• The KIPS Transactions:PartC
• /
• v.18C no.5
• /
• pp.339-342
• /
• 2011

This paper proposes a network-based mobility control scheme in wireless/mobile networks, which is based on the Locator-Identifier Separation Protocol (LISP). Compared to the existing LISP mobility scheme, the proposed scheme is featured by the following two points: 1) each LISP Tunnel Router (TR) is implemented at the first-hop access router that mobile nodes are attached to, and 2) for handover support, the LISP Routing Locator (RLOC) update operation is performed between Ingress TR and Egress TR. By numerical analysis, it is shown that the proposed scheme can reduce the handover latency much more than the other candidate schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.103-114
• /
• 2007

The existing handover authentication schemes have authentication delay and overhead of the authentication server since they have been separately studied handover authentication at the link layer and the network layer. This paper proposes a handover authentication scheme initiated by Mobile Node on FMIPv6 based mobile access networks. The main idea of the paper is to generate a session key at the mobile node side, and transfer it to the next Access Router through the authentication server. Also, the scheme has a hierarchical key management at access router. There are two advantages of the scheme. First, the generated session key can be utilized for protecting the binding update messages and also for access authentication. Second, hierarchical key management at the access router reduced the handover delay time. The security aspects on the against PFS, PBS, and DoS attack of proposed scheme are discussed.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1594-1597
• /
• 2005

A rapid development and a wide use of the Internet have expanded a network environment. Further, the network environment has become more complex due to a simple and convenient network connection and various services of the Internet. However, the Internet has been constantly exposed to the danger of various network attacks such as a virus, a hacking, a system intrusion, a system manager authority acquisition, an intrusion cover-up and the like. As a result, a network security technology such as a virus vaccine, a firewall, an integrated security management, an intrusion detection system, and the like are required in order to handle the security problems of Internet. Accordingly, a router, which is a key component of the Internet, controls a data packet flow in a network and determines an optimal path thereof so as to reach an appropriate destination. An error of the router or an attack against the router can damage an entire network. This paper relates to a method for RSMS (router security management system) for secure networking based on a security policy. Security router provides functions of a packet filtering, an authentication, an access control, an intrusion analysis and an audit trail in a kernel region. Security policy has the definition of security function against a network intrusion.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.5
• /
• pp.49-56
• /
• 2016

Increasing Internet traffic and forwarding table size need high performance IP address lookup engine which is a crucial function of routers. For finding the longest matching prefix, trie-based or its variant schemes have been widely researched in software-based IP lookup. As a software router, we enhance the IP address lookup engine using GPU which is a device widely used in high performance applications. We propose a data structure for multibit trie to exploit GPU hardware efficiently. Also, we devise a novel scheme that the root subtrie is loaded on Shared Memory which is specialized for fast access in GPU. Since the root subtrie is accessed on every IP address lookup, its fast access improves the lookup performance. By means of the performance evaluation, our implemented GPU-based lookup engine shows 17~23 times better performance than CPU-based engine. Also, the fast access technique for the root subtrie gives 10% more improvement.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10c
• /
• pp.109-111
• /
• 2004

본 논문은 IEEE 802.11 네트워크 환경에서 MN(Mobile Node)이 핸드오버를 수행하기 전에 미리 이동 정보를 예측함으로써, 유연하게(Seamless) 서비스를 계속 받을 수 있는 예측 방법을 제안한다. 특히, MN이 속한 AP(Access Point)가 중첩된 상황에서 발생할 수 있는 여러 가지 문제점을 해결한다. MN은 이동성 패턴 레코드를 저장하고, 또한 각 이웃 AR(Access Router)은 AP의 AP-ID(BSSID, Basic Service Set ID)와 채널을 저장한다. MN이 AP의 영역의 경계를 벗어나기 전, 새로운 AP로부터 AP-lD를 획득하면, MN이 저장하는 이동성 패턴 레코드에서, AP-ID와 맞는 정보를 비교하여 확률이 높은 AP를 선택한다. 이러한 정보를 PAR(Previous Access Router)에게 정보를 보내어 신속하게 새로운 링크에서 서비스를 받을 수 있음으로써 손실.지연을 최소화 할 수 있다.

• The Journal of the Korea Contents Association
• /
• v.10 no.9
• /
• pp.79-87
• /
• 2010

This paper proposes a L3 handover method to minimize packet loss for supporting service continuity to IMS Terminal which has a single WLAN interface. The existing IMS based handover solution is able to support handover between different access networks in case that a terminal has multiple interfaces. That is, WLAN terminals need multiple interfaces to connect with one or more access networks. This proposed method configures IP address for the terminal in target WLAN previously by using Candidate Access Router Discovery(CARD) mechanism. Also, in the proposed method, service continuity server performs L3 connection establishment in target WLAN and registration to IMS server instead of the terminal. And then session control mechanism based on SIP is performed to support service continuity. We analyzed handover latency and signaling cost in the proposed method and existing method to show the improved performance by the proposed method.

• The Journal of Korean Association of Computer Education
• /
• v.15 no.5
• /
• pp.55-62
• /
• 2012

With the development of mobile communications and Internet technology, there is a strong need to provide seamless and fast connectivity for roaming devices. Generally, the mobile host (MH) may have several available networks when entering a new wireless area. However, the standard of decision for user's internet connection is provided only the subsystem identification (SSID) and signal strength of access point (AP). These two standards could not enough to decide optimal AP to the MH. Therefore, to decide the optimal AP, more information is needed. In this paper, we present additional information such as status of MH, capacity, current load, and depth of network hierarchy, by router advertisement message at layer 3. Also, we proposed decision engine (DE) on the MH that analyzes APs and decides the optimal AP automatically by AP's status information. For the MH, wireless connection period is increased, the power consumption is decreased, and the signaling overhead is reduced. For AP and router, the load balancing is provided and the network topology can also be more efficient.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2174-2177
• /
• 2003

Internet is exposed to network attacks as Internet has a security weakness. Network attacks which are virus, system intrusion, and deny of service, put Internet in the risk of hacking, so the damage of public organization and banking facilities are more increased. So, it is necessary that the security technologies about intrusion detection and controlling attacks minimize the damage of hacking. Router is the network device of managing traffic between Internets or Intranets. The damage of router attack causes the problem of the entire network. The security technology about router is necessary to defend Internet against network attacks. Router has the need of access control and security skills that prevent from illegal attacks. We developed integrated security management framework for secure networking and kernel-level security engine that filters the network packets, detects the network intrusion, and reports the network intrusion. The security engine on the router protects router or gateway from the network attacks and provides secure networking environments. It manages the network with security policy and handles the network attacks dynamically.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.97-107
• /
• 2008

This paper proposes a mutual authentication scheme for mobile router in MANEMO. The NEMO used AAA server in order to authenticate mobile router in nested mobile network. So, this scheme has some problem that increases authentication message overhead and authentication time. The proposed scheme uses temporary certificate that signed by an access router's private key. The temporary certificate authenticates a mobile router when the mobile router entered a MANET domain. The proposed scheme reduces authentication message overhead and authentication time than the scheme to use AAA server when authenticating the mobile router.

• Journal of information and communication convergence engineering
• /
• v.16 no.1
• /
• pp.31-37
• /
• 2018

In this work, we propose an analytic framework for evaluating the quality of service and dimensioning the link capacity in the gateway router of a smart farm with a greenhouse eco-management system. Specifically, we focus on the gateway router of an IoT network that provides an access service for smart farms. We design the link capacity of a gateway router that is used for the remote management of the greenhouse eco-management system to accommodate both time-critical and delay-tolerant traffic in a greenhouse LAN. For this purpose, we first investigate the ecosystem for smart farm, and we define the specification and requirements of the greenhouse eco-management system. Second, we propose a system model for the link capacity of a gateway that is required to guarantee the delay performance of time-critical applications in the greenhouse LAN. Finally, the validity of the proposed system is demonstrated through a series of numerical experiments.