• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.661-671
• /
• 2022

Due to the COVID-19 pandemic, remote working, e-learning, e-teaching and online collaboration have widely spread and become popular. Accordingly, the usage of IPsec VPN for security reasons has also dramatically increased. With the spread of VPN, VPN vulunerabilities are becoming an important target of attack for attackers, and many studies have been conducted on this. IKE v2 analysis is an essential process not only for developing and building IPsec VPN systems but also for security analysis. Network packet analysis tools such as Wireshark and Tcpdump are used for IKE v2 analysis. Wireshark is one of the most famous and widely-used network protocol analyzers and supports IKE v2 analysis. However Wireshark has many limitations, such as requiring system administrator privileges for IKE v2 analysis. In this paper, we describe Wireshark's limitations in detatil and propose a new analysis method. The proposed analysis method can analyze all encrypted IKE v2 messages in real time from the session key exchange In addition, the proposed analysis method is expected to be used for dynamic testing such as fuzzing as packet manipulation.

• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.415-420
• /
• 2013

U-WHS refers to a means of remote health monitoring service to combine fitness with wellbing. U-WHS is a system which can measure and manage biometric information of patients without any limitation on time and space. In this paper, we performed in order to look into the influence that the encryption module influences on the communication evaluation in the biometric information transmission gone to the smart mobile device and Hospital Information System.In the case of the U-WHS model, the client used the Objective-c programming language for software development of iOS Xcode environment and SEED and HIGHT encryption module was applied. In the case of HIS, the MySQL which is the Websocket API of the HTML5 and relational database management system for the client and inter-server communication was applied. Therefore, in WIFI communication environment, by using wireshark, data transfer rate of the biometric information, delay and loss rate was checked for the evaluation.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.71-76
• /
• 2013

A computer worm is a standalone malware computer program that probes and exploits vulnerabilities of systems. It replicates and spreads itself to other computers via networks. In this paper, we study how to detect and prevent worms. First, we generated Codered II traffic on the emulated testbed called Deterlab. Then we identified dubious parts using Earlybird and wrote down Snort rules using Wireshark. Finally, by applying the Snort rules to the traffic, we could confirmed that worm detection was successfully done.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.1
• /
• pp.209-214
• /
• 2016

IEC 61850 is a protocol used to reduce the cost of design, installation and maintenance of the Substation Automation System. GOOSE traffic used in IEC 61850 plays an important role for control, protection and automation of the substation. This study implemented a GOOSE traffic generator using the emulation function of NS-3 network simulator, by using protocols provided by a network simulator and another protocols provided by real communication equipment. The generated GOOSE traffic was analyzed with Wireshark, and it was found that the traffic was generated exactly as expected. Besides, this study measured the GOOSE traffic delay due to the increase of the number of switches according to network topology. It is expected that the GOOSE traffic generator implemented by this study will be efficiently used when experiments are performed on actual substation environments.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.225-230
• /
• 2015

This study presents a method for generating IEC 61850 Sampled Values(SV) traffic by combining the emulation function of network simulator ns-3 with the actual communication equipment. For the SV traffic generation and reception, the emulation function of the network simulator ns-3 is used, while as a communication network, the actual communication equipment, switches are used. In addition, the SV traffic frames generated are analyzed, using Wireshark, and it is confirmed that the SV traffic frames are generated accurately. The method for the SV traffic generation proposed in the present study will be very useful when various SV traffics are generated under the environment of an actual substation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.434-437
• /
• 2021

Canopen over EtherCAT(CoE) is a Canopen protocol that operates based on EtherCAT in industrial sites. In order to analyze a CoE network system and a performance through packet sniffing and reversing, it is necessary to know Data Objects structure and changes of its value. However, since Data Objects in Canopen is dependent on the devices, there is a limitation by using an existing packet analysis program like a Wireshark. Therefore, we designed and developed a system that infers Data Objects structure and system configuration.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.5
• /
• pp.125-130
• /
• 2017

Since field control equipment such as PLC has no function to log key event information in the log, it is difficult to analyze the accident. Therefore, it is necessary to secure information that can analyze when a cyber accident occurs by logging the main event information of the field control equipment such as PLC and IED. The protocol analyzer is required to analyze the field control device (the embedded device) communication protocol for event logging. However, the conventional analyzer, such as Wireshark is difficult to process the data identification and extraction of the large variety of protocols for event logging is difficult analysis of the payload data based and classification. In this paper, we developed a system for Big Data based on field control device communication protocol payload data extraction for event logging of large studies.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.11 no.2
• /
• pp.129-136
• /
• 2018

The IEC 61850 communication standard is used worldwide, and within the country the new substation is built as a digital substation based on IEC 61850 from 2013, after field tests and R&D from 2007. Research on the development of digital substation operating system has been conducted mainly in large domestic companies, so the IED power application equipment for LCP are developed. However, there is still a lack of research in the field of systems that can accommodate all the field devices used for legacy substation and new digital substation. In this paper, we developed the 48VDC input modules and the 125VDC output modules which can construct proposed field information processing modules to IEC 61850 based type, and verified the field applicability from the state monitoring and control operation tests by using IEC 61850 client authentication program and Wireshark.

• Journal of Information Technology Services
• /
• v.12 no.1
• /
• pp.163-171
• /
• 2013

As the kind of IT service on the internet is more and more diversifying and increasing, IT service's adverse effects also consistently occurring. Among them the incident of private information exposure is becoming social issues, especially the exposure of private information entered on-line resume is very serious. This paper investigates whether or not data is encrypted in data transfer section of major on-line job-search sites of Korea by using the packet analyzer such as "Wireshark." This paper judges whether or not the vulnerability, private information exposure, exists from the result of the investigation above and suggests countermeasures.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.5
• /
• pp.2346-2352
• /
• 2011

E-mail systems using the intranet is widely exposed to internal threats should an administrator or a third party decides to misuse the information. To solve this problem, we propose a safe intranet email encryption protocol using the symmetrical-key password algorithm. Since the proposed protocol encrypts the data using a pre-agreed session keys between the users, the data will be safe from malignant access attempts provided that the session key is not exposed.