• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.573-586
• /
• 2016

With the adoption of cloud computing, the number of companies that take advantage of cloud computing has increased. Additionally, various of existing service providers have moved their service onto the cloud and provided user with various cloud-based service. The management of user authentication and authorization in cloud-based service technology has become an important issue. This paper introduce a new technique for providing authentication and authorization with other inter-cloud IAM (Identity and Access Management). It is an essential and easy method for data sharing and communication between other cloud users. The proposed system uses the credentials of a user that has already joined an organization who would like to use other cloud services. When users of a cloud provider try to obtain access to the data of another cloud provider, part of credentials from IAM server will be forwarded to the cloud provider. Before the transaction, Access Agreement must be set for granting access to the resource of other Organization. a user can access the resource of other organization based on the control access configuration of the system. Using the above method, we could provide an effective and secure authentication system on the cloud.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.6
• /
• pp.1107-1114
• /
• 2004

System Packet Interface Level 4 Phase 2(SPI-4.2) is an interface for packet and cell transfer between a physical layer(PHY) device and a link layer device, for aggregate bandwidths of OC-192 ATM and Packet Over Sonet/SDH(POS), as well as 10Gbps Ethernet applications. SPI-4.2 core consists of Tx and Rx modules and supports full duplex communication. Tx module of SPI-4.2 core writes 64-bit data word and 14-bit header information from the user interface into asynchronous FIFO and transmits DDR(Double Data Rate) data over PL4 interface. Rx module of SPI-4.2 core operates in vice versa. Tx and Rx modules of SPI-4.2 core are designed to support maximum 256-channel and control the bandwidth allocation by configuring the calendar memory. Automatic DIP4 and DIP-2 parity generation and checking are implemented within the designed core. The designed core uses Xilinx ISE 5.li tool and is described in VHDL Language and is simulated by Model_SIM 5.6a. The designed core operates at 720Mbps data rate per line, which provides an aggregate bandwidth of 11.52Gbps. SPI-4.2 interface core is suited for line cards in gigabit/terabit routers, and optical cross-connect switches, and SONET/SDH-based transmission systems.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.5B
• /
• pp.385-394
• /
• 2012

The tactical mobile communication network, which comprises a part of the next-generation Tactical Information and Communication Network (TICN), provides means of communication and control for Tactical Multi-Functional Terminals (TMFT) belonging to a Mobile Subscriber Access Point (MSAP). The next-generation of MSAP is capable of constructing a backbone network via LCTR and HCTR directional antennas. At the same time, WMN modules are used to create and manage a wireless mesh backbone. When directional antennas are used in mobile environments, seamless services cannot be efficiently supported as the movement of the node prevents the angle of the antenna to constantly match. Therefore, data communication through the wireless mesh networks is required to provide direct communication between mobile MSAPs. Accordingly, mutual authentication and data encryption mechanisms are required to provide reliable data transmission in this environment. To provide efficient mutual authentication between MSAP devices, the process of verifying a certificate of the other MSAP device through its own authentication server is required. This paper proposes mutual authentication mechanisms where the MSAP requiring authentication and the MSAP that permits it initiates low-cost and efficient authentication in a distributed way. More specifically, we propose a method of applying EAP-ELS (Extensible Authentication Protocol-Transport Layer Security) in the next-generation TICN.

• Journal of Intelligence and Information Systems
• /
• v.26 no.4
• /
• pp.87-109
• /
• 2020

Currently, thanks to the major stride made in developing wired and wireless communication technology, a variety of IT services are available on land. This trend is leading to an increasing demand for IT services to vessels on the water as well. And it is expected that the request for various IT services such as two-way digital data transmission, Web, APP, etc. is on the rise to the extent that they are available on land. However, while a high-speed information communication network is easily accessible on land because it is based upon a fixed infrastructure like an AP and a base station, it is not the case on the water. As a result, a radio communication network-based voice communication service is usually used at sea. To solve this problem, an additional frequency for digital data exchange was allocated, and a ship ad-hoc network (SANET) was proposed that can be utilized by using this frequency. Instead of satellite communication that costs a lot in installation and usage, SANET was developed to provide various IT services to ships based on IP in the sea. Connectivity between land base stations and ships is important in the SANET. To have this connection, a ship must be a member of the network with its IP address assigned. This paper proposes a SANET-CC protocol that allows ships to be assigned their own IP address. SANET-CC propagates several non-overlapping IP addresses through the entire network from land base stations to ships in the form of the tree. Ships allocate their own IP addresses through the exchange of simple requests and response messages with land base stations or M-ships that can allocate IP addresses. Therefore, SANET-CC can eliminate the IP collision prevention (Duplicate Address Detection) process and the process of network separation or integration caused by the movement of the ship. Various simulations were performed to verify the applicability of this protocol to SANET. The outcome of such simulations shows us the following. First, using SANET-CC, about 91% of the ships in the network were able to receive IP addresses under any circumstances. It is 6% higher than the existing studies. And it suggests that if variables are adjusted to each port's environment, it may show further improved results. Second, this work shows us that it takes all vessels an average of 10 seconds to receive IP addresses regardless of conditions. It represents a 50% decrease in time compared to the average of 20 seconds in the previous study. Also Besides, taking it into account that when existing studies were on 50 to 200 vessels, this study on 100 to 400 vessels, the efficiency can be much higher. Third, existing studies have not been able to derive optimal values according to variables. This is because it does not have a consistent pattern depending on the variable. This means that optimal variables values cannot be set for each port under diverse environments. This paper, however, shows us that the result values from the variables exhibit a consistent pattern. This is significant in that it can be applied to each port by adjusting the variable values. It was also confirmed that regardless of the number of ships, the IP allocation ratio was the most efficient at about 96 percent if the waiting time after the IP request was 75ms, and that the tree structure could maintain a stable network configuration when the number of IPs was over 30000. Fourth, this study can be used to design a network for supporting intelligent maritime control systems and services offshore, instead of satellite communication. And if LTE-M is set up, it is possible to use it for various intelligent services.