MANET에서 P2P 성능 향상을 위한 위치기반 라우팅 기법에 관한 연구

양환석,Yang, Hwanseok 디지털산업정보학회 2015 디지털산업정보학회논문지 Vol.11 No.2

The technology development of MANET and dissemination of P2P services has been made very widely. In particular, the development of many application services for the integration of P2P services in MANET has been made actively. P2P networks are commonly used because of the advantages of efficient use of network bandwidth and rapid information exchange. In P2P network, the infrastructure managing each node in the middle does not exist and each node is a structure playing a role as the sender and receiver. Such a structure is very similar to the structure of the MANET. However, it is difficult to provide reliable P2P service due to the high mobility of mobile nodes. In this paper, we propose location-based routing technique in order to provide efficient file sharing and management between nodes. GMN managing the group is elected after network is configured to the area of a certain size. Each node is assigned an identifier of 12 bit dynamically to provide routing which uses location information to the identifier. ZGT is managed in the GMN in order to provide management of group nodes and distributed cache information. The distributed cache technique is applied to provide a rapid retrieval of the sharing files in the each node. The excellent performance of the proposed technique was confirmed through experiments.

가상화 기술의 취약점을 이용한 공격 대응에 관한 연구

양환석 (사)디지털산업정보학회 2012 디지털산업정보학회논문지 Vol.8 No.3

Computing environment combined with development of internet and IT technology is changing to cloud computing environment. In addition, cloud computing is revitalized more because of propagation of LTE and suggestion of N-screen Service. Virtualization is the point technology for suggest IT resource to service form to users in this cloud computing. This technology combines other system physically or divides one system logically and uses resource efficiently. Many users can be provided application and hardware as needed using this. But, lately various attack using weak point of virtualization technology are increasing rapidly. In this study, we analyze type and weak point of virtualization technology, the point of cloud computing. And we study about function and the position which intrusion detection system has to prepare in order to detect and block attack using this.

Multi-level 구조를 이용한 보안 라우팅 프로토콜에 관한 연구

양환석 한국융합보안학회 2014 융합보안 논문지 Vol.14 No.7

MANET은 빠르게 네트워크를 구축할 수 있다는 특징 때문에 많은 분야에서 활용되고 있다. 그러나 무선 네트워크의 특성과 노드들의 이동으로 인해 많은 보안 위협에 노출되어 있다. 특히 그중에서도 라우팅 프로토콜의 취약점을 이용한 공격이 증가하고 있으며 그 피해 또한 매우 증가하고 있는 설정이다. 본 논문에서는 안전한 라우팅 프로토콜 제공을 위한 two-level 인증 구조를 제안하였다. 제안한 기법에서는 네트워크에 참여하는 노드들에 대하여 신뢰도를 기반으로 한 인증 평가를 실시하여 인증서를 발급해주며, 인증서를 발급받은 노드만이 데이터 전송을 수행하게 된다. 그리고인증서를 발급받은 노드가 데이터 전송시 제어 패킷의 정보와 자신이 관리하는 PIT 정보를 비교 및 분석하여 악의적인노드들에 대한 탐지를 수행하게 된다. Ns-2 시뮬레이터를 이용하여 본 논문에서 제안한 기법의 성능을 평가하였으며,실험을 통하여 우수한 성능을 확인하였다. Wireless Ad hoc Network is threatened from many types of attacks because of its open structure, dynamictopology and the absence of infrastructure. Attacks by malicious nodes inside the network destroy communicationpath and discard packet. The damage is quite large and detecting attacks are difficult. In this paper, we proposedattack detection technique using secure authentication infrastructure for efficient detection and prevention of internalattack nodes. Cluster structure is used in the proposed method so that each nodes act as a certificate authority andthe public key is issued in cluster head through trust evaluation of nodes. Symmetric Key is shared for integrity ofdata between the nodes and the structure which adds authentication message to the RREQ packet is used. ns-2simulator is used to evaluate performance of proposed method and excellent performance can be performed throughthe experiment.

MANET에서 영역-키 기반 보안 라우팅 기법에 관한 연구

양환석,김영선 한국융합보안학회 2020 융합보안 논문지 Vol.20 No.5

이동 노드로만 구성된 MANET은 모든 노드들이 라우터 역할을 수행한다. 하지만 노드들의 빈번한 이동으로 인한 동적인 토폴로지는 라우팅 성능을 떨어뜨리고 많은 보안 취약점의 원인이기도 하다. 따라서 MANET의 성능을 좌우할 수 있는 라우 팅 기법에는 보안이 반드시 적용되어야 한다. 본 논문에서는 영역-키 기반 보안 라우팅 기법 적용을 통해 다양한 라우팅 공격 에 효율적으로 대응하고, 안전한 데이터 전송을 위한 기법을 제안하였다. 제안한 기법에서는 영역 기반 네트워크 구조를 이용 하였으며, 각 영역내 멤버 노드들을 관리하는 관리 노드를 이용하였다. 또한 각 노드들에 키를 발급하여 이를 이용한 라우팅 기법을 적용함으로써 공격 노드로 부터의 피해를 최소화하였다. 영역 관리 노드는 라우팅 정보를 암호화하기 위한 키 발급과 발급 정보를 관리한다. 데이터 전송을 원하는 멤버 노드는 영역 관리 노드로부터 발급받은 키를 이용하여 라우팅 정보를 암호 화한 후, 이를 이용하여 경로 발견을 수행하게 된다. 제안한 기법의 향상된 성능은 CBSR, ARNA 기법과 비교 실험을 통하여 확인하였으며, 실험을 통해 우수한 성능을 확인할 수 있었다. In MANET consisting of only mobile nodes, all nodes serve as routes. However, the dynamic topology due to frequent movement of nodes degrades routing performance and is also cause of many security vulnerabilities. Therefore, security m ust be applied to routing techniques that can influence the performance of MANET. In this paper, we propose a technique for efficiently responding to various routing attacks and safe data transmission through application of zone-key based secu rity routing techniques. A zone-based network structure was used, and a management node that manages member nodes i n each zone was used in the proposed technique. In addition, the damage from the attacking node was minimized by issui ng a key to each node and applying this to a routing technique. The zone management node issues a key for encryption r outing information and manages the issuance information. A member node that wants to transmit data encrypts routing in formation using a key issued from the zone management node, and then performs path discovery using this. The improve d performance of the proposed technique was confirmed through a comparative experiment with the CBSR and ARNA tec hnique, excellent performance was confirmed through experiments.

프로토콜 기반 분산 침입탐지시스템 설계 및 구현

양환석 (사)디지털산업정보학회 2012 디지털산업정보학회논문지 Vol.8 No.1

Intrusion Detection System that protects system safely is necessary as network technology is developed rapidly and application division is wide. Intrusion Detection System among others can construct system without participation of other severs. But it has weakness that big load in system happens and it has low efficient because every traffics are inspected in case that mass traffic happen. In this study, Distributed Intrusion Detection System based on protocol is proposed to reduce traffic of intrusion detection system and provide stabilized intrusion detection technique even though mass traffic happen. It also copes to attack actively by providing automatic update of using rules to detect intrusion in sub Intrusion Detection System.

Wireless Ad Hoc Network에서 보안 영역과 노드 인증을 이용한 보안 라우팅 기법에 관한 연구

양환석 (사)디지털산업정보학회 2014 디지털산업정보학회논문지 Vol.10 No.3

Wireless Ad Hoc Network is suitable for emergency situations such as and emergency, disaster recovery and war. That is, it has a characteristic that can build a network and use without help of any infrastructure. However, this characteristic is providing a cause of many security threats. In particular, routing attack is not applied the existing routing methods as it is and it is difficult to determine accurately whether nodes that participate in routing is malicious or not. The appropriate measure for this is necessary. In this paper, we propose a secure routing technique through a zone architecture-based node authentication in order to provide efficient routing between nodes. ZH node is elected for trust evaluation of the member nodes within each zone. The elected ZH node issues a certification of the member nodes and stores the information in ZMTT. The routing involvement of malicious nodes is blocked by limiting the transfer of data in the nodes which are not issued the certification. The superior performance of the proposed technique is confirmed through experiments.

위치 정보와 이동 예측 기법을 이용한 데이터 가용성 향상에 관한 연구

양환석 (사)디지털산업정보학회 2012 디지털산업정보학회논문지 Vol.8 No.4

MANET is a network that is a very useful application to build network environment in difficult situation to build network infrastructure. But, nodes that configures MANET have difficulties in data retrieval owing to resources which aren’t enough and mobility. Therefore, caching scheme is required to improve accessibility and availability for frequently accessed data. In this paper, we proposed a technique that utilize mobility prediction of nodes to retrieve quickly desired information and improve data availability. Mobility prediction of modes is performed through distance calculation using location information. We used technique which global cluster table and local member table is managed by cluster head to reduce data consistency and query latency time. We compared COCA and CacheData and experimented to confirm performance of proposed scheme in this paper and efficiency of the proposed technique through experience was confirmed.

Mobile Adhoc Network에서 CP-SVM을이용한 침입탐지

양환석 (사)디지털산업정보학회 2012 디지털산업정보학회논문지 Vol.8 No.2

MANET has vulnerable structure on security owing to structural characteristics as follows. MANET consisted of moving nodes is that every nodes have to perform function of router. Every node has to provide reliable routing service in cooperation each other. These properties are caused by expose to various attacks. But, it is difficult that position of environment intrusion detection system is established, information is collected, and particularly attack is detected because of moving of nodes in MANET environment. It is not easy that important profile is constructed also. In this paper, conformal predictor ­ support vector machine(CP­SVM) based intrusion detection technique was proposed in order to do more accurate and efficient intrusion detection. In this study, IDS­agents calculate p value from collected packet and transmit to cluster head, and then other all cluster head have same value and detect abnormal behavior using the value. Cluster form of hierarchical structure was used to reduce consumption of nodes also. Effectiveness of proposed method was confirmed through experiment.

무선 네트워크 환경에서 영역기반 침입탐지 기법에 관한 연구

양환석 한국융합보안학회 2019 융합보안 논문지 Vol.19 No.5

It is impossible to apply the routing protocol in the wired environment because MANET consists of only mobile nodes. Therefore, routing protocols considered these characteristics are required. In particular, if malicious nodes are not excluded in the routing phase, network performance will be greatly reduced. In this paper, we propose intrusion detection technique based on region to improve routing performance. In the proposed technique, the whole network i s divided into certain areas, and then attack detection within the area using area management node is performed. It is a proposed method that can detect attack nodes in the path through cooperation with each other by using comple tion message received from member nodes. It also applied a method that all nodes participating in the network can share the attack node information by storing the detected attack node and sharing. The performance evaluation of t he proposed technique was compared with the existing security routing techniques through the experiments and the superior performance of the proposed technique was confirmed. MANET은 이동 노드로만 구성되어 있기 때문에 기존의 유선 환경에서의 라우팅 프로토콜을 그대로 적용할 수 없 다. 따라서 이러한 특성이 고려된 라우팅 프로토콜이 필요하다. 특히 라우팅 단계에서 악의적인 노드들을 배제하지 못 한다면 네트워크 성능은 크게 떨어질 수 밖에 없다. 본 논문에서는 라우팅 성능을 향상시키기 위해 영역기반 침입탐지 기법을 제안하였다. 제안한 기법에서는 전체 네트워크를 일정한 영역으로 분할한 후 영역관리 노드를 이용하여 영역내 공격 탐지가 이루어지도록 하였으며, 멤버 노드로부터 수신한 완료 메시지를 이용하여 서로간 협업을 통해 경로상에 존 재하는 공격 노드를 탐지할 수 있는 방법을 제안하였다. 그리고 탐지한 공격노드 정보를 블록체인에 저장하여 공유함으 로써 네트워크에 참여하는 모든 노드들이 공격노드 정보를 공유할 수 있도록 하는 방법을 적용하였다. 제안한 기법의 성능 평가는 기존의 보안 라우팅 기법들과 비교 실험하였으며, 실험을 통해 제안한 기법의 우수한 성능을 확인할 수 있 었다.

MANET에서 계층적 구조와 블록체인 기반 노드 인증 기법에 관한 연구

양환석 한국융합보안학회 2019 융합보안 논문지 Vol.19 No.3

MANET has many security vulnerabilities because it consists of only mobile nodes using wireless. In particular, it is a very important factor determining network performance that excludes the participation of malicious nodes through accurate reliability measurements and authentication of nodes participating in the network. In this paper, we proposed a technique applied with blockchain technology in order to prevent forgery of authentication information for nodes participating in the network. And, an area-based hierarchical structure was applied to increase the efficiency of authentication for nodes and apply the optimal technique of block generation and exchange protocol. In addition, four data payloads were added to the block header in order to add authentication information for nodes in block. To improve the reliability by applying the blockchain technique to the hop-by-hop data transfer method between mobile nodes, blockchain exchange protocol through transaction creation, block packaging and verification processes were implemented. We performed the comparative experiment with the existing methods to evaluate the performance of the proposed method and confirmed the excellent performance by the experiment results. MANET은 무선을 이용한 이동 노드들로만 구성되어 있기 때문에 많은 보안 취약점이 존재한다. 특히 네트워크에 참여하 는 노드들에 대한 정확한 신뢰도 측정 및 인증을 통해서 악의적인 노드들의 참여를 배제하는 것은 네트워크 성능을 좌우하는 매우 중요한 요소이다. 본 논문에서는 네트워크에 참여하는 노드들에 대한 인증 정보의 위변조를 차단하기 위하여 블록체인 기술을 적용한 기법을 제안하였다. 노드들에 대한 인증의 효율성을 높이고 블록 생성 및 교환 프로토콜의 최적 기법을 적용하 기 위하여 영역기반 계층 구조를 적용하였다. 또한 블록에 노드들에 대한 인증 정보를 추가하기 위하여 4개의 데이터 payload 를 블록 헤더에 추가하였다. 이동 노드들 간의 hop-by-hop 데이터 전달 방식에 블록체인 기법을 적용해 신뢰성을 높이기 위 하여 트랜잭션 생성, 블록 패키징, 검증 과정을 거치는 블록체인 교환 프로토콜을 구현하였다. 이러한 과정을 통해 노드들에 대한 인증 정보의 신뢰성을 높일 수 있게 되었다. 제안한 기법의 성능을 평가하기 위하여 기존의 기법들과 비교 실험하였으며, 실험 결과를 통해 우수한 성능을 확인할 수 있었다.