• Journal of Communications and Networks
• /
• v.8 no.4
• /
• pp.378-390
• /
• 2006

Many distributed applications build overlays on top of the Internet. Several unsolved issues at the network layer can explain this trend to implement network services such as multicast, mobility, and security at the application layer. On one hand, overlays creating basic topologies are usually limited in flexibility and scalability. On the other hand, overlays creating complex topologies require some form of application level addressing, routing, and naming mechanisms. Our aim is to design an efficient and robust addressing, routing, and naming infrastructure for these complex overlays. Our only assumption is that they are deployed over the Internet topology. Applications that use our middleware will be relieved from managing their own overlay topologies. Our infrastructure is based on the separation of the naming and the addressing planes and provides a convergence plane for the current heterogeneous Internet environment. To implement this property, we have designed a scalable distributed k-resilient name to address binding system. This paper describes the design of our overlay infrastructure and presents performance results concerning its routing scalability, its path inflation efficiency and its resilience to network dynamics.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.7C
• /
• pp.584-591
• /
• 2012

Distributing a Certificate Revocation List (CRL) quickly to all vehicles in the system requires a very large number of road side units (RSUs) to be deployed. In reality, initial deployment stage of vehicle networks would be characterized by limited infrastructure as a result in very limited vehicle to infrastructure communication. However, every vehicle wants the most recent CRLs to protect itself from malicious users and malfunctioning equipments, as well as to increase the overall security of the vehicle networks. To address this challenge, we design and implement a nomadic device based CRL acquisition method using nomadic device's communication capability with cellular networks. When a vehicle could not directly communicate with nearby RSUs, the nomadic device acts as a security mediator to perform vehicle's security functions continuously through cellular networks. Therefore, even if RSUs are not deployed or sparsely deployed, vehicle's security threats could be minimized by receiving the most recent CRLs in a reasonable time.

• Journal of Digital Contents Society
• /
• v.9 no.1
• /
• pp.33-39
• /
• 2008

Mobile Ad Hoc Network is easy to be attacked because nodes are distributed not network based infrastructure. Intrusion detection system perceives the trust values of neighboring nodes and receives inspection on local security of nodes and observation ability. This study applied clustering mechanism to reduce overhead in intrusion detection. And, in order to measure the trust values, it associates the trust information cluster head received from member nodes with its own value and evaluates the trust of neighboring nodes. Secure data transmission is received by proposed concept because the trust of nodes on network is achieved accurately.

• KEPCO Journal on Electric Power and Energy
• /
• v.3 no.2
• /
• pp.73-78
• /
• 2017

Recently, a number of foreign electric power companies including domestic Korea Electric Power Corporation (KEPCO) have actively engaged in the construction of a power grid with the concept of a smart grid. The Smart grid is a technology that increases the efficiency of the power by converging the information network with the power grid. It can maximize the energy efficiency through the two-way communication between the utility and the consumer. However, as the power grid converges with the information and communication network, security threats are increasing more than existing power grids. Due to the nature of the power grid, the damage caused by security threats is not only personal privacy but also economic loss of society. So smart grid becomes the target of hackers. In this paper, we discuss security vulnerabilities of Advanced Metering Infrastructure (AMI), which is a core technology of smart grid construction, and the corresponding security technologies to prevent security damage of smart grid.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.747-749
• /
• 2017

To protect financial services against danger of financial accidents and customer information leakage caused by malware, injection attack and so on, Financial Services Commission announced "Financial Networks Security Enhancement Comprehensive Plan", which suggests the guideline of protecting customer information and providing secure financial services by separating network topology and then makes the financial company use network partitioning system. In consequence of this policy, financial companies respectively chose between the physical partitioning mechanism or the logical partitioning mechanism according to their IT environment. This paper suggests an efficient infrastructure configuration plan for making the logical network partition, by comparison of a construction of traditional general equipment and an integrated HCI(Hyper Converged Infrastructure) through 'Hyper Converged' which is one of virualization techniques for developing currently, and the case study of the integrated HCI method.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.153-161
• /
• 2020

Due to the recent development of the 4th industrial revolution, Smart Factories that organically link various technologies such as AI, IoT, Cloud, and Big Data are increasing. Based on this, in the industrial environment where the internal process is controlled automatically, high availability should be secured against the loss caused when the internal process of the Smart Factory is stopped due to the determinism and malicious attack necessary to control the device such as PLC. The research and analysis of industrial network equipment and security equipment used in various industries can improve the efficiency and usability of industrial control systems in national infrastructure and can provide important feedback to build related infrastructure. Therefore, we compared industrial network equipment and security equipment in this paper in a variety of ways and expect to be used as a roadmap for developing technologies for industrial network equipment and industrial security equipment based on the results of this paper.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.87-97
• /
• 2009

Internet network routing system is used to prevent spread and distribution of malicious data traffic. This study is based on analysis of diagnostic weakness structure in the network security domain. We propose an improved integrated multi-level protection domain for in the internal route of groupware. This paper's protection domain is designed to handle the malicious data traffic in the groupware and finally leads to lighten the load of data traffic and improve network security in the groupware. Infrastructure of protection domain is transformed into five-stage blocking domain from two or three-stage blocking. Filtering and protections are executed for the entire server at the gateway level and internet traffic route ensures differentiated protection by dividing into five-stage. Five-stage multi-level network security domain's malicious data traffic protection performance is better than former one. In this paper, we use a trust evaluation metric for measuring the security domain's performance and suggested algorithm.

• Journal of Advanced Navigation Technology
• /
• v.16 no.6
• /
• pp.1014-1023
• /
• 2012

Recently with improvement of SMART Grid, AMI network security has been affecting the environment for Electric information and communication. The system and communication protection consists of steps taken to protect the AMI components and the communication links between system components from cyber intrusions. The addition of two way communications between SUN and HAN introduces additional risk for unauthorized access to the AMI system. In this paper, we propose new AMI device authentication infrastructure, key establishment and security algorithm based on public key encryption to solve AMI network security problems.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.87-101
• /
• 2017

As people increasingly rely on mobile networks in modern society, mobile communication security is becoming more and more important. In the Long Term Evolution/System Architecture Evolution (LTE/SAE) architecture, the 3rd Generation Partnership (3GPP) team has also developed the improved Evolved Packet System Authentication and Key Agreement (EPS AKA) protocol based on the 3rd Generation Authentication and Key Agreement (3G AKA) protocol in order to provide mutual authentication and secure communication between the user and the network. Unfortunately, the EPS AKA also has several vulnerabilities such as sending the International Mobile Subscriber Identity (IMSI) in plain text (which leads to disclosure of user identity and further causes location and tracing of the user, Mobility Management Entity (MME) attack), man-in-middle attack, etc. Hence, in this paper, we analyze the EPS AKA protocol and point out its deficiencies and then propose an Efficient and Security Enhanced Authentication and Key agreement (ESE-EPS AKA) protocol based on hybrid of Dynamic Pseudonym Mechanism (DPM) and Public Key Infrastructure (PKI) retaining the original framework and the infrastructure of the LTE network. Then, our evaluation proves that the proposed new ESE-EPS AKA protocol is relatively more efficient, secure and satisfies some of the security requirements such as confidentiality, integrity and authentication.

• Electronics and Telecommunications Trends
• /
• v.32 no.6
• /
• pp.73-82
• /
• 2017

Moving Target Defense(MTD) is a novel security technology concept in which the IT infrastructure changes its form actively and prevents various types of cyber attacks. Network address moving technology is the field that has been most actively researched in terms of MTD. A number of studies on network address moving published over the last decade have suggested a virtual address-based network address moving technology for efficiency in the implementation. However, virtual address-based network address moving technology has serious vulnerabilities in terms of security and availability. This paper examines the technological characteristics of the existing studies and analyzes their limitations. It suggests security requirements to be considered when designing the network address moving technology through a technological analysis.