• The Journal of the Korea Contents Association
• /
• v.12 no.10
• /
• pp.11-21
• /
• 2012

Hybrid network infrastructure has been deployed as the most important technology for the advanced research networking community such as Internet2, SURFnet, etc. However, further research needs to be performed in terms of feasible design and implementation of architecture for inter-domain collaborative network infrastructure, which is essential to end-to-end collaborative research based on high-end applications. In this paper, we suggest a framework for distributed and virtual network operations based on hybrid research networks and efficient cooperation between multi-domain hybrid networks, which aims to provide collaborative network environment for high-end applications. Suggested framework is designed to adopt decentralized model of multi-domain hybrid research network management. A collaborative and distributed virtual model that is characterized by cooperation among hybrid research networks that insist on maintaining their autonomy and control, can also contribute for researchers and other end-users to manage and operate their own virtual networks.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.25-30
• /
• 2021

Due to the current COVID-19 pandemic, companies and institutions are introducing virtual desktop technology, one of the logical network separation technologies, to establish a safe working environment in a situation where remote work is provided. With the introduction of virtual desktop technology, companies and institutions can operate the network separation environment more safely and effectively, and can access the business network quickly and safely to increase work efficiency and productivity. However, when introducing virtual desktop technology, there is a cost problem of high-spec server, storage, and license, and it is necessary to supplement in terms of operation and management. As a countermeasure to this, companies and institutions are shifting to cloud computing-based technology, virtual desktop service (DaaS, Desktop as a Service). However, in the virtual desktop service, which is a cloud computing-based technology, the shared responsibility model is responsible for user access control and data security. In this paper, based on the shared responsibility model in the virtual desktop service environment, we propose a cloud-based hardware security module (Cloud HSM) and edge-DRM proxy as an improvement method for user access control and data security.

• Convergence Security Journal
• /
• v.14 no.2
• /
• pp.25-33
• /
• 2014

With the development of information and communication, public institutions and enterprises utilize the business continuity using the Internet and Intranet. In this environment, public institutions and enterprises is to be introduced the number of solutions and appliances equipment to protect the risk of leakage of inside information. However, this is also the perfect external network connection is not enough to prevent leakage of information. To overcome these separate internal and external networks are needed. In this paper, we constructed the physical and logical network separation is applied to the network using the virtualization and thus the network configuration and network technical review of the various schemes were proposed for the separation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.8
• /
• pp.1071-1076
• /
• 2020

The importance of network separation is due to the use of the Internet with existing business PCs, resulting in an internal information leakage event, and an environment configured to allow servers to access the Internet, which causes service failures with malicious code. In order to overcome this problem, it is necessary to use network virtualization to separate networks and network interconnection systems. Therefore, in this study, the construction area was constructed into the network area for the Internet and the server farm area for the virtualization system, and then classified and constructed into the security system area and the data link system area between networks. In order to prove the excellence of the proposed method, a network separation construction study using network virtualization was conducted based on the basis of VM Density's conservative estimates of program loads and LOBs.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.23-26
• /
• 2002

인터넷은 확장성과 사용상의 편의성을 바탕으로 급격한 확산을 가져오게 되었다. 그러나 인터넷의 개방성과 확장성으로 인해 보안상 취약성이 나타나게 되었다. 이에 따라 인터넷 환경에서 저렴한 비용으로 전용 사설망과 같은 보안성을 보장해주는 가상사설망(VPN)의 도입이 활성화되고 있다. 전자상거래와 재택근무등 가상사설망 구축의 범위가 커지면서 사용자 인증과 키관리 및 분배 자동화를 위하여 공개키기반의 공인인증서비스를 적용한 VPN구축이 필요하게 되었다. 본 글에서는 공인인증서비스를 적용한 VPN구축사례를 통해 공인인증서비스의 적용시 문제점과 그 해결방안에 대해 알아본다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.789-792
• /
• 2016

사물인터넷 시장의 발전에 따라 많은 통신 프로토콜과 그에 해당하는 장비들이 발전을 하고 있다. 다양한 통신 프로토콜 사용에 따라 이질성 문제가 대두되어 이를 해결하는 미들웨어 기반의 가상 어댑터들이 나왔다. 하지만 이러한 가상 어댑터들은 통신 프로토콜 간의 이질성 문제는 해결하지만 인터넷 같은 외부 망과는 상호 호환이 안 되는 문제가 있다. 본 논문에서는 MQTT(Message Queuing Telemetry)를 활용하여 기존 가상 어댑터들과 외부 망 간 양방향 연동을 가능케 하는 MQTT 어댑터를 제안한다. 본 연구를 통하여 어댑터는 내부 센서 데이터 활용뿐만 아니라 외부 망의 데이터도 활용할 수 있어 폭넓은 상호 운용성을 확보할 수 있다.

• Journal of KIISE:Information Networking
• /
• v.30 no.4
• /
• pp.545-558
• /
• 2003

It is expected that per-user customized services are widely used in next generation Personal Communication Network. The ultimate goal for personalized service is the Virtual home Environment (VHE) providing ´same-look-and-feel´ services for the subscriber wherever he roams to. To provide personalized services for each call, per-user service profiles are frequently referenced, so efficient service profile management is essentially required. To realized the VHE, typically two schemes, can be employed; One is Intelligent Network based service control and the other is a full replication scheme that always replicates profile in user´s current zone. The first scheme is referred as Central scheme and th second scheme is the modified replication scheme of IMT-2000, we refer to as Follow-Me Replication Unconditional (FMRU). Since the Central scheme only depends on the service cal rate and the FMRU is merely dependent on the movement rate, it is apparent that FMRU scheme outperforms the Central scheme if the call to mobility ratio (CMR) is large, and vice versa. In this paper, we propose a new service profile replication schemes, Adaptive Follow-Me Replication (AFMR) that determine replication automatically according to the user´s CMR. We compared the performance of the AFMR with the non-adaptive Follow-Me Replication unconditional on Demand (FMRUD) scheme. Performance results indicate that as the CMR of a user changes AFMR adapts well compared to the existing schemes.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.9
• /
• pp.1320-1329
• /
• 2022

Currently, advanced national research network groups are continuously conducting R&D for the requirement to provide SDN/NFV-based network automation and intelligence technology for R&E users. In addition, the requirement for providing large-scale data transmission with the high performance networking facility, compared to general network environments, is gradually increasing in the advanced national research networks. Accordingly, in this paper, we propose an open API-based virtual network provisioning automation platform for large data transmission researched and developed to respond to the networking requirements of the national research network and present the implementation results. The platform includes the KREONET-S VDN system that provides SDN-based network virtualization technology, and the Kubernetes system that provides container-oriented server virtualization technology, and the Globus Online, a high-performance data transmission system. In this paper, the environment configurations, the system implemetation results for the interworking between the heterogeneous systems, and the automated virtual network provisioning implementation results are presented.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 1997.11a
• /
• pp.181-194
• /
• 1997

향후 전개될 멀티미디어 정보화 사회 구축을 위한 가장 적합한 통신 방식은 ATM (비동기 전송 방식)으로 음성, 영상, 데이터를 실시간, 비실시간 데이터로 구분하여 복합적으로 전송할 수 있다. 또한 유선 ATM 망은 이동성을 보장하는 무선 ATM 망으로 확장되어질 수 있다. 유선 ATM 망과 무선 ATM 망의 차이점은 이동성과 전송 환경의 특성으로 발생하는 오류 확율이다. 현재 무선 ATM 망에서 증가된 오류율을 유선 ATM 망의 수준으로 감소시키기 위한 여러 연구들이 진행되고 있다. 본 논문에서는 무선 전송 환경의 버스트 오류에 효과적인 인터리빙 기법을 무선 전송단의 한정된 대역폭에 할당되는 ATM 셀의 가상 회선/경로의 수만 감소시켜 일반 ATM 셀과의 연동성을 보장하는 Modified 셀에 적용을 제안하였고 일반 ATM 셀 전송과 비교하여 성능 향상에 대하여 평가하였다. 모의실험 결과 제안된 기법은 버스트 오류 환경에서 셀 손실율이 버스트 오류의 크기에 따라 효율적으로 감소되며 또한 이중 헤더 적용으로 셀 손실율을 감소시킴을 알 수 있었다. 본 기법은 인터리빙과 이중헤더의 사용으로 추가되는 오버헤더가 없으며, H-ARQ를 적용했을 때 불가능한 실시간 데이터 서비스에도 적합하다는 장점이 있다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2014.07a
• /
• pp.401-402
• /
• 2014

구내통신 인프라는 이용자 시설로서 한번 설치되면 20년 이상 장기간 사용할 뿐만 아니라 건축물에 밀착된 시설이므로 개량개선이 어렵고 많은 비용과 노력이 소요되는 특성이 있다. 특히 증설과 단선된 곳을 찾아 내는 관리상의 어려운 부분이 있다. 이러한 어려운 부분을 해소하며 건물내에서 가상화 컴퓨팅을 활용해 어느 곳에서든지 인증후 자신의 데스크탑 환경을 그대로 사용할 수 있으며, 보안 문제를 물리적 망분리와 함께 가상화로 문제의 해결점을 제시한다.