摘要:
Disclosed is an Academy, Research Institute, and Agency (ARIA) encryption/decryption apparatus for encrypting and decrypting input data by repeating a plurality of rounds. The ARIA encryption/decryption apparatus includes a first register storing input data or an intermediate calculation value according to a first control signal; a second register storing a input round key for every round; an exclusive OR operation unit performing an exclusive OR operation on values stored in the first and second registers; a substitution unit substituting a result of the exclusive OR operation on a basis of an ARIA substitution algorithm; a diffusion unit diffusing a result of the substitution in the substitution unit on a basis of an ARIA diffusion algorithm if a current round is not a final round; and a control unit outputting the first control signal so that an output of the diffusion unit is used as the intermediate calculation value if the current round is the final round or an output of the substitution unit is used as the intermediate calculation value if the current round is the final round, and outputting an output of the exclusive OR operation unit as a result of the ARIA encryption/decryption.
摘要:
Disclosed is an Academy, Research Institute, and Agency (ARIA) encryption/decryption apparatus for encrypting and decrypting input data by repeating a plurality of rounds. The ARIA encryption/decryption apparatus includes a first register storing input data or an intermediate calculation value according to a first control signal; a second register storing a input round key for every round; an exclusive OR operation unit performing an exclusive OR operation on values stored in the first and second registers; a substitution unit substituting a result of the exclusive OR operation on a basis of an ARIA substitution algorithm; a diffusion unit diffusing a result of the substitution in the substitution unit on a basis of an ARIA diffusion algorithm if a current round is not a final round; and a control unit outputting the first control signal so that an output of the diffusion unit is used as the intermediate calculation value if the current round is the final round or an output of the substitution unit is used as the intermediate calculation value if the current round is the final round, and outputting an output of the exclusive OR operation unit as a result of the ARIA encryption/decryption.
摘要:
Provided is a method of generating and searching for a single ternary content addressable memory (TCAM) entry for range search and exact-match search. First, it is determined whether an entry to be added is a range search entry or an exact-match search entry. When the entry is the range search entry, a bit at a predetermined position in the upper m bits corresponding to a range represented by the entry is set to “1” and the remaining bits including lower n bits is set to a “don't care” bit x, based on a range table for representing position information of one of the upper m bits which is set to “1” in ranges. When the entry is the exact-match search entry, the upper m bits is set to “don't care” bit x and the lower n bits is set to the entry value. By generating and searching for a single TCAM entry for a range search and an exact-match search, a space for storing the TCAM entry can be optimized and efficiency thereof can be improved.
摘要:
In a real-time network attack pattern detection system and method, a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.
摘要:
Provided are an apparatus and method for limiting bandwidths of burst aggregate flows according to the present invention. The apparatus comprises: a bandwidth measuring unit measuring a bandwidth of at least one input aggregate flow; a grade determining unit determining abnormal grades according to abnormal levels of the input aggregate flows; a bandwidth limit determining unit determining a bandwidth volume and aggregate flow to be limited; a bandwidth limiting unit inputting a result determined by the bandwidth limit determining unit, limiting or releasing a bandwidth of a aggregate flow selected among the input aggregate flows and outputting the selected aggregate flow; and a status information storage unit storing status information including a usage bandwidth, an abnormal grade, and a limited bandwidth volume of the input aggregate flow. Accordingly, the apparatus and method provide an effect of dropping attack aggregate flows corresponding to excessive traffic while not influencing normal aggregate flows.
摘要:
An apparatus and method for performing packet header lookup based on sequential lookup is provided. A header analyzer separates a header from a packet received via a network and outputs a lookup sequence. A unit lookup unit looks up matching the header combination rules with each field to be analyzed and input from the header analyzer based on the lookup sequence input from the header analyzer and outputs a match signal and a match address. A rule combination memory stores identification information for the header combination rules. A sequence combination memory stores lookup sequence information and sequence combination information. A rule combination unit generates match results based on the match signal input from the unit lookup unit and data read from the rule combination memory and the sequence combination memory.
摘要:
An alert transmission apparatus for a policy-based intrusion detection and response has a central policy server (CPS) and an intrusion detection and response system (IDRS). In the CPS, a policy management tool generates security policy information and then stores the generated security policy information in a policy repository. A COPS-IDR server sends the information to the IDRS and an IDMEF-XML-type alert transmission message to a high-level module. An IDMEF-XML message parsing and translation module stores a parsed and translated IDMEF-XML-type alert transmission message in an alert DB or provides the message to an alert viewer. In the IDRS, a COPS-IDR client generates the IDMEF-XML-type alert transmission message and provides the message to the CPS. An intrusion detection module detects an intrusion. An intrusion response module responds to the intrusion. An IDMEF-XML message building module generates an IDMEF-XML alert message and provides the message to the COPS-IDR client.
摘要:
The present invention relates to a network intrusion detection and prevention system. The system includes: a signature based detecting device; an anomaly behavior based detecting device; and a new signature creating and verifying device disposed between the signature based detecting device and the anomaly behavior based detecting device, wherein if the anomaly behavior based detecting device detects network-attack-suspicious packets, the new signature creating and verifying device collects and searches the detected suspicious packets for common information, and then creates a new signature on the basis of the searched common information and at the same time, verifies whether or not the created new signature is applicable to the signature based detecting device, and then registers the created new signature to the signature based detecting device if it is determined that the created new signature is applicable.
摘要:
A system and a device for wirelessly transferring power without a cable are provided. A wireless electromagnetic receiver includes a first device configured to be magnetized based on an electromagnetic field. The wireless electromagnetic receiver further includes a second device configured to transform the magnetization of the first device into a power, the second device being not in contact with the first device.
摘要:
A sound system using wireless power transmission is provided. A power and data transmission apparatus in the sound system, includes a data transmitting unit configured to wirelessly transmit, to a sound output device, sound data. The apparatus further includes a power transmitting unit configured to wirelessly transmit, to the sound output device, power. The apparatus further includes a controller configured to control the data transmitting unit and the power transmitting unit based on a distance between the apparatus and the sound output device.