• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.331-338
• /
• 2001

With the general use of network, cyber terror rages throughout the world. However, IP Fragmentation isn\`t free from its security problem yet, even though it guarantees effective transmission of the IP package in its network environment. Illegal invasion could happen or disturb operation of the system by using attack mechanism such as IP Spoofing, Ping of Death, or ICMP taking advantage of defectiveness, if any, which IP Fragmentation needs improving. Recently, apart from service refusal attack using IP Fragmentation, there arises a problem that it is possible to detour packet filtering equipment or network-based attack detection system using IP Fragmentation. In the paper, we generate the real time access log file to make the system manager help decision support and to make the system manage itself in case that some routers or network-based attack detection systems without packet reassembling function could not detect or suspend illegal invasion with divided datagrams of the packet. Through the implementation of the self-managing system we verify its validity and show its future effect.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.831-834
• /
• 2001

네트워크가 보편화되면서 사이버 공간을 이용한 테러가 전 세게적으로 발생하고 있다. IP Fragmentation은 이 기종 네트워크 환경에서 IP 패킷의 효율적인 전송을 보장해주고 있지만, 몇 가지 보안 문제점을 가지고 있다. 불법 침입자는 이러한 IP Fragmentation 취약점을 이용해 IP Spoofing, Ping of Death, ICMP 공격과 같은 공격 기술을 이용하여 시스템에 불법적으로 침입하거나 시스템의 정상적인 동작을 방해한다. 최근에는 IP Fragmentation을 이용한 서비스 거부공격 외에도 이를 이용하여 패킷 필터링 장비나 네트워크 기반의 침입탐지시스템을 우회한 수 있는 문제점이 대두되고 있다. 본 논문에서는 패킷 재조합 기능을 제공하고 있지 않은 일부 라우터나 침입차단시스템 그리고 네트워크 기반의 침입탐지시스템들에서 불법 사용자가 패킷을 다수의 데이터그램으로 분할하여 공격한 경우 이를 탐지하거나 차단하지 못하는 경우에 대비하여 실시간 접근 로그 파일을 생성하고, 시스템 관리자가 의사결정을 할 수 있도록 함과 동시에 시스템 스스로 대처한 수 있는 시스템을 구현하여 타당성을 검증하고 그에 따른 기대효과를 제시한다.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2003.05b
• /
• pp.295-298
• /
• 2003

IP 단편화는 서로 다른 네트워크 환경에서 IP 패킷의 효율적인 전송을 보장해 주고 있다. 하지만 시스템이 비정상적인 IP 단편을 적절히 재조합하지 못함으로써 시스템에 심각한 문제를 일으킬 수 있다. 그래서 본 논문에서는 네트워크 상에서 IP 단편화 공격을 탐지할 수 있는 방법을 제안한다. 제안한 방법은 IP 단편화 총격에 대해서 TCP 패킷을 NIDS가 미리 재조합을 함으로써 IP 단편화 공격에 대해 효율적인 탐지가 가능하다

• Journal of the Korea Society for Simulation
• /
• v.17 no.4
• /
• pp.191-198
• /
• 2008

6LoWPAN (IPv6 Low-power Wireless Personal Area Network) is IPv6 packets transmission technology at Sensor network over the IEEE 802.15.4 Standard MAC and Physical layer. Adaptation layer between IP layer and MAC layer performs fragmentation and reassembly of packet for transmit IPv6 packets. RFC4944, IETF 6LoWPAN WG standard document define packet fragmentation and reassembly. In this paper, we propose the 6PASim (6LoWPAN Packet Simulator) to perform IPv6 packet fragmentation and reassembly for performance evaluation. The 6PASim consist of two parts. One is Packet_Transmit_module that makes IEEE 802.15.4 frames the IPv6 packet from upper layer, and transmit its. and the another is Packet_Receive_module that reassembles transferred frames and completes original IPv6 packets. we can evaluate frame transmit rate and amount of control message through 6PASim. The result of simulation shows the SRM (Selective Retransmission Method) scheme provider better performance than IRM (Immediate Retransmission Method) scheme.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.5
• /
• pp.130-138
• /
• 2009

6LoWPAN is IPv6 packets transmission technology at Sensor network over the IEEE 802.15.4 Standard MAC and Physical layer. Adaptation layer between IP layer and MAC layer performs fragmentation and reassembly of packet for transmit IPv6 packets. RFC4944, IETF 6LoWPAN WG standard document define packet fragmentation and reassembly. In this paper, we propose the IRM(Immediate Retransmission Method) and SRM(Selective Retransmission Method) to manage packet fragmentation and reassembly at 6LoWPAN. Each time destination receives a fragmented packet, it sends Ack message to the source node on IRM. However, on SRM, the destination node receives all fragmented packet, it sends Ack message or Nak message to the source node. In this case, Nak message include the dropped packet number. To compare the performance of the proposed schemes, we develop a simulator using C++. The result of simulation shows the proposed schemes provider better performance than RFC4944 standard scheme.

• Korean Journal of Microbiology
• /
• v.38 no.3
• /
• pp.213-220
• /
• 2002

Inducible expression system for the three structural proteins, capsid (C), precursor membrane (prM/M), and envelop (E) of Japanese encephalitis virus (JEV) was established in BHK-21 cells. Doxycycline, a tetracycline analog, was utilized as an inducer. Transfectants BHK-21/IV (vector only), BHK-21/IC (for C), BHK-21/IP3 (for prM), and BHK-21/IE1 (for E) were selected and cloned in the presence of G4l8 or hygromycin. Transcribed mRNAs for the corresponding genes were observed after doxycycline induction. Effects by the JEV structural gene expression on the transfectants were monitored via cell growth, chromatin condensation, internucleosomal DNA fragmentation, and DNA contents analyses. Clear cell growth retardation and chromatin condensation were observed in all three transfectants while only BHK-2/IC corresponded to the induction status in the DNA fragmentation and DNA content analyses. Combined results, therefore, suggested that JEV capsid protein should be one of the direct and independent factors in apoptotic cell death induced by IEV infection.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.10
• /
• pp.101-110
• /
• 2009

The 6LoWPAN(IPv6 Low-power Wireless Personal Area Network) performs IPv6 header compression, TCP/UDP/IGMP header compression, packet fragmentation and re-assemble to transmit IPv6 packet over IEEE 802,15.4 MAC/PHY. However, from the point of view of security. It has the existing security threats issued by IP packet fragmenting and reassembling, and new security threats issued by 6LoWPAN packet fragmenting and reassembling would be introduced additionally. If fragmented packets are retransmitted by replay attacks frequently, sensor nodes will be confronted with the communication disruption. This paper analysis security threats introduced by 6LoWPAN fragmenting and reassembling, and proposes a re-transmission mechanism that could minimize re-transmission to be issued by replay attacks. Re-transmission procedure and fragmented packet structure based on the 6LoWPAN standard(RFC4944) are designed. We estimate also re-transmission delay of the proposed mechanism. The mechanism utilizes timestamp, nonce, and checksum to protect replay attacks. It could minimize reassemble buffer overflow, waste of computing resource, node rebooting etc., by removing packet fragmentation and reassemble unnecessary.

• International Journal of Control, Automation, and Systems
• /
• v.3 no.1
• /
• pp.122-129
• /
• 2005

We describe the MiniWeb[7] TCP/IP stack (mIP), which is an extremely small implementation of the TCP/IP protocol suite running 8 or 32-bit micro controllers intended for embedded control systems, and satisfying the subset of RFC1122 requirements needed for host­to-host interoperability over different platforms. Our TCP/IP implementation does sacrifice some of TCP's mechanisms such as fragmentation, urgent data, retransmission, or congestion control. Our implementation is applicable to web based controllers. The network protocols are tested in operational networks using CommView and Dummynet where the various operational parameters such as bandwidth, delay, and queue sizes can be set and controlled.

• Journal of the Institute of Convergence Signal Processing
• /
• v.12 no.4
• /
• pp.274-280
• /
• 2011

Due to their rapid growth and new paradigm applications, wireless sensor networks(WSNs) are morphing into low power personal area networks(LoWPANs), which are envisioned to grow radically. The fragmentation and reassembly of IP data packet is one of the most important function in the 6LoWPAN based communication between Internet and wireless sensor network. However, since the 6LoWPAN data unit size is 102 byte for IPv6 MTU size is 1200 byte, it increases the number of fragmentation and reassembly. In order to reduce the number of fragmentation and reassembly, this paper presents a new scheme that can be applicable to 6LoWPAN. When a fragmented packet header is constructed, we can have more space for data. This is because we use 8-bits routing table ill instead of 16-bits or 54-bits MAC address to decide the destination node. Analysis shows that our design has roughly 7% or 22% less transmission number of fragmented packets, depending on MAC address size(16-bits or 54-bits), compared with the previously proposed scheme in RFC4944. The reduced fragmented packet transmission means a low power consumption since the packet transmission is the very high power function in wireless sensor networks. Therefore the presented fragmented transmission scheme is well suited for low-power wireless sensor networks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.541-542
• /
• 2009

MANET은 유선 기반망의 도움 없이 무선 노드들 간에 서로 협력하여 다중-홉으로 정보를 주고 받을 수 있도록 해주는 네트워크이다. 최근 MANET과 인터넷 망과의 통신이 요구되고 있고 이를 위해 무선 노드가 글로벌 IP 주소를 할당 받을 수 있어야 한다. 본 논문에서는 인터넷 게이트웨이를 통해 인터넷 망과 연결된 MANET 구조에서 무선 노드가 빠르게 글로벌 IP 주소를 설정할 수 있는 기법을 제안한다. 제안하는 기법의 성능 평가를 위해 NS-2로 실험을 수행했으며, 그 결과 기존 방법보다 빠르게 글로벌 IP 주소를 설정하고 네트워크 부하를 감소 시킬 수 있음을 입증하였다.