• Journal of information and communication convergence engineering
• /
• v.1 no.1
• /
• pp.48-52
• /
• 2003

A cost efficient IPSec Accelerator board utilizing a crypto chip and an entry-level Linux PC for the high performance VPN is presented in this paper. The IPIP (IP-over-IP tunneling) processing, encryption & decryption processing, HASH processing, and the integrity test functions of IPSec are processed in the IPSec Accelerator board. The proposed IPSec Accelerator has demonstrated successful execution of the required functions of the IPSec packet processing and verified its performance by processing the IPSec packets at the rate of over 1 Gbps.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.10B
• /
• pp.891-898
• /
• 2003

In the remote access VPN architecture which is based on IPsec, if the VPN client wants to be served the VPN service continuously during VPN client's handoff, It needs the techniques to merge VPN with Mobile IP. In this case, if the VPN client roams to new subnet, it acquires new CoA. As a result of changing IP address, existing SA becomes useless and new SA is required. The SA renegotiation process results from handoff of the VPN client and does not result from security aspect. Hence, In the environment which includes many handoffs, overhead by SA re-negotiation deteriorates performance. In this paper, we propose the technique provides that it doesn't need to renegotiate SA and be able to get the security service continuously even though MN's handoff occurs in Mobile IP VPN environment.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.6
• /
• pp.63-69
• /
• 2010

Today, Internet Telephony Services based on VoIP are gaining tremendous popularity for general user. Therefore a various demands of the user keep up increase, the most important requirements of these is voice security about telephony system. It is needed to ensure secret of voice call in a special situation. Due to the fact that many users can connect to the internet at the same time, VoIP can always be in a defenseless state by hackers. Therefore, in this paper, we have developed VPN IP-PBX for the voice security and measured conversation quality by adopting VPN IPsec based on SIP and using tunnel method in transmitting voice data to prevent eavesdrop of voice data. This VPN IP-PBX that is connected Soft-phone provide various optional services.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.889-892
• /
• 2005

본 논문에서는 VPN을 위한 IPSec 암호 프로세서의 설계 및 구현에 관하여 기술한다. IPSec 암호 프로세서의 기밀성 서비스를 위한 암호엔진은 DES, 3 DES, SEED, 그리고 AES 알고리듬 등을 사용하여 설계하였고, 인증 및 무결성 보안 서비스를 위한 인증엔진은 HMAC(The Hashed Message Authenticat ion Code)-SHA-1을 기본으로 설계하였다. 제안된 암호 프로세서는 Verilog를 사용하여 구조적 모델링을 행하였으며, Xilinx사의 ISE 6.2i 툴을 이용하여 논리 합성을 수행하였다. FPGA 구현을 위해서 Xilinx ISE 6.2i툴과 Modelsim을 이용하여 타이밍 시뮬레이션을 수행하였다.

• Journal of the Korea Society for Simulation
• /
• v.11 no.1
• /
• pp.31-44
• /
• 2002

VPN which cuts down on expense and assures security and reliance, has increased its market shares quickly because the requirement of enterprise on security has increased. But Fragmentation may raise communication failure when VPN has been implemented using IPSec. In our paper, we have given careful consideration to various reasons Preventing us from communicating stable and have presented the existing solutions about them. Also we hate provided adaptive PMTU discovery mechanism to improve: the solutions. We have proven a prowess of this mechanism through simulation

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.385-387
• /
• 2002

IETF에서 IPSec(Internet Protocol Security)[1]의 구조를 발표한 이래 IPSec을 이용한 많은 VPN(Virtual PrivateNetwork)[2][3]이 구축되어 왔다. 이렇게 구축된 VPN에서 사용되는 CG(CryptoGate) 혹은 SG(Security Gateway)는 각각의 망에서 게이트 역할을 한다. 하지만 이런 기존의 CG나 SG는 IPSec의 정책을 사용자가 선택하는 것이 아닌 망 관리자가 일방적으로 서비스하도록 설계되어있다. 이러한 점은 사용자가 자신의 데이터를 평가하여 자율적으로 그에 맞는 서비스를 이용하는 것이 아니므로 사용자가 사용하는 것을 꺼릴 수도 있다. 또한 게이트웨이에 자신의 키를 백업할 수 있도록 하여서 사용자가 다시 이 망에 접근할 경우 다시 키 협상을 하는 것이 아닌 백업해둔 키를 가지고 연결할 수 있도록 하였다. 본 논문은 VPN에서 이러한 점을 고려하여 CG를 설계함으로써 VPN 사용의 확장성을 해결한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.141-148
• /
• 2004

This paper proposes an IPSec accelerator performance analysis model based a queue model. It assumes Poison distribution as its input traffic load. The decoding delay is employed as a performance analysis measure. Simulation results based on the proposed model show around 15% differences with respect to actual measurements on field traffic for the BCM5820 accelerator device. The performance analysis model provides with reasonable hardware structure of network servers, and can be used to span design spaces statistically.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.1
• /
• pp.53-60
• /
• 2015

Satellite signal is excellent broadband, can provide the same information in a wide range, but there is a disadvantage that much less of the security level of the data. Therefore, supplementation of safety is a serious problem than anything in the satellite communication. In this paper, it was simulated by applying ARIA in encryption technique and by applying transport mode, tunnel mode in security header AH and ESP in order to examine the effect of IPsec VPN. In addition, we had compare with general services that do not apply encryption in order to analyze the impact of the encryption algorithm. Channel, by applying the Markov channel and adding AWGN, is constituted a satellite communication environment. In case of retransmission based error control scheme, we applied Type-II HARQ scheme and Type-III HARQ scheme which are performance is a good way in recently, and it is constituted by a turbo code and BPSK modulation scheme. we were analyzed performance in BER and Throughput in order to compare the simulation more effectively.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.957-960
• /
• 2001

최근 리눅스에 대한 사용이 빠른 속도로 증가하고 있다. 리눅스의 오픈 소스 정책에 따른 리눅스 보안의 필요성에 대한 여러 가지 형태의 연구 또한 진행되고 있는 실정이다. 리눅스 기반의 효과적인 보안 정책은 여러 형태로 제안되고 있지만 보안 위협에 대한 실질적인 해결책은 아직까지 없다고 해도 과언이 아닐 것이다. 이러한 보안 위협을 해결하기 위해 IP 계층에서부터 보안상의 위협을 제거할 수 있는 IPSec 에 대한 연구가 활발히 진행되고 있다. IPSec은 여러 가지 형태로 개발 및 제안되고 있지만 실제 사이트에서 사용하기에는 여러 가지 어려운 설치 문제가 따르는 편이다. 본 논문에서는 리눅스 커널의 일부 모듈을 이용하여 커널 컴파일 없이 IPSec을 서브넷에서 사용할 수 있는 구조를 제안한다.

• The KIPS Transactions:PartC
• /
• v.8C no.6
• /
• pp.775-782
• /
• 2001

Recently the use of Linux OS is increasing to tremendous figures. But due to the fact that Linux is distributed on an open-source policy, the need of security is an upcoming question which leads to widespread development of security on a Linux based environment. Cryptography, however, can cause various problems because of difficulty of key management. A lot of researchers have been concentrating on the key recovery technique to eliminate the reverse effect of using these kinds of security and to promote positive aspects of using it. In this thesis I am suggesting an mechanism based on the key recovery technique, as a method to save time in recovery and resetting a disconnection between two end-users through IPSec (IP Security) protocols in a VPN (Virtual Private Network) environment. The main idea of the newly suggested mechanism, KRFSH (Key Recovery Field Storage Header), is to store the information of the session in advance for the case of losing the session information essential to establish a tunnel connection between a SG and a host in the VPN environment, and so if necessary to use the pre-stored information for recovery. This mechanism is loaded on the IPSec based FreeS/WAN program (Linux environment), and so the VPN problem mentioned above is resolved.