
• /
• pp.375-381
• /
• 2018

As smart home network services such as home CCTV, outdoor control of home appliances, home security and disaster prevention services become popular, there appear various affiliated products including smart home gateway and smart speaker. Since those services are generally developed on the vendors' individual hardware and software platforms, it is not much expected for them to interwork well among different architecture and communication methods. In this paper, we propose a new home network service system running on an open source platform to address such issues. We implemented a home network system using OpenWRT-based wireless router(or access point) and Zigbee communication technology. In the proposed system, a wireless router replaces a commercial home gateway and small control units implemented with Arduino control electronic devices and sensors in home. Several service scenarios are also implemented to verify the operability of the proposed system.

• Journal of Internet Computing and Services
• /
• v.17 no.5
• /
• pp.17-23
• /
• 2016

Wireless sensor-actuator networks (WSANs) enhance the existing wireless sensor networks (WSNs) by equipping sensor nodes with an actuator. The actuators work with the sensor nodes and perform application-specific operations. The WSAN systems have several applications such as disaster relief, intelligent building, military surveillance, health monitoring, and infrastructure security. These applications require capability of reliable data transfer to act responsively and accurately. Biologically inspired modeling techniques have received considerable attention for achieving robustness, scalability, and adaptability, while retaining individual simplicity. In this paper, an epidemic-inspired algorithm for data dissemination with delay constraints while minimizing energy consumption in WSAN is proposed. The steady states and system stability are analyzed using control theory. Also, simulation results indicate that the proposed scheme provides desirable dissemination delay and energy saving.

• Journal of the Korea Computer Industry Society
• /
• v.10 no.4
• /
• pp.143-150
• /
• 2009

Remote control service, monitoring, gear service of information electronic appliance, various services of security service and so on of Home network that is by link of Ubiquitous environment are offered. These services need verification process through priority test to use and are changed. If test using actuality information electronic device for test, much expenses and time may be invested. Home network test bed offers softness of research using control model and simulator, in this paper, Wish to design and embody home network test bed to do environment construction of home network and test of application service. Because use istent power line just as it is without necessity to establish circuit in addition by solution of home network testbed, expense costs to be less and establishment used easy PLC. Also, propriated Wireless sensor network that use Zigbee by solution of home network testbed. Appliance check and monitor square do by Home Auto that know embodied, and embodied by Home Gateway that interlink terminals of Home Auto and out of.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.449-456
• /
• 2018

Many organizations divide the network to manage the network in order to prevent the leakage of internal data between separate organizations / departments by sending and receiving unnecessary traffic. The most fundamental network separation method is based on physically separate equipment. However, there is a case where a network is divided and operated logically by utilizing a virtual LAN (VLAN) network access control function that can be constructed at a lower cost. In this study, we first examined the possibility of bypassing the logical network separation through VLAN ID scanning and double encapsulation VLAN hopping attack. Then, we showed and implemented a data leak scenario by utilizing the acquired VLAN ID. Furthermore, we proposed a simple and effective technique to detect and prevent the double encapsulation VLAN hopping attack, which is also implemented for validation. We hope that this study improves security of organizations that use the VLAN-based logical network separation by preventing internal data leakage or external cyber attack exploiting double encapsulation VLAN vulnerability.