• Convergence Security Journal
• /
• v.5 no.1
• /
• pp.35-43
• /
• 2005

It is need to control network access that a user personally change own IP or network devices in managing network address. Also, When we use new network devices or assign network address, we do them by design, not arbitrarily. And then, we can immediately control network's problems. It could be used network management and security in low level. But most of managers do this works by hand not automatically. This paper propose the solutions that improve the security by network address authentication in VLAN environment, such as corporations and public offices.

• Journal of the Korea Society for Simulation
• /
• v.18 no.4
• /
• pp.207-217
• /
• 2009

We propose a two-stage Distributed Denial of Service (DDoS) defense system, which can protect a given subnet by serving existing flows and new flows with a different priority based on IP history information. Denial of Service (DoS) usually occurs when the resource of a network node or link is limited and the demand of the users for that resource exceeds the capacity. The objective of the proposed defense system is to provide continued service to existing flows even in the presence of DDoS attacks. The proposed scheme can protect existing connections effectively with a smaller memory size by reducing the monitored IP address set through sampling and per-prefix history management. We evaluate the performance of the proposed scheme through simulation.

• Journal of Korea Multimedia Society
• /
• v.7 no.5
• /
• pp.721-736
• /
• 2004

Because of increasing the notebook computer and PDA, users' requirement with respect to mobility is growing more and more. However, current IP protocol is not changed IP address and can not deliver IP packets on new location of host in case moving another network. To solve this problem, the IETF has proposed mobile IP. Today users want to be provided suitable QoS in the internet since demand of services is variety. The policy-based network management is method which can solve various problems of QoS, security, and complication of management in IP networks. This paper presents the network topology constitution, operation procedure and architecture of policy-based network management for providing internet DiffServ on mobile IP environment. In this paper we propose policy classes of policy-based DiffServ network management on mobile environment and create policy scenarios using the proposed policy description language to represent the policy classes. Finally, we implemented a policy-based DiffServ network management system on mobile IP environment.

• The KIPS Transactions:PartA
• /
• v.14A no.1 s.105
• /
• pp.1-14
• /
• 2007

MPICH-G2 is an MPI implementation to solve complex computational problems by utilizing geographically dispersed computing resources in grid environments. However, the computation nodes in MPICH-G2 are exposed to the external network due to the lack of supporting the private IP clusters, which raises the possibility of malicious security attacks. In order to address this problem, we propose MPICH-GP with a new relay scheme combining NAT(Network Address Translation) service and an user-level proxy. The proxy running on the front-end system of private IP clusters forwards the incoming connection requests to the systems inside the clusters. The outgoing connection requests out of the cluster are forwarded through the NAT service on the front-end system. Through the connection path between the pair of processes, the requested MPI jobs can be successfully executed in grid environments with various clusters including private IP clusters. By simulations, we show that the performance of MPICH-GP reaches over 80% of the performance of MPICH-G2, and over 95% in ease of using RANK management method.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.232-234
• /
• 2005

대규모의 네트워크를 사용하는 기업이나 학교, 기관에서는 IP주소의 효율적인 관리를 위해 설러 가지 노력을 하지만 사용자의 허가되지 않은 IP주소의 무단 사용에 대하여 대처할 방법이 마땅치 않다. 사용자 임의로 IP주소를 설정하여 사용하게 되면 이를 찾아내기가 매우 까다롭고, 안약 그 IP주소가 중요서버의 IP일 경우에는 IP주소의 중복사용으로 인한 서비스 장애가 발생할 수도 있다. 본 연구에서는 현재 네트워크 설정을 변경하지 않으면서 사용자의 특별한 개입 없이 IP주소를 관리 및 모니터링 하고 중요 서버의 IP사용을 보호할 수 있는 에이전트 기반의 시스템을 개발하고자 한다.

• Proceedings of the IEEK Conference
• /
• 2003.11c
• /
• pp.227-230
• /
• 2003

Mobile SCTP (mSCTP) is a new scheme which can be used to provide seamless handover for the mobile node. The reason that is possible is because of the SCTP extension which provides a method to reconfigure IP address on an existing SCTP association (ADDIP). While mSCTP focuses on an association originated ken mobile node (MN) toward fixed correspondent node (CN), mSCTP with Mobile IP support an association originated from CN toward MN by using the Home Agent in Mobile IP and location management. However, there are still some problems related to communication interruption. In this paper, we present a new scheme to solve these problems. The main idea of this scheme is using the home address of MN as a backup path of an SCTP association.

• ETRI Journal
• /
• v.27 no.5
• /
• pp.595-607
• /
• 2005

The widespread use of the Internet has led to the problem of intellectual property and copyright infringement. Digital rights management (DRM) technologies have been developed to protect digital content items. Digital content can be classified into static content (for example, text or media files) and dynamic content (for example, VOD or multicast streams). This paper deals with the protection of a multicast stream on set-top boxes connected to an IP network. In this paper, we examine the following design and architectural issues to be considered when applying DRM functions to multicast streaming service environments: transparent streaming service and large-scale user environments. To address the transparency issue, we introduce a 'selective encryption scheme'. To address the second issue, a 'key packet insertion scheme' and 'hierarchical key management scheme' are introduced. Based on the above design and architecture, we developed a prototype of a multicasting DRM system. The analysis of our implementation shows that it supports transparent and scalable DRM multicasting service in a large-scale user environment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.12
• /
• pp.2165-2170
• /
• 2008

In this parer, it is implemented a Local distribution Audio System, based on AoIP(Audio over Internet Protocol) of a part of TCP/IP Network which belongs to Internet transmission technology. The system is controlled based on SNMP(Simple Network Management Protocol) and it is transferred to UDP as packet after changing from Analog audio sources to Digital audio sources. The implemented Local distribution Audio System have presented practical possibilities in PA system transmitting various audio sources to several areas, dispersedly and using multichannel audio like Home theaters in the limelight, recently.

• Journal of Korea Multimedia Society
• /
• v.14 no.1
• /
• pp.144-152
• /
• 2011

As IPv4 addresses are exhausting, the use of IPv6 addresses is increasing. IPv6 environment provides address auto-configuration function. If addresses are allocated to each host automatically, network management system has difficulty in inspecting every IP of all devices and keeping the relevant informations. Also, as IP addresses are configured automatically, problems such as malicious users accessing network devices with no restriction can occur. To solve these problems, managing and blocking of malicious user is necessary. In this paper, we suggest agent system for searching of host computer and blocking network access which manages and protects the major network resources efficiently by searching host and blocking unauthorized host access to network in IPv6 environment. According to the test results of function of this agent system in IPv6 environment, we have checked that this system performs searching and blocking function normally.

• Journal of Korea Society of Industrial Information Systems
• /
• v.14 no.5
• /
• pp.75-82
• /
• 2009

It is possible that gain good effect for saving electric charges by power-saving education to organizer, instead of buying new energy saving computer in the company, school and public organization. But this kind of education needs time very much. And power management system for controling whole computer of organizer is released, but it is hard to set up. In this paper we prevent computers which do not have power shutdown software, from obtaining IP address by DHCP. So we induce organizer to setup power shutdown software.