• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.213-225
• /
• 2022

Containerization, a lightweight virtualization technology, enables agile deployments of enterprise-scale microservices in modern cloud environments. However, containerization also opens a new window for adversaries who aim to disrupt the cloud environments. Since microservices are composed of multiple containers connected through a virtual network, a single compromised container can carry out network-level attacks to hijack its neighboring containers. While existing solutions protect containers against such attacks by using network access controls, they still have severe limitations in terms of performance. More specifically, they significantly degrade network performance when processing packet payloads for L7 access controls (e.g., HTTP). To address this problem, we present BPFast, an eBPF/XDP-based payload inspection system for containers. BPFast inspects headers and payloads of packets at a kernel-level without any user-level components. We evaluate a prototype of BPFast on a Kubernetes environment. Our results show that BPFast outperforms state-of-the-art solutions by up to 7x in network latency and throughput.

• Journal of Digital Contents Society
• /
• v.9 no.4
• /
• pp.607-616
• /
• 2008

By the advancement of computer & network technology, the paridigm of 'Network Computer' has been realizing`. In what is called network computer, computer system and computing resource is incomparably seem to be expanded compared with conventional network technology[1]. Network connected computer system consitute a massive virtual computer, it is possible for people to use an enourmous amout of computing resource distributed widely through the network. It is also possible that we make client lightweight by the use of computer system & all shared computing resources on the network in our computer processing and we call this type of client system as thin-client. Thin-client and network computer are on and the same network paradigm in that both paradigm featuring the active use of computer system and resource on the network[2]. In network computer paragem, network itself is regarded as a basic platform for the transfer of application, so it is possible that client access remote serve system to run remote applications through the network[3]. In this paper, we propose the system architecture for the implementation of network computer by the use of Web browser, X window system and Pyjamas. By the use of network computer proposed in this paper, it is possible for people to run application on the server system as if he run local application, and it is expected to improve the security and maintenance efficiency.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.12
• /
• pp.4682-4705
• /
• 2020

The Unmanned Aerial Vehicles (UAV) networks consisting of low-cost UAVs are very vulnerable to smart jammers that can choose their jamming policies based on the ongoing communication policies accordingly. In this article, we propose a novel cloud and edge-aided mobile communication scheme for low-cost UAV network against smart jamming. The challenge of this problem is to design a communication scheme that not only meets the requirements of defending against smart jamming attack, but also can be deployed on low-cost UAV platforms. In addition, related studies neglect the problem of decision-making algorithm failure caused by intermittent ground-to-air communication. In this scheme, we use the policy network deployed on the cloud and edge servers to generate an emergency policy tables, and regularly update the generated policy table to the UAVs to solve the decision-making problem when communications are interrupted. In the operation of this communication scheme, UAVs need to offload massive computing tasks to the cloud or the edge servers. In order to prevent these computing tasks from being offloaded to a single computing resource, we deployed a lightweight game algorithm to ensure that the three types of computing resources, namely local, edge and cloud, can maximize their effectiveness. The simulation results show that our communication scheme has only a small decrease in the SINR of UAVs network in the case of momentary communication interruption, and the SINR performance of our algorithm is higher than that of the original Q-learning algorithm.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.5
• /
• pp.668-674
• /
• 2022

Machine learning techniques using visual data have high usability in fields of industry and service such as scene recognition, fault detection, security and user analysis. Among these, user analysis through the videos from CCTV is one of the practical way of using vision data. Also, many studies about lightweight artificial neural network have been published to increase high usability for mobile and embedded environment so far. In this study, we propose the network combining the object detection and classification for mobile graphic processing unit. This network detects pedestrian and face, classifies age and gender from detected face. Proposed network is constructed based on MobileNet, YOLOv2 and skip connection. Both detection and classification models are trained individually and combined as 2-stage structure. Also, attention mechanism is used to improve detection and classification ability. Nvidia Jetson Nano is used to run and evaluate the proposed system.

• Journal of Advanced Navigation Technology
• /
• v.28 no.4
• /
• pp.428-435
• /
• 2024

In this paper, a human activity regeneration (HAR) system based on multiple input multiple output frequency modulation continuous wave (MIMO FMCW) radar was designed and implemented. Using point cloud data from MIMO radar sensors has advantages in terms of privacy, safety, and accuracy. For the implementation of the HAR system, a customized neural network based on PointPillars and depthwise separate convolutional neural network (DS-CNN) was developed. By processing high-resolution point cloud data through a lightweight network, high accuracy and efficiency were achieved. As a result, the accuracy of 98.27% and the computational complexity of 11.27M multiply-accumulates (Macs) were achieved. In addition, the developed neural network model was implemented on Raspberry-Pi embedded system and it was confirmed that point cloud data can be processed at a speed of up to 8 fps.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.193-200
• /
• 2023

Cryptanalysis can be performed by various techniques such as known plaintext attack, differential attack, side-channel analysis, and the like. Recently, many studies have been conducted on cryptanalysis using deep learning. A known-plaintext attack is a technique that uses a known plaintext and ciphertext pair to find a key. In this paper, we use deep learning technology to perform a known-plaintext attack against S-PRESENT, a reduced version of the lightweight block cipher PRESENT. This paper is significant in that it is the first known-plaintext attack based on deep learning performed on a reduced lightweight block cipher. For cryptanalysis, MLP (Multi-Layer Perceptron) and 1D and 2D CNN(Convolutional Neural Network) models are used and optimized, and the performance of the three models is compared. It showed the highest performance in 2D convolutional neural networks, but it was possible to attack only up to some key spaces. From this, it can be seen that the known-plaintext attack through the MLP model and the convolutional neural network is limited in attackable key bits.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.61 no.2
• /
• pp.347-353
• /
• 2012

In this paper, authors will develop the quick and precise remote controller of automatic fire detection equipment (P-type one-class receiver) based on information communication technology (IT). The remote controller detects the fire and disaster in the building automatically and quickly and then activates the facilities to extinguish the fire and disaster, monitoring such situation in a real time through wire-wireless communication network. The proposed remote controller is applied a programmable logic device (PLD) micom. of one-chip type which is small size and lightweight and also has highly sensitive-precise reliabilities. The one-chip type PLD micom. analyzes digital signals from sensors, then activates fire extinguishing facilities for alarm and rapid suppression in a case of fire and disaster. The detected data is also transferred to a remote situation room through wire-wireless network of RS232c and bluetooth communication, and then the situation room sends an emergency alarm signal. The automatic fire detection equipment (AFDE) based on IT will minimize the life and wealth loss while prevents fire and disaster.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.946-959
• /
• 2018

Recently interest in Internet of Things(IoT) has attracted significant attention at national level. IoT can create new services as a technology to exchange data through connections among a huge number of objects around the user. Data communication between objects provides not only information collected in the surrounding environment but also various personalized information. IoT services which provide these various types of data are exposed to numerous security vulnerabilities. If data is maliciously collected and used by an attacker in an IoT environment that deals with various data, security threats are greater than those in existing network environments. Therefore, security of all data exchanged in the IoT environment is essential. However, lightweight terminal devices used in the IoT environment are not suitable for applying the existing encryption algorithm. In addition, IoT networks consisting of many sensors require group communication. Therefore, this paper proposes a secure multicast scheme using the proxy re-encryption method based on Vehicular ad-hoc networks(VANET) environment. The proposed method is suitable for a large-scale dynamic IoT network environment using unreliable servers.

• Proceedings of the KSME Conference
• /
• 2007.05a
• /
• pp.349-353
• /
• 2007

The main functions of excavator are mainly carried out by excavator attachments such as arm and boom. These components should be designed to be light as well as durable enough because their effects on the whole structure are significant. In this paper, an optimization procedure for lightweight design considering fatigue strength for excavator attachments is presented. The weight of attachments and allowable fatigue stresses at critical areas are used as objective function and constraints, respectively, in which design variables are the thickness of the plates of attachments. The simulated annealing search method is adopted for a global optimization solution. Besides, the response surface method using the artificial neural network is used to simulate constraint function for the sake of practical fast calculation. Some example case of optimization is presented here for a sample excavator. This weight optimization is expected to contribute to a considerable improvement of fuel efficiency of excavator.

• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.57-62
• /
• 2017

With various sensors and communications capabilities, the Internet is growing larger as the internet can communicate with the Internet. Given the growing vulnerability of the internet market, the development of security and security is increasing, and the development of the internet is actively evolving and the development of the internet is actively being carried out. In particular, it is required to introduce lightweight and secure authentication schemes, especially those that are difficult to use due to the difficulty of using authentication schemes. Thus, the safety of the secure authentication system of the Internet is becoming very important. Therefore, in this thesis, we propose certification technologies on secure objects to ensure correct, safe communication in the context of the internet context.