• Journal of Korea Multimedia Society
• /
• v.5 no.1
• /
• pp.68-76
• /
• 2002

Multicast in mobile host has the problem of hast mobility, multicast decision, triangle routing, tunnel convergence, implosion of retransmission, and bandwidth waste. In particular, the bandwidth waste in radio is a definite factor that decreases transmission rate. To solve the problems, this paper proposes a new multicast transmission protocol called FIM(Forward Error Correction Integrated Multicast), which supports reliable packet recovery mechanism by integrating If Mobility Support for the host mobility, IGMP(Interned Group Management Protocol) for the group management, and DVMRP(Distance Vector Multicast Routing Protocol) for the multicast routing, and it also uses FEC and the local recovery method based on receiver. The performance measurement is performed by dividing the losses into the homogeneous independent loss, the heterogeneous independent loss, and the shared source link loss model.. The result shows that the performances improves in proportion to the size of local areal group when the size of transmission group exceeds designated size. This indicates FIM is effective in the environment where there are much of data and many receivers in the mobile host.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.2
• /
• pp.277-284
• /
• 2009

With significant development in wireless communication technologies, the needs to handover from one network to another have grown dramatically. Recently IETF developed MIPv6 and FMIPv6 which are used to handover between different access networks. These handover mechanisms have some known weaknesses. MIPv6 can not serve time-critical application because it causes long handover latency and packet loss. By these reasons, MIPv6 does not guarantee session continuity. FMIPv6 uses handover preparation phase to reduce DAD latency. However FMIPv66 still suffers from long handover latency, because it must perform binding update at the end of handover procedure. In this paper we propose new handover mechanism FMIPv6-PBU which eliminates binding update latency. The proposed mechanism has compatability with lagacy FMIPv6. In this paper propose FMIPv6-PBU handover procedure and explain its procedures and evaluate it with MIPv6 and FMIPv6.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.39-52
• /
• 2011

An application-layer attack can effectively achieve its objective with a small amount of traffic, and detection is difficult because the traffic type is very similar to that of legitimate users. We have discovered a unique characteristic that is produced by a difference in client intention: Both a legitimate user and DDoS attacker establish a session through a 3-way handshake over the TCP/IP layer. After a connection is established, they request at least one HTTP service by a Get request packet. The legitimate HTTP user waits for the server's response. However, an attacker tries to terminate the existing session right after the Get request. These different actions can be interpreted as a difference in client intention. In this paper, we propose a detection algorithm for application layer DDoS attacks based on this difference. The proposed algorithm was simulated using traffic dump files that were taken from normal user networks and Botnet-based attack tools. The test results showed that the algorithm can detect an HTTP-Get flooding attack with almost zero false alarms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.119-129
• /
• 2011

TCP-related Flooding attacks still dominate Distributed Denial of Service Attack. It is a great challenge to accurately detect the TCP flood attack in hish speed network. In this paper, we propose the NIC_Cookie logic implementation, which is a kind of security offload engine against TCP-related DDoS attacks, on network interface card. NIC_Cookie has robustness against DDoS attack itself and it is independent on server OS and external network configuration. It supports not IP-based response method but packet-level response, therefore it can handle attacks of NAT-based user group. We evaluate that the latency time of NIC_Cookie logics is $7{\times}10^{-6}$ seconds and we show 2Gbps wire-speed performance through a benchmark test.

• Broadcasting and Media Magazine
• /
• v.11 no.4
• /
• pp.104-117
• /
• 2006

In this Paper, we analyze the application of Interactive Data Broadcasting in DMB(Digital Multimedia Broadcasting) in the accordance with convergence of service and technology. With the acceleration of digital convergence in the Ubiquitous period substantial development of digital media technology and convergence of broadcasting and telecommunication industry are being witnessed. Consequently these results gave rise to newly combined-products such as DMB(Digital Multimedia Broadcasting), WCDMA(Wide-band code division multiple access), Wibro(Wireless Broadband Internet), IP-TV (Internet protocol TV) and HSDPA(High speed downlink packet access). The preparatory stage for the implementation of Interactive Data Broadcasting Service will be reached by the end of December, 2006. DMB is the first result of a successful convergence service between Broadcasting and Telecommunication in new media era. Multimedia technology and services are the core elements of DMB. The Data Broadcasting will not only offer various services of interactive information such News, Weather, Broadcasting Program etc, but also be linked with characteristic function of mobile phone such as calling and SMS(Short Message Service) via Return Channel.

• Journal of KIISE:Information Networking
• /
• v.34 no.5
• /
• pp.348-359
• /
• 2007

The conventional mobile VPN services assumed the mobile communications occur between the MN in foreign networks and the CN in the home network. However, if a MN wants to communicate with another MN in a foreign network, it could degrade the performance of the mobile VPN service because of the triangular routing problem. In this paper, we propose a route optimization mechanism based on the mobile VPN using an x-HA allocated by diameter MIP in order to support the efficient communication between the mobile VPN users in foreign networks. The i-HA maintains the VPN-TIA as well as the x-HoA as the CoAs to solve the security problem and to provide an efficient route optimization simultaneously. Moreover, we proposed revised IPSec tunnel configuration to reduce the IPSec tunnel overheads at a MN when the MN communicates with several MNs in the foreign networks at the same time. The VPN server, a security management entity in the home network, notifies an additional IPSec tunnel establishment between the x-HAs where the communication peers are registered. The simulation result showed that the proposed scheme decreases the end-to-end packet delay time and improves the throughput after the handoff compared to the existing mechanism.

• Journal of KIISE:Information Networking
• /
• v.32 no.4
• /
• pp.515-524
• /
• 2005

As the number of the mobile nodes (MNs) increases in the networks, the signaling traffic generated by mobility management for MNs will increase explosively, and such a phenomenon will probably affect overall network performance. In this paper, we propose a novel analytical approach using a continuous-time Markov chain model and hierarchical network model for the analysis on the signaling load of representative IPv6 mobility support Protocols such as Mobile IPv6 (MIPv6) and Hierarchical Mobile IPv6 (HMIPv6). According to these analytical modeling, this paper derives the various signaling costs, which are generated by an MN during its average domain residence time when MIPv6 and HMIPv6 are deployed under the same network architecture, respectively. In addition, based on these derived costs, we investigate the effects of various mobility/traffic-related parameters on the signaling costs generated by an MN under MIPv6 and HMIPv6. The analytical results show that as the average moving speed of an MN gets higher and the binding lifetime is set . to the larger value, and as its average packet arrival rate gets lower, the total signaling cost generated during its average domain residence time under HMIPv6 will get relatively lower than that under MIPv6, and that under the reverse conditions, the total signaling cost under MIPv6 will get relatively lower than that under HMIPv6.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.8
• /
• pp.974-985
• /
• 2016

Riverbed Modeler, which is a commercial packet-level discrete event simulator is used to model, design, and simulate complicated communication protocols and large-scale network. Riverbed Modeler got credit for its reliability in field of network simulation. In the MANET simulation environment using Riverbed Modeler, it is very complicated to add a new routing protocol into existing architecture of routing protocols because it is required lots of modifications of protocol recognition. In this paper, we propose Routing Adding Framework which can reduce errors or mistakes during modifying the existing routing support architecture. Routing Adding Framework is provided as a adapter API for protocol recognition. and it is only minimum modifications for protocol identifiers when a new routing protocol is added to the child process of manet_mgr process which manages routing protocols for IP layer. With Routing Adding Framework, we can reduce less than half modification. Then, we shows an example of implementation of a hybrid routing protocol AntHocNet using Routing Adding Framework, and we verify its design and application of the Routing Adding Framework by obtaining simulation result with similar result given by AntHocNet.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.44 no.7 s.361
• /
• pp.71-80
• /
• 2007

This paper describes an efficient hardware design of WiBro security processor (WBSec) supporting for the security sub-layer of WiBro wireless internet system. The WBSec processor, which is based on AES (Advanced Encryption Standard) block cipher algorithm, performs data oncryption/decryption, authentication/integrity, and key encryption/decryption for packet data protection of wireless network. It carries out the modes of ECB, CTR, CBC, CCM and key wrap/unwrap with two AES cores working in parallel. In order to achieve an area-efficient implementation, two design techniques are considered; First, round transformation block within AES core is designed using a shared structure for encryption/decryption. Secondly, SubByte/InvSubByte blocks that require the largest hardware in AES core are implemented using field transformation technique. It results that the gate count of WBSec is reduced by about 25% compared with conventional LUT (Look-Up Table)-based design. The WBSec processor designed in Verilog-HDL has about 22,350 gates, and the estimated throughput is about 16-Mbps at key wrap mode and maximum 213-Mbps at CCM mode, thus it can be used for hardware design of WiBro security system.