• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.97-101
• /
• 2019

If the operating system's core file contains an Intel PT, the debugger can not only check the program state at the time of the crash, but can also reconfigure the control flow that caused the crash. We can also extend the execution trace scope to the entire system to debug kernel panics and other system hangs. The second-generation PT, the WinIPT library, includes an Intel PT driver with additional code to run process and core-specific traces through the IOCTL and registry mechanisms provided by Windows 10 (RS5). In other words, the PT trace information, which was limited access only by the first generation PT, can be executed by process and core by the IOCTL and registry mechanism provided by the operating system in the second generation PT. In this paper, we compare and describe methods for collecting, storing, decoding and detecting malicious codes of data packets in a window environment using 1/2 generation PT.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.129-135
• /
• 2021

Greedy protocols show good performance in Vehicular Ad-hoc Networks (VANETs) environment in general. But they make longer routes causing by surroundings or turn out routing failures in some cases when there are many traffic signals which generate empty streets temporary, or there is no merge roads after a road divide into two roads. When a node selects the next node simply using the distance to the destination node, the longer route is made by traditional greedy protocols in some cases and sometimes the route ends up routing failure. Most of traditional greedy protocols just take into account the distance to the destination to select a next node. Each node needs to consider not only the distance to the destination node but also the direction to the destination while routing a packet because of geographical environment. The proposed routing scheme considers both of the distance and the direction for forwarding packets to make a stable route. And the protocol can configure as the surrounding environment. We evaluate the performance of the protocol using two mobility models and network simulations. Most of network performances are improved rather than in compared with traditional greedy protocols.

• The Journal of the Korea Contents Association
• /
• v.22 no.6
• /
• pp.15-23
• /
• 2022

The operation method of offline venues such as local festivals usually has problems such as the absence of real-time events and booth information, wasting time in the process of purchasing and receiving goods, and stagnating the movement of guests. This study increases the convenience of guests and managers by integrating all contents in the venue in the form of booth, thereby increasing the uniformity of event information and the efficiency of booth operation. In addition, a system was designed to minimize movement problems and improve performance by detecting the movement of guests within the venue and increasing the efficiency of arranging booths based on location data. It has been developed as a low-cost system that measures wireless packets with portable wireless LAN APs and control units. This has advantages in the operation of the venue, which consists of the installation and dismantling of variable booths in a short period of time. It is expected that the integrated operation of the venue will be utilized by linking the movement data of guests to activate visits and increase sales through data-based promotions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1171-1181
• /
• 2022

Front Collision-Avoidance Assist (FCA) or Smart Cruise Control (SCC) is installed in a modern vehicle, and the amount of data exchange between ECUs increases rapidly. Therefore, Automotive Ethernet, especially SOME/IP, which supports wide bandwidth and two-way communication, is widely adopted to overcome the bandwidth limitation of traditional CAN communication. SOME/IP is a standard protocol compatible with various automobile operating systems, and improves connectivity between components in the vehicle. However, no encryption or authentication process is defined in the SOME/IP protocol itself. Therefore, there is a need for a security study on the SOME/IP protocol. This paper proposes a deep learning-based intrusion detection system in SOME/IP and performs six attacks to confirm the performance of the intrusion detection system.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.1
• /
• pp.157-164
• /
• 2023

In modern society, smart home has become a part of people's daily life. But traditional smart home systems often have problems such as security, data centralization and easy tampering, so a blockchain is an emerging technology that solves the problems. This paper proposes a blockchain-based smart home system which consists in a home and a blockchain network part. The blockchain network with 8 nodes is implemented by HyperLeger Fabric platform on Docker. ECC(Elliptic Curve Cryptography) technology is used for data transmission security and RBAC(role-based access control) manages the certificates of network members. Raft consensus algorithm maintains data consistency across all nodes in a distributed system and reduces block generation time. The query and data submission are controlled by the smart contract which allows nodes to safely and efficiently access smart home data. The experimental results show that the proposed system maintains a stable average query and submit time of 84.5 [ms] and 93.67 [ms] under high concurrent accesses, respectively and the transmission data is secured through simulated packet capture attacks.

• Annual Conference of KIPS
• /
• 2010.04a
• /
• pp.729-732
• /
• 2010

통신망의 발달로 다양한 인터넷 기반 기술들이 등장함에 따라 현재는 데이터뿐만 아닌 음성에 대한 부분도 IP 네트워크를 통해 전송하려는 움직임이 발판이 되어 VoIP(Voice Over Internet Protocol)라는 기술이 등장하였다. SIP(Session Initiation Protocol) 프로토콜 기반 VoIP 서비스는 통신 절감 효과가 큰 장점과 동시에 다양한 부가서비스를 제공하여 사용자 수가 급증하고 있다. VoIP 서비스는 호(Call)를 제어하기 위해 SIP 기반으로 구성이 되며, SIP 프로토콜은 IP 망을 이용하여 다양한 음성과 멀티미디어 서비스를 제공하게 되는데 IP 프로토콜에서 발생하는 인터넷 보안 취약점을 그대로 동반하기 때문에 DoS(Denial of Service) 및 DDoS(Distribute Denial of Service)에 취약한 성향을 가지고 있다. DDoS 공격은 단시간 내에 대량의 패킷을 타깃 호스트 또는 네트워크에 전송하여 네트워크 접속 및 서비스 기능을 정상적으로 작동하지 못하게 하거나 시스템의 고장을 유도하게 된다. 인터넷 기반 생활이 일상화 되어 있는 현 시점에서 안전한 네트워크 환경을 만들기 위해 DDoS 공격에 대한 대응 방안이 시급한 시점이다. DDoS 공격에 대한 탐지는 매우 어렵기 때문에 근본적인 대책 마련에 대한 연구가 필요하며, 정상적인 트래픽 및 악의적인 트래픽에 대한 탐지 시스템 개발이 절실히 요구되는 사항이다. 본 논문에서는 SIP 프로토콜 및 공격기법에 대해 조사하고, DoS와 DDoS 공격에 대한 특성 및 종류에 대해 조사하였으며, SIP를 이용한 VoIP 서비스에서 IP 분류와 메시지 중복 검열을 통한 DDoS 공격 탐지기법을 제안한다.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.329-342
• /
• 2003

Most of the existing multicast routing protocols for ad-hoc networks do not take into account the efficiency of the protocol for the cases when there are large number of sources in the multicast group, resulting in either large overhead or poor data delivery ratio when the number of sources is large. In this paper, we propose a multicast routing protocol for ad-hoc networks, which particularly considers the scalability of the protocol in terms of the number of sources in the multicast groups. The proposed protocol designates a set of sources as the core sources. Each core source is a root of each tree that reaches all the destinations of the multicast group. The union of these trees constitutes the data delivery mesh, and each of the non-core sources finds the nearest core source in order to delegate its data delivery. For the efficient operation of the proposed protocol, it is important to have an appropriate number of core sources. Having too many of the core sources incurs excessive control and data packet overhead, whereas having too little of them results in a vulnerable and overloaded data delivery mesh. The data delivery mesh is optimally reconfigured through the periodic control message flooding from the core sources, whereas the connectivity of the mesh is maintained by a persistent local mesh recovery mechanism. The simulation results show that the proposed protocol achieves an efficient multicast communication with high data delivery ratio and low communication overhead compared with the other existing multicast routing protocols when there are multiple sources in the multicast group.

• The KIPS Transactions:PartA
• /
• v.10A no.6
• /
• pp.691-700
• /
• 2003

Due to the fast development of wire&wireless internet and computer hardware, more and more internet services are being developed, such as Internet broadcast, VoD (Video On Demand), etc. So QoS (Qualify of Service) is essentially needed to guarantee the quality of these services. Traditional Internet is Best-Effort service in which all packets are transported in FIFO (First In First Out) style. However, FIFO is not suitable to guarantee the quality of some services, so more research in QoS router and QoS protocol are needed. Researched QoS router and protocol are high cost and inefficient because the existing infra is not used. To solve this problem, a new QoS control method, named Network Adaptive QoS, is introduced and applied to client/server-based streaming systems. Based on network bandwidth monitoring mechanism, network adaptive QoS control method can be used in wire&wireless networks to support QoS in real-time streaming system. In order to reduce application cost, the existing streaming service is used in NAQoS. A new module is integrated into the existing server and client. So the router and network line are not changed. By simulation in heavy traffic network conditions, we proved that stream cannot be seamless without network adaptive QoS method.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.48 no.9
• /
• pp.35-46
• /
• 2011

Future Internet should support more efficient mobility management, flexible traffic engineering and various emerging new services. So, lots of traffic engineering techniques have been suggested and developed, but it's impossible to apply them on the current running commercial Internet. To overcome this problem, OpenFlow protocol was proposed as a technique to control network equipments using network controller with various networking applications. It is a software defined network, so researchers can verify their own traffic engineering techniques by applying them on the controller. In addition, for high-speed packet processing in the OpenFlow network, programmable NetFPGA card with four 1G-interfaces and commercial Procurve OpenFlow switches can be used. In this paper, we implement an OpenFlow test-bed using hardware-accelerated NetFPGA cards and Procurve switches on the KREONET, and implement CSPF (Constraint-based Shortest Path First) algorithm, which is one of popular QoS routing algorithms, and apply it on the large-scale testbed to verify performance and efficiency of multimedia traffic engineering scheme in Future Internet.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.4
• /
• pp.369-377
• /
• 2008

Today, Ethernet technology is rapidly developing to have a bandwidth of 10Gbps beyond 1Gbps. In such high-speed networks, the existing method that host CPU processes TCP/IP in the operating system causes numerous overheads. As a result of the overheads, user applications cannot get the enough computing power from the host CPU. To solve this problem, the TCP/IP Offload Engine(TOE) technology was emerged. TOE is a specialized NIC which processes the TCP/IP instead of the host CPU. In this paper, we implemented a high-performance, lightweight TCP/IP(HL-TCP) for the TOE and applied it to an embedded system. The HL-TCP supports existing fundamental TCP/IP functions; flow control, congestion control, retransmission, delayed ACK, processing out-of-order packets. And it was implemented to utilize Ethernet MAC's hardware features such as TCP segmentation offload(TSO), checksum offload(CSO) and interrupt coalescing. Also we eliminated the copy overhead from the host memory to the NIC memory when sending data and we implemented an efficient DMA mechanism for the TCP retransmission. The TOE using the HL-TCP has the CPU utilization of less than 6% and the bandwidth of 453Mbps.