• Journal of KIISE:Information Networking
• /
• v.29 no.1
• /
• pp.77-85
• /
• 2002

The surge in use of networks has recently increased demands for cryptography. Cryptography, however, can cause various problems because of difficulty of key management. A lot of researchers have been concentrating on the key recovery technique to eliminate the reverse effect of using these kinds of security and to promote positive aspects of using it. They have suggested many key recovery techniques up to the present. we propose a mechanism as a solution, which are employed to reduce the time needed to reconnect SG and the host in Host-to-Gateway in VPNs supporting IPsec, in case they are disconnected. This new mechanism using KRFSH stores information at each session in advance so that users can recall the session information when needed to rebuild the tunnel between SG and the host in a VPN. As a result, the mechanism built into SG will solve the problems above in host-to-gateway VPNs using IPsec.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.39-46
• /
• 2011

This study is conducted to examine the optimal integrated security policy based on network in case of attacks by implementing unique security policies of various network security equipments as an algorithm within one system. To this end, the policies conduct the experiment to implement the optimal security system through the process of mutually integrating the unique defense policy of Firewall, VPN(Virtual Private Network), IDS(Intrusion Detection System), and IPS(Intrusion Prevention System). In addition, this study is meaningful in that it designs integrated mechanism for rapid detection of system load caused by establishment of the security policy and rapid and efficient defense and secures basic network infrastructure implementation.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.26 no.7
• /
• pp.99-109
• /
• 2012

Sub-station, key equipment in electric power infrastructure, are being exposed to increasing risk of hacking. For this, soft redundancy sub-station system needs to be formulated with automatic restoration mechanism. For this it is important to assess the reliability of the applicable range of data that are used in actual system operation, as well as the methods and findings of the tests. At the same time performance of soft redundancy system and total security mechanism, which are aligned for the protection of the sub-station, need to be tested. For testing the above-mentioned, this paper presented a viable formation of a soft redundancy practical VPN system within a panel to protect the latter from hacking or cracking incidences, and conducts a test to check if the considered system actually serves the protection function in the actual operation setting, gathering evidence from the data from the testing of the actual performance of the system as well as of emergency scenario simulation operations. Because tested soft-redundancy & restorative sub-station system is expected to be widely applicable for various cases such as Smart-grid or electricity IT system, where VPN with enhanced level of security is required.

• Journal of KIISE:Information Networking
• /
• v.33 no.3
• /
• pp.218-230
• /
• 2006

The enterprise service network is composed of internet, intranet and DMZ. The design rationale of Mobile IP is providing of seamless mobility transparency without regarding to the type of network topology and services. However, Mobile IP specification does not include the mobility support in case of using VPN environment and define the access scenarios to get into the VPN intranet without disturbing existing security policy. In this paper, we propose an authentication method using AAA infrastructure and keying material exchange to enable an user in internet to be able to access the intranet through the VPN gateway. Finally, performance analysis for the proposed scheme is provided.

• Convergence Security Journal
• /
• v.5 no.3
• /
• pp.1-7
• /
• 2005

Today, network is a fragile state in many threat attacks. Especially, the company serviced like internet or e-commerce is exposed to danger and targeted of attacker Therefore, it is realistic that the company use the security solution. It exist various security solution in our school network. For example, Firewall, IDS, VirusWall, VPN, etc. The administrator must manage various security solution. But it is inefficient. Therefore, we need the Management System to controll every security solution. In this paper, we deal with basic contents of security solution to manage the ESM and merits and demerits when use it. Also we suggest method that the Administrator can manage his network more efficiently and systematically by using the ESM in our school network.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.519-526
• /
• 2004

This paper presents an efficient interoperation scheme of a VPN(Virtual Private Network) and Mobile IP using a hierarchical structure of a FA(Foreign Agent). In the proposed scheme, the GFA(Gateway Foreign Agent) plays a role of VPN gateway on behalf of the MN(Mobile Node). When the MN moves in the same GFA domain, because the GFA has already an IPsec security association with a VPN gateway in the home network of the MN, the MN does not need an IPsec re-negotiaion. In this way, our mechanism reduces a message overhead and a delay resulted from an IPsec negotiation. And a MN can send a data to a correspondent node without a packet leakage. We show a performance of our scheme by using a discrete analytical model. Analytical results demonstrated that the total processing cost calculated by a registration update cost and a packet delivery cost is significantly reduced through our proposed scheme.

• Journal of Convergence for Information Technology
• /
• v.8 no.6
• /
• pp.231-236
• /
• 2018

Recently, a wide variety of IoT environment is being created due to the rapid development of information and communication technology. And accordingly in a variety of network structures, a countless number of attack techniques and new types of vulnerabilities are producing a social disturbance. In May of 2018, Talos Intelligence, the Cisco threat intelligence team has newly discovered 'VPN-Filter', which constitutes a large-scale IoT-based botnet, is infecting consumer routers in over 54 countries around the world. In this paper, types of IoT-based botnets and the attack techniques utilizing botnet will be examined and the countermeasure technique through EXIF metadata removal method which is the cause of connection method of C & C Server will be proposed by examining the characteristics of attack vulnerabilities and attack scenarios of VPN-Filter.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.617-618
• /
• 2009

본 논문에서는 SSL/VPN 터널링 기법을 이용하여 CCTV에서 영상정보를 보호하기 위한 SSL 통신 메카니즘을 제안하고, 제안한 방법을 기본으로한 보안 시스템의 설계 및 구축에 관하여 기술한다. 제안한 보안 시스템(VPN client와 Server) 은 Linux System O/S 인 Fedora 8 버전에서 개발하였으며 사용한 라이브러리는 OpenSSL과 PPTP와 PPP를 사용하였다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.276-279
• /
• 2002

네트워크 저장장치가 새롭게 IT 인프라 구축방안중의 하나고 부각되고 있으며 그중에서도 SAN은 많은 장점을 갖고 있다. 본 논문에서는 SAN의 보안상의 취약점과 그 대응방안에 대한 연구동향을 검토하고, IP 기반의 SAN의 장점과 VPN을 이용한 보안에 대해 분석한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.725-728
• /
• 2003

This paper describes an architecture how QoS-enabled virtual private network networks over the internet can be built and managed. The basic technologies for secure VPNs and for QoS support the introduced. Vision of a QoS-enabled VPN service over internet is described. We also presented the simplified implementation scenario and some implementation details in order to achieve secure and QoS-enable VPNs.