• Review of KIISC
• /
• v.8 no.2
• /
• pp.19-36
• /
• 1998

IPv6(일명 IPng (Internet Protocol next Generation)은 현재의 인터넷 프로토콜인 IPv4를 개량한 다음 세대의 인터넷 프로토콜이다. 새롭게 개량된 주요내용은 주소공간의 확장, 이동사용자를 위한 IP(Mobile IP)추가, VOD(Video on demand)와 같은 고속통신 QOS(Quality of service) 추가, 그리고 네트워크 계층에서 보안메커니즘 제공 등을 들 수 있다. [1][2][3]. 본논문에서는 이들 중에서 네트워크 계층의 보안 메카니즘을 기존의 전송계층의 SSL(Secure Socket Layer)보안 메카니즘과 비교 분석 하였다.

• The KIPS Transactions:PartD
• /
• v.10D no.7
• /
• pp.1197-1206
• /
• 2003

This paper describes the IPP (Internet Printing Protocol), a standard that makes network setup for printers potentially much easier and, not so incidentally, also user can print over the Internet and specifies an implementation of IPP client/server system. It allows the system administrator and operators to control IPP system users and printer devices. The focus of this effort is optimized capabilities the security features for authentication, authorization, and policies, also improved compatibility with existing WP devices. Finally this paper presents conclusions and further researches.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.75-81
• /
• 2003

User authentication, including confidentiality, integrity over untrusted networks, is an important part of security for systems that allow remote access. Using human-memorable Password for remote user authentication is not easy due to the low entropy of the password, which constrained by the memory of the user. This paper presents a new password authentication and key agreement protocol suitable for authenticating users and exchanging keys over an insecure channel. The new protocol resists the dictionary attack and offers perfect forward secrecy, which means that revealing the password to an attacher does not help him obtain the session keys of past sessions against future compromises. Additionally user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the server. It does not have to resort to a PKI or trusted third party such as a key server or arbitrator So no keys and certificates stored on the users computer. Further desirable properties are to minimize setup time by keeping the number of flows and the computation time. This is very useful in application which secure password authentication is required such as home banking through web, SSL, SET, IPSEC, telnet, ftp, and user mobile situation.

• The KIPS Transactions:PartC
• /
• v.15C no.5
• /
• pp.375-382
• /
• 2008

As the use of Internet and information communication technology is being generalized, the SSL protocol is essential in Internet because the important data should be transferred securely. While the SSL protocol is designed to defend from active attack such as message forgery and message alteration, the cipher suite setting can be easily modified. If the attacker draw on a malfunction of the client system and modify the cipher suite setting to the symmetric key algorithm which has short key length, he should eavesdrop and cryptanalysis the encrypt data. In this paper, we examine the domestic web site whether they generate the security session in the symmetric key algorithm which has short key length and propose the solution of the cipher suite setting problem.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.05a
• /
• pp.649-652
• /
• 2009

Now Broadcasting system of TV has been developed from analogue to digital we call that IPTV(Internet Protocol Television) or DCATV(Digital Cable Television). But, The characteristics of digital broadcasting is the high-quality contents of easily and almost no damage piracy, and Copyright loss is increasing by Internet, P2P(Peer to Peer) and personal path. Nevertheless user's permissions that recorded and reuse of broadcasting can't restraint, And Training Materials etc. use of fair program needs to be separated from illegality. In this paper using a digital certificate permit the use of stored program to authorized user and user of fair purpose, And illegal distribution of restriction design and implement a distribution system.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.1
• /
• pp.49-56
• /
• 2004

With the growing usage of the networks, the users in the Internet uses some kinds of web server. They confused that each web server uses the different user ID and passwords. To solve these problems, SSO (Single Sign-On) solution is introduced. We presents the modeling methods which are efficiently constructed the network management models. We constructed the intrusion detection systems and firewalls using the SSO. This architecture is efficient to manage the network usage and control. SSO solution designed on the small scale Intranet. CA server in the 550 that depends on PKI (Public Key Infrastructure) is used to issue the certificates. SHTTP based on SSL (Secure Socket Layer) is used to protect the data between certificate server and the intranet users.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.11C
• /
• pp.1090-1096
• /
• 2002

The HTTP does not support continuity for browser-server interaction between successive visits or a user due to a stateless feature. Cookies were invented to maintain continuity and state on the Web. Because cookies are transmitted in plain and contain text-character strings encoding relevant information about the user, the attacker can easily copy and modify them for his undue profit. In this paper, we design a secure cookies scheme based on X.509 public key certificate for solving these security weakness of typical web cookies. Our secure cookies scheme provides not only mutual authentication between client and server but also confidentiality and integrity of user information. Additionally, we implement our secure cookies scheme and compare it to the performance with SSL(Secure Socket Layer) protocol that is widely used for security of HTTP environment.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.5
• /
• pp.815-825
• /
• 2015

DNP3(Distributed Network Protocol) is one of the most representative protocols which is used in SCADA(Supervisory Control and Data Acquisition) system. IEC 62351 is listing the integrity, confidentiality, availability and non-repudiation or accountability as the security requirement. However, IEEE Std. 1815 that is DNP3 standards does not define a mechanism for non-repudiation or accountability. In this paper, we propose a non-repudiation of origin technique about the sender of critical ASDU and implement the proposed scheme using software such as OpenSSL and SCADA source code library.

• The KIPS Transactions:PartD
• /
• v.15D no.5
• /
• pp.699-704
• /
• 2008

By the dependence on Web from popularization of internet and increasing number of users, web services capability and security problem of communication is becoming a great issue. Existing web services technology decrease the capability of web application server by limiting the number of synchronous client, decreasing the processing load and increasing average response time. The encryption process to secure communication and the early expense of handshake decrease transmission speed and server capability by increasing the calculation time for connecting. Accordingly, this paper executes an encryption procedure by elliptical encryption algorithm to satisfy secure demands, improve the overload of server for web services and get reliability and security of web server architecture and proposes an improved mobile web sever which provides better ability and the techniques for deferred processing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.29-46
• /
• 2002

We generally use SSL/TLS protocol utilizing X.509 v3 certificates so as to provide a secure means in establishment an confidential communication and the support of the authentication service. SPKI/SDSI was motivated by the perception that X.509 is too complex and incomplete. This thesis focuses on designing a secure server and an implementation of the prototype which has two main modules, one is to support secure communication and RBAC, not being remained in the SPKI/SDSI server which was developed by the existing Geronimo project and the other is to wholly issue name-certificate and authorization-cerificate. And the demonstration embodied for our sewer is outlined hereafter.