Abnormal IPSec packet control system using IPSec configuration and session data, and method thereof

Assignee

• SUNGKYUNKWAN UNIVERSITY FOUNDATION FOR CORPORATE COLLABORATION of Korea · KR

Inventors

• Young Ik Eom · Seoul, KR
• Ka Eul Kim · Seojong-myeon, KR
• Kwangsun Ko · Seoul, KR
• Gyehyeon Gyeong · Seojong-myeon, KR
• Seong-goo Kang · Buk-myeon, KR
• Yonghyeog Kang · Seojong-myeon, KR
• Hyunjin Cho · Yongin-si, KR
• Hyunsu Jang · Incheon, KR
• Yong Woo Jung · Seoul, KR
• Hyunwoo Choi · Gunpo-si, KR

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/164
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An abnormal Internet Protocol Security (IPSec) packet control system and method utilizes IPSec configuration and session data to detect whether or not packets encrypted by an extended header are abnormal. The IPSec packet control system can include an extended header processing unit that receives an IPSec packet and extracts the data to be used in traffic control; check units for checking the packets in the stages of IPSec configuration and IPSec communication that receive the extracted data to determine whether or not the IPSec packet has passed; and a control unit that allows the IPSec to pass or to be blocked according to a determination result from the check units for checking the IPSec configuration and communication packets, where abnormal IPSec packets are blocked using the IPSec configuration and session tables without requiring them to be decrypted and encrypted.