• Journal of KIISE:Information Networking
• /
• v.34 no.1
• /
• pp.1-15
• /
• 2007

Increase in the wireless mobile network users brings the issue of mobility management into the Virtual Private Network (VPN) services. We propose a provider edge (PE)-based provider provisioned mobile VPN mechanism, which enables efficient communication between a mobile VPN user and one or more correspondents located in different VPN sites. The proposed mechanism not only reduces the IPSec tunnel overhead at the mobile user node to the minimum, but also enables the traffic to be delivered through optimized paths among the (mobile) VPN users without incurring significant extra IPSec tunnel overhead regardless of the user's locations. The proposed architecture and protocols are based on the BGP/MPLS VPN technology that is defined in RFC24547. A service provider platform entity named PPVPN Network Server (PNS) is defined in order to extend the BGP/MPLS VPN service to the mobile users. Compared to the user- and CE-based mobile VPN mechanisms, the proposed mechanism requires less overhead with respect to the IPSec tunnel management. The simulation results also show that it outperforms the existing mobile VPN mechanisms with respect to the handoff latency and/or the end-to-end packet delay.

• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.799-806
• /
• 2004

A growing diversity of pervasive devices is gaming access to the Internet and other information. However, much of the rich multimedia contents cannot be easily handled by the client devices because of the limited communication, processing, storage and display capabilities. The in-tegration of voice, data and video service modified the target of networking technologies. Networks must have some the capabilities for in-tegration of various services and also for QoS support as required by each of those service. Because of these reasons, we developed EAGIS(Efficient ATM Gateway for real time Internet Service) to provide seamless multimedia service between the ATM network and the Internet. EAGIS consists of the interworking unit, content server, transcoding server, and the serveice broker to provide seamless multimedia service be-tween the ATM network and the Internet. In this paper, we design the architecture and transcoding service scenario of the EAGIS. When the RTP is used for the bi-directional communication, transcoding time is configured by the time-stamp of RTCP. When HTTP is used for unidirec-tional communication, self-timer is used. By using these reference time, standard transcoding method is applicable according to the frame trans-mission rate and network traffic load. And we can also assure the QoS of the multiple users` effective bandwidth by our algorithm.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.4678-4702
• /
• 2018

Traffic Matrix estimation has always caught attention from researchers for better network management and future planning. With the advent of high traffic loads due to Cloud Computing platforms and Software Defined Networking based tunable routing and traffic management algorithms on the Internet, it is more necessary as ever to be able to predict current and future traffic volumes on the network. For large networks such origin-destination traffic prediction problem takes the form of a large under- constrained and under-determined system of equations with a dynamic measurement matrix. Previously, the researchers had relied on the assumption that the measurement (routing) matrix is stationary due to which the schemes are not suitable for modern software defined networks. In this work, we present our Compressed Sensing with Dynamic Model Estimation (CS-DME) architecture suitable for modern software defined networks. Our main contributions are: (1) we formulate an approach in which measurement matrix in the compressed sensing scheme can be accurately and dynamically estimated through a reformulation of the problem based on traffic demands. (2) We show that the problem formulation using a dynamic measurement matrix based on instantaneous traffic demands may be used instead of a stationary binary routing matrix which is more suitable to modern Software Defined Networks that are constantly evolving in terms of routing by inspection of its Eigen Spectrum using two real world datasets. (3) We also show that linking this compressed measurement matrix dynamically with the measured parameters can lead to acceptable estimation of Origin Destination (OD) Traffic flows with marginally poor results with other state-of-art schemes relying on fixed measurement matrices. (4) Furthermore, using this compressed reformulated problem, a new strategy for selection of vantage points for most efficient traffic matrix estimation is also presented through a secondary compression technique based on subset of link measurements. Experimental evaluation of proposed technique using real world datasets Abilene and GEANT shows that the technique is practical to be used in modern software defined networks. Further, the performance of the scheme is compared with recent state of the art techniques proposed in research literature.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.5
• /
• pp.39-48
• /
• 2016

One of the major trends of automotive networking architecture is the introduction of automotive Ethernet. Ethernet is already used in single automotive applications (e.g. to connect high-data-rate sources as video cameras), it is expected that the ongoing standardization at IEEE (IEEE802.3bw - 100BASE-T1, respectively IEEE P802.3bp - 1000BASE-T1) will lead to a much broader adoption in future. Those applications will not be limited to simple point-to-point connections, but may affect Electric/Electronic(EE) Architectures as a whole. It is agreed that IP based traffic via Ethernet could be secured by application of well-established IP security protocols (e.g., IPSec, TLS) combined with additional components like, e.g., automotive firewall or IDS. In the case of safety and real-time related applications on resource constraint devices, the IP based communication is not the favorite option to be used with complicated and performance demanding TLS or IPSec. Those applications will be foreseeable incorporate Layer-2 based communication protocols as, e.g., currently standardized at IEEE[13]. The present paper reflects the state-of-the-art communication concepts with respect to security and identifies architectural challenges and potential solutions for future Ethernet Switch-based EE-Architectures. It also gives an overview and provide insights into the ongoing security relevant standardization activities concerning automotive Ethernet. Furthermore, the properties of non-automotive Ethernet security mechanisms as, e.g., IEEE 802.1AE aka. MACsec or 802.1X Port-based Network Access Control, will be evaluated and the applicability for automotive applications will be assessed.

• Journal of KIISE:Information Networking
• /
• v.30 no.6
• /
• pp.729-742
• /
• 2003

Mobile Communication has a possibility of eavesdropping by nature of wireless channel. It is known that eavesdropping of CDMA system is impossible because the voice data spreads with the PN. First of all, we show that it is possible to eavesdrop the CDMA channel by analysis of the forward channel in case that we know the ESN and the MIN. We can monitor the forward traffic channel with easy since ESN and MIN are exposed during the call processing in CDMA service in Korea. In this paper, we will show security weakness and propose an enhanced mechanism for CDMA service. We consider the problem of security in the CDMA service. CDMA system has wireless channels to transmit voice or data. By this reason, CDMA communication has a possibility of being eavesdropped by someone. It is known that eavesdropping in CDMA system is impossible because the voice data spreads with the PN. However, we can eavesdrop the CDMA data in FCM protocol in case that we know the ESN and the MIN. In CDMA system, ESN and MIN are exposed to the wireless channel. In this paper, we analyze the flow of the voice and signal in the CDMA system and monitor the forward traffic channel by the FCM protocol. The FCM protocol is proposed to monitor the forward channel in CDMA system. We can show the possibility of monitoring in one-way channel of CDMA system by the FCM protocol. The test instrument based on the FCM protocol is proposed to monitor the CDMA forward channel. We will show the system architecture of the test instrument to monitor the forward channel in CDMA.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.293-306
• /
• 2003

In recent years, distributed computing environments have been radically changing to a structure of global, heterogeneous, federative and wide-area systems. This structure's environments consist of a let of objects which are implemented on telecommunication network to provide a wide range of services. Furthermore, all of objects existing on the earth have the duplicated characteristics according to how to categorize their own names or properties. But, the existing naming or trading mechanism has not supported the binding services of duplicated objects, because of deficiency of independent location service. Also, if the duplicated objects which is existing on different nodes provide the same service, it is possible to distribute the client requests considering each system's load. For this reason, we designed and implemented a new model that can not only support the location management of replication objects, but also provide the dynamic binding service of objects located in a system with minimum overload for maintaining load balancing among nodes in wide-area object computing environments. Our model is functionally divided into two parts; one part is to obtain an unique object handle of replicated objects with same property as a naming and trading service, and the other is to search one or more contact addresses by a location service using a given object handle. From a given model mentioned above, we present the procedures for the integrated binding mechanism in design phase, that is, Naming/Trading Service and Location Service. And then, we described in details the architecture of components for Integrated Binding Service implemented. Finally, we showed our implement environment and executing result of our model.

• Journal of KIISE:Computer Systems and Theory
• /
• v.31 no.11
• /
• pp.626-634
• /
• 2004

In a client-server model, network server systems suffer from both heavy communication and computational loads. While communication channels become increasingly speedy, the existing protocol stack architectures still include mainly three performance bottlenecks of protocol stack processing, system call, and network interrupt overheads. To address these obstacles, in this paper we present a host-independent network system where a network interface card (NIC) is utilized in an efficient manner. First, by offloading network-related portion to the NIC, the host can fully utilize its processing power for other useful purposes. Second, it eliminates the system call overhead, such as context-switching and memory copy operations, since the host communicates with the NIC through its user-level libraries. Third, it a] so reduces the network interrupt operation count as the host handles the interrupt in a segment instead of a packet. The experimental results show that the proposed network system reduces the host CPU overhead for communication system by 68-71%. It also shows that the proposed system improves the communication speed by 11-83% under heavy computational and communication load conditions.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.6
• /
• pp.7-20
• /
• 2017

The advancement of cloud and big data and the considerable growth of traffic have increased the complexity and problems in the management inefficiency of existing networks. The software-defined networking (SDN) environment has been developed to solve this problem. SDN enables us to control network equipment through programming by separating the transmission and control functions of the equipment. Accordingly, several studies have been conducted to improve the performance of SDN controllers, such as the method of connecting existing legacy equipment with SDN, the packet management method for efficient data communication, and the method of distributing controller load in a centralized architecture. However, there is insufficient research on the control of SDN in terms of the quality of network-using applications. To support the establishment and change of the routing paths that meet the required network service quality, we require a mechanism to identify network requirements based on a contract for application network service quality and to collect information about the current network status and identify the violations of network service quality. This study proposes a method of identifying the quality violations of network paths through ontology to ensure the network service quality of applications and provide efficient services in an SDN environment.

• Journal of the Korean Institute of Landscape Architecture
• /
• v.38 no.4
• /
• pp.64-74
• /
• 2010

The study is based on an urban park design that is designed in consideration of the characteristics of Uijeongbu City, applied with adequate functions for the environment and showcasing the unique scenery in relation to the relocation of the US Air Force Camp Falling Water. The bases of the design are: the reasonable convergence of the square and park in consideration of the site characteristics; the application of an urban context as the park is located near a station; and the realization of an eco-friendly space. This study is based on foundation research regarding a review of urban square patterns, particular items in planning in relation to modern urban parks and the adaptability of the park in the future. Regarding space usage, the design is applied with notable ideas that allow the space to make its own characteristics through voluntary user activity in conjunction with the environment that will allow the park to cope with changes in the future, as opposed to a space that users experience through pre-determined programs. Below are the focal points of the design. First, the park is designed as an empty space which may accommodate the urban structural context of and usage patterns for being a field of the city ecology that changes and develops, beyond a passively-created square pattern. Such open spaces have a continuity which allows it to adapt to the development of the city. In addition, the design facilitates spontaneous processes through changes in usage pattern and time. Second, the design includes the message that the park and the city, natural things and artificial things, must communicate and network with each other. Hence the park shall not be an isolated green island within the city, but is an open space accommodating the demands for open area from nearby commercial, public and residential facilities; the park shall include a field that can accommodate a variety of programs. Third, the park is designed to encourage the effect of direct and indirect practical education by reflecting a physical plan as well as interesting experience design methods to lower carbon emissions and to create and maintain an eco-friendly space, the basis of a zero-emissions city.

• Journal of KIISE:Information Networking
• /
• v.32 no.3
• /
• pp.279-290
• /
• 2005

Recently, as the serious damage caused by DDoS attacks increases, the rapid detection and the proper response mechanisms are urgent. However, existing security mechanisms do not effectively defend against these attacks, or the defense capability of some mechanisms is only limited to specific DDoS attacks. In this paper, we propose a detection architecture against DDoS attack using data mining technology that can classify the latest types of DDoS attack, and can detect the modification of existing attacks as well as the novel attacks. This architecture consists of a Misuse Detection Module modeling to classify the existing attacks, and an Anomaly Detection Module modeling to detect the novel attacks. And it utilizes the off-line generated models in order to detect the DDoS attack using the real-time traffic. We gathered the NetFlow data generated at an access router of our network in order to model the real network traffic and test it. The NetFlow provides the useful flow-based statistical information without tremendous preprocessing. Also, we mounted the well-known DDoS attack tools to gather the attack traffic. And then, our experimental results show that our approach can provide the outstanding performance against existing attacks, and provide the possibility of detection against the novel attack.