• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.133-137
• /
• 2003

IPsec은 차세대 IP 프로토콜인 IPv6에서 필수 구현 사항이며, 네트워크 계층에 적용되어 보안 서비스를 제공하며, 모든 인터넷 서비스를 대상으로 일관된 보안 서비스 제공이 가능하다는 특징을 지닌 국제 표준 프로토콜이다 이러한 IPsec 시스템에서 키 분배 및 관리를 위해 사용되고 있는 IKE 프로토콜은 시스템의 복잡성 문제와 함께 DoS 공격에 취약하다는 문제점이 발견되어 이를 해결하고자 IPsec WG에서 개선 작업 중에 있다. 본 논문에서는 기존 IKE 프로토콜(IKEvl)의 문제점과 IPsec WG에서 개선 작업중인 IKEv2와 JFK 두가지 후보안의 분석된 내용을 정리하였으며, 분석 정리된 내용들이 기존 IKE 프로토콜에 적용시 보안기능 관점에서 고려해야할 사항들을 정리하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10e
• /
• pp.415-417
• /
• 2002

운영체제가 지원되지 않는 소규모 기기에서 IPv6의 보안기능을 고성능으로 제공하기 위해본 연구실에서는 IPv6용 IPsec 프로토콜과 암호화 알고리즘을 하드웨어로 구현하였다. 이러한 IPv6용 하드웨어 IPsec을 기반으로 한 보안 서비스를 제공하기 위해서는 안전한 키의 교환과 인증이 중요하다. 이를 위하여 본 논문에서는 IPv6용 하드웨어 IPsec을 위한 키 교환시스템으로서 IKE Module을 설계하여 드라이버 프로그램으로 구현하였다. 그리고 구현된 IKE Module을 IPv6용 하드웨어 IPsec의 드라이버로 탑재하여 기존의 소프트웨어 IKE Module과의 테스트를 통하여 기능을 검증하였다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.454-458
• /
• 2002

인터넷 환경에서 DoS 공격을 이용한 해킹이나 주요 네트워크 기반 시설에 대한 파괴가 증가하고 있으며 이에 대한 공격범위가 점점 넓어지고 있다. 그 중 IETF IPsec WG에서 제안된 인터넷 키 교환 프로토콜(IKE)은 전자서명이나 DH 키 교환과 같은 공개키 기반의 연산을 수행하므로 쉽게 이러한 DoS 공격의 목표가 될 수 있다. 본 논문에서는 메모리나 CPU의 자원을 고갈시키는 DoS 공격을 방어할 수 있는 타원곡선 기반의 인터넷 키 교환 프로토콜을 제안하고, 이를 현재 IKE의 후보들과 비교 분석하였다. 또한, 제안된 타원곡선 기반의 인터넷 키 교환 프로토콜은 IKE 응답자의 부하를 기존의 IKE들 보다 감소시켰다. 이는 사용자가 많은 웹 서버나 메모리 혹은 연산능력의 제한을 가진 무선 장치에 효율적으로 이용될 수 있다.

• Journal of International Academy of Physical Therapy Research
• /
• v.9 no.1
• /
• pp.1435-1441
• /
• 2018

The main focus of this study was to investigate effects of lumbar central posteroanterior (PA) mobilization on isometric knee extension (IKE) ability and patellar tendon reflex amplitude (PTRA) in healthy university students. University students aged 19-26 (male; 10, female; 10) without any neurological disorders participated voluntarily and excluded the subjects with abnormal reflexes. The participation had an average body mass of $64.25{\pm}13.52kg$, an average height of $1.66{\pm}0.08m$, and an average Body Mass Index (BMI) of $23.07{\pm}3.21$. Every student was randomly assigned to be received squatting exercise and PA mobilization sequentially with 5 days of wash out period. IKE and PTRA were not significantly different between the two groups after the intervention. All the outcome measures were arranged into two data groups; PA mobilization and squatting exercise data group. In the PA mobilization data group, IKE and PTRA significantly increased after the intervention, however, these aspects were decreased in the squatting exercise group. These findings suggest that IKE and PTRA increase immediately after PA mobilization, therefore PA mobilization could be a valuable topic for controlled clinical trials.

• Proceedings of the IEEK Conference
• /
• 2002.06c
• /
• pp.189-192
• /
• 2002

This paper has been studied some security issues o( stream control transmission protocol and designed some functional requirement for IPsec and IKE to facilitate their use for securing SCTP. In particular, some additional support in the form of new ID type in IKE and some implementation choices in the IPsec processing to accomodate for the multiplicity of source and destination addresses associated with a single SCTP association.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.11B
• /
• pp.1005-1016
• /
• 2006

As the increment usage of Internet, the security systems's importance is emphasized. The current Internet Key Exchange protocol(IKE) which has been used for key exchange of security system, was pointed out a problem of efficiency and stability. In this research, we try to resolve those problems, and evaluate the newly designed Key Exchange protocol in the IPsec interaction test bed system environment. In this research we implemented the new Key Exchange Protocol as a recommendation of RFC proposal, so as to resolve the problem which was pointed out the key exchange complexity and the speed of authentication process. We also designed the defense mechanism against the Denial of Service attack. We improved the key exchange speed as a result of simplification of complex key exchange phase, and increased efficiency as a result of reuse the preexistence state value when it's renegotiated.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.6
• /
• pp.2739-2742
• /
• 2012

6LoWPAN is a standard to enable IPv6 packets to be carried on top of low power wireless networks. It needs to achieve security in 6LoWPAN, which is being defined at the 6LoWPAN working group of the IETF. IPSec is already part of IPv6, which makes it a candidate to be directly employed or adapted for WSNs. Some results showed that the adoption of IPSec is viable, and also point towards the successful design and deployment of security architecture for WSNs. IPSec requires two communicating entities to share a secret key that is typically established dynamically with the IKE. However, there are some limitations to use IKE on wireless networks. In this article, we show requirements for being Efficient Key management Mechanism for IPSec on 6LoWPAN and analyze candidate protocols.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.581-584
• /
• 2004

Currently, there are many subscriber access networks: PSTN, ADSL, Cellular Network, IMT200 and so on. To these service providers that provide above network service, it is important that they authenticate and authorize legal subscribers and account for their usage. At present, There exist the several protocols that Support AAA(Authentication, Authorization and Accounting) service : RADIUS, Diameter, TACACS+. Nowadays, RADIUS has used for AAA service widely. It has been extended to support other access network environment. So, we extend RADIUS to support environment of Mobile IPv6. Mobile IPv6 uses IPsec as a security mechanism, basically. But, IPsec is a heavy security technology for small, portable, mobile device. Especially, it is serious at IKE, the subset of IPsec. IKE is a key distribution protocol that distributes the key to the endpoints of IPsec. In t:lis paper, we extend RADIUS to support environment of Mobile IPv6 and simplify the IKE phase of IPsec by AAA system distributing the keys by using its security communication channel. Namely, we propose the key distribution method for IPsec SA establishment between mobile node and home agent. The suggested method was anticipated to be effective at low-power, low computing deyice. Finally, end users feel the faster authentication.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.10 s.340
• /
• pp.31-38
• /
• 2005

Ipsec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the internet. Internet Key Exchange (IKE) is a protocol that is used to negotiate and provide authenticated keying materials in a protected manner for Security Associations (SAs). In this paper, we propose a dynamic key lifetime change algorithm for performance enhancement of virtual private networks using IPSec. The proposed algorithm changes the key lifetime according to the number of secure tunnels. The proposed algorithm is implemented with Linux 2.4.18 and FreeS/WAN 1.99. The system employing our proposed algorithm performs better than the original version in terms of network performance and security.

• Transactions of Materials Processing
• /
• v.15 no.4 s.85
• /
• pp.267-273
• /
• 2006