• Journal of Communications and Networks
• /
• v.13 no.6
• /
• pp.602-611
• /
• 2011

The inter-domain routing scalability issue is a major challenge facing the Internet. Recent wide deployments of multihoming and traffic engineering urge for solutions to this issue. So far, tunnel-based proposals and compact routing schemes have been suggested. An implicit assumption in the routing community is that structured address labels are crucial for routing scalability. This paper first systematically examines the properties of identifiers and address labels and their functional differences. It develops a simple Internet routing model and shows that a binary relation T defined on the address label set A determines the cardinality of the compact label set L. Furthermore, it is shown that routing schemes based on flat address labels are not scalable. This implies that routing scalability and routing stability are inherently related and must be considered together when a routing scheme is evaluated. Furthermore, a metric is defined to measure the efficiency of the address label coding. Simulations show that given a 3000-autonomous system (AS) topology, the required length of address labels in compact routing schemes is only 9.12 bits while the required length is 10.64 bits for the Internet protocol (IP) upper bound case. Simulations also show that the ${\alpha}$ values of the compact routing and IP routing schemes are 0.80 and 0.95, respectively, for a 3000-AS topology. This indicates that a compact routing scheme with necessary routing stability is desirable. It is also seen that using provider allocated IP addresses in multihomed stub ASs does not significantly reduce the global routing size of an IP routing system.

• Journal of information and communication convergence engineering
• /
• v.12 no.3
• /
• pp.154-160
• /
• 2014

The address resolution protocol (ARP) provides dynamic mapping between two different forms of addresses: the 32-bit Internet protocol (IP) address of the network layer and the 48-bit medium access control (MAC) address of the data link layer. A host computer finds the MAC address of the default gateway or the other hosts on the same subnet by using ARP and can then send IP packets. However, ARP can be used for network attacks, which are one of the most prevalent types of network attacks today. In this study, a new ARP algorithm that can prevent IP spoofing attacks is proposed. The proposed ARP algorithm is a broadcast ARP reply and an ARP notification. The broadcast ARP reply was used for checking whether the ARP information was forged. The broadcast ARP notification was used for preventing a normal host's ARP table from being poisoned. The proposed algorithm is backward compatible with the current ARP protocol and dynamically prevents any ARP spoofing attacks. In this study, the proposed ARP algorithm was implemented on the Linux operating system; here, we present the test results with respect to the prevention of ARP spoofing attacks.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.9
• /
• pp.57-64
• /
• 2018

In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. In this paper, we design a protected server network with a large number of decoys to anonymize the protected servers that dynamically mutate their IP address and port numbers according to Hidden Tunnel Networking, which is a network-based moving target defense scheme. In the network, a protected server is one-to-one mapped to a decoy-bed that generates a number of decoys, and the decoys share the same IP address pool with the protected server. First, the protected server network supports mutating the IP address and port numbers of the protected server very frequently regardless of the number of decoys. Second, it provides independence of the decoy-bed configuration. Third, it allows the protected servers to freely change their IP address pool. Lastly, it can reduce the possibility that an attacker will reuse the discovered attributes of a protected server in previous scanning. We believe that applying Hidden Tunnel Networking to protected servers in the proposed network can significantly reduce the probability of the protected servers being identified and compromised by attackers through deploying a large number of decoys.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.26 no.5A
• /
• pp.773-778
• /
• 2001

인터넷이 본격적으로 상업망으로 전화되고 보편화됨에 따라 인터넷 수요가 급격히 증가될 것으로 예상되고 있다. 이에 따른 빠른 전송과 서비스를 만족시키기 위한 포워딩 기술로써 MPLS에 대한 연구가 활발히 진행되고 있다. 본 논문은 MPLS 영역에서 IP 패킷의 성능이 병목 지역에서 레이블된 것과 레이블 되지 않은 패킷에 따라 어떤 성능을 보이는지를 분석하였다. 링크의 대역폭이 병목지역에서 발생된 패킷 발생률보다 더 작을 경우에는 오히려 시간이 지남에 EK라 MPLS 레이블된 경우에 레이블 오버헤드와 빠른 스위칭이 더욱 혼잡을 발생시켜 레이블 되지 않은 IP 패킷보다 성능이 저하되었다. 이러한 현상에 대한 해결책으로 본 논문은 MPLS shim header 부분에 대한 overhead를 레이블 스위칭 할 때 IP 라우팅을 사용하지 않는 동안 사용되지 않는 필드인 IP header의 주소 필드를 이용하는 새로운 MPLS shim header 할당 알고리즘을 제안하였다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.15 no.5
• /
• pp.1-9
• /
• 2010

Abstract The DHCP power saving system provides advantage to driving active participation in which users installs the power saving software by restricting IP address through the power management server. However, the problem with this approach is the vulnerability to IP spoofing attacks, therefore we need to solve the mistake that disrupt the entire network system rather than saving electric power. In this paper, we propose the authentication system that can implement the efficiency saving power by providing high security for the members' computer system of the public institutions based on the saving power system.

• Proceedings of the KIEE Conference
• /
• 2004.11c
• /
• pp.243-245
• /
• 2004

This paper proposes design and implementation for Seamless Handoff method between adapters in a system environment where both wired and wireless adapters are present First of all, by settingLayer 2 address of wired adapter to Layer 2address of wireless adapter, then generate virtual adapter on the above layer to make these two adapters operate on an IP address. Under the condition, when wired communication via the wired adapter gets disconnected while in service, wireless handoff occurs by mapping information on the wireless adapter to the virtual adapter. According to the method proposed in this paper, continuous session can be obtained even when handoff between wired and wireless adapters occurs at lower level in an application where both IP address and Port address are used to maintain session since If address does not change.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.8B
• /
• pp.691-700
• /
• 2006

Based on the destination IP address of incoming packets, the Internet routers determine next hops and forward packets toward final destinations through If address lookup. The bandwidth of communication links increases exponentially fast as well as the routing table size grows significant as the number of single host networks attached to the Internet increases. Since packets should be processed at wire-speed, the increased link speed reduces the processing time of a packet in routers, and hence more efficient and fast IP address lookup algorithms and architectures are required in the next generation routers. Most of the previous IP lookup schemes compare routing prefixes of shorter length first with a given input IP address. Since IP address lookup needs to find the most specific route of the given input, search continues until the longest matched prefix is found while it keeps remembering the current test matching prefix. In this paper, based on binary search on prefix length, we proposed a new IP address lookup algorithm which compares longer prefixes first. The proposed scheme is consisted of multiple tries with prefixes on leaves only. The trie composed of the longest prefixes is primarily searched whether there is a match with the given input. This processing is repeated for the trio of the next longer prefixes until there finds a match. Hence the proposed algorithm provides the fast search speed. The proposed algorithm also provides the incremental update of prefixes while the previous binary search on length scheme does not provide the incremental update because of pre-processing requirement. In this paper, we performed extensive simulations and showed the performance comparisons with related works.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10c
• /
• pp.352-354
• /
• 2003

IP 주소 부족 문제를 해결하기 위한 방법은 크게 두 가지로 나누어 볼 수 있다. 32bit 의 주소체계를 갖는 IPv4 를 128bit 의 주소체계를 갖는 IPv6 로 대체하는 장기적인 관점에서의 해결책과 네트워크 주소 변환(NAT : Network Address Translation) 기술을 이용하여 로컬 네트워크의 호스트들이 부족한 공인 IP 주소를 공유하는 단기적인 관점의 해결책이 있다. IPv4 에서 IPv6 로의 전이는 현재 구축된 모든 네트워크 장비와 인터넷에 연결된 호스트들의 수정이 필요하므로 많은 시간과 비용을 필요로 한다. 네트워크 주소 변환 기법은 로컬 네트워크에서 사설 IP 주소를 사용하고 로컬 네트워크의 호스트가 인터넷 접속 시 사설 IP 주소를 공인 IP 주소로 변환하여 인터넷 접속을 지원하는 범용적인 기술이다. 기존 네트워크 주소 변환 기술은 인터넷 통신의 기본 특성인 종단간 연결성(end­to­end connectivity)을 지원하지 못하고 종단 호스트간의 연결 매개 기술이므로 IPSEC 과 같은 종단간 통신 보안 지원을 목적으로 하는 기술에는 적용할 수 없다. 본 논문에서는 NAT 기술의 한계를 분석하고 이를 극복하기 위해 호스트 라우팅을 이용한 공인 IP 주소 공유 기법을 제안한다. 제안된 IP 공유 기법은 IP 패킷의 헤더나 페이로드의 어떠한 수정 없이 단지 창조에 의해 사설 네트워크의 호스트들에게 인터넷 풀 액세스 및 종단간 IPSEC 세션을 지원한다.

• ETRI Journal
• /
• v.38 no.5
• /
• pp.922-933
• /
• 2016

IP header compression schemes offer a valuable measure for bandwidth preservation. Such schemes have been practically implemented in infrastructure-based IP networks for point-to-point links. However, minimal research and practical implementation efforts have been conducted in the direction of an IP header compression strategy that can meet the peculiar requirements of multi-hop ad hoc wireless networks. In this paper, we present a practically implemented multi-hop IP header compression scheme using the Robust Header Compression (ROHC) protocol suite. The scheme runs on a novel identifier (ID) based networking architecture, known as an ID-based ad hoc network (IDHOCNET). IDHOCNET additionally solves a number of bottlenecks of pure IP-based ad hoc networks that have emerged owing to IP address auto-configuration service, distributed naming and name resolution, and the role of an IP address as an identifier at the application layer. The proposed scheme was tested on a multi-hop test bed. The results show that the implemented scheme has better gain and requires only O (1) ROHC contexts.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.4
• /
• pp.1922-1940
• /
• 2019

IP address lookup is a function to determine nexthop for a given destination IP address. It takes an important role in modern routers because of its computation time and increasing Internet traffic. TCAM-based IP lookup approaches can exploit the capability of parallel searching but have a limitation of its size due to latency, power consumption, updatability, and cost. On the other hand, multibit trie-based approaches use SRAM which has relatively low power consumption and cost. They reduce the number of memory accesses required for each lookup, but it still needs several accesses. Moreover, the memory efficiency and updatability are proportional to the number of memory accesses. In this paper, we propose a novel architecture using an Indexed Multibit Trie (IMT) which is based on combined TCAM and SRAM. In the proposed architecture, each lookup takes at most two memory accesses. We present how the IMT is constructed so as to be memory-efficient and fast updatable. Experiment results with real-world forwarding tables show that our scheme achieves good memory efficiency as well as fast updatability.