• Journal of Information Processing Systems
• /
• v.20 no.1
• /
• pp.38-52
• /
• 2024

The 5G is the 5th generation mobile network that provides enhanced mobile broadband, ultra-reliable & low latency communications, and massive machine-type communications. New services can be provided through multi-access edge computing, network function virtualization, and network slicing, which are key technologies in 5G mobile communication. However, these new technologies provide new attack paths and threats. In this paper, we analyzed the overall threats of 5G mobile communication through a literature review. First, defines 5G mobile communication, analyzes its features and technology architecture, and summarizes possible security issues. Addition, it presents security threats from the perspective of user devices, radio access network, multi-access edge computing, and core networks that constitute 5G mobile communication. After that, security requirements for threat factors were derived through literature analysis. The purpose of this study is to conduct a fundamental analysis to examine and assess the overall threat factors associated with 5G mobile communication. Through this, it will be possible to protect the information and assets of individuals and organizations that use 5G mobile communication technology, respond to various threat situations, and increase the overall level of 5G security.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.10
• /
• pp.6310-6316
• /
• 2014

The increase in the Internet and smart device users requires high-level network security. Network security consists of Web Firewall, Network Firewall, IPS, DDoS system, UTM (Unified Treat Management), VPN, NAC (Network Access Control), Wireless security, Mobile security, and Virtualization. Most network security solutions running on IPv4, and IPv6 network services are not sufficiently ready. Therefore, in this paper, this study designed and implemented important functions of Network Access Control (NAC), which include IPv6 host detection, isolation, blocking and domain assignment for the IPv6 network. In particular, domain assignment function makes 128 bits IPv6 address management easy. This system was implemented on a KISA IPv6 test-bed using well known devices. Finally, the test result showed that all IPv6 based wired and wireless devices were well-controlled (detection, blocking, isolation and domain assignment).

• KNOM Review
• /
• v.22 no.3
• /
• pp.1-12
• /
• 2019

Recently, researching using big data and AI has emerged as a major issue in the ICT field. But, the size of big data for research is growing exponentially. In addition, users of data transmission of existing network method suggest that the problem the time taken to send and receive big data is slower than the time to copy and send the hard disk. Accordingly, researchers require dynamic and flexible network technology that can transmit data at high speed and accommodate various network structures. SDN/NFV technologies can be programming a network to provide a network suitable for the needs of users. It can easily solve the network's flexibility and security problems. Also, the problem with performing AI is that centralized data processing cannot guarantee real-time, and network delay occur when traffic increases. In order to solve this problem, the edge-computing technology, should be used which has moved away from the centralized method. In this paper, we investigate the concept and research trend of SDN, NFV, and edge-computing technologies, and analyze the trends of data central network technologies used by combining these three technologies.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.118-120
• /
• 2017

모바일 이동통신망의 Core 노드들은 2G CDMA, 3G WCDMA, 4G LTE 교환기를 비롯하여 IMS 및 다양한 부가장비들로 이루어져 있다. 최근 5G로 진화하는 과정에는 NFV(Network Function Virtualization)가 그 중심에 서 있다. NFV 환경에서는 기존 통신 노드와 다르게 범용서버 및 범용 운영체제가 주축이 되어, 일반 IT 툴로도 통신망 내부 노드의 로그분석이 용이해 졌다. 또한 다양하고 복잡한 Core 네트워크에서 빅데이터로 발생하는 로그 또한 머신러닝으로 분석이 가능하며, 운용에 활용할 수 있다. 따라서 본 연구에서는 vDPI, vMMSGW OS 로그를 대상으로 분석하였으며, 잠재되어 있는 문제점들을 확인할 수 있었다. 또한 어플리케이션의 비정형화 된 로그에서도 비정상적인 패턴들을 발견하여 대용량 트래픽이 발생하며 SLA가 유난히 높은 통신환경에서도 비지도 머신러닝 분석이 유용함을 확인하였다.

• Journal of the Korea Convergence Society
• /
• v.7 no.1
• /
• pp.1-8
• /
• 2016

Cloud computing technology offers function that share each other computer resource, software and infra structure based on network. Virtualization is a very useful technology for operation efficiency of enterprise's server and reducing cost, but it can be target of new security threat when it is used without considering security. This paper proposes access control mechanism based on MAC(Mandatory Access Control) for cloud convergence that solve various problem that can occur in cloud environment. This mechanism is composed of set of state rules, security characteristics and algorithm. Also, we prove that the machine system with access control mechanism and an initial secure state is a secure system. This policy module of mechanism is expected to not only provide the maintenance but also provide secure resource sharing between virtual machines.

• The Journal of the Convergence on Culture Technology
• /
• v.5 no.1
• /
• pp.401-407
• /
• 2019

SDN(Softeware Defined Networking) has emerged to address the rapidly growing demand for cloud computing and to support network virtualization services. Therefor many companies and organizations have taken SDN as a next-generation network technology. However, unlike the wired network where the SDN is originally designed, the SDN in the wireless network has a restriction that it can not provide the mobility of the node. In this paper, we extended existing openflow protocol of SDN and developed SDN-based network platform, which enables the SDN controller to manage the radio resources of its network and support the mobility of the nodes. The mobility support function of this paper has the advantage that a node in the network can move using its two or more wireless interfaces by using the radio resource management function of the SDN controller. In order to test the functions implemented in this paper, we measured parameters related to various transmission performance according to various mobile experiments, and compared parameters related to performance using one wireless interface and two interfaces. The SDN-based network platform proposed in this paper is expected to be able to monitor the resources of wireless networks and support the mobility of nodes in the SDN environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.974-987
• /
• 2018

This paper presents a novel and efficient data transmission scheme based on mobile edge computing for the massive IoT environments which should support various type of services and devices. Based on an accurate and precise synchronization process, it maximizes data transmission throughput, and consistently maintains a flow's latency. To this end, the proposed efficient software defined data transmission scheme (ESD-DTS) configures and utilizes synchronization zones in accordance with the 4 usage cases, which are end node-to-end node (EN-EN), end node-to-cloud network (EN-CN), end node-to-Internet node (EN-IN), and edge node-to-core node (EdN-CN); and it transmit the data by the required service attributes, which are divided into 3 groups (low-end group, medium-end group, and high-end group). In addition, the ESD-DTS provides a specific data transmission method, which is operated by a buffer threshold value, for the low-end group, and it effectively accommodates massive IT devices. By doing this, the proposed scheme not only supports a high, medium, and low quality of service, but also is complied with various 5G usage scenarios. The essential difference between the previous and the proposed scheme is that the existing schemes are used to handle each packet only to provide high quality and bandwidth, whereas the proposed scheme introduces synchronization zones for various type of services to manage the efficiency of each service flow. Performance evaluations show that the proposed scheme outperforms the previous schemes in terms of throughput, control message overhead, and latency. Therefore, the proposed ESD-DTS is very suitable for upcoming 5G networks in a variety of massive IoT environments with supporting mobile edge computing (MEC).

• KNOM Review
• /
• v.24 no.1
• /
• pp.1-12
• /
• 2021

VM (Virtual Machine) live migration is a server virtualization technique for deploying a running VM to another server node while minimizing downtime of a service the VM provides. Currently, in cloud data centers, VM live migration is widely used to apply load balancing on CPU workload and network traffic, to reduce electricity consumption by consolidating active VMs into specific location groups of servers, and to provide uninterrupted service during the maintenance of hardware and software update on servers. It is critical to use VMlive migration as a prevention or mitigation measure for possible failure when its indications are detected or predicted. In this paper, we propose two VNF live migration methods; one for predictive load balancing and the other for a proactive measure in failure. Both need machine learning models that learn periodic monitoring data of resource usage and logs from servers and VMs/VNFs. We apply the second method to a vEPC (Virtual Evolved Pakcet Core) failure scenario to provide a detailed case study.

• KNOM Review
• /
• v.22 no.1
• /
• pp.1-10
• /
• 2019

The process to determine the required number of resources depends on the factors being considered. Autoscaling is one such mechanism that uses a wide range of factors to decide and is a critical process in NFV. As the networks are being shifted onto the cloud after the invention of SDN, we require better resource managers in the future. To solve this problem, we propose a solution that allows the VNFMs to autoscale the system resources depending on the factors such as overhead of hyperthreading, number of requests, execution-times for the virtual network functions. It is a known fact that the hyperthreaded virtual-cores are not fully capable of performing like the physical cores. Also, as there are different types of core having different frequencies so the process to calculate the number of cores needs to be measured accurately and precisely. The platform independency is achieved by proposing another solution in the form of a monitoring microservice, which communicates through APIs. Hence, by the use of our autoscaling application and a monitoring microservice, we enhance the resource provisioning process to meet the criteria of future networks.

• The KIPS Transactions:PartC
• /
• v.18C no.6
• /
• pp.423-432
• /
• 2011

Recently, OpenFlow has been paid attention to as a fundamental technology which provides a function of virtualization and programmability in network. In Korea, deployment of OpenFlow networks in campuses and the interconnection between them through tunneling in layer 3 has been performed. However, the performance of the interconnected networks is decreased due to delay in IP layer. In this paper, we design and deploy nation-wide, not local, OpenFlow networks in a pure layer 2 environment over KREONET. After that, we do end-to-end Round-trip Time measurements and TCP/UDP performance tests in OpenFlow and normal networks, and do comparison and analysis on the test results. The results show that the nation-wide OpenFlow networks provide equal performance to normal networks except for the initial packet loss for UDP streaming. In regards to the performance decrease due to early UDP packet loss, we can mitigate it by implementing exceptional procedures in a controller which deal with the same continuous "Packet_in" events.