• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.8B
• /
• pp.727-734
• /
• 2008

Recently, Network technology evolve out of expansion a scale of Network and development various Service. also Hacking skill. We have applied to various Security Systems to make a counterattack on this hacking skill. and A Firewall among these security systems is very effective a defense against in the Outbound Network attack. so we need certainly a Firewall to protect a network. But this Conventional Firewall has an directly effect on reduction to the Performance and Security of Inbound Network. and have no effect on a Inner Network Attacking. In this paper, I propose to a "Functional Firewall" as a Secure Objects for the enhancement Performance and Security of Inbound Network.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.7B
• /
• pp.1050-1057
• /
• 2010

Nowadays, the network attack occurs frequently. At the same time, the inbound network is also attacked. Even though the security system has been continuously developed in order to prevent from attacks, the network performance is sacrificed for the network security. Therefore, a security system which obtains performance and security together is urgently needed. In this paper, an arrangement of functional firewall and a secure clustering methodology, obtained from distributing functions of a conventional firewall, are proposed based on the idea that performance and security should be obtained together.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.3
• /
• pp.63-78
• /
• 1998

Recently, to use the evaluated firewall is recognized as a solution to achieve the security and reliability for government and organizarions in Korea. Results of firewall evaluation using ITSEC(Information Technology Security Evaluation Criteria) and CCPP(Common Criteria Protection Peofile)have been announced. Because there are problems to apply ITSECor CCPP for the firewall evaluation in korea environment, korea government and korea Information security Agency (KISA) decided to develop our own security dvaluation critrtia fir firewalls.As a result of the efforts, Korea firewall security evaluation criteria has been published on Feb. 1998. In this paper, we introduce Korea security evaluation criteria for firewalls. The ceiteria consists of functional and assurance requirements that are compatible with CC Evaluation Assurance Levels(EALs)

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.3
• /
• pp.47-59
• /
• 2007

IPv4 NAT, which often used in households or under SOHO environments, is one of the factors that delays IPv6 propagation. As IPv4 NAT does not operate properly under the transition mechanism like ISATAP or 6to4 that acts as IPv6-in-IPv4 tunneling type, Microsoft proposed Teredo in order to resolve this issue. However, tunneling transition mechanism like Teredo has a security problem. That is, being tunneled packets have dual IP headers; general firewall systems apply the filtering rules only to the outer header but not inner header when these packets pass the firewall. Furthermore, attacks using unregistered server and relay can take place in Teredo. To resolve these problems, we propose a new packet filtering mechanism exclusively for Teredo. The proposed packet filtering mechanism was designed and implemented by using Linux Netfilter and ip6tables. Through functional and experimental performance tests, this packet filtering system was found operating properly and solving the Teredo packet filtering problems without serious performance degradation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.61-76
• /
• 2002

To ensure PKI systems' reliability, the security for PKI systems evaluation is required. But, unfortunately, the systematic security evaluation and certification of PKI systems is insufficient. In Korea, Firewall and intrusion detection system's security evaluation and certification has been enforced, but research of PKI systems’ evaluation is insufficient. This paper provides a PKI system evaluation criteria. This paper specifies a 7 level of the functional and assurance security requirements for a PKI system. And this PKI system evaluation criteria provides a compatibility with CC(Common Criteria) and KISES(Korea Information Security Evaluation Systems).

• Journal of the Korean Society of Systems Engineering
• /
• v.14 no.2
• /
• pp.73-82
• /
• 2018

In this work, a hardware based cryptographic module for the cyber security of nuclear power plant is developed using a system engineering approach. Nuclear power plants are isolated from the Internet, but as shown in the case of Iran, Man-in-the-middle attacks (MITM) could be a threat to the safety of the nuclear facilities. This FPGA-based module does not have an operating system and it provides protection as a firewall and mitigates the cyber threats. The encryption equipment consists of an encryption module, a decryption module, and interfaces for communication between modules and systems. The Advanced Encryption Standard (AES)-128, which is formally approved as top level by U.S. National Security Agency for cryptographic algorithms, is adopted. The development of the cyber security module is implemented in two main phases: reverse engineering and re-engineering. In the reverse engineering phase, the cyber security plan and system requirements are analyzed, and the AES algorithm is decomposed into functional units. In the re-engineering phase, we model the logical architecture using Vitech CORE9 software and simulate it with the Enhanced Functional Flow Block Diagram (EFFBD), which confirms the performance improvements of the hardware-based cryptographic module as compared to software based cryptography. Following this, the Hardware description language (HDL) code is developed and tested to verify the integrity of the code. Then, the developed code is implemented on the FPGA and connected to the personal computer through Recommended Standard (RS)-232 communication to perform validation of the developed component. For the future work, the developed FPGA based encryption equipment will be verified and validated in its expected operating environment by connecting it to the Advanced power reactor (APR)-1400 simulator.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.4
• /
• pp.833-838
• /
• 2014

Recently the use router is to allow multiple computers by one IP can be connect to the Internet. Also, the PC or server in order to use a Web server or a print server, Web Hard, P2P should be settings. In this paper, we are building a multi-functional Web server that using a router supported OpenWRT based on network settings and firewall settings and a variety of services. A web server can be provided the Internet phone and secure multimedia service Web server router based OpenWRT may be provided through a mobile app and the PC application service.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.1055-1057
• /
• 2013

Routers currently used in homes and institutions have a function of multiple computers to connect to the Internet with a single IP address. It is possible only through setting or establishing a separate operation in a used PC or server to function as a web/printer server, web hard, and P2P. In this paper, by utilizing the OpenWRT Linux-based through the construction of the Web server through a router OpenWRT of (Open Wireless Router) base, to build a server simple compact, low power consumption, low cost, to operate by reliability to provide Internet telephony and multimedia services high securely over the server security, which is based on the setting of policy and various firewall at the same time the configuration of the network utilizing OpenWRT router that can be enhanced, to construct a Web server through a router multi functional can receive the provision of services using the program PC and mobile APP.