• Title/Summary/Keyword: Packet Security

Search Result 472, Processing Time 0.029 seconds

A Lightweight Packet Filter for Embedded System (임베디드 시스템을 위한 경량의 패킷필터)

  • Lee, Byong-Kwon;Jeon, Joong-Nam
    • The KIPS Transactions:PartC
    • /
    • v.13C no.7 s.110
    • /
    • pp.813-820
    • /
    • 2006
  • The advance of computer and communication technologies enables the embedded systems to be equipped with the network communication interfaces. Their appearance in network leads to security issues on the embedded systems. An easy way to overcome the security problem is to adopt the packet filter that is implemented in the general computer systems. However, general packet filters designed for host computers are not suitable to embedded systems because of their complexity. In this paper, we propose a lightweight packet filter for embedded systems. The lightweight packet filter is implemented in the kernel code. And we have installed a Web-GUI interface for user to easily set the filtering policies at remote space. The experimental results show that the proposed packet filter decreases the packet delivery time compared to the packet filter designed for host computers and it is comparable to the systems without packet filter.

Securing RTP Packets Using Per-Packet Key Exchange for Real-Time Multimedia

  • Jung, Younchan;Festijo, Enrique;Atwood, J. William
    • ETRI Journal
    • /
    • v.35 no.4
    • /
    • pp.726-729
    • /
    • 2013
  • For secure multimedia communications, existing encryption techniques use an online session key for the key exchange, for which key size is limited to less than 10 digits to accommodate the latency condition caused by user devices only being able to handle low computational loads. This condition results in poor security of recorded encrypted data. In this letter, we propose a packet key scheme that encrypts real-time packets using a different key per packet for multimedia applications. Therefore, a key of a relatively small size can provide after-transmission confidentiality to data of a real-time session.

An Analysis of Detection of Malicious Packet Dropping and Detour Scheme in IoT based on IPv6 (IPv6 기반의 사물인터넷 환경에서 악성 노드의 패킷 유실 공격 탐지 및 우회 기법 분석)

  • Choi, Jaewoo;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.3
    • /
    • pp.655-659
    • /
    • 2016
  • In this paper, we propose new detection and detour methods against packet drop attacks for availability in the Internet of Things (IoT) based on the IEEE 802.15.4e and RPL protocol standards that employ IPv6. We consider the rank value of RPL and the consecutive packet drops to improve the detection metrics, and also take into account the use of both sibling and child nodes on a RPL routing path to construct the detour method. Our simulation results show that the proposed detection method is faster than the previous result, and the detour method improves the detour success rate.

Efficient mutual authentication and key distribution protocol for cdma2000 packet data service (cdma2000 패킷 데이터 서비스를 위한 효율적인 상호 인증과 키 분배 프로토콜)

  • 신상욱;류희수
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.2
    • /
    • pp.107-114
    • /
    • 2003
  • In this paper, we propose an efficient mutual authentication and key distribution protocol for cdma2000 packet data service which uses Mobile U access method with DIAMETER AAA(Authentication, Authorization and Accounting) infrastructure. The proposed scheme provides an efficient mutual authentication between MN(Mobile Node) and AAAH(home AAA server), and a secure session-key distribution among Mobile If entities. The proposed protocol improves the efficiency of DIAMETER AAA and satisfies the security requirements for authentication and key distribution protocol. Also, the key distributed by the proposed scheme can be used to generate keys for packet data security over 1xEV-DO wireless interface, in order to avoid a session hijacking attack for 1xEV-DO packet data service.

Lightweight Packet Authentication for Access Control in IEEE 802.11 (IEEE 802.11에서의 접근 제어를 위한 Lightweight 패킷 인증)

  • Lee, Keun-Soon;Kim, Hyo-Jin;Song, Joo-Seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.4
    • /
    • pp.29-38
    • /
    • 2005
  • Because IEEE 802.11 has several security vulnerabilities, IEEE 802.11i was proposed and accepted. But IEEE 802.11i has much overhead for most of users for the web surfing. Besides not only node the authentication but also the packet authentication is needed to communicate. Although IEEE 802.11i uses TKIP(Temporal Key integrity Protocol) and CCMP(CTR with CBC-MAC Protocol), they have a lot of overheads. In this paper, Lightweight Packet Authentication(LIPA) is proposed. LIPA has less overhead and short delay so that it can be affordable for simple web-surfing which does not need stronger security. After comparing performances of LIPA with those of TKIP and CCMP, LIPA is more efficient than other schemes for transmitting packets.

An Improvement of Packet Filtering Functions for Tunneling Based IPv4/IPv6 Transition Mechanisms (터널링 기반 IPv4/IPv6 전이 기법을 위한 패킷 필터링 기능 개선)

  • Lee, Wan-Jik;Heo, Seok-Yeol;Lee, Won-Yeoul;Shin, Bum-Joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.6
    • /
    • pp.77-87
    • /
    • 2007
  • It will need a quite long time to replace IPv4 protocol, which currently used, with IPv6 protocol completely, thus we will use both IPv4 and IPv6 together in the Internet during the period. For coexisting protocols, IETF standardized various IPv4/IPv6 transition mechanisms. However, new security problems of IPsec adaptation and IPv6 packet filtering can be raised by tunneling mechanism which mainly used in transition mechanisms. To resolve these problems, we suggested two improved schemes for packet filtering functions, which consists of an inner header filtering scheme and a dedicated filtering scheme for IPv4/IPv6 transition mechanisms. Also we implemented our proposed schemes based on Linux Netfilter framework, and we tested their filtering functions and evaluated experimental performance of our implementation on IPv4/IPv6 transition testbed. These evaluation tests indicated that our improved packet filtering functions can solve packet filtering problems of IPv4/IPv6 transition mechanisms without severely affecting system performance.

An Efficient Packet Encryption Scheme Based on Security Requirement Level (보안 요구 수준에 근거한 효율적인 패킷 암호화 기법)

  • 노지명;양정민
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.5
    • /
    • pp.153-164
    • /
    • 2004
  • Under a large-scale client-server service environment, e.g., online games, encrypting data for acquiring information security often causes overload to the server and hence degradation of the service itself. Therefore, for reducing encryption payload, it is necessary to use adequately an efficient encryption scheme with respect to the security requirements of transmission data. In this paper, we propose a packet encryption scheme using multiple cryptosystems to realize such capability, which assigns a different cryptosystem according to the security requirements level. The proposed encryption scheme is applicable to internet services with heavy traffic ratios in which different kinds of data packets are incessantly transmitted between clients and servers. To show its effectiveness and superiority, the performance of the proposed encryption scheme is verified by experiments.

A Study on Building an Integration Security System Applying Virtual Clustering (Virtual Clustering 기법을 적용한 Integration Security System 구축에 관한 연구)

  • Seo, Woo-Seok;Park, Dea-Woo;Jun, Moon-Seog
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.2
    • /
    • pp.101-110
    • /
    • 2011
  • Recently, an attack to an application incapacitates the intrusion detection rule, the defense policy for a network and database and induces intrusion incidents. Thus, it is necessary to study integration security to ensure the security of an internal network and database from that attack. This article is about building an integration security system to prevent an attack to an application set with intrusion detection rules. It responds to network-based attack through detection, disperses attack with the internal integration security system through virtual clustering and load balancing, and sets up defense policy for attacking destination packets, analyzes and records attack packets, and updates rules through monitoring and analysis. Moreover, this study establishes defense policy according to attacking types to settle access traffic through virtual machine partition policy and suggests an integration security system applied to prevent attack and tests its defense. The result of this study is expected to provide practical data for integration security defense for hacking attack from outside.

A rerouting-controlled ISL handover protocol for LEO satellite networks

  • Dong, Wei;Wang, Junfeng;Huang, Minhuan;Tang, Jian;Zhou, Hongxia
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.6 no.10
    • /
    • pp.2620-2631
    • /
    • 2012
  • In this paper, a rerouting-controlled ISL (Inter-Satellite link) handover protocol for LEO satellite networks (RCIHP) is proposed. Through topological dynamics and periodic characterization of LEO satellite constellation, the protocol firstly derives the ISL related information such as the moments of ISL handovers and the intervals during which ISLs are closed and cannot be used to forward packet. The information, combined with satellite link load status, is then been utilized during packet forwarding process. The protocol makes a forwarding decision on a per packet basis and only routes packets to living and non-congested satellite links. Thus RCIHP avoids periodic rerouting that occurs in traditional routing protocols and makes it totally unnecessary. Simulation studies show that RCIHP has a good performance in terms of packet dropped possibility and end-to-end delay.

LTE Packet Scheduling with Bandwidth Type Consideration

  • Alotaibi, Sultan
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.4
    • /
    • pp.351-357
    • /
    • 2022
  • LTE (Long-Term Evolution, sometimes known as 4G LTE) is a wireless high-speed data communication technology for mobile phones and data terminals. The Packet Scheduler (PS) is an important component in improving network performance. Physical Resource Blocks (PRBs) are assigned to associated User Equipment by the packet scheduler (UEs). The primary contribution of this study is a comparison of the eNodeB throughput between a suggested method and the Round Robin (RR) Algorithm. The RR Algorithm distributes PRBs among all associated UEs without taking channel circumstances into account. In this research, we present a new scheduling method that takes into account the number of PRBs and associated UEs and produces higher throughput than the RR algorithm.