• Journal of Advanced Marine Engineering and Technology
• /
• v.38 no.4
• /
• pp.430-436
• /
• 2014

This paper relates to the study about the street security light management system. The purpose of the wireless remote management system is to manage street security lights efficiently. The system is composed of three components like light controller, CDMA gateway and web based remote management server. The zigbee solution is adopted to make local wireless network between street security lights. The CDMA network is used for the wireless communication between street security light controller and the remote control center. The gateway to interconnect zigbee network and CDMA was designed with low power 32 bits Cortex M3 micro-controller. For the data communication between the management server and the gateway, SMS and socket based TCP streaming is used. The management server sends SMS to the gateway to deliver light control and management requests, and the gateway replies with the light controllers report via TCP streaming. By using both SMS and TCP streaming communication, it was verified that simple cost effective management is possible for street security lights. We tried real test for 95 street security lights in real environment during two months and analyzed the practical possibility for mass supply.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1315-1324
• /
• 2012

Security visualization is a form of the data visualization techniques in the field of network security by using security-related events so that it is quickly and easily to understand network traffic flow and security situation. In particular, the security visualization that detects the abnormal situation of network visualizing connections between two endpoints is a novel approach to detect unknown attack patterns and to reduce monitoring overhead in packets monitoring technique. However, the session-based visualization doesn't notice a difference between normal traffic and attacks that they are composed of similar connection pattern. Therefore, in this paper, we propose an efficient session-based visualization method for analyzing and detecting between normal server activities and attacks by using the IP address splitting and port attributes analysis. The proposed method can actually be used to detect and analyze the network security with the existing security tools because there is no dependence on other security monitoring methods. And also, it is helpful for network administrator to rapidly analyze the security status of managed network.

• Convergence Security Journal
• /
• v.3 no.3
• /
• pp.1-6
• /
• 2003

The IPv6 was suggested as an ultimate solution of problems that IPv4 protocol maintains limitations to apply to new technology of data service and the lack of IPv4 address space. So it is expected to transfer IPv4 to IPv6 gradually. In the Ipv6 environment, it is easier to apply security policies and transmits a secure packet applied the security policies, with the content in the Header itself. By this reason, this paper describes about the implementation of DHCPv6 server to perform a connection of IPv6 network and IPv4 network, and the application of secure packet with the security policies for clients. Further, it performs the process of the massages inside the DHCPv6 server to be used in the IPv6 environment in the future.

• Journal of Korea Multimedia Society
• /
• v.7 no.12
• /
• pp.1719-1728
• /
• 2004

The fusion of Internet technology and applications with wireless communication provides a new business model and promises to extend the possibilities of commerce to what is popularly called mobile commerce, or m-commerce. In mobile Internet banking service through wireless local area network, security is a most important factor to consider. We describe the development of security service for mobile Internet banking on Personal Digital Assistants (PDAs). Banking Server and Authentication Server were developed to simulate banking business and to support certificate management of authorized clients, respectively. To increase security, we took hybrid approach in implementation: symmetric block encryption and public-key encryption. Hash function and random number generation were exploited to generate a secret key. The data regarding banking service were encrypted with symmetric block encryption, RC4, and the random number sequence was done with public-key encryption. PDAs communicate through IEEE 802.IIb wireless LAN (Local Area Network) to access banking service. Several banking services and graphic user interfaces, which emulatedthe services of real bank, were developed to verity the working of each security service in PDA, the Banking Server, and the Authentication Server.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.4
• /
• pp.47-60
• /
• 2015

In this paper, we propose a simple and useful method using a port role to visualize the network attacks. The port role defines the behavior of the port from the source and destination port number of network session. Based on the port role, the port provides the brief security features of each node as an attacker, a victim, a server, and a normal host. We have automatically classified and identified the type of node based on the port role and security features. We detected and visualized the network attacks using these features of the node by the port role. In addition, we are intended to solve the problems with existing visualization technologies which are the reflection problem caused an undirected network session and the problem caused decreasing of distinct appearance when occurs a large amount of the sessions. The proposed method monitors anomalies occurring in an entire network and displays detailed information of the attacker, victim, server, and hosts. In addition, by providing a categorized analysis of network attacks, this method can more precisely detect and distinguish them from normal sessions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1317-1330
• /
• 2017

To collect server information and construct network map enable us to prevent security breach, prepare for national cyber warfare and make effective policies. In this paper, we analyze well-known network scanners, Nmap and ZMap, and construct network map using banner grabbing. We use multiple threads in order to increase scanning speed and arrange IP lists by specific order to reduce the load on information gathering targets. Also, we applied performance tests to compare the real-time banner grabbing tool with the existing network scanners. As a result, we gathered server information from domestic and overseas servers and derived a risk index based on the collected database. Although there are slight differences among countries, we can identify the risky situation that many users in every country are exposed to several security breaches.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.1035-1038
• /
• 2005

This paper describes the designs and the implementations of two H/W IPSec Systems, look-aside and inline, on TOE (Transport Offloading Engine). These systems aim for guaranteeing the security of datagram networks while preserving the bandwidth of gigabit networks. The TOE offloads a host CPU from network burdens, so that it makes the gigabit wire speed possible, and then deeper level security architecture of the IPSec guarantees the security of gigabit service network dominated by datagram packets. The focus of this paper is to minimize the TOE's performance degradation caused by the computation-oriented IPSec. The look-aside IPSec system provides a significant improvement in the CPU offload of the IPSec cryptography loads. However, the inline system completely offloads the host CPU from whole IPSec loads, providing significant additional cost saving compared to the look-aside system. In this paper, the implementations of TOE cards including commercial IPSec processors are presented. As the result of performance evaluation with the protocol analyzer, we can get the fact that the inline IPSec system is 8 times faster than the S/W system and 2 times faster than the look-aside system.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.565-572
• /
• 2001

Recently, due to the open architecture of the internet and wide spread of internet users, the cyber terror threatens to the network\`s weak point are tending grow. Until now, information security solutions are passive on security host and particular security system. This passive information security solution is weak from the attacks through the networks connected worldwide internet systems, and has limitation on the defense against cyber terror attacks. Therefore, network level integrated security function must be provided. In this paper, we consider technology limitations on the information security problems and its environment. Then we present the architecture and functions of policy-based information security services for network level active information security function. This paper also includes design of target system, which provide information security services. Finally, we discuss network level system deployment direction and discuss with Network Security Simulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.289-299
• /
• 2024

Blockchains are not efficient for real-time processing because the growing number of transactions and users delays many computations and network communications. This study proposes a cloud proxy server, so that legitimate users can use blockchain as well as reduce network latency. To proceed with a blockchain transaction, the blockchain copy server verifies all transaction-related data, but the cloud proxy server verifies legitimate users with a simple zero-knowledge proof algorithm, enabling efficient blockchain real-time processing. The cloud proxy server can support blockchain anonymity, security, and scalability that can verify legitimate users with the proposed zero-knowledge proof by receiving the registered key pair of the blockchain user. In the proposed research analysis, blockchain-based cloud proxy server reduces network latency compared to previous studies and key processing on cloud proxy servers reduces the cost of key computation compared to previous studies.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.53-60
• /
• 2004

We describe CHAP authentication for roaming service method of visited ISP subscriber on GPRS network. We also illustrate how visited mobile ISP subscriber can access ISP server and authenticate RADIUS in home network via Gateway GPRS Support Node (GGSN) on GPRS/UMTS network for wireless internet service and roaming. For this we propose the modified CHAP message format, PCO Message format at MT, and interworking message and format between GGSN and RADIUS in home ISP network for wireless internet service of mobile ISP subscriber at GPRS network in this paper. We also show authentication results when visited mobile ISP subscriber via CHAP at GPRS network accesses the RADIUS server in home ISP network.