• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.901-904
• /
• 2011

SaaS 환경에서는 다수의 사용자가 동일한 어플리케이션을 이용하게 되므로 사용자에 따라 특정 자원 혹은 기능에 대한 접근을 제어하는 보안 기능의 중요성이 더욱 부각되고 있다. 이러한 기능을 갖춘 SaaS 플랫폼의 중요성과 그 가치는 매우 크다 할 수 있으나 국내에서는 이에 대한 많은 연구가 보이지 않고 있다. 본 논문에서는 계층적 그룹 구조, 접속 시간 IP 주소 MAC ID 등에 따른 역할 부여 등 풍부한 기능을 제공하는 SaaS 플랫폼을 위한 사용자 권한 관리 시스템을 설계한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2021.07a
• /
• pp.257-260
• /
• 2021

본 논문에서는 IEEE 802.11 규격을 사용하는 Wi-Fi 망이 구축된 환경에서 기기와 AP 간에 주고받는 Proberequest 신호를 수집하여 이때 감지된 디바이스의 수를 사용하여 공간 상에 머무르고 있는 사람의 수를 추정하는 방법으로 해당 공간의 혼잡도를 제공하는 것을 목표로 한다. 신호에 포함되어 있는 MAC 주소를 활용하여 디바이스를 구별한 후, 서버로 디바이스 수 집계를 전달하는 비콘이 사람 수를 도출한다. 혼잡도와 평균치 등의 정보를 웹 사이트를 통해 제공하기 위해 서버에 정보를 저장한다. 제안된 방법을 교내 3곳에 적용한 결과,성공적으로 혼잡도를 계산, 웹 사이트를 통해 학생들에게 실시간으로 제공할 수 있었다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.381-382
• /
• 2024

Open RAN(Radio Access Network)을 선도적으로 연구하고 있는 O-RAN Alliance에서는 Open RAN의 E2 인터페이스에서 발생 가능한 보안 위협 중 하나로 MitM(Man-in-the-Middle) 공격을 명시하였다. 그러나 이에 대응하기 위한 보안 요구사항으로는 3계층 보안 프로토콜인 IPsec 사용을 명시하고 있으며, 2계층 공격인 ARP(Address Resolution Protocol) 스푸핑에 대한 요구사항은 명시하고 있지 않다. 따라서 본 논문에서는 MitM 공격 중 하나인 ARP 스푸핑으로부터 E2 인터페이스를 보호하기 위해, Near-RT RIC의 ARP 테이블에서 E2 인터페이스로 연결되는 장비에 대한 MAC 주소를 정적으로 설정할 수 있는 xApp을 제안한다.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.1
• /
• pp.58-68
• /
• 2010

In this paper, we propose an efficient link protection switching scheme for provider backbone bridge systems with a spanning tree for backup links exclusively, and evaluate its performance. The proposed scheme offers guaranteed QoS flows even when a link fault occurrs in the primary link by flooding the flows over the profiled spanning tree. The flooding mechanism over the spanning tree can also provide low latency and remove the loopback flows. We also derive the efficiency of bandwidth usage for the normal flows and the number of lost frames during the link restoration. For evaluating its feasibility, we implement a prototype of PBB-TE systems based on the Linux bridge codes, which can support both link protection switching capability with CCM and MAC-in-MAC encapsulation. A related protocol analyzer is also developed. One can see that the proposed scheme and the prototype can be useful for developing carrier class Ethernet systems based on PBB-TE.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.5
• /
• pp.1122-1127
• /
• 2014

WLAN is affordability, flexibility, and ease of installation, use the smart device due to the dissemination and the AP (Access Point) to the simplification of the Office building, store, at school. Wi-Fi radio waves because it uses the medium of air transport to reach areas where security threats are always exposed to illegal AP installation, policy violations AP, packet monitoring, AP illegal access, external and service access, wireless network sharing, MAC address, such as a new security threat to steal. In this paper, signature-based of wireless intrusion detection system for Snort to suggest how to develop. The public can use hacking tools and conduct a mock hacking, Snort detects an attack of hacking tools to verify from experimental verification of the suitability of the thesis throughout.

• Journal of KIISE:Information Networking
• /
• v.34 no.1
• /
• pp.48-61
• /
• 2007

WiBro (Wireless Broadband) service, developed in Korea, can provide the host mobility while its users hang around within the subnet. Next-generation Internet protocols, IPv6 and Mobile IPv6 (MIPv6), provide a plenty of addresses to the nodes and enable the handover between different subnets. However, MIPv6 is not enough to support a real time service such as VoIP (Voice over IP) due to the long latency, and it is necessary to develop an enhanced handover mechanism which is optimized to the WiBro networks. In this paper, we suggest an improved fast handover mechanism while the mobile node moves around WiBro networks. The proposal is based on Fast Mobile IPv6 (FMIPv6) which is the representative protocol for fast handover, and reduces the handover latency by the close interaction between the link layer (WiBro MAC) and IP layer (FMIPv6). Finally, we analyze the performance of proposed mechanism through the mathematical analysis.

• Journal of KIISE:Computer Systems and Theory
• /
• v.27 no.3
• /
• pp.345-351
• /
• 2000

This paper presents a right management scheme using secret splitting protocol. Right management schemes combat piracy of proprietary data (such as digital music). In these schemes, encryption has been used and it is essential to protect the keys used in encryption. We introduce a new key protection method in which a secret encryption key is generated using both user's hardware-dependent unique information (such as MAC address) and cryptographically secure random bit strings provided by data owner. This scheme prevents piracy by checking hardware-dependent information during rendering and improves the secrecy of the data by individualizing the encryption key for each data.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.1
• /
• pp.61-71
• /
• 2017

ARP Spoofing is a basic and core hacking technology for almost all sniffing. It makes change the flow of packets by faking the 2nd layer MAC address. In this paper we suggested an efficient hacking technology for sniffing remote servers in the switched network environment. The suggested 'Faked ARP Reply Unicast Spoofing' makes the bidirectional packets sniffing possible between the client and server, and it makes simplify the procedures for ARP sniffing and hacking program. In this paper we researched the network hacking and implementation technologies based on the suggested ARP spoofing. And we researched various types of servers hacking such as Root ID and PW of Telnet/FTP server, Root ID and PW of MySQL DB server, ID and PW of Web Portal Server, and account information and transaction history of Web Banking Server. And also we researched the implementation techniques of core hacking programs for the ARP Spoofing.

• Journal of KIISE:Computing Practices and Letters
• /
• v.11 no.1
• /
• pp.92-99
• /
• 2005

In this paper, we present a high-level design methodology applied on a network system-on-a-chip(SOC) using SystemC. The main target of our approach is to get optimum performance parameters for high network address translation(NAT) throughput. The Fast Ethernet media access controller(MAC) and its direct memory access(DMA) controller are modeled with SystemC in transaction level. They are calibrated through the cycle-based measurement of the operation of the real Verilog register transfer language(RTL). The NAT throughput of the model is within $\pm$10% error compared to the output of the real evaluation board. Simulation speed of the model is more than 100 times laster than the RTL. The validated models are used for intensive architecture exploration to find the performance bottleneck in the NAT router.

• Journal of Convergence for Information Technology
• /
• v.7 no.2
• /
• pp.1-9
• /
• 2017

Recently, the DDoS attack using the amplifier method makes it difficult to distinguish the normal traffic from the normal server and it is difficult to detect even the attack detection. Since the SSDP protocol is a common protocol widely used in IoT devices, it is used as a DDoS amplification attack. In this paper, we analyze the reflector attack of SSDP which is one of the DDoS and suggest a technical proposal to detect and defend against the attack by managing the Mac address of each device. Also, we propose a control structure to protect the reflection attack of SSDP in Home IoT. The efficiency of the proposed system has been verified by performing an experimental attack on the virtual environment.