• Title/Summary/Keyword: SSL Protocol

Search Result 66, Processing Time 0.023 seconds

A Implement of Web-Mail System based on Intranet (인트라넷 기반의 웹 메일 시스템 구현)

  • Shin, Seung-Soo;Han, Kun-Hee
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.12 no.5
    • /
    • pp.2346-2352
    • /
    • 2011
  • E-mail systems using the intranet is widely exposed to internal threats should an administrator or a third party decides to misuse the information. To solve this problem, we propose a safe intranet email encryption protocol using the symmetrical-key password algorithm. Since the proposed protocol encrypts the data using a pre-agreed session keys between the users, the data will be safe from malignant access attempts provided that the session key is not exposed.

Security Proof for a Leakage-Resilient Authenticated Key Establishment Protocol

  • Shin, Seong-Han;Kazukuni Kobara;Hideki Imai
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.4
    • /
    • pp.75-90
    • /
    • 2004
  • At Asiacrypt 2003, Shin et al., have proposed a new class for Authenticated Key Establishment (AKE) protocol named Leakage-Resilient AKE ${(LR-AKE)}^{[1]}$. The authenticity of LR-AKE is based on a user's password and his/her stored secrets in both client side and server side. In their LR-AKE protocol, no TRM(Tamper Resistant Modules) is required and leakage of the stored secrets from $.$my side does not reveal my critical information on the password. This property is useful when the following situation is considered :(1) Stored secrets may leak out ;(2) A user communicates with a lot of servers ;(3) A user remembers only one password. The other AKE protocols, such as SSL/TLS and SSH (based or PKI), Password-Authenticated Key Exchange (PAKE) and Threshold-PAKE (T-PAKE), do not satisfy that property under the above-mentioned situation since their stored secrets (or, verification data on password) in either the client or the servers contain enough information to succeed in retrieving the relatively short password with off-line exhaustive search. As of now, the LR-AKE protocol is the currently horn solution. In this paper, we prove its security of the LR-AKE protocol in the standard model. Our security analysis shows that the LR-AKE Protocol is provably secure under the assumptions that DDH (Decisional Diffie-Hellman) problem is hard and MACs are selectively unforgeable against partially chosen message attacks (which is a weaker notion than being existentially unforgeable against chosen message attacks).

A SECURITY ARCHITECTURE FOR THE INTERNET OF THINGS

  • Behrens, Reinhard;Ahmed, Ali
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.12
    • /
    • pp.6092-6115
    • /
    • 2017
  • This paper demonstrates a case for an end-to-end pure Application Security Layer for reliable and confidential communications within an Internet of Things (IoT) constrained environment. To provide a secure key exchange and to setup a secure data connection, Transport Layer Security (TLS) is used, which provides native protection against replay attacks. TLS along with digital signature can be used to achieve non-repudiation within app-to-app communications. This paper studies the use of TLS over the JavaScript Object Notation (JSON) via a The Constrained Application Protocol (CoAP) RESTful service to verify the hypothesis that in this way one can provide end-to-end communication flexibility and potentially retain identity information for repudiation. As a proof of concept, a prototype has been developed to simulate an IoT software client with the capability of hosting a CoAP RESTful service. The prototype studies data requests via a network client establishing a TLS over JSON session using a hosted CoAP RESTful service. To prove reputability and integrity of TLS JSON messages, JSON messages was intercepted and verified against simulated MITM attacks. The experimental results confirm that TLS over JSON works as hypothesised.

Design and Implementation of 10 Giga VPN Acceleration Board (10 Giga급 VPN 가속보드 설계 및 구현)

  • 김기현;한종욱
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2003.10a
    • /
    • pp.661-664
    • /
    • 2003
  • Trade-off of sorority and speed always exists in the latest network environment. Recently, developed security processors is improved very performance, and sorority connection algorithms of a lot of part were embodied by hardware. This high speed security processor is essential ingredient in string network security solution equipment development that require very big band width. In this paper, we wish to describe about design and implementation of 10 Giga VPN equipments. In this system, embodied 10 Giga to use Cavium company's Nitrox-II processor, and supports two SP14-2 interface and PCI interface. All of the password algorithm that password algorithm that support is used in common use VPN equipment for compatibility with common use VPN equipment are supported and support SEED algorithm developed in domestic. Designed to support IPsec and SSL protocol, and supports all of In-Line structure that is profitable in high speed transaction and the Look-Aside structure that is profitable in practical use degree of NPU(Network Processor Unit).

  • PDF

A Design of Web Server Architecture Environment for Reliability Enhancement and Secure Web Services (신뢰성 향상과 안전한 웹 서비스를 위한 웹 서버 아키텍처 환경의 설계)

  • Kim, Yong-Tae;Jeong, Yoon-Su;Park, Gil-Cheol
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.14 no.2
    • /
    • pp.343-350
    • /
    • 2010
  • In the existing design of web server architecture, data encryption technique is used to keep the reliability, stability, and safety of web service. But the use of data encryption technique wastes the work of cpu while decreasing throughput of web server and increasing average response time so that it shows negative effect on the capacity of web application server. Also, the latest web applications require security and safety for the safe internet communication. Therefore, this paper suggests the improved web server which uses thread pool and Non-blocking I/O adding new web service modules to the existing web server for the safe web service, provides reliability and safety to show the safe web service capacity. And we compare and evaluate the safety and capacity through experiment on the existing traditional Tomcat based web server and the proposed system to evaluate the safety and capacity of the proposed web server system.

P2P Based Telemedicine System Using Thermographic Camera (열화상 카메라를 포함한 P2P 방식의 원격진료 시스템)

  • Kim, Kyoung Min;Ryu, Jae Hyun;Hong, Sung Jun;Kim, Hongjun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.3
    • /
    • pp.547-554
    • /
    • 2022
  • Recently, the field of telemedicine is growing rapidly due to the COVID-19 pandemic. However, the cost of telemedicine services is relatively high, since cloud computing, video conferencing, and cyber security should be considered. Therefore, in this paper, we design and implement a cost-effective P2P-based telemedicine system. It is implemented using the widely used the open source computing platform, Raspberry Pi, and P2P network that frees users from security problems such as the privacy leakage by the central server and DDoS attacks resulting from the server/client architecture and enables trustworthy identifying connection system using SSL protocol. Also it enables users to check the other party's status including body temperature in real time by installing a thermal imaging camera using Raspberry Pi. This allows several medical diagnoses that requires visual aids. The proposed telemedicine system will popularize telemedicine service and meet the ever-increasing demand for telemedicine.

Countermeasures of Privacy Disclosure Vulnerability in Data Transfer Section (데이터 전송 구간에서 개인정보노출 취약점과 대응방안)

  • Heo, Geon Il;Kang, Ji Won;Park, Won Hyung
    • Journal of Information Technology Services
    • /
    • v.12 no.1
    • /
    • pp.163-171
    • /
    • 2013
  • As the kind of IT service on the internet is more and more diversifying and increasing, IT service's adverse effects also consistently occurring. Among them the incident of private information exposure is becoming social issues, especially the exposure of private information entered on-line resume is very serious. This paper investigates whether or not data is encrypted in data transfer section of major on-line job-search sites of Korea by using the packet analyzer such as "Wireshark." This paper judges whether or not the vulnerability, private information exposure, exists from the result of the investigation above and suggests countermeasures.

A study on the implementation of SCVP (SCVP를 이용한 전자 인증서 검증 시스템의 구현에 관한 연구)

  • Ahn, Youn-Jung;Paek, Seonuck
    • Annual Conference of KIPS
    • /
    • 2004.05a
    • /
    • pp.1601-1604
    • /
    • 2004
  • 본 논문에서는 PKI에서 사용자 인증을 위해 발급되는 전자 인증서 검증을 위해 IETF에서 표준화 작업 중인 SCVP(Simple Certificate Validation Protocol) 구현 및 테스트 결과를 기술한다. 기존의 전자 인증서 검증 시스템으로 사용되고 있는 OCSPv1은 전자 인증서의 폐지 목록(CRL)을 통한 상태 검증만을 할 뿐으로 전자 인증서의 발급 경로에 대한 검증이나 CA에서 발급 당시의 정책이 변경되었을 경우에 대한 검증 기능은 제공하지 못하고 있다. 본 논문에서는 SCVP를 OpenSSL-0.9.7 상에서 구현하여 기존의 OCSPv1과 연동함으로써 전자 인증서 발급경로 검증 및 전자 인증서 발급 정책의 변경은 물론 기존의 인증서 상태 검증도 할 수 있도록 하였다.

  • PDF

The core information protection mechanism in the BcN(Broadband Convergence Network) (BcN(Broadband Convergence Network) 환경에서의 중요정보에 대한 도청방지 메카니즘)

  • Oh, Sek-Hoan;Lee, Jae-Yong;Kim, Byung-Chul
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.45 no.1
    • /
    • pp.14-26
    • /
    • 2008
  • IP over Ethernet technology widely used as Internet access uses the ARP(Address Resolution Protocol) that translates an ip address to the corresponding MAC address. recently, there are ARP security attacks that intentionally modify the IP address and its corresponding MAC address, utilizing various tools like "snoopspy". Since ARP attacks can redirect packets to different MAC address other than destination, attackers can eavesdrop packets, change their contents, or hijack the connection. Because the ARP attack is performed at data link layer, it can not be protected by security mechanisms such as Secure Shell(SSH) or Secure Sockets Layer(SSL). Thus, in this paper, we classify the ARP attack into downstream ARP spoofing attack and upstream ARP redirection attack, and propose a new security mechanism using DHCP information for acquisition of IP address. We propose a "DHCP snoop mechanism" or "DHCP sniffing/inspection mechanism" for ARP spoofing attack, and a "static binding mechanism" for ARP redirection attack. The proposed security mechanisms for ARP attacks can be widely used to reinforce the security of the next generation internet access networks including BcN.

Design of High-Speed VPN for Large HD Video Contents Transfer (대용량 HD 영상콘텐츠 고속전송 VPN(Virtual Private Network)의 설계)

  • Park, Hyoungy-Ill;Shin, Yong-Tae
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.12 no.4
    • /
    • pp.111-118
    • /
    • 2012
  • When broadcasters want immediately a variety of VOD files in a distributed server of them data centers and away contents provider, CPs of different platform to exchange high-quality HD, 3DTV video and other video files over the IP networks of high-performance that can be transferred quickly and must be configured quickly. This paper, by using an optional encryption method to complement a QoS and security of public network, suggests high speed and secure content transmission protocol such as VPN(Virtual Private Network) for large video files and big data. As configured high performance VPN, end to end devices use the best of available resources over public network by parallel transfer protocol and the secure content delivery network.