tipn(trusted ip network) 솔루션 적용 모델
Post on 18-Feb-2017
459 Views
Preview:
TRANSCRIPT
4
Payment Gateway 적용모델
일반적인P
aym
en
t
시스템
1 다양한유형의공격존재
2 인터넷의보안취약성에대응하기위해다양한기법적용
TIP
N
기반P
aym
en
t
시스템
Application
MaliciouExecution
Code
Shopping Mall
Internet
Wireless IP Network
User
VariousSecurity Program
+
Certification Authentication Information
Encryption
ID PasswordOTP 2 Channel Biometrics Function
Authentication Certificate
Payment Gateway
Transaction Server
Credit CardCompany
Authentication Server
Internet
Transaction Server
1
2
2
Shopping Mall
Internet
User
VariousSecurity Program
+
Certification Authentication Information
Encryption
ID Password(Captcha, Pattern)Two Channel Certification By Smart Phone
Payment Gateway
Transaction Server
Credit CardCompany
Authentication Server
Internet
Transaction Server
Wireless IP Network
SecureTunnel
TIPNGateway
Application(Trusted IP
Agent)
MaliciousExecution
Code
1
2
3
4
1 다양한유형의공격존재
2 Circuit Network 구성으로본인이외의네트워크접근차단(1:1 통신)
3 인가된사용자가아닌경우,Server에접근이불가하므로데이터탈취원천차단
4 인증시간동안탈취정보의유출방지
6
Smart Home적용모델
Sm
art H
om
e
1 다양한유형의공격존재
TIP
N
기반S
mart H
om
e
냉장고 청소기 공기청정기
Smart TV 광파오븐 에어컨
Smart Home
Application
MaliciousExecution
Code
User
Internet
Wireless IP Network
악의적사용자
1
2
2 OS(Embedded Linux)의보안취약성으로악의적사용자에의한 IoT컨트롤러침해 가능성상존
냉장고 청소기 공기청정기
Smart TV 광파오븐 에어컨
Smart HomeUser
악의적사용자
IoT Server
IoT Center
Wireless IP Network
Internet
TIPN GatewayTrusted IP Agent
Application(Trusted IP
Agent)
MaliciousExecution
Code
1
2
3
4
1 Circuit Network 구성으로 본인이외의 네트워크 접근 차단(1:1 통신)
2 Secure OS 기능 제공- Security Kernel을통한관리계정(Root) 권한의탈취원천방지- OS 자원에대한보안기능(강제적접근제어등)을제공
3 타어플리케이션의 침해 방지를위한 정보 보호를 위한 독립저장공간과 전용 Browser 제공으로안정성 확보
4 사용 시간 동안 타네트워크일시 정지
IoT센서
8
VPC(Virtual Private Cloud) 적용모델
VP
CTIP
N
기반V
PC
Server#1
VPN Gatewayper Enterprise #1
Enterprise#1
VM #1
Internet
. . .
Enterprise#n
VPN Gatewayper Enterprise #n
VM #n
VPN Gateway
Server#n
Clo
ud
Cen
ter
Data
C
en
ter
Data
C
en
ter
Site VPN : IPSec
. . .
Enterprise #110.1.0.0/16
Enterprise #n10.1.0.0/16
VPN Manager
VPN Manager
12
3
1 접근정책변경권한없음사용자요청에대한실시간정책변경불가
2 장비개별관리로관린운영비용증가
3 서버 IP주소동시사용불가로서버 IP주소변경필요
1 개별기업별접근정책관리및실시간적용
2 중앙통합관리, 운영비용절감
3 동일 IP 주소및기존서버 IP 주소사용가능
Server#1
TIPN Gatewayper Enterprise #1
Enterprise#1
VM#1
Internet
. . .
Enterprise#n
TIPN Gatewayper Enterprise #n
VM#n
TIPNGateway
Server#n
Clo
ud
Cen
ter
Data
C
en
ter
Data
C
en
ter
. . .
VR TEP
VR TEP
Enterprise #1Trusted IP Manager
Enterprise #nTrusted IP Manager
Cloud 사업자Trusted IP Manager
Enterprise #110.1.0.0/16
Enterprise #n10.1.0.0/16
Cloud Manager
CloudSwitch
10
m-VoIP 적용모델
m-VoIP App
m-VoIPApplication
Malicious Execution
Code
Internet
3G/LTE
Internet
3G/LTE
m-V
oIP
2
1 해커의감청/도청가능성有
2 통화기록/파일탈취통화내용녹취
User/ChannelMgmt. Server
m-VoIP System
3
3 Server에접근하여중요데이터탈취
악의적사용자
1
TIPN Gateway
Application(Trusted IP
Agent)
SecureContainer
Malicious Execution
Code
Internet
3G/LTE
Trusted IP Agent
TIP
N
기반m
-Vo
IP
User/ChannelMgmt. Server
m-VoIP System
Internet
3G/LTE
2
1
1 Secure Tunnel을통한감청/도청가능성원천차단
2 정보가 Secure Container에저장되어통화기록/파일탈취방지음성통신시네트워크차단으로통화내용녹취차단
TIPN Manager
3 인가된사용자가아닌경우,Server에접근이불가하므로데이터탈취원천차단
3
악의적사용자
top related