• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.41 no.12
• /
• pp.33-40
• /
• 2004

IPv6 defines relation between surrounding node using Neighbor Discovery protocol. Used Neighbor Discovery messages, grasp surrounding node, include important informations about network. These network information outcrops can give rise in network attack and also service that use network will paralysis. Various kinds of security limitation was found in Present Neighbor Discovery protocol therefore security function to supplement this problem was required. In this thesis, Secure Neighbor Discovery protocol that add with suity function was design and embody by CGA module and SEND module.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.146-149
• /
• 2005

Confusion of network traffic is increased by increasing of internet user and large of network, Specially olded one and one communication caused loss of bandwidth because of redundant packet by increasing video conference and internet broadcasting. Thereupon multicast technique, method reducing loss of bandwith, for multimedia data transmission was proposed. This paper proposes method to solve overhead problem in the middle router through group management and capsuling with the Xcast technique added Disignated Router(DR). To solve the middle router not supporting IPv6, Xcast using tunneling technique in the IPv6 design and analyze the performance through a simulated examination.

• 한국정보통신설비학회:학술대회논문집
• /
• 2007.08a
• /
• pp.163-166
• /
• 2007

This paper describes a IPv6 trial service provided by LG DACOM and discusses about the output of trial service. MIC has urged public organizations to introduce IPv6 technology into their network. As one of propelling policies, MIC and NIA launched some IPv6 trial project. LG DACOM, MIC's agent in doing IPv6 trial project, has selected three public organizations in order to deploy IPv6 based VoIP trial service. KMA, KISITI and MND gave out their different service requirements. In achieve this project we developed IPv6 supported voice IP phone, video IP phone, media gateway and IP-PBX. Furthermore, two KMA provincial offices adopted trial IP phone as working phone and replaced legacy PBX with IP-PBX. At the same time, public organizations introduced IPv6 technology into their local networks.

• The KIPS Transactions:PartC
• /
• v.8C no.6
• /
• pp.783-792
• /
• 2001

It is well known that, in the near future, the lifetime of the IPv4 address space will be limited and available 32-bit IP network addresses will not be left any more. In order to solve such IPv4 address space problem in an effective way, the transition to the new version using IPv6 architecture is inevitably required. At present, it is impossible to convert IPv4 into IPv6 at a time, since the coverage and the size of today's Internet is too huge. Therefore, the coexistence of both IPv4 and IPv6 must be arranged in a special and practical fashion for rapid conversion on the whole. IP protocol translation has been proposed to ease the translation of the Internet from IPv4 to IPv6. This paper presents the design and implementation of a transparent transition service that translates packet header as they cross between IPv4 and IPv6 networks. IPv4/IPv6 Translation Protocol is written in c source code and is tested by the local test recommended by ISO, which has the most excellent error detection function. The test was processed with a test scenario and it was found that the results were successful.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.10a
• /
• pp.138-139
• /
• 2007

기존의 MIPv6는 오랜 시간동안의 핸드오버로 인하여 많은 패킷 손실 및 오랜 세션 단절을 야기시킨다. 이러한 문제점들을 향상시키기 위하여 Fast handover for Mobile IPv6 (FMIPv6) 프로토콜이 개발되었지만 여전히 터널링에 기반한 라우팅 방법은 패킷 순서 어긋남 문제로 인하여 성능이 하락하는 문제를 야기한다. 최근 모바일 단말에서의 이동성 관리 부하를 줄여주기 위하여, 네트워크 이동성 기반인 Proxy Mobile IPv6 (PMIPv6)가 제안되었다. PMIPv6는 모바일 단말에서 수행하던 이동성 관리를 네트워크 에이전트에서 해줌으로서 단말의 부하를 줄이고 이동성 관리 지연 시간을 줄일 수 있다. 하지만 현재 제안된 PMIPv6 또한 터널링 기법에 기반한 비효율적인 라우팅 경로로 인하여 성능이 저하될 수 있다. 본 논문에서는 PMIPv6 에서 안정되고 향상된 최적화 라우팅 기술이 접목된 빠른 핸드오버 방법인 Fast Proxy Mobile IPv6 (EF-PMIPv6) 제안한다.

• Proceedings of the KIEE Conference
• /
• 2004.11c
• /
• pp.126-128
• /
• 2004

This paper proposes design and implementation for IKE system that is available to IP security communication on IPv6 network. IPsec is a standard for security on network or processing layer of network communication. IPsec consists of step to negotiate security policy and step to negotiate and provide security key material for peer-to-peer security. We use the ISAKMP for negotiating security policy. And we use the IKE for negotiating and providing the key material. The system is based on VxWorks and is tested with Racoon that is a IKE daemon on FreeBSD. In this paper, we propose an implementation method for mobile host providing network communication with IP security.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.549-556
• /
• 2003

In this paper, we describe security policy protocol to provide end-to-end IPSec security service that considers characteristics of NAT-PT. NAT-PT is describing IP address translation and protocol translation for communication on heterogeneous IP network by one of the technology that is proposed by IETF to provide communication between IPv4 and IPv6 network in transitional step to evolve by IPv6 network to IPv4 network. But NAT-PT has the limitation on security one of the essential requirement of Internet. Therefore, we propose the extended security protocol that offers a security policy negotiation that should be achieved for the first time to provide end-to-end IPSec security service that considers NAT-PT in this paper.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.811-813
• /
• 2004

IPv6는 IPv4 기반의 인터넷의 주소고갈과 새로운 부가 기능 등의 필요성 때문에 IETF에서 IPv4를 대체하기 위해 채택 된 프로토콜이다. 하지만 IPv4를 어느 한순간에 IPv6로 대체하는 것은 불가능하기 때문에 기존 IPv4와의 호환 및 연동을 위한 여러 메커니즘이 연구되었다. 그 중 NAT-PT(Network Address Translation-Protocol Translation)는 IPv4/IPv6 헤더 변환기술을 적용한 대표적인 변환 메커니즘이며, IP 패킷을 통과하는 망의 IP버전에 맞게 변환 시켜서 전송하는 방식이다. 그러나 모든 패킷들이 하나의 NAT-PT 노드로 집중되므로 병목현상이 발생하며, 이로 인해 성능저하가 발생한다. 본 논문은 NAT-PT 병목현상을 줄이기 위한 방안으로 DNS-ALG 기반된 서버를 이용하여 다중 NAT-PT를 사용한 방법을 제안한다.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.3 s.35
• /
• pp.249-257
• /
• 2005

In this paper proposed automated attack reaction tool based on IPv6. Currently, much researches are performing focused on application program and standardization for IPv6. But, It is not enough for future IPv6 security. The proposed method detect attacks on IPv6 and conventional IPv4, therefore it is possible to protect personal information using automated reaction method. Usually, IDS just perform detection, therefore damages may be repeated. However, this paper considered the problems described above, and suggested solution for this problems. The proposed algorithm suggested in this paper is simulated on IPv6 network based on Linux. As a simulation result, it is proved that proposed algorithm can detect attacks efficiently.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.93-102
• /
• 2007

A serious problem to fight DDoS attacks is that attackers use incorrect or spoofed IP addresses in the attack packets. Due to the stateless nature of the internet, it is a difficult problem to determine the source of these spoofed IP packets. The most of previous studies to prevent and correspond to DDoS attacks using the traceback mechanism have been accomplished in IPv4 environment. Even though a few studies in IPv6 environment were introduced, those have no detailed mechanism to cope with DDoS attacks. The mechanisms for tracing the origin of attacks in IPv6 networks have so many differences from those of IPv4 networks. In this paper we proposed a lightweight IP traceback mechanism in IPv6 network environment. When marking for traceback is needed, the router can generate Hop-by-Hop option and transmit the marked packet. We measured the performance of this mechanism and at the same time meeting the efficient marking for traceback.