• Journal of IKEEE
• /
• v.19 no.2
• /
• pp.133-141
• /
• 2015

The IMS is an architectural control framework for delivering IP multimedia services such as voice, video, audio and data, the IMS supports not only the mobile communication system but also the existing wired and wireless network based on IP. The network that is integrated by the IMS needs policy-based network management protocol for managing the limited network resources to provide efficient multimedia service. The IMS use additional device called PDF for efficient resource management, but the PDF only uses diameter which is one of the network management protocol such as SNMP and COPS. Many devices use various protocol to manage the limited network resources. There is an algorithm using a variety of protocols such as Diameter, COPS and SNMP to handle the resources management efficiently. We also analyze the performance using the proposed algorithm in the implemented IMS environment.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2151-2154
• /
• 2003

Internet is deeply rooted in everyday life and many things are performed using internet in real-world, therefore internet users increased because of convenience. Also internet accident is on the increase rapidly. The security vendor developed security system to protect network and system from intruder. Many hackings can be prevented and detected by using these security solutions. However, the new hacking methods and tools that can detour or defeat these solutions have been emerging and even script kids using these methods and tools can easily hack the systems. In consequence, system has gone through various difficulties. So, Necessity of intruder trace-back technology is increased gradually. Trace-back technology is tracing back a malicious hacker to his real location. trace-back technology is largely divided into TCP connection trace-back and IP packet trace-back to trace spoofed IP of form denial-of-service attacks. TCP connection trace-back technology that autonomously traces back the real location of hacker who attacks system using stepping stone at real time. In this paper, We will describe watermark trace-back system using TCP hijacking technique to supplement difficult problem of connection maintenance happened at watermark insertion. Through proposed result, we may search attacker's real location which attempt attack through multiple connection by real time.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.1355-1358
• /
• 2001

IP Multicast can efficiently provide enormous bandwidth savings by enabling sources to send a single copy of a message to multiple recipients who explicitly want to receive the information. But due to the complexity of IP multicast and its fundamental differences from unicast, there are not very many tools available fer monitoring and debugging multicast networks, and only a few experts understand the tools that do exist. This thesis proposes a Multicast Routing Debugger (MRD) system that monitor the status of a multicast network. This system is aimed to multicast-related faults detection. In thesis, first, we define the set of information that should be monitored. Second, the method is developed to take out such information from multicast routers. Third, MRD system is prototyped to collect, process information from heterogeneous routers on a multicast network and to display the various status of the network comprehensively. The prototype of MRD system is implemented and deployed. We perform experiments with several scenarios. Experimental results show we can detect various problems as information that we define is monitored. The MRD system is simple to use, web-based and intuitive tool that can monitor the status of a specific multicast network.

• Proceedings of the IEEK Conference
• /
• 2009.05a
• /
• pp.16-18
• /
• 2009

VoIP(Voice over IP) is the technology to transport voice and video over IP networks such as Internet. Today, VoIP technology is viewed as the right choice for provide voice, video, and data communication over next generation network. We are sure that the multipoint VoIP will help enhancing the various application services in ubiquitous environment. The paper shows multipoint VoIP system implemented with end-point mixing model and introduces various embedded systems such as UFC(Ubiquitous Fashionable Computer), tourist guide terminal and industrial terminal which use the multipoint VoIP.

• The Transactions of the Korean Institute of Electrical Engineers D
• /
• v.53 no.9
• /
• pp.638-643
• /
• 2004

Middleware enables different networking devices and protocols to inter-operate in ubiquitous home network environments. The UPnP(Universal Plug and Play) middleware, which runs on a PC and is based on the IPv4 protocol, has attracted much interest in the field of home network research since it has versatility The UPnP, however, cannot be easily accessed via the public Internet since the UPnP devices that provide services and the Control Points that control the devices are configured with non-routable local private or Auto IP networks. The critical question is how to access UPnP network via the public Internet. The purpose of this paper is to deal with the non-routability problem in local private and Auto IP networks by improving the conventional Control Point used in UPnP middleware-based home networks. For this purpose, this paper proposes an improved Control Point for accessing and controlling the home network from remote sites via the public Internet, by adding a web server to the conventional Control Point. The improved Control Point is implemented in an embedded GNU/Linux system running on an ARM9 platform. Also this paper implements the security of the home network system based on the UPnP (Universal Plug and Play), adding VPN (Virtual Private Network) router that uses the IPsec to the home network system which is consisted of the ARM9 and the Embedded Linux.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.5 no.5
• /
• pp.528-533
• /
• 2010

Currently the telephone service using Internet grows and the recent introduction of a smart phone is expected to accelerate the trend. In particular, considering the domestic situation that the wireless broadband (WiBro) system deployed over the nation, the telephone service over WiBro can be a solution toward its fast expansion. Unlike telephone service over a conventional telephone network or mobile network, however, internet telephone cannot guarantee it service quality, which can be severer in a wireless environment such as a WiBro network. Therefore, a more strict and systematic management for controlling the quality of internet telephone service over WiBro in a more efficient way. As the first step to establish the management system, this paper proposes a scheme to manage the quality of internet telephone service over WiBro and introduces a software developed for the purpose. The developed software is installed on a user terminal and facilitates efficient service quality management by measuring the quality of internet telephone service over WiBro in terms of VoIP metric, network metric, and wireless metric.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 1997.03a
• /
• pp.163-181
• /
• 1997

This dissertation provides a theroetic study on the network security in general , the firewall in particular . In fact, the firewall has been recognized as a very promising option to obtain the security in the real world network environment . The dissertation provides a thorough theoretic investigation on the various problems raised in the computer network, and also explores a methodology of the security against IP spoofing. Moreover, it investigates a systematic procedure to make analysis plans of the firewall configuration. Based on the above investigation and analysis , this dissertation provides two approaches to network security, which address a number of issues both at the network and at application level. At the network level. a new methdo is proposed which uses packet filtering based on the analysis of the counter plot about the screen router. On the other hand at the application level, a novel method is exlored which employs security software , Firewall-1, on Bastion host. To demonstrate the feasibility and the effectiveness of the proposed methodologes, a prototype implementation is made. The experiment result shows that the screen router employing the proposesed anti-IP spoofing method at the network level is effective enough for the system to remain secure without being invaded by any illegarl packets entering from external hackers. Meanwhile , at the application level. the proposed software approach employing Firewall -1 is proved to be robust enough to provent hackings from the outer point to point protocol connection. Theoretically, it is not possible to provide complete secuirty to the network system, because the network security involove a number of issues raised from low level network equipments form high level network protocol. The result in this dissertation provides a very promising solution to network security due to its high efficiency of the implementation and superb protectiveness from a variety of hacking.

• Journal of information and communication convergence engineering
• /
• v.12 no.3
• /
• pp.154-160
• /
• 2014

The address resolution protocol (ARP) provides dynamic mapping between two different forms of addresses: the 32-bit Internet protocol (IP) address of the network layer and the 48-bit medium access control (MAC) address of the data link layer. A host computer finds the MAC address of the default gateway or the other hosts on the same subnet by using ARP and can then send IP packets. However, ARP can be used for network attacks, which are one of the most prevalent types of network attacks today. In this study, a new ARP algorithm that can prevent IP spoofing attacks is proposed. The proposed ARP algorithm is a broadcast ARP reply and an ARP notification. The broadcast ARP reply was used for checking whether the ARP information was forged. The broadcast ARP notification was used for preventing a normal host's ARP table from being poisoned. The proposed algorithm is backward compatible with the current ARP protocol and dynamically prevents any ARP spoofing attacks. In this study, the proposed ARP algorithm was implemented on the Linux operating system; here, we present the test results with respect to the prevention of ARP spoofing attacks.

• Journal of Intelligence and Information Systems
• /
• v.26 no.4
• /
• pp.87-109
• /
• 2020

Currently, thanks to the major stride made in developing wired and wireless communication technology, a variety of IT services are available on land. This trend is leading to an increasing demand for IT services to vessels on the water as well. And it is expected that the request for various IT services such as two-way digital data transmission, Web, APP, etc. is on the rise to the extent that they are available on land. However, while a high-speed information communication network is easily accessible on land because it is based upon a fixed infrastructure like an AP and a base station, it is not the case on the water. As a result, a radio communication network-based voice communication service is usually used at sea. To solve this problem, an additional frequency for digital data exchange was allocated, and a ship ad-hoc network (SANET) was proposed that can be utilized by using this frequency. Instead of satellite communication that costs a lot in installation and usage, SANET was developed to provide various IT services to ships based on IP in the sea. Connectivity between land base stations and ships is important in the SANET. To have this connection, a ship must be a member of the network with its IP address assigned. This paper proposes a SANET-CC protocol that allows ships to be assigned their own IP address. SANET-CC propagates several non-overlapping IP addresses through the entire network from land base stations to ships in the form of the tree. Ships allocate their own IP addresses through the exchange of simple requests and response messages with land base stations or M-ships that can allocate IP addresses. Therefore, SANET-CC can eliminate the IP collision prevention (Duplicate Address Detection) process and the process of network separation or integration caused by the movement of the ship. Various simulations were performed to verify the applicability of this protocol to SANET. The outcome of such simulations shows us the following. First, using SANET-CC, about 91% of the ships in the network were able to receive IP addresses under any circumstances. It is 6% higher than the existing studies. And it suggests that if variables are adjusted to each port's environment, it may show further improved results. Second, this work shows us that it takes all vessels an average of 10 seconds to receive IP addresses regardless of conditions. It represents a 50% decrease in time compared to the average of 20 seconds in the previous study. Also Besides, taking it into account that when existing studies were on 50 to 200 vessels, this study on 100 to 400 vessels, the efficiency can be much higher. Third, existing studies have not been able to derive optimal values according to variables. This is because it does not have a consistent pattern depending on the variable. This means that optimal variables values cannot be set for each port under diverse environments. This paper, however, shows us that the result values from the variables exhibit a consistent pattern. This is significant in that it can be applied to each port by adjusting the variable values. It was also confirmed that regardless of the number of ships, the IP allocation ratio was the most efficient at about 96 percent if the waiting time after the IP request was 75ms, and that the tree structure could maintain a stable network configuration when the number of IPs was over 30000. Fourth, this study can be used to design a network for supporting intelligent maritime control systems and services offshore, instead of satellite communication. And if LTE-M is set up, it is possible to use it for various intelligent services.

• Journal of Institute of Control, Robotics and Systems
• /
• v.22 no.8
• /
• pp.671-677
• /
• 2016

A Controller Area Network (CAN) is a serial communication protocol that is highly reliable and efficient in many aspects, such as wiring cost and space, system flexibility, and network maintenance. Therefore, it is chosen for the communication protocol between a single chip controller based on Field Programmable Gate Array (FPGA) and peripheral devices. In this paper, the design and implementation of CAN IP, which is written in VHSIC Hardware Description Language (VHDL), is presented. The implemented CAN IP is based on the CAN 2.0A specification. The CAN IP consists of three processes: clock generator, bit timing, and bit streaming. The clock generator process generates a time quantum clock. The bit timing process does synchronization, receives bits from the Rx port, and transmits bits to the Tx port. The bit streaming process generates a bit stream, which is made from a message received from a micro controller subsystem, receives a bit stream from the bit timing process, and handles errors depending on the state of the CAN node and CAN message fields. The implemented CAN IP is synthesized and downloaded into SmartFusion FPGA. Simulations using ModelSim and chip test results show that the implemented CAN IP conforms to the CAN 2.0A specification.