• Proceedings of the Korean Information Science Society Conference
• /
• 2006.06d
• /
• pp.166-168
• /
• 2006

IP 주소 공유 기술인 FSL3/4는 IP 패킷의 헤더나 페이로드의 수정없이 단지 패킷 헤더 참조에 의해 로컬 네트워크의 호스트들에게 인터넷 풀 액세스 및 종단간 IPSEC 세션을 지원한다. 그러나 FSL3/4는 사용자 인터페이스를 제공하지 않으며 커널에 적재할 수 있는 모듈의 형태로만 존재하기 때문에 사용자 접근이 용이하지 않고, 추가적인 기능을 위해서는 커널 소스를 직접 수정해야 하는 불편함이 있다. 본 논문에서는 이런 문제점을 보완하고 FSL3/4 기능 확장을 립게 하는 Netfilter를 설계하고 구현하였다.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.3
• /
• pp.183-188
• /
• 2004

In the course of Internet proliferation. many network-related technologies are examined for possible growth and evolution. The use of Internet-based technologies in private networks has further fuelled the demand for network-based applications. The most Promising among the new paradigms is use of mobile agents. It also however, suffers from a major drawback, namely the potential for malicious attacks, abuse of resources pilfering of information, and other security issues. These issues are significantly hampering the acceptance of the mobile-agent paradigm. This paper proposed the design of strong and safe mobile agent gateway that split and merge the agent code with security policy database. This mechanism will promote the security in mobile agent systems and mobile agent itself.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06d
• /
• pp.62-65
• /
• 2008

Mobile IPv6에서 단말이 이동을 하게 되면 경로 최적화를 위한 바인딩 업데이트를 하게 된다. 안전한 바인딩 업데이트를 위해 RFC 3775에서 Return Routability가 제안 되었다. 그러나 Return Routability는 MN과 HA 사이에는 IPSec으로 Secure Path를 보장 받지만, MN과 CN 사이에는 바인딩 업데이트 과정에 공격자가 개입할 경우 다양한 공격에 노출될 수 있다. 이에 본 논문에서는CN도 MN과 같이 HA와 Secure Channel을 보유한 이동 단말일 경우, 각 HA 사이에 커버로스 서버를 이용한 키 분배를 통해 바인딩 업데이트 메시지가 전달되는 전 구간에 걸쳐 안전한 경로를 확보하는 아키텍쳐를 제안한다.

• Annual Conference of KIPS
• /
• 2003.05c
• /
• pp.2109-2112
• /
• 2003

Diameter-MIPV4 프로토콜은 기존 Mobile IP(MIP)의 취약한 키 분배 문제를 해결하고 이동노드에 대해 인증 및 권한 검증, 과금 서비스 등을 지원함으로써 보다 개선된 보안 메커니즘을 제안하고 있다. 그러나 흠 망의 Diameter 서버에 의해 인증 및 등록이 수행된 후 공중망을 통해서 이동노드에게 세션키를 분배하는 것은 많은 보안상 공격에 노출될 수 있으며 원격지 도메인간의 빈번한 등록 메시지 교환은 통신 지연을 야기 시킬 수 있다. 본 논문에서는 안전한 세션키 분배를 위해서, 이동 노드의 등록 수행 과정 중 홈 망과 방문 망 사이에 IPsec(IP security) 터널을 구축함으로써 공중망에서의 세션키 유출 위협을 감소시켰다. 또한 네트워크의 계층성과 Micro-Mobility MIP 메커니즘을 이용하여 동일 도메인 내에서의 핸드오프 시 이동 노드의 인증 및 등록, 세션키 분배를 지역화 함으로써 통신 지연 문제를 효율적으로 개선하였다.

• Journal of KIISE:Information Networking
• /
• v.34 no.1
• /
• pp.41-47
• /
• 2007

The Hierarchical Mobile IPv6 (HMIPv6) has been proposed to accommodate frequent mobility of the Mobile Node and to reduce the signaling load. A Mobility Anchor Point is a router located in a network visited by the Mobile Node. The Mobile Node uses the Mobile Anchor Point as a local Home Agent. The absence of any protections between Mobile Node and Mobile Anchor Point may lead to malicious Mobile Nodes impersonating other legitimate ones or impersonating a Mobile Anchor Point. In this paper, we propose a mechanism of the secure Mobile Anther Point discovery in HMIPv6. The performance analysis and the numerical results presented in this paper show that our proposal has superior performance to other methods.

• Journal of Digital Convergence
• /
• v.11 no.3
• /
• pp.279-284
• /
• 2013

Wireless access network section needs strong security which supports high data rate and mobility not to invade patient's privacy by exposing patient's sensitive biometric from automatic implantable device that is adapted to u-healthcare service. This paper builds test bed and performs assessment and measurement of security ability of WiMAX network to transmit and receive mobile patient's biometric by building WiMAX network in wireless access network not to expose paitne's biometirc at wireless access network section to the third person. Specially, this paper compares and assesses data security, MAC control message security, handover conection delay, and frame loss and bandwidth of ECDH at the layer of WiMAX security compliance, WiMAX MAC IPSec, and MAC.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.3
• /
• pp.654-660
• /
• 2004

In this paper, we define that pervasive home network, which provides necessary services for user properties and removes distractions to improve the quality of human life. So, user can enjoy home network technology including devices and softwares at any place with no knowledge of networked home, devices, and softwares. In this home network, a mobile agent, called LAFA, can migrate to unfamiliar home network and control the necessary devices. For this environment, we design security management module for authenticating user and home server that access some other home networks, and for protecting text, multimedia data, and mobile agent that are transferred between home networks. The security management module is composed of a key exchange management module and an access control management module, for key exchange management module, we propose a key exchange protocol, which provides multimode of authentication mode and key exchange mode. One of these two modes is selected according to the data type.

• Journal of Convergence for Information Technology
• /
• v.9 no.6
• /
• pp.13-18
• /
• 2019

This paper proposes efficient and secure two-way authentication protocol for binding update messages between mobile devices and home agents / correspondent nodes in IoT and Mobile IPv6 (MIPv6) environments with limited computing power and resources. Based on the MIPv6 message exchange, the proposed protocol satisfies both the authentication and the public key exchange optimized for both sides of the communication with minimum modification. In the future, we will carry out a performance analysis study by implementing the proposed protocol in detail.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.3
• /
• pp.3-12
• /
• 2001

In this course of Internet proliferation, many network-related technologies are examined for possible growth and evolution. The use of Internet-based technologies is private networks has further fuelled the demand for network-based applications. The most promising among the new paradigms is the use of mobile agents. The mobile agent is capable of migrating autonomously form node to node in the network, to perform some computations on behalf of the user. The mobile agent paradigm is attractive alternative to traditional client-server programming for a significant class of network-centric applications. It does however, suffer. from a major drawback namely, the potential for malicious attacks, abuse of resources, pilfering of information, and other security issues. These issues are significantly hampering the acceptance of the mobile-agent paradigm. This paper describes the design of a secure mobile agent gateway 7hat can split and merge the agent code with security policy database on the VPN. This mechanism will promote security in the mobile agent systems.

• Annual Conference of KIPS
• /
• 2003.05b
• /
• pp.1389-1392
• /
• 2003

최근 초고속인터넷의 급속한 확장과 무선 핫스팟(Hotspot)의 등장은 인터넷을 컴퓨터 통신의 중심에 두게 되었다. 이는 다양한 컴퓨터 통신의 매체들이 인터넷으로 통합되는 것을 의미하며 이러한 통합은 통신망의 물리적, 논리적인 구조에 많은 영향을 미치게 되었다. 본 논문은 Mobile IPv6와 VPN이 상호 연동하는 시나리오에서 발생되는 문제들을 추적한다. 끊김 없는 이동성을 제공하기 위해 제시된 솔루션을 분석하여, VPN 게이트웨이와 연동하는 GHA(Gateway Home Agent)의 하드웨어적인 구현을 제안하며 IPSec Based VPN이 아닌 환경과 새로이 제안된 내용들을 추가하여 성능분석이 가능한 테스트 베드의 구축을 제안한다.