• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.951-958
• /
• 2004

Nowadays NGN is developed for supporting the e-Commerce, Internet trading, e-Government, e-mail, virtual-life and multimedia. Internet gives us the benefit of remote access to the information but causes the attacks that can break server and modify information. Since 2000 Nimda, Code Red Virus and DSoS attacks are spreaded in Internet. This attack programs make tremendous traffic packets on the Internet. In this paper, we designed and developed the Bandwidth Controller in the gateway systems against the bandwidth saturation attacks. This Bandwidth con-troller is implemented in hardware chipset(FPGA) Virtex II Pro which is produced by Xilinx and acts as a policing function. We reference the TBF(Token Bucket Filter) in Linux Kernel 2.4 and implemented this function in HDL(Hardware Description Language) Verilog. This HDL code is synthesized in hardware chipset and performs the gigabit traffic in real time. This policing function can throttle the traffic at the rate of band width controlling policy in bps speed.

• Journal of Digital Convergence
• /
• v.9 no.5
• /
• pp.225-233
• /
• 2011

Internet telephony is an Internet service which supports voice telephone using VoIP technology on the IP-based Internet. It has some advantages in that voice telephone services can be accompanied with multimedia services such as video communication and messaging services. Recently, the introduction of smart phones has led to a growth in social networking services and thus, the research and development of Internet telephony has been actively progressed and has the potential to become a replacement for the telephone service that is currently being used. In this paper we designed and implemented a recording system which records voice data of SIP-based Internet telephone's voice calls. It is developed on the linux system and has some features such as audio mixing of two in/out voice channels, live packet sniffing, and the ability to transfer mixed audio files to the log file server. These functions are implemented using various open source softwares. Afterwards, this VoIP recording system will be applied as a base technology to advanced services like a VoIP-based call center system.

• Korean Journal of Computational Design and Engineering
• /
• v.20 no.1
• /
• pp.65-74
• /
• 2015

Structure and/or fluid analysis is gradually increased by an essential design process in the small and medium-sized businesses (SMBs) because of the needs for a rapid design process and the certification about the supplement of the parts by the large business (LB). In this paper, we developed the web-based ezSIM platform installed in the resources integrated system server. The ezSIM platform is based on the heterogeneous linux and windows operating system for the user-friendly connection with the part of the analysis for the SMBs. The procedure of the structure/fluid analysis service module using the public software and the license-free open code in the ezSIM platform was explained. The convenience of the ezSIM platform service was presented by the reaction rate of the graphic motion compared with that of a local PC and the solving and pre-post processing interface compared with that of the KISTI supercomputer. The web-based ezSIM platform service was identified as a useful and essential platform to the SMBs for the usage of the structure and/or fluid analysis procedure.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.6
• /
• pp.1076-1085
• /
• 2004

Recently, the demands for real-time service and multimedia data are rapidly increasing. There are significant redundancies between header fields both within the same packet header and in consecutive packets belonging to the same packet stream. And there are many overheads in using the current UDP/IP protocol. Header compression is considered to enhance the transmission efficiency for the payload of small size. By sending the static field information only once initially and by utilizing dependencies and predictability for other fields, the header size can be significantly reduced for most packets. This work describes an implementation for header compression of the headers of IP/UDP protocols to reduce the overhead on Ethernet network. Typical UDP/IP Header packets can be compressed down to 7 bytes and the header compression system is designed and implemented in Linux environment. Using the Header compression system designed between a server and clients provides have the advantage of effective data throughput in network. Since the minimum packet size in Ethernet is 64 bytes, the amount of reduction by header compression in practical chatting environment was 6.6 bytes.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.6
• /
• pp.1086-1090
• /
• 2004

Architecture generation is the first step in the design of software systems. Most of the qualities that the final software system possesses are usually decided at the architecture development stage itself. Thus, if the final system should be usable, testable, secure, high performance, mobile and adaptable, then these qualities or non-functional requirements should be engineered into the architecture itself. In particular, adaptability is emerging as an important attribute required by almost all software systems. The machinery and tools in the remote site surveillance and connects intelligence information machinery and tools at Internet. We need the server which uses different embedded operating system to become private use. With the progress of information-oriented society, many device with advanced technologies invented by many companies. However, the current firmware technologies have many problems to meet such high level of new technologies. In this paper, we have successfully ported linux on an embedded system, which is based on intel Strong ARM SA-1110 processor, then written several network modules for internet-based network devices.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.4C
• /
• pp.559-569
• /
• 2004

It has become more difficult to correspond an cyber attack quickly as a pattern of attack becomes various and complex. And, current security mechanisms just have passive defense functionalities. In this paper, we propose new network security architecture to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed architecture make possible to deal effectively with cyber attacks such as IP spoofing or DDoS(Distributed Denial of Service) using active packet technology including a mobile sensor on active network. Active Security Management System based on proposed security architecture consists of active security node and active security server in a security zone, and is designed to have more active correspondent than that of existing mechanisms. We implemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of Active Security Management System. The experimentation results are analyzed.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.3
• /
• pp.47-59
• /
• 2007

IPv4 NAT, which often used in households or under SOHO environments, is one of the factors that delays IPv6 propagation. As IPv4 NAT does not operate properly under the transition mechanism like ISATAP or 6to4 that acts as IPv6-in-IPv4 tunneling type, Microsoft proposed Teredo in order to resolve this issue. However, tunneling transition mechanism like Teredo has a security problem. That is, being tunneled packets have dual IP headers; general firewall systems apply the filtering rules only to the outer header but not inner header when these packets pass the firewall. Furthermore, attacks using unregistered server and relay can take place in Teredo. To resolve these problems, we propose a new packet filtering mechanism exclusively for Teredo. The proposed packet filtering mechanism was designed and implemented by using Linux Netfilter and ip6tables. Through functional and experimental performance tests, this packet filtering system was found operating properly and solving the Teredo packet filtering problems without serious performance degradation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.1
• /
• pp.898-901
• /
• 2005

In this paper, we design an authorization policy module which provides the safty and reliable authorization of the user to provide the resolution for authorization in distributed environments. PKI have been utilized much by an information security-based structure for Internet electronic commerce, it is developing X.509-based in various application field such as a network security. Especially, it provides good resolution for the authentication of the user in the situation not to meet each other, but it is not enough to provide the resolution of the authorization in distributed computing environments. In this paper, We provide AAS model, which can be used distributed resources by distributed users, and design AAS model which is an authorization policy module in the Linux-based Apache Web server.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.2
• /
• pp.415-420
• /
• 2010

This paper describes the design overview of shared file system $SANique^{TM}$ and analyzes the performance evaluation results of I/O intensive stress test based on various cluster file system architectures. Especially, we illustrate the performance analysis for the comparison results between the $SANique^{TM}$ and the Linux file system EXT3 system that is used to generally in Unix world. In order to perform our evaluation, Oracle 10g database system is operated on the top of cluster file system, and we developed the various kinds of testing tools which are compiled by ESQL/C from Oracle. Three types of architectures are used in this performance evaluation. Those are the cluster file system $SANique^{TM}$, EXT3 and the combined architecture of $SANique^{TM}$ and EXT3. In this paper, we present that the results of $SANique^{TM}$ outperforms other cluster file systems in the overhead for providing the true sharing over the connecting server nodes.

• Journal of KIISE:Computer Systems and Theory
• /
• v.31 no.9
• /
• pp.527-535
• /
• 2004

Handling mixed workload in digital set-top box or streaming server becomes an important issue as integrated file system gets momentum as the choice for the next generation file system. The next generation file system is required to handle real-time audio/video playback while being able to handle text requests such as web page, image file, etc. Legacy file system provides only best effort I/O service and thus cannot properly support the QoS of soft real-time I/O. In this paper, we would like to present our experience in developing the file system which fan guarantee the QoS of multimedia stream. We classify all application I/O requests into two category: periodic I/O and sporadic I/O. The QoS requirement of multimedia stream could be guaranteed by giving a higher priority to periodic requests than sporadic requests. The proto-type file system(Qosfs) is developed on Linux Operating System.