• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.4B
• /
• pp.210-217
• /
• 2005

With rapid advance in wireless communication technologies, many researches are conducted for providing Internet data services while users are roaming around. Efficient management of mobility of mobile nodes is essential as the use of real-time application program grows. In this paper, we propose a multicast-based localized mobility support scheme in IPv6 networks. The proposed scheme utilizes a class of multicast routing protocol for the localized mobility support. Features of the proposed scheme are use of join to a multicast group and leave from that group to localize binding update information and provision of an extended multicast group management mechanism to reduce leave latency. The results of simulation show that the proposed scheme out-performs Mobile IPv6 and Hierarchical Mobile IPv6 in UDP and TCP traffic performance and in wasted bandwidth.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.437-447
• /
• 2003

In order to reduce the increasing packet loss rates caused by an exponential increase in network traffic, the IETF(Internet Engineering Task Force) is considering the deployment of active queue management techniques such as RED(Random Early Detection) algorithm. However, RED algorithm simple but does not protect traffic from high-bandwidth flows, which include not only flows that fail to use end-to-end congestion control such as UDP flow, but also short round-trip time TCP flows. In this paper, in order to solve this problem, we propose a simple fairness queue management scheme, called AFQM(Approximate Fair Queue Management) algorithm, that discriminate against the flows which submit more packets/sec than is allowed by their fair share. By doing this, the scheme aims to approximate the fair queueing policy Since it is a small overhead and easy to implement, AFQM algorithm controls unresponsive or misbehaving flows with a minimum overhead.

• Journal of Broadcast Engineering
• /
• v.24 no.4
• /
• pp.602-612
• /
• 2019

Various streaming technologies are being studied to guarantee the QoE of viewers due to the development of realistic media. HTTP adaptive streaming is a typical example, and it is based on HTTP / 1.1 and TCP. These protocols have become one of the causes of delaying the image delay and increasing the waiting time of web pages. Therefore, in this paper, we propose a QUIC-DASH system applying the UDP-based transmission protocols QUIC and HTTP / 2 to the MPEG-DASH system after analyzing various transmission protocols and development process of HTTP. Through experiments, the QUIC-DASH system confirmed the possibility of providing optimal performance in terms of transmission speed of LTE environment than existing system. We also suggest various future studies for better performance.

• Journal of Convergence for Information Technology
• /
• v.10 no.12
• /
• pp.22-30
• /
• 2020

With the development of information and communication technology, DDoS and DRDoS continue to become security issues, and gradually develop into advanced techniques. Recently, IT companies have been threatened with DRDoS technology, which uses protocols from normal servers to exploit as reflective servers. Reflective traffic is traffic from normal servers, making it difficult to distinguish from security equipment and amplified to a maximum of Tbps in real-life cases. In this paper, after comparing and analyzing the DNS amplification and Memcached amplification used in DRDoS attacks, a countermeasure that can reduce the effectiveness of the attack is proposed. Protocols used as reflective traffic include TCP and UDP, and NTP, DNS, and Memcached. Comparing and analyzing DNS protocols and Memcached protocols with higher response sizes of reflective traffic among the protocols used as reflective traffic, Memcached protocols amplify ±21% more than DNS protocols. The countermeasure can reduce the effectiveness of an attack by using the Memcached Protocol's memory initialization command. In future studies, various security-prone servers can be shared over security networks to predict the fundamental blocking effect.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.4
• /
• pp.111-117
• /
• 2009

Improvement of Wireless internet and handheld devices makes it possible that users can use various multimedia services. But, access point devices are needed while using handheld devices, and those devices use virtual network address for networking. For that reason, end-users hardly use the 1:1 voice or video chat, and messenger service that require direct communications between devices. Also, service providers need central server for relaying packets from terminals to others, the traffic and costs of relaying go high, so real-time massive data transmission services are restrictively provided. In this study, we apply TCP/UDP hole punching technique to those applications. And we implement service that supports real-time multimedia direct transmission between equipments that use virtual network addresses.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.10
• /
• pp.101-110
• /
• 2009

The 6LoWPAN(IPv6 Low-power Wireless Personal Area Network) performs IPv6 header compression, TCP/UDP/IGMP header compression, packet fragmentation and re-assemble to transmit IPv6 packet over IEEE 802,15.4 MAC/PHY. However, from the point of view of security. It has the existing security threats issued by IP packet fragmenting and reassembling, and new security threats issued by 6LoWPAN packet fragmenting and reassembling would be introduced additionally. If fragmented packets are retransmitted by replay attacks frequently, sensor nodes will be confronted with the communication disruption. This paper analysis security threats introduced by 6LoWPAN fragmenting and reassembling, and proposes a re-transmission mechanism that could minimize re-transmission to be issued by replay attacks. Re-transmission procedure and fragmented packet structure based on the 6LoWPAN standard(RFC4944) are designed. We estimate also re-transmission delay of the proposed mechanism. The mechanism utilizes timestamp, nonce, and checksum to protect replay attacks. It could minimize reassemble buffer overflow, waste of computing resource, node rebooting etc., by removing packet fragmentation and reassemble unnecessary.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.5
• /
• pp.149-156
• /
• 2009

Korean WiBro becomes international standard to IEEE 802.16e, and We are carrying out a WiBro network business from capital regions. We executed eavesdropping about voices and messenger program and the VoIP which frequently happened in WiBro networks at these papers. We have a lot in common with the Wireshark which is a packet collection and an analyzer, and We execute eavesdropping, and We reproduce eavesdropping data with bases to a SIP, H.263, TCP, UDP protocol through packets. In time of a copy of a packet negative the VoIP which verify time with bases, and was eavesdropped on integrity packet and a X-Lite call record, be matched that a packet is counterfeit forgery did not work, and We demonstrate, and verify integrity. The data which integrity was verified put in a seaming envelope, and we prepare so as it is to a liver of investigator, and execute, and to be able to do use to proof data after seaming in courts in order to utilize as criminal investigation data.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05a
• /
• pp.177-180
• /
• 2003

TMO (Tim-triggered Message-triggered Object) 는 분산환경에서의 정시보장 컴퓨팅을 목표로 제안된 실시간 객체 모델이다. TMO는 객체 자료저장소(object data store), 주기와 데드라인에 의해 구동되는 쓰레드와 이벤트 메시지 전달에 의해 데드라인 방식으로 구동되는 쓰레드로 구성된다. 이러한 TMO 의 수행을 위해, 윈도우 운영체제상의 WTMOS, 리눅스 상의 LTMOS 와 리눅스 커널 내부에서 TMO를 제공하기 위한 TMO-Linux등의 엔진들이 개발되었다. 이러한 엔진들은 서로 다른 플랫폼을 가진 네트워크 환경에서 논리적 멀티캐스트 채널 방식의 분산 IPC 를 기반으로 TMO 의 분산 컴퓨팅을 지원한다 단, 기존의 분산 IPC 는 UDP 기반의 브로드캐스트 방식을 사용하기 때문에 같은 서브 네트워크에 속한 노드들로만 분산 환경을 구축할 수 있고, 특정 채널을 사용하지 않는 노드에도 메시지를 전달하는 브로드캐스팅 오버혜드가 발생하며, UDP 의 특성에 기인한 신뢰성 저하의 문제를 갖고 있다 본 논문에서는 이러한 단점을 극복하기 위해, TMO 엔진의 분산 IPC 모델에 Channel Binding을 통한 그룹 커뮤니케이션 기법을 도입하고 이를 TCP 기반으로 확장하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.409-411
• /
• 2014

WAVE 기술은 차량이 고속 이동환경에서 차량간 또는 차량과 인프라간 패킷을 짧은 시간 내에 주고 받을 수 있는 무선통신 기술이다. 본 논문의 목적은 차량이 WAVE 시스템에 통신 할 때 상대방의 인증서가 폐기 되었는지 확인하기 위한 CRL(Certificate Revocation List) 다운로드 프로토콜을 설계하는 것이다. CRL 다운로드 프로토콜은 WAVE 시스템 환경에 맞추기 위해 TCP(Transmission Control Protocol)가 아닌 UDP(User Datagram Protocol) 상에서 동작한다. 그리고 보안기능을 지원하기 위해 ECDSA 를 사용하여 상호 인증을 하고 ECIES 를 사용하여 인증서의 기밀성을 보장한다. 또한 이 프로토콜은 MAC 을 CRL 데이터에 붙여 데이터의 무결성을 보장하고, UDP 상에서 동작할 때 발생할 수 있는 데이터의 손실을 줄이기 위해 에러 및 흐름제어 방식으로 Selective repeat ARQ 를 사용한다.

• The KIPS Transactions:PartA
• /
• v.15A no.4
• /
• pp.199-210
• /
• 2008

A Clustering based wireless internet proxy server needs a layer-7 load balancer with URL hashing methods to reduce the total storage space for servers. Layer-4 load balancer located in front of server cluster is to distribute client requests to the servers with the same contents at transport layer, such as TCP or UDP, without looking at the content of the request. Layer-7 load balancer located in front of server cluster is to parse client requests in application layer and distribute them to servers based on different types of request contents. Layer 7 load balancer allows servers to have different contents in an exclusive way so that it can minimize the total storage space for servers and improve overall cluster performance. However, its scalability is limited due to the high overhead of parsing requests in application layer as different from layer-4 load balancer. In order to overcome its scalability limitation, in this paper, we propose a distributed layer-7 load balancer by replacing a single layer-7 load balancer in the conventional scheme by a single layer-4 load balancer located in front of server cluster and a set of layer-7 load balancers located at server cluster. In a clustering based wireless internet proxy server, we implemented the conventional scheme by using KTCPVS(Kernel TCP Virtual Server), a linux based layer-7 load balancer. Also, we implemented the proposed scheme by using IPVS(IP Virtual Server), a linux-based layer-4 load balancer, installing KTCPVS in each server, and making them work together. We performed experiments using 16 PCs. Experimental results show scalability and high performance of the proposed scheme, as the number of servers grows, compared to the conventional scheme.