• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.1087-1090
• /
• 2007

The security issues related to IPv6 protocol have been focused on by many researchers and engineers. Especially, extension headers of IPv6 protocol provide various functionalities such as IP security, mobile IP, and in principle, it is said to give much more effective network services than the previous protocol, IPv4. In this paper, the cases are surveyed in which fragment header, that is one of many extension headers in IPv6 protocol, is abused and made to be the sources of threats. Prevention mechanisms are also surveyed to countermeasure the threats.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10c
• /
• pp.31-33
• /
• 2003

현재 국외에서는 산업계 및 학계를 중심으로 기존의 IPv4와 연동 가능한 IPv6에 대한 연구를 추진하고 있다. 또한 국내에서도 IETF의 표준화 기술을 중심으로 몇몇 기관에서 고정망 중심의 IPv6 전이 메커니즘을 구현하고 있다. 그러나 연동 기술에 대한 연구가 고정망에 중심을 두고 있어 이동망에서의 연동 구조에 대한 연구는 부족한 현실이다. 이와 같이 국내외적으로 IPv6망에서의 이중 스택 구조는 고정망을 기반으로 연구가 진행되고 있지만, 이동 인터넷 환경에서의 전이 메커니즘에 대한 연구는 부족한 실정이다. 따라서 본 논문에서는 이동 인터넷 환경에서의 전이 메커니즘에 대한 시나리오 제안과 요구사항 분석을 하고, 절기서 제안된 메커니즘들 중 6to4에 이동성을 적응했을 때의 성능 측정 결과를 제시한다

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.2
• /
• pp.41-48
• /
• 2004

Access control protocol have verified security of external mobile terminal that access to inner information sever at Ubiquitous ages. In this paper, I would design for If Access Control Protocol of considering operation time when make cipher digital signature. Public key are used Individual identification number that issued from certify communication company, and cipher algorithm are used ECDSA definition factor for generation and verification of digital signature and it used Elliptic Curve with over 160 bit Key. Also, Access control operate on If level that designed IPv6 frame architecture. I would conclude that IP Access Control Protocol have verified security and improved performance in operation time more 4 times than before protocols when through the communication of use cipher digital signature for authentication and verification.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.537-538
• /
• 2009

IPv6 is newly introduced to solve limitations and problems of IPv4 and in IPv6 network, nodes use Neighbor Discovery protocol to discover the subnet prefix and configure its own address. However, Neighbor Discovery is vulnerable to various attacks as it does not have secure mechanism to protect itself. Thus, the Secure Neighbor Discovery has introduced and the main mechanism used in Secure Neighbor Discovery is Cryptographically Generated Address. In this paper, we provide a brief of Cryptographically Generated Address and its limitation in a case where a mobile node moves from one network to another frequently. The proposed scheme resolves this limitation by using the fixed interface identifier.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.1053-1056
• /
• 2006

Mobile IPv6의 바인딩 갱신 메커니즘은 이동 노드가 새로운 링크로 이동하여 처음으로 시행되는 바인딩 갱신과 같은 링크 내에 머물고 있을 때, 혹은 바인딩의 수명으로 인하여 시행되는 바인딩 갱신으로 나눌 수 있다. 하지만 이 모든 과정을 모두 동일한 메커니즘으로 시행하기 때문에 비효율적이다. 이러한 단점을 해결하기 위한 방안으로 티켓 기반의 바인딩 갱신 프로토콜[4]이 제안되었다. 그렇지만 이것은 대응 노드가 고정 노드라는 가정 하에 만들어졌기 때문에 대응 노드가 이동 노드일 경우 바인딩 갱신이 비효율적인 경로를 통해 이루어진다. 이에 본 논문에서는 티켓을 이용하여 첫 번째 바인딩 갱신 이후에 이동 노드와 대응 노드가 홈 에이전트의 도움 없이 바인딩을 갱신하며 대응 노드가 이동성을 갖는 경우에도 효과적으로 해결할 수 있는 프로토콜을 제시한다. 본 논문에서 제안하는 프로토콜은 대응 노드가 이동성을 갖는 경우 기존의 티켓 기반의 바인딩 갱신 프로토콜에 비해 적합하며 대응 노드를 고정 노드로 가정하고 진행된 다른 많은 연구에도 적용될 수 있다.

• Journal of Information Processing Systems
• /
• v.8 no.4
• /
• pp.603-620
• /
• 2012

Proxy Mobile IPv6 (PMIPv6) is a network-based mobility support protocol and it does not require Mobile Nodes (MNs) to be involved in the mobility support signaling. In the case when multiple interfaces are active in an MN simultaneously, each data flow can be dynamically allocated to and redirected between different access networks to adapt to the dynamically changing network status and to balance the workload. Such a flow redistribution control is called "flow mobility". In the existing PMIPv6-based flow mobility support, although the MN's logical interface can solve the well-known problems of flow mobility in a heterogeneous network, some missing procedures, such as an MN-derived flow handover, make PMIPv6-based flow mobility incomplete. In this paper, an enhanced flow mobility support is proposed for actualizing the flow mobility support in PMIPv6. The proposed scheme is also based on the MN's logical interface, which hides the physical interfaces from the network layer and above. As new functional modules, the flow interface manager is placed at the MN's logical interface and the flow binding manager in the Local Mobility Anchor (LMA) is paired with the MN's flow interface manager. They manage the flow bindings, and select the proper access technology to send packets. In this paper, we provide the complete flow mobility procedures which begin with the following three different triggering cases: the MN's new connection/disconnection, the LMA's decision, and the MN's request. Simulation using the ns-3 network simulator is performed to verify the proposed procedures and we show the network throughput variation caused by the network offload using the proposed procedures.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.5
• /
• pp.613-618
• /
• 2023

The advancement of Information and Communication Technology (ICT) is accelerating innovation across society, and the defense sector is no exception as it adopts technologies aligned with the Fourth Industrial Revolution. In particular, the Army is making efforts to establish an advanced Army TIGER 4.0 system, aiming to create highly intelligent and interconnected mobile units. To achieve this, the Army is integrating cutting-edge scientific and technological advancements from the Fourth Industrial Revolution to enhance mobility, networking, and intelligence. However, the existing addressing system, IPv4, has limitations in meeting the exponentially increasing demands for network IP addresses. Consequently, the military considers IPv6 address allocation as an essential process to ensure efficient network management and address space provisioning. This study proposes an approach for IPv6 address allocation for the future military, considering the Army TIGER system. The proposal outlines how the application networks of the Army can be differentiated, and IP addresses can be allocated to future unit structures of the Army, Navy, and Air Force, from the Ministry of National Defense and the Joint Chiefs of Staff. Through this approach, the Army's advanced ground combat system, Army TIGER 4.0, is expected to operate more efficiently in network environments, enhancing overall information exchange and mobility for the future military.

• Journal of Convergence for Information Technology
• /
• v.9 no.6
• /
• pp.13-18
• /
• 2019

This paper proposes efficient and secure two-way authentication protocol for binding update messages between mobile devices and home agents / correspondent nodes in IoT and Mobile IPv6 (MIPv6) environments with limited computing power and resources. Based on the MIPv6 message exchange, the proposed protocol satisfies both the authentication and the public key exchange optimized for both sides of the communication with minimum modification. In the future, we will carry out a performance analysis study by implementing the proposed protocol in detail.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.4
• /
• pp.677-685
• /
• 2012

Recently, wireless multi-networking technology has been studied for supporting multi-interface in mobile node. As the related work, in the IETF NetExt WG, the extension of Proxy Mobile IPv6 protocol for supporting flow mobility is actively on going in discussion. PMIPv6 protocol supports simultaneous access through the multi-interface in a mobile node and inter-technology handover between multiple interfaces. However, this protocol can not support flow mobility. Thus, in this paper, when a mobile node connects to PMIPv6 domain through multi-interface, as a way to support flow mobility, the design of logical interface and Home Network Prefix change scheme based on logical interface are proposed, We show that the proposed scheme can perform flow mobility service without end-to-end disconnection in PMIPv6 domain.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10c
• /
• pp.703-705
• /
• 2003

현재 인터넷 서비스의 근간을 형성하고 있는 IPv4의 가용 주소 공간의 고갈, 보안성의 결여, 그리고 멀티미디어 서비스를 위한 QoS(Quility of Service)의 필요성과 같은 요구사항을 바탕으로 차세대 인터넷 프로토콜(IPv6)로의 전환이 요구되고 있다. 본 연구 목적은 이러한 네트워크상의 이동 인터넷 환경에다 실시간 서비스를 제공할 수 있도록 SIP(Session Initiation Protocol)를 적용하여 통함 된 환경이 이전 보다 안전한 인터넷 정보서비스를 제공할 수 있도록 보안 메커니즘을 적용 하였다. 네트워크 계층과 응용 계층의 이동성 관리 모델의 통합은 전체적인 시그널링 부하를 줄이고 지속적인 통신을 위한 빠른 핸드오프를 제공한다. 즉, 본 연구는 현재 Mobile IPv6 에서 보안상 취약점으로 나타나는 문제점 및 SIP 보안 고려사항 및 이동성을 해결하기 위해 제안되는 해결방안들을 분석하고 적합한 보안 메커니즘 적용 방안을 제안 하였다.