• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.709-712
• /
• 2004

The BcN is applying from public networks to local networks and each terminal step by step under supporting MIC(Ministry of Information and Communication Repoblic of Korea) until 2007. The architecture of network sorority should considers BcN environment and evolves to manage Ipv6 traffics. The next generation network security architecture can manage not only Ipv6 environment but also wire and wireless integrated network. We suggest the next generation network security architecture for Ipv6 environment and wire-wireless integrated network environment and verify the performance of the suggested architecture using network security scenario.

• Journal of Korea Multimedia Society
• /
• v.20 no.12
• /
• pp.1928-1939
• /
• 2017

Fog computing is another paradigm of the cloud computing, which extends the ubiquitous services to applications on many connected devices in the IoT (Internet of Things). In general, if we access a lot of IoT devices with existing cloud, we waste a huge amount of bandwidth and work efficiency becomes low. So we apply the paradigm called fog between IoT devices and cloud. The network architecture based on cloud and fog computing discloses the security and privacy issues according to mixed paradigm. There are so many security issues in many aspects. Moreover many IoT devices are connected at fog and they generate much data, therefore light and efficient security mechanism is needed. For example, with inappropriate encryption or authentication algorithm, it causes a huge bandwidth loss. In this paper, we consider issues related with data encryption and authentication mechanism in the network architecture for cloud and fog-based M2M (Machine to Machine) IoT services. This includes trusted encryption and authentication algorithm, and key generation method. The contribution of this paper is to provide efficient security mechanisms for the proposed service architecture. We implemented the envisaged conceptual security check mechanisms and verified their performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.47-62
• /
• 2003

Patch distribution is one of important processes to fix vulnerabilities of software and to ensure security of systems. Since an institute or a company has various operating systems or applications, it is not easy to update patches promptly. In this paper, we propose a secure patch distribution architecture with an authentication mechanism, a security assurance mechanism, a patch integrity assurance mechanism, and an automatic patch installation mechanism. We argue that the proposed architecture improve security of patch distribution processes within a domain.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.77-83
• /
• 2011

In addition to the rapid development of health information technology services for the development of new medical information, a lot of research is underway. Improve health care services for patients are many ways to help them. However, no information about the security, if only the technology advances in health care systems will create an element of risk and threat. Today's issues and access issues are stable over a public network. Ad hocsensor network using secure, non-integrated health information system's security vulnerabilities does not solve the security vulnerabilities. In the development and utilization of health information systems to be subject to greater restrictions. Different security policies in an environment with a medical information system security policy mechanism that can be resolved if people get here are needed. Context-aware and flexible policy of integration and confidential medical information through the resistance should be guaranteed. Other cross-domain access control policy for telecommunications should be protected. In this paper, that the caller's medical information system, diversification, diversification Security agent in the environment, architecture, design, plan, role-based security system are proposed. The proposed system architecture, design work in the field and in the utilization of one model are expected to be.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.55-63
• /
• 2016

SOA(service oriented architecture) based ESB(enterprise service bus) model is widely adopted in many companies for the safe processing of enormous data and the integration of business system. The existing web service technologies for the construction of SOA, however, show unsatisfactory in practical applications though the standardization of web service security technologies is in progress due to their limitations in safe exchange of data. Internal end users using a large business system based on such environment are composed of the variety of organizations and roles. Companies might receive more serious damage from insider threat than that from external one when internal end users get unauthorized information beyond the limits of their authority for private profit and bad purposes. In this paper, we propose a security architecture capable of identifying and coping with the security threats of web service technologies arouse from internal end users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1541-1547
• /
• 2015

In the recent IT industry, security has established itself as the factor to be considered the most in the software development. It goes without saying that security is the critical factor for the development of information security products. In the evaluation of the information security products, the security is assured by the security architecture requirement (ADV_ARC). However, the Absence of the systematic software security architecture process makes it difficult to guarantee the security quality consistently even though they are evaluated based on common criteria. In this paper, we propose a way to ensure a consistent security quality applying the software security framework in BSIMM.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.3-9
• /
• 2011

On health information network architecture, traffic along the path of traffic and security, blocking malicious code penetration is performed. The medical information system network security infrastructure study, which was whether to be designed based on the structure and methodology is designed to develop the security features. Health informati on system's functionality and capabilities framework for infrastructure is the backbone and structure. The design fea tures a framework for the overall network structure formation of the skeleton and forms the basic structure of the security methodology. Infrastructure capabilities to build the framework and the application functionality is being implemented. Differentiated in accordance with security zones to perform security functions and security mechanisms that operate through this study is to present. u-Healthcare future advent of cloud computing and a new health information environment, the medical information on the preparation of this study is expected to be utilized for security.

• Proceedings of the KIEE Conference
• /
• 2004.11c
• /
• pp.123-125
• /
• 2004

The importance for Internet security has being increased and the Internet Protocol Security (IPSec) standard, which incorporates cryptographic algorithms, has been developed as one solution to this problem. IPSec provides security services in IP-Layer using IP Authentication Header (AH) and IP Encapsulation Security Payload (ESP). In this paper, we propose IPSec cryptographic processor design based AMBA architecture. Our design which is comprised Rijndael cryptographic algorithm and HAMC-SHA-1 authentication algorithm supports the cryptographic requirements of IP AH, IP ESP, and any combination of these two protocols. Also, our IPSec cryptographic processor operates as AMBA AHB Slave. We designed IPSec cryptographic processor using Xilinx ISE 5.2i and VHDL, and implemented our design using Xilinx's FPGA Vertex XCV600E.

• Journal of Information Processing Systems
• /
• v.2 no.3 s.4
• /
• pp.170-177
• /
• 2006

Recently, RFID technology has attracted considerable attention in many industry fields. The RFID environment requires a standard architecture for the smooth exchange of data between heterogeneous networks. The architecture should offer an efficient standard environment, such as a communication environment based on Web Services, PKI or Kerberos-based security, and abstract business processes which could be used in the diverse domains. Therefore, in this paper, we propose an Enterprise Application Framework (EAF) which includes a standard communication protocol, security functions, and abstract level business processes. The suggested architecture is expected to provide a more secure and flexible security management in the dynamic RFID application environments, and is expected to provide an abstract business event for the development of business processes which could apply RFID technology to the existing systems.

• Journal of National Security and Military Science
• /
• s.9
• /
• pp.257-282
• /
• 2011

In this paper, we propose an architecture design of military operation system utilizing cellular networks. The main contribution of this paper is to provide a cost-effective military operation solution for ground forces, which is based on IT(information technology). By employing the cellular phones of officers' and non-commissioned officers' as the tools of operational communication, the proposed system can be constructed in the minimum duration and be built on the four components: command and control system, gateway, security system, and terminal(cell phone). This system is most effective for the warfare of limited area, but the effectiveness does not decrease under the total war covering the whole land of Korea. For the environmental change of near future, expanded architecture is also provided to utilize the functionalities of smart phones.