• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.9 s.351
• /
• pp.60-68
• /
• 2006

Using the wireless communication among unacquainted vehicles, an intelligent vehicle safety system can be constructed to exchange vehicle safety-related information, such as urgency stop, traffic accident and road obstacles. In the majority of vehicle safety applications, vehicle safety messages are propagated in the form of broadcast. However, this approach causes some effectiveness and performance problems with massive radio collision, multi-hop propagation. This paper presents a priority based relay node selection method for propagating vehicle safety messages of traffic accident protection system. With this method, vehicle safety messages are relayed by a node that locates in proper distance out of the nodes that are included in the radio transmission range. By decreasing the number of duplicated messages, the packet overhead is lessened while the communication performance is raised. The proposed method was proven to be better than other schemes through network simulations.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.6
• /
• pp.83-89
• /
• 2012

This paper proposes the design of a security-enhanced RFID authentication protocol which meets the privacy protection for tag bearers. The protocol which uses AES(Advanced Encryption Standard) cipher algorithm is based on a three-way challenge response authentication scheme. In addition, three different types of protocol packet formats are also presented by extending the ISO/IEC 18000-3 standard for realizing the security-enhanced authentication mechanism in RFID system environment. Through the comparison of security, it was shown that the proposed scheme has better performance in user data confidentiality, Man-in-the-middle replay attack, and replay attack, and forgery resistance, compared with conventional some protocols. In order to validate the proposed protocol, a digital Codec of RFID tag is also designed based on the protocol. This Codec has been described in Verilog HDL and also synthesized using Xilinx Virtex XCV400E device.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.227-230
• /
• 2013

Financial transactions using a mobile terminal and the Internet is activated, it is a stock exchange enabled using mobile devices and the Internet. Koscom in charge of IT operations of securities transaction-related in (securities ISAC), to analyze the vulnerability of information security related to securities transactions, which corresponds to running the integrated security control system. Online stock trading is a subject to the Personal Information Protection Act, electronic systems of related, has been designated as the main information and communication infrastructure to, damage financial carelessness of the user, such as by hacking is expected to are. As a result, research on the key vulnerabilities of information security fields related to securities business cancer decoding of the Securities and Exchange packet, through the analysis of security events and integrated security control is needed.

• The Journal of the Korea Contents Association
• /
• v.6 no.12
• /
• pp.29-39
• /
• 2006

With the increasing popularity of the wireless network, the vulnerability issue on IEEE 802.1x Wireless Local Area Network (WLAN) are more serious than we expected. Security issues range from mis-configured wireless Access Point(AP) such as session hijacking to Denial of Service(DoS) attack. We propose a new system based on intrusion detection or prevention mechanism to protect the wireless network against these attacks. The proposed system has a security solution on AP that includes an intrusion detection and protection system(IDS/IPS) as an embedded module. In this paper, we suggest integrated wireless IDS/IPS module on AP with wireless traffic monitoring, analysis and packet filtering module against malicious wireless attacks. We also present that the system provides both enhanced security and performance such as on the university wireless campus network.

• Journal of Internet Computing and Services
• /
• v.9 no.4
• /
• pp.85-96
• /
• 2008

An authentication procedure on wired and wireless network will be done based on the registration and management process storing both the user's IP address and client device's MAC address information. However, existent MAC address registration/administration mechanisms were weak in MAC Spoofing attack as the attacker can change his/her own MAC address to client's MAC address. Therefore, an advanced mechanism should be proposed to protect the MAC address spoofing attack. But, existing techniques sequentially compare a sequence number on packet with previous one to distinguish the alteration and modification of MAC address. However, they are not sufficient to actively detect and protect the wireless MAC spoofing attack. In this paper, both AirSensor and AP are used in wireless network for collecting the MAC address on wireless packets. And then proposed module is used for detecting and protecting MAC spoofing attack in real time based on MAC Address Lookup table. The proposed mechanism provides enhanced detection/protection performance and it also provides a real time correspondence mechanism on wireless MAC spoofing attack with minimum delay.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.1
• /
• pp.107-114
• /
• 2011

Today the company adopts to use information management method at the network base such as internet, intranet and so on for the speed of business. Therefore the security of information asset protection and continuity of business within company in relation to this is directly connected to the credibility of the company. This paper secures continuity to the certified users using queuing model for the business interruption issue caused by DDoS attack which is faced seriously today. To do this I have reflected overloaded traffic improvement process to the queuing model through the analysis of related traffic information and packet when there occurs DDoS attack with worm/virus. And through experiment I compared and analyzed traffic loading improvement for general network equipment.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2003.05a
• /
• pp.8-13
• /
• 2003

Historically, IP-based internets have been able to provide a simple best-effort delivery service to all applications they carry. Best effort treats all packets equally, with no service level, packet loss, and delay. But the needs of users have changed. The want to use the new real-time, multimedia, and multicasting applications. Thus, there is a strong need to be able to support a variety of traffic with a variety of quality-of-service requirements. The DiffServ architecture, proposed by the Internet Engineering Task Force(IETF), has become the most viable solution for provising QoS over IP networks. The DiffServ architecture does not specify any handling method between AF out-profile packets and BE packets. This paper propose a mechanism for supporting inter class fairness in the DiffServ architecture. Ⅰ proposed a modified Weighted Round Robin method to protect the BE traffic from AF out-profile packets in the core routers. The proposed technique is evaluated through simulation. Simulation results indicate that the proposed method provides better protection not only for BE packets from AF out-profile packets, but also for the AF in-profile packets in congested networks.

• Journal of Digital Contents Society
• /
• v.8 no.4
• /
• pp.483-489
• /
• 2007

The high availability of information security system shall be primarily studied in relation to the Next Generation Network(NGN) Information Security infrastructure, because it is very important to maintain availability at each moment as a variety of intrusions occur continuously. The high availability of the security system can be realized with the topology and configuration properly defined to fully utilize the recovery function of the security system in the thoroughly planned optimized method. The active-active high availability on the NGN information security infrastructure system in is assured by letting the failover mechanism operate upon the entire structure through the structural design and the implementation of functions. The proposed method reduces the system overload rating due to trouble packets and improves the status of connection by SNMP polling trap and the ICMP transport factor by ping packet.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.9B
• /
• pp.793-805
• /
• 2003

In OBS (Optical Burst Switching) networks which decouple the burst from its header, the fault of a fiber link can lead to the failure of all the light-path that traverses the fiber. Because each light-path is expected to operate at a rate of a few Gbps by using WDM (Wavelength Division Multiplexing) technology, any failure may lead to large data loss. Therefore, an efficient recovery scheme must be provided. In this paper, we analyze network utilization and BCP (Burst Control Packet) loss rate according to each link failure by applying the conventional restoration schemes in OBS networks. And through these simulation results, an ASPR scheme is proposed improve the fault management scheme in terms of recovery time and throughput. Finally, We compare the performance of our proposed scheme with that of the conventional one with respect to burst loss rate, resource utilization and throughput by OPNET simulations.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.8
• /
• pp.1519-1527
• /
• 2007

In order to combat the security threats that sensor networks are exposed to, a cryptography protocol is implemented at sensor nodes for point-to-point encryption between nodes. Given that nodes have limited resources, symmetric cryptography that is proven to be efficient for low power devices is implemented. Data protection is integrated into a sensor's packet by the means of symmetric encryption with the Dragon stream cipher and incorporating the newly designed Dragon-MAC Message Authentication Code. The proposed algorithm was designed to employ some of the data already computed by the underlying Dragon stream cipher for the purpose of minimizing the computational cost of the operations required by the MAC algorithm. In view that Dragon is a word based stream cipher with a fast key stream generation, it is very suitable for a constrained environment. Our protocol regarded the entity authentication and message authentication through the implementation of authenticated encryption scheme in wireless sensor nodes.