• Journal of KIISE:Information Networking
• /
• v.28 no.4
• /
• pp.578-585
• /
• 2001

IP Multicast that provides best-efforts service does not guarantee reliable delivery of multicast packets. In recent years, there are many approaches to support reliable multicast, but those are insufficient for implementing scalable and reliable multicast over Internet. We propose a Reliable Multicast Architecture(RMA) for scalable and reliable multicast. The RMA model guarantees reliability using a receiver initiated retransmission mechanism, and scalability using a feedback suppression mechanism by Multicast Router(MR). Furthermore, it utilizes underlying multicast routing information to minimize the cost of protocol modification and overheads. Our performance analyses show that RMA is much superior to previous works in the point of scalability and compatibility.

• The Transactions of the Korean Institute of Electrical Engineers D
• /
• v.53 no.9
• /
• pp.638-643
• /
• 2004

Middleware enables different networking devices and protocols to inter-operate in ubiquitous home network environments. The UPnP(Universal Plug and Play) middleware, which runs on a PC and is based on the IPv4 protocol, has attracted much interest in the field of home network research since it has versatility The UPnP, however, cannot be easily accessed via the public Internet since the UPnP devices that provide services and the Control Points that control the devices are configured with non-routable local private or Auto IP networks. The critical question is how to access UPnP network via the public Internet. The purpose of this paper is to deal with the non-routability problem in local private and Auto IP networks by improving the conventional Control Point used in UPnP middleware-based home networks. For this purpose, this paper proposes an improved Control Point for accessing and controlling the home network from remote sites via the public Internet, by adding a web server to the conventional Control Point. The improved Control Point is implemented in an embedded GNU/Linux system running on an ARM9 platform. Also this paper implements the security of the home network system based on the UPnP (Universal Plug and Play), adding VPN (Virtual Private Network) router that uses the IPsec to the home network system which is consisted of the ARM9 and the Embedded Linux.

• The Journal of the Korea Contents Association
• /
• v.3 no.1
• /
• pp.21-30
• /
• 2003

Retracing schemes using packet marking are currently being studied to protect network resources by isolating DDoS attack. One promising solution is the probabilistic packet marking (PPM). However, PPM can't use ICMP by encoding a mark into the IP identification field. Likewise, it can't identify the original source through a hash function used to encode trace information and reduce the mark size. In addition, the retracing problem overlaps with the result from the XOR operation. An algorithm is therefore proposed to pursue the attacker's source efficiently. The source is marked in a packet using a router ID, with marking information abstracted.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.1
• /
• pp.30-35
• /
• 2002

Dynamic routing uses routing protocols to select the best routes and to update the routing table. RP (Routing Information Protocol)using a distance-vector algorithm becomes generally known a routing protocol on the network. RIP selects the route with the lowest "hop count" (metric) as the best route. but RIP has a serious shortcoming. a mP router cannot maintain a complete routing table for a network that has destinations more than 15 hops away. To overcome this defect, It uses the OSPF (Open Shortest Path First) of link -state protocols developed for TCP/IP. It is suitable for very large networks and provides several advantages over RIP. This paper analyzes the traffic and the link efficiency between two protocols such as message delivery and delay, link utilization, message counts on the same network.e network.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.759-761
• /
• 2016

ICMP(Internet Control Message Protocol) supports the processing of error in the communication network based TCP/IP. If a problem is occurred in a data transmission process, router or receiving host sends ICMP message containing the error cause to sending host. However, in this process an attacker sends a fake ICMP message to the host so that the communication between the hosts can be abnormally terminated. In this paper, we performed a study to prevent several attacks related to ICMP. To this, we have designed outbound traffic controller so that attack packet is not transmitted to network in operating system of host.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.5
• /
• pp.791-800
• /
• 2022

CCN, which has emerged to overcome the limitations of existing network structures, enables efficient networking by changing the IP Address-based network method to the Content-based network method. At this time, the contents are stored on each node(router) rather than on the top server, and considering the limitation of storage capacity, it is very important to determine which contents to store and release through the cache policy, and there are several cache policies that have been studied so far. In this paper, two of the existing cache policies, producer popularity-based and distance-based, were mixed. In addition, the mixing ratio was set differently to experiment, and we proved which experiement was the most efficient one.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.6 s.348
• /
• pp.9-22
• /
• 2006

When the legacy multicast routing protocols are adopted in If-based mobile core networks, there are some problems such as traffic injection from unnecessary sources, traffic overhead by group management and router performance degradation by large amount of multicast session information. In this paper, we propose a stateless multicast mechanism which has no need to maintain multicast information for session status and reduces redundant network overhead for maintaining multicast tree. In addition interworking with IGMPv3 gets rid of traffic from unnecessary sources which have no registration from receivers. The operations of essential components including a gateway node for interworking with the legacy Internet multicast network, a gateway node for transparency to radio access network and a intermediate node in mobile core networks, are definitely defined and the proposed communication architecture is completed. Finally we evaluate and approve the performance of the proposed architecture by means of well-designed network simulation.

• Journal of Korea Multimedia Society
• /
• v.9 no.8
• /
• pp.1037-1044
• /
• 2006

It's difficult to check cyber attacks and the performance of a security system in a real large-scale network. Generally, a new security system or the effect of a new security attack are checked by simulation. We use SSFNet to simulate our security system and cyber attack. SSFNet is an event-driven simulation tools based on process, which has a strength to be capable of expressing a large-scale network. But it doesn't offer any API's which can manipulate not only the related function of security but also the packet. In this paper, we developed a firewall and IPS class, used for a security system, and added to them components of SSFNet. The firewall is modelled a security system based on packet filtering. We checked the function of the firewall and the IPS with network modelled as using our SSFNet. The firewall blocks packets through rules of an address and port of packets. The result of this simulation shows that we can check a status of packets through a log screen of IPS installed in a router and confirm abnormal packet to be dropped.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.65 no.1
• /
• pp.128-134
• /
• 2016

IoT devices including smart devices are connected with internet, thus they have security threats everytime. Particularly, IoT devices are composed of low performance MCU and small-capacity memory because they are miniaturized, so they are likely to be exposed to various security threats like DoS attacks. In addition, in case of IoT devices installed for a remote place, it's not easy for users to control continuously them and to install immediately security patch for them. For most of IoT devices connected directly with internet under user's intention, devices exposed to outside by setting IoT gateway, and devices exposed to outside by the DMZ function or Port Forwarding function of router, specific protocol for IoT services was used and the devices show a response when services about related protocol are required from outside. From internet search engine for IoT devices, IP addresses are inspected on the basis of protocol mainly used for IoT devices and then IP addresses showing a response are maintained as database, so that users can utilize related information. Specially, IoT devices using HTTP and HTTPS protocol, which are used at usual web server, are easily searched at usual search engines like Google as well as search engine for the sole IoT devices. Ill-intentioned attackers get the IP addresses of vulnerable devices from search engine and try to attack the devices. The purpose of this study is to find the problems arisen when HTTP, HTTPS, CoAP, SOAP, and RestFUL protocols used for IoT devices are detected by search engine and are maintained as database, and to seek the solution for the problems. In particular, when the user ID and password of IoT devices set by manufacturing factory are still same or the already known vulnerabilities of IoT devices are not patched, the dangerousness of the IoT devices and its related solution were found in this study.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.39 no.7
• /
• pp.1-11
• /
• 2002

This paper proposes that an efficient routing entry sending method between routing controller FE. based on this method, we organize IP VPN support method based on MPLS network and design MPLS-VPN service control module, MPLS-VPN processing, VPN group configuration and LSP setup processing. We evaluate the performance about the VPN based on proposed MPLS, at the result of evaluation. We figure out that based on proposed IPC method, lost packets number reduces and delay increases more slowly in case of VPN based on MPLS comparing with the VPN based on ATM which has rapid delay increasement. Therefore we confirm that the VPN based on MPLS has high speed of packet processing and high utilization of buffers through the performance evaluation.