• Journal of Korea Society of Industrial Information Systems
• /
• v.10 no.2
• /
• pp.67-75
• /
• 2005

In this paper, we design and implement real time IP security packet analyzer on IPv4 and IPv6 network. This packet analyzer sniffs and analyzes the packets generated by the protocols that are used by IPsec, IKE, IPv4 and IPv6 such as AH, ESP, ISAKMP, IP, ICMP and so on. The purpose of this analyzer is to check current security status of the network automatically. In this paper we provide implementation details and the examples of security evaluation by using our security packet analyzer system.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.4
• /
• pp.75-82
• /
• 2017

While the internet has evolved in terms of information sharing and efficiency, it is still prone to security attacks and remains vulnerable even when equipped with a security mechanism. Repeated patching against hacks involves excessive wear of system equipment and high costs. Methods of improving network security include the introduction of security equipment and network partitions, but they have not been fully effective. A fundamental solution is the Operation Content Network (OCN), which enables the strengthening of authentication. In this paper, Instead of following the existing TCP/IP system, OCN establishes an immunity-based security system through content-centric communications. Data transmission occurs over a Content Centric Network (CCN), which is provided with a protocol verified by the CCNx group. Areas protected by OCN rely only on CCN for communication without using any IP. As such, it defends the system against unknown attacks, including zero-day attacks.

• Proceedings of the KIEE Conference
• /
• 2004.11c
• /
• pp.687-689
• /
• 2004

As using of network increases rapidly, performance of system has been deteriorating because of the overhead and bottleneck. Nowadays, High speed I/O network standard, that is a sort of PCI Express, HyperTransport, InfiniBand, and so on, has come out to improve the limites of traditional I/O bus. The InfiniBand Architecture(IBA) provides some protocols to service the applications such as SDP, SRP and IPoIB. In our paper, We explain the architecture of IPoIB (IP over InfiniBand) and its features in channel based I/O network. And so we provide a performance evaluation result of IPoIB which is compared with current network protocol. Our experimental results also show that IPoIB is batter than TCP/IP protocol. For this test, We use the dual processor server systems and Linux Redhat 9.0 operating system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.3
• /
• pp.549-557
• /
• 2017

ICMP(Internet Control Message Protocol) is a main protocol in TCP/IP protocol stack. ICMP compensates the disadvantages of the IP that does not support error reporting. If any transmission problem occurred, a router or receiving host sends ICMP message containing the error cause to sending host. However, in this process, an attacker sends a fake ICMP messages to the host so that the communication can be terminated abnormally. An attacker host can paralyzes system of victim host by sending a large number of messages to the victim host at a high rate of speed. To solve this problem, we have designed and implemented outbound traffic controller that prevents various ICMP attacks. By preventing the transmission of attack messages in different ways according to each case, various network attacks can be prevented. In addition, unnecessary network traffic can be filtered before transmitted.

• KIPS Transactions on Computer and Communication Systems
• /
• v.10 no.12
• /
• pp.319-328
• /
• 2021

With popularization of services for massive content, the fundamental limitations of TCP/IP networking were discussed and a new paradigm called Information-centric networking (ICN) was presented. In ICN, content is addressed by the content identifier (content name) instead of the location identifier such as IP address, and network nodes can use the cache to store content in transit to directly service subsequent user requests. As the user request can be serviced from nearby network caches rather than from far-located content servers, advantages such as reduced service latency, efficient usage of network bandwidth, and service scalability have been introduced. However, these advantages are determined by how actively content stored in the cache can be utilized. In this paper, we 1) introduce content access schemes in Named-data networking, one of the representative ICN architectures; 2) in particular, review the schemes that allow access to cached content away from routing paths; 3) conduct comparative study on the performance of the schemes using the ndnSIM simulator.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.51 no.12
• /
• pp.210-216
• /
• 2014

In this paper, it was proposed to develop front and rear image monitoring system for vehicle that help a driver to cope with urgent situation about a dangerous element. When parking a vehicle, the risk factors to be formed by the dead zone can be resolved by using anterior and posterior cameras of the vehicle. In embedded system environment, a SoC(System on Chip) and two high-resolution CMOS (Complementary metal-oxide-semiconductor) image sensors were used to transfer two high-resolution image data through he TCP/ IP-based network. To transfer image data through he TCP/ IP-based network, the images received by two cameras were compressed by using H.264 and they were transmitted with wireless method(Wi-Fi) by using real-time transport protocol (Real-time Transport Protocol). Transmission loss, transmission delay and transmission limit were solved in wireless (Wi-Fi) environment and the bit-rate of two image data compressed by H.264 was adjusted. And the system for the optimal transmission in wireless (Wi-Fi) environment was materialized and experimented.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.2
• /
• pp.305-311
• /
• 2010

iATA (Internet Advanced Technology Attachment) is a block-level protocol developed to transfer ATA commands over TCP/IP network, as an alternative network storage solution to address insufficient storage problem in mobile devices. This paper employs RAID5 distributed storage servers concept into iATA, in which the idea behind is to combine several machines with relatively inexpensive disk drives into a server array that works as a single virtual storage device, thus increasing the reliability and speed of operations. In the case of one machine failed, the server array will not destroy immediately but able to function in a degradation mode. Meanwhile, information can be easily recovered by using boolean exclusive OR (XOR) logical function with the bit information on the remaining machines. We perform I/O measurement and benchmark tool result indicates that additional fault tolerance feature does not delay read/write operations with reasonable file size ranged in 4KB-2MB, yet higher data integrity objective is achieved.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.41 no.10
• /
• pp.1-9
• /
• 2004

User-Perceived application-level performance is a key to the adoption and success of CDMA 2000. To predict this performance in advance, a detailed end-to-end simulation model of a CDMA network was built to include application traffic characteristics, network architecture, network element details, and protocol features. We assess the user application performance when a Radio Access Network (RAN) and a Core Network (CN) adopt different transport architectures such as ATM and If. For voice Performance, we found that the vocoder bypass scenario shows 8% performance improvement over the others. For data packet performance, we found that HTTP v.1.1 shows better performance than that of HTTP v.1.0 due to the pipelining and TCP persistent connection. We also found that If transport technology is better solution for higher FER environment since the IP packet overhead is smaller than that of ATM for web browsing data traffic, while it shows opposite effect to small size voice packet in RAN architecture. Though simulation results we showed that the 3G-lX EV system gives much better packet delay performance than 3G-lX RTT, the main conclusion is that end-to-end application-level performance is affected by various elements and layers of the network and thus it must be considered in all phases of the technology evolution process.

• Proceedings of the KIEE Conference
• /
• 2006.07d
• /
• pp.1828-1829
• /
• 2006

In this paper, we propose sliding mode congestion controller for differentiated-services network. Two important issue in differentiated-services architecture are bandwidth guarantee and fair sharing of unsubscribed bandwidth among TCP flows with and without bandwidth reservation. We use tight upper and lower bounds for various settings of differentiated-services parameters using the loss-bounded model. The Sliding mode congestion controller scheme is designed using nonlinear control theory based on a nonlinear model of the network that is generated using fluid flow consideration. The methodology used is general and independent of technology, as for example TCP/IP or ATM. The sliding mode congestion controller methodology has been applied to an TCP network. We use NS-2 simulation to demonstrate that the proposed control methodology achieves the desired behavior of the network, and possesses important attributes. as e.g, stable and robust behavior, high utilization with bounded delay and loss, together with good steady-state and transient behavior.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.559-561
• /
• 1998

인터넷의 급속한 성장과 함께 휴대용 컴퓨터의 보급은 사용자로 하여금 이동 컴퓨팅을 가능케 하고 있다. IETF의 Mobile IP표준은 TCP/IP 망에서의 호스트 이동의 정의한다. 또한 인터넷을 통한 다자간 영상회의나 원격공동작업 등의 멀태캐스트 응용들이 개발되었다. 현재 이동 컴퓨팅과 멀티 캐스팅 전송기술을 접목시키는 연구사 활발히 진행되고 있으며 본 논문에서는 광대역 환경에서 도메인 네임 서버를 이용하여 기존의 이동 멀티캐스트 방법이 가지는 통신지연시간 문제를 해결하는 새로운 서비스 모델을 제시한다.