• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.683-688
• /
• 2004

NAT is a very useful IP address translation technique that allows two connected networks using different and incompatible IP address schemes. But it is impractical to use NAT for an application which uses the encrypted IP packet, embedding IP addresses inside of data payloads, to guarantee End-to-End Security such as IPSec. In addition to rewriting the source/destination IP addresses in the packet, NAT must modify IP checksum every time, which could lead to considerable performance decrease of the overall system in the process of the address translation. RSIP is an alternative to solve these disadvantages of NAT and the address shortage problems. Both NAT and RSIP divide networks into inside and outside addressing realms. NAT translates addresses between internal network and external network, but RSIP uses a borrowed external address for outside communications. RSIP server assigns a routable public address to a RSIP client temporarily to communicate with public net-work outside of the private network. In this paper, RSIP gateway for intranet environment is designed and its performance is evaluated. From the results of performance evaluation, we knew that RSIP is operated less sensitive to the data traffic. Also, the experiment shows that RSIP performs better than NAT when the transmission data grows larger.

• Journal of KIISE:Information Networking
• /
• v.34 no.1
• /
• pp.62-72
• /
• 2007

Mobile Virtual Private Network (MVPN) provides VPN services without geographical restriction to mobile workers using mobile devices. Coexistence of Mobile IP (MIP) protocol for mobility and IPsec-based VPN technology are necessary in order to provide continuous VPN service to mobile users. However, Problems like registration failure or frequent IPsec tunnel re-negotiation occur when IPsec-based VPN Gateway (GW) and MIP are used together. In order to solve these problems, IETF proposes a mechanism which uses external home agent (x-HA) located external to the corporate VPN GW. In addition, based on the IETF proposal, a mechanism that assigns x-HA dynamically in the networks where MN is currently located was also proposed with the purpose to reduce handover latency as well as end-to-end delay. However, this mechanism has problems such as exposure of a session key for dynamic Mobility Security Association (MSA) or a long latency in case of the handover between different networks. In this paper, we propose a new MVPN protocol in order to minimize handover latency, enhance the security in key exchange, and to reduce data losses cause by handover. Through a course of simulation, the performance of proposed protocol is compared with the existing mechanism.

• The KIPS Transactions:PartC
• /
• v.11C no.2
• /
• pp.171-176
• /
• 2004

This paper presents the design of a certain highly efficient security policy negotiation of SPS(Security Policy System) for secure network management using mobile agent system. The conventional IP security systems for secure network management have some problems. A drawback to these systems is that the required policy between each security area is different. Another problem is not possible to guarantee whether a packet is transmitted through the same path by both directions and is protected by the same policy due to the topology of the network. Unlike conventional systems, the model developed herein can be resolved by using a mobile agent technology. If each domain needs a negotiation of security policy, a mobile agent manages the result of the negotiation in the form of a passport and guarantees the authentication and reliability each other by using the passport.

• Journal of KIISE:Information Networking
• /
• v.34 no.5
• /
• pp.348-359
• /
• 2007

The conventional mobile VPN services assumed the mobile communications occur between the MN in foreign networks and the CN in the home network. However, if a MN wants to communicate with another MN in a foreign network, it could degrade the performance of the mobile VPN service because of the triangular routing problem. In this paper, we propose a route optimization mechanism based on the mobile VPN using an x-HA allocated by diameter MIP in order to support the efficient communication between the mobile VPN users in foreign networks. The i-HA maintains the VPN-TIA as well as the x-HoA as the CoAs to solve the security problem and to provide an efficient route optimization simultaneously. Moreover, we proposed revised IPSec tunnel configuration to reduce the IPSec tunnel overheads at a MN when the MN communicates with several MNs in the foreign networks at the same time. The VPN server, a security management entity in the home network, notifies an additional IPSec tunnel establishment between the x-HAs where the communication peers are registered. The simulation result showed that the proposed scheme decreases the end-to-end packet delay time and improves the throughput after the handoff compared to the existing mechanism.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2109-2112
• /
• 2003

Diameter-MIPV4 프로토콜은 기존 Mobile IP(MIP)의 취약한 키 분배 문제를 해결하고 이동노드에 대해 인증 및 권한 검증, 과금 서비스 등을 지원함으로써 보다 개선된 보안 메커니즘을 제안하고 있다. 그러나 흠 망의 Diameter 서버에 의해 인증 및 등록이 수행된 후 공중망을 통해서 이동노드에게 세션키를 분배하는 것은 많은 보안상 공격에 노출될 수 있으며 원격지 도메인간의 빈번한 등록 메시지 교환은 통신 지연을 야기 시킬 수 있다. 본 논문에서는 안전한 세션키 분배를 위해서, 이동 노드의 등록 수행 과정 중 홈 망과 방문 망 사이에 IPsec(IP security) 터널을 구축함으로써 공중망에서의 세션키 유출 위협을 감소시켰다. 또한 네트워크의 계층성과 Micro-Mobility MIP 메커니즘을 이용하여 동일 도메인 내에서의 핸드오프 시 이동 노드의 인증 및 등록, 세션키 분배를 지역화 함으로써 통신 지연 문제를 효율적으로 개선하였다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.2B
• /
• pp.144-156
• /
• 2003

Internet/Intranet has been continuously enhanced by new emerging IP technologies such as differentiate service(DiffServ), IPSec(IP Security) and MPLS(Multi-protocol Label Switching) traffic engineering. According to the increased demands of various real-time multimedia services, ISP(Internet Service Provider) should provide enhanced end-to-end QoS(quality of service) and security features. Therefore, Internet and Intranet need the management functionality of sophisticated traffic engineering functions. In this paper, we design and implement the performance management functionality for the guaranteed end-to-end QoS provisioning on MPLS-based VPLS(Virtual Private LAN Service). We propose VPLS OAM(Operation, Administration and Maintenance) for efficient performance management. We focus on a scheme of QoS management and measurement of QoS parameters(such as delay, jitter, loss, etc.) using VPLS OAM functions. The proposed performance management system also supports performance tuning to enhance the provided QoS by re-adjusting the bandwidth of LSPs for VPLS. We present the experimental results of performance monitoring and analysis using a network simulator.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.721-724
• /
• 2003

본 논문에서는 CDMA 3G 환경에서의 Wireless VPN에 있어서의 문제점을 분석하고 설계/구현 방안을 제시하고자 한다. Wireless VPN의 최종 목표는 Wireline VPN과의 통합을 이루어서 진정한 Mobile VPN을 구현하는 것이지만 아직까지 Mobile IP 지원에 대한 국제 표준이 완전히 정비되지 않은 상태이고 또한 Mobile VPN에 대한 기술적 검증이 이루어진 적이 없기 때문에 본 논문에서는 Wireless VPN에 초점을 맞추도록 한다.

• Review of KIISC
• /
• v.9 no.4
• /
• pp.19-24
• /
• 1999

인터넷을 통한 전자상거래가 활성화되면서 기업또는 개인들 사이에서 인터넷을 통 한 안전한 데이터 통신에 대한 욕구가 날로 증가하고 있는 실정이다. 이러한 요구사항을 만 족시키기 위하여 가상사설망(VPN) 기술에 대한 관심 또한 지대하다고 할수 있다. 해당 기 술로는 IP 또는 데이터링크 계층에 작동하는 VPN 프로토콜인 IPSEC, PPTP 외에 응용계 층에서 작동하는 SOCKS VPN 등이 있다. 본 논문에서는 SOCKS VPNdp 대해서 설명하고 자 한다. 우선 VPN 기술에 대한 간략한 소개를 한 다음 SOCKS 기능에 대하여 상술하고 SOCKS V.5를 이용한 VPN 구축방법을 서술한다. SOCKS VPN을 구축하는데 핵심 모듈인 SOCKS V.5 GSS-API는 수출규제를 받기 때문에 하나의 대안으로 SOCKS 4.3과 SSL을 이용한 VPN 구축방법을 제안한다.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.1
• /
• pp.39-48
• /
• 2004

An IP address shortage problem is happening with a rapid propagation of the Internet and demands about a new IP address. Address translation technology as NAT is becoming use widely in order to solve these problems. NAT is an very useful If address translation technique that allows two connected networks to use different and incompatible IP address schemes. Rut it is difficult to use NAT particularly for applications that embeded IP addresses in data payloads or encrypted IP packet to guarantee End-to-End Security such as IPSec. In addition to rewiting the source/destination IP address in the packet, NAT must modify IP checksum every time, which could lead to considerablely performance decrease of the overall system in the process of address translation. RSIP is an alternative to solve these disadvantages and address shortage problems of NAT. Both NAT and RSIP divide networks into inside and outside addressing realms. NAT translates addresses between internal network and external network, but RSIP uses a borrowed external address for outside communications. RSIP server assigns a routable, public address to an RSIP client temporaily to communicate with public network outside the private network. In this paper, I will analyze NAT and RSIP gateway system, and then I will propose the Linux-based RSIP gateway for more efficient IP Address Translation in Intranet environments based on RSIP standard of IETF.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.12
• /
• pp.4739-4758
• /
• 2015

The IPv4 addressing scheme, which was proposed by IETF in 1981, provides 4.3 billion unique 32-bit IP addresses but has been fully exhausted in Feb, 2011. This exhaustion of unique IP addresses poses significant challenges to the addition of new devices to the Internet as well as offering new services. Internet of Things, which provides interconnected uniquely identifiable devices in the existing Internet infrastructure, will be greatly affected by the lack of unique IP addresses. In order to connect to the existing Internet infrastructure, every new device needs a uniquely identified IP address for communication. It has been estimated that by the year 2020 more than 30 billion devices would be connected to the Internet. In order to meet the challenge of such vast requirement of unique IP addresses, the devices in IoT will have to adopt IPv6, which is the latest version of Internet Protocol. IPv6 uses 128-bit IP addresses and offers 2¹²⁸ unique IP addresses. Therefore, it expands IPv4 and provides new features of end to end connections as well as new services. In this paper, the various challenges with respect to providing connectivity, security, mobility, etc., have been discussed and how IPv6 helps in meeting those challenges.