• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.141-148
• /
• 2003

The self-healing key distribution scheme with revocation capability proposed by Staddon et al. enables a dynamic group of users to establish a group key over an unreliable network, and has the ability to revoke users from and add users to the group while being resistant to collusion attacks. In such a protocol, if some packet gets lost, users ale still capable of recovering the group key using the received packets without requesting additional transmission from the group manager. In this scheme, the storage overhead at each group member is O($m^2$1og p) and the broadcast message size of a group manager is O( ((m$t^2$+mt)log p), where m is the number of sessions, t is the maximum number of colluding group members, and p is a prime number that is large enough to accommodate a cryptographic key. In this paper we describe the more efficient self-healing key distribution scheme with revocation capability, which achieves the same goal with O(mlog p) storage overhead and O(($t^2$+mt)log p) communication overhead. We can reduce storage overhead at each group member and the broadcast message size of the group manager without adding additional computations at user's end and group manager's end.

• The Journal of Korean Association of Computer Education
• /
• v.8 no.1
• /
• pp.65-72
• /
• 2005

In this study, we suggest a new mechanism on the design and implementation of IP Traceback system against DDos/DRDoS by Zombie and Reflector attack based on spoofed IP packets. After analysis and comparing on the state-of-arts of several IP traceback mechanisms, we can find their own pros and cons primitives. And then we performed simulations on reflector based DRDoS network packets. In first, we suggest a NS-2 based IP traceback module and implement it for finding its real DRDoS attacker. As a results, we can find advanced new IP traceback scheme for providing enhanced proactive functionality against DRDoS attack.

• Convergence Security Journal
• /
• v.10 no.2
• /
• pp.1-9
• /
• 2010

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.

• Proceedings of the Korea Contents Association Conference
• /
• 2003.05a
• /
• pp.223-226
• /
• 2003

The best way in order to protect the system resource front Distributed Denial of Service(DDoS) attack is cut off the source of DDoS attack with path retracing the packet which transferred by attacker. Packet marking method can not use ICMP cause by using IP identifier field as marking field. And in case of increasing the number of router, retracing method using router ID has the size of marking field's increasing problem. In this paper, we propose that retracing method can be available the ICMP using marking field for option field in IP header and the size of making Held do not change even though the number of router is increased using the mark information which value obtained through XOR operation on IP address.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.11
• /
• pp.21-26
• /
• 2005

We propose a fully converged Ethernet and TDM transport system. Developed Ethernet and TDM convergence system can support not only L2 VPN service and premium multimedia service based on MPLS protocol but also TDM leased line service, simultaneously. Developed convergence system can provide high reliability for Ethernet packet due to support protection and restoration function of circuit based networks. Evaluation for Ethernet and TDM path was successfully performed to show the typical application of the proposed system in the legacy networks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.199-202
• /
• 2003

IPsec is a standardization way for protection of IP packets in network layer and it is composed of three protocols that is AH(Authentication Header), ESP(Encapsulation Security Protocol) and IKE(Internet Key Exchange). Before doing encryption and decryption using AH or ESP protocols, both of communicating entities have to share same key safely. IKE protocol works automatically. But it has less interoperability because IKE protocol is not simple. A work which standardize IKEv2 has been done up to now. In this article, we will examine the Cryptographic Algorithms of IKEv2, and describe the AES usage with IPsec, based on the IETF Draft document.

• The KIPS Transactions:PartC
• /
• v.11C no.2
• /
• pp.171-176
• /
• 2004

This paper presents the design of a certain highly efficient security policy negotiation of SPS(Security Policy System) for secure network management using mobile agent system. The conventional IP security systems for secure network management have some problems. A drawback to these systems is that the required policy between each security area is different. Another problem is not possible to guarantee whether a packet is transmitted through the same path by both directions and is protected by the same policy due to the topology of the network. Unlike conventional systems, the model developed herein can be resolved by using a mobile agent technology. If each domain needs a negotiation of security policy, a mobile agent manages the result of the negotiation in the form of a passport and guarantees the authentication and reliability each other by using the passport.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.6C
• /
• pp.581-593
• /
• 2002

In this paper, we proposed an Adaptive RIO scheme to solve the problem of RIO scheme that occurs when admission control is performed for QoS guarantee of Assured Service in Differentiated Services. To prevent an early random drop of the admitted In-profile packet, proposed Adaptive RIO scheme updates parameters of RIO scheme every time interval according to the estimated numbers of maximum packet arrivals of In-profile traffic and total traffic during the next time interval. The numbers of maximum packet arrivals during the next time interval are estimated based on the buffer size determined by the network topology and the ratio of bandwidth allocated to each subclass. We found from simulation results that, compared with RIO scheme, proposed Adaptive RIO scheme can improve performance of the throughput for In-profile traffic when admission control is performed or congestion occurs.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.413-422
• /
• 2003

An active network is a new generation network based on a software-intensive network architecture in which applications are able to inject new strategies or code into the infrastructure for their immediate needs. Therefore, the secure active node architecture is needed to give the capability defending an active node against threats that may be more dynamic and powerful than those in traditional networks. In this paper, a security enforcement engine is proposed to secure active networks. We implemented an operating engine with security, authentication and a authorization modules. Using this engine, it is possible that active networks are protected from threats of the malicious active node.

• The KIPS Transactions:PartC
• /
• v.9C no.2
• /
• pp.189-196
• /
• 2002

IPSec is a protocol which provides data encryption, message authentication and data integrity on public and open network transmission. In IPSec, ESP protocol is used when it needs to Provide data encryption, authentication and integrity in real transmission Packets. ESP protocol uses DES-CBC encryption mode when sender encrypts packets and receiver decrypts data through this mode IV is used at that tome. This vague has many risks of attack during transmission by attacker because it is transferred clean and opened. If IV value is modified, then decryption of ESP data is impossible and higher level information is changed. In this paper we propose a new algorithm that it encrpty IV values using DES-ECB mode for preventing IV attack and checks integrity of whole ESP data using message authentication function. Therefore, we will protect attacks of IV and data, and guarantee more safe transmission on the public network.