• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.04b
• /
• pp.1257-1260
• /
• 2002

3 세대 이동통신 시스템인 UMTS/GPRS 는 모든 MS(Mobile Station)에게 인터넷 서비스를 항상 제공할 수 있도록 하는 것을 목표로 하고 있다. 그러나 최근 인터넷 사용의 증가로 인해 public IPv4 주소 부족 현상이 발생함에 따라 인터넷에 연결되어 있는 모든 MS 에게 public IPv4 주소를 할당하는데 한계가 있다. 이에 따라 3GPP의 Release 2000 IM CN(IP Multimedia Core Network) 서브 시스템에서는 멀티미디어 서비스 지원을 위해 인터넷에 연결되어 있는 모든 MS 에게 IP 를 할당할 수 있도록 IPv6 지원을 필수로 정의하고 있다. 따라서 UMTS/GPRS 에서 IPv6 를 지원할 경우 이동망과 인터넷망간의 패킷 서비스 전달을 위해 게이트웨이 기능을 수행하는 GGSN 에서 가장 큰 변화가 이루어질 것이다. 그러므로 본 논문에서는 GGSN 이 dual stack 을 지원해야하는지에 대해 살펴본 후 UMTS/GPRS 프로토콜 구조를 제안한다. 그리고 IPv6 지원을 위해 GGSN의 기능을 설계하고 GTP 메시지와 IPv6 주소 할당 방법에 대해 살펴본다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.577-578
• /
• 2009

최근 무선 네트워크 기술의 발달과 휴대용 기기들의 놀라운 성능향상으로 이동 중에도 통신을 할 수 있는 기술이 요구되고 있다. 이러한 요구사항을 만족하기 위해서 IETF에서는 Mobile IPv6와 Proxy Mobile IPv6라는 기술을 표준화하였다. Mobile IPv6는 호스트 기반의 이동성을 제공하는 프로토콜이고, Proxy Mobile IPv6는 네트워크 기반의 이동성을 제공하는 프로토콜이다. 모바일 환경에서의 각 도메인은 Mobile IPv6와 Proxy Mobile IPv6의 프로토콜 기술을 채택하여 이동성을 제공하는데, 각 기술간의 상호 연동과 핸드오버 관점에서의 다양한 고려사항이 존재한다. 본 논문에서는 Mobile IPv6와 Proxy Mobile IPv6의 각각의 환경에서 Inter-Domain 간의 상호 연동과 핸드오버 방법에 대해서 시나리오를 분석한다. 본 논문은 향후 다양한 특성을 지닌 도메인 환경에서 핸드오버 방법에 대해서 고려하고자 할 때 도움을 주고자 한다.

• TTA Journal
• /
• s.91
• /
• pp.83-89
• /
• 2004

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.1B
• /
• pp.40-52
• /
• 2007

Mobile IP allows mobile end-systems to maintain on-going connections while moving to other links. Based on the Internet Protocol Version 6 (IPv6), mobile IPv6 provides a set of new mobility functions such as route optimization in addition to the functions in mobile IPv4. This paper describes the hardware-based mobile IPv6 implementation which provides all the mobility functionalities in hardware. The hardware-based mobile IPv6 provides faster mobility support than software-based implementation as well as it reduces the number of packet losses which can be caused during the movement. In end-systems equipped with hardware-based mobility support, the CPU can concentrate more on running application programs without wasting its effort for mobility support, and hence it is expected the overall performance improvement.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.10a
• /
• pp.261-264
• /
• 2008

IPv6 has been proposed and deployed to cater the shortage of IPv4 addresses. It is expected to foresee mobile phones, pocket PCs, home devices and any other kind of network capable devices to be connected to the Internet with the introduction and deployment of IPv6. This scenario will bring in more challenges to the existing network infrastructure especially in the network security area. Firewalls are the simplest and the most basic form of protection to ensure network security. Nowadays, firewalls' usage has been extended from not only to protect the whole network but also appear as software firewalls to protect each network devices. IPv6 and IPv4 are not interoperable as there are separate networking stacks for each protocol. Therefore, the existing states of the art in firewalling need to be reengineered. In our context here, we pay attention only to the IPv6 firewalls configuration anomalies without considering other factors. Pre-evaluation of security risk is important in any organization especially a large scale network deployment where an add on rules to the firewall may affect the up and running network. We proposed a new probabilistic based model to evaluate the security risks based on examining the existing firewall rules. Hence, the network administrators can pre-evaluate the possible risk incurred in their current network security implementation in the IPv6 network. The outcome from our proposed pre-evaluation model will be the possibilities in percentage that the IPv6 firewall is configured wrongly or insecurely where known attacks such as DoS attack, Probation attack, Renumbering attack and etc can be launched easily. Besides that, we suggest and recommend few important rules set that should be included in configuring IPv6 firewall rules.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.9 no.3
• /
• pp.93-99
• /
• 2009

The Internet Engineering Task Force (lETF)proposed the Mobile IPv6 protocol to provide host mobility in IPv6-based network and to offer a standardized technology. However, Mobile IPv6 (MIPv6) is not applied in actual network because of long handover latency and packet loss problems. Therefore, to compensate these drawbacks, many studies are in progress and FMIPv6 (Fast handover for Mobile IPv6) is one of the studies that has been proposed to supplement the shortcomings of MIPv6. But there are problems occurred in using router tunneling which causes packet loss and out of sequence problems. In this paper, we propose an Advanced Mobile IPv6 (AMIPv6) protocol to minimize the handover latency when Mobile Node frequently moves in each subnet. We compared the performance analysis of AMIPv6 handover latency with MIPv6 handover latency in the same network environment to prove that AMIPv6 is more efficient.

• Journal of KIISE:Information Networking
• /
• v.37 no.6
• /
• pp.459-465
• /
• 2010

Mobile IPv6(MIPv6) features have several defects such as overloading of nodes, loss of wireless signals, packet loss, movement problem and so forth. Proxy Mobile IPv6 (PMIPv6) got over the limit of MIPv6 problems. MIPv6 features have several defects such as overloading of nodes, loss of wireless signals, packet loss, movement problem and so forth. Research on PMIPv6, which features network-based mobility is actively in progress in order to resolve these issues. PMIPv6 is emerging as a new paradigm that can overcome the limitations of the existing MIPv6. Nevertheless, such PMIPv6 also incurs problems during hand-over. While it offers a solution to node-based problems, it does, too, create long delay times during hand-over. Since MN (Mobile Node) has been sensing its own movements on MIPv6, fast handover can be done easily. However it can't apply fast handover like MIPv6, as it can't apply fast handover like MIPv6 In this paper, the author solved hand-over problem on MIPv6. MAG knows location information of MN and if MN moves into other MAG's area, Location Server gives MN information to the MAG. Therefore, this mechanism makes hand-over process easier.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.471-484
• /
• 2004

Recently. many projects have been actively implementing IPsec on the various Operating Systems for security of IPv6 network. But there is no existing tool that checks the IPsec-based systems, which provide IPsec services, work Properly and provide their network security services well In the IPv6 network. In this paper, we design SERDL(Security Evaluation Rule Description Language) and rule execution tool for evaluating security of the IPv6 network, and we provide implementation details. The system Is divided into following parts : User Interface part, Rule Execution Module part, DBMS part and agent that gathering information needed for security test.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.7B
• /
• pp.403-410
• /
• 2007

Neighbor Discovery (ND) protocol was proposed to discover neighboring hosts and routers in IPv6 wire/wireless local networks. ND protocol, however, has a problem that it is vulnerable to network attacks because ND protocol allows malicious users to impersonate other legitimate hosts or routers by forging ND protocol messages. To address the security problem, Secure Neighbor Discovery (SEND) protocol was proposed. SEND protocol provides address ownership proof mechanism, ND protocol message protection mechanism, reply attack prevention mechanism, and router authentication mechanism to protect ND protocol. In this paper, we design and implement SEND protocol in IPv6 local networks. And also, we evaluate and analyze the security vulnerability and performance of SEND protocol by experimenting the implemented SEND protocol on IPv6 networks.

• Journal of KIISE:Information Networking
• /
• v.30 no.5
• /
• pp.604-613
• /
• 2003

Network Address Translation-Protocol Translation(NAT-PT) is an IPv4/IPv6 translation mechanism, as defined in RFC2766, allowing IPv6-only devices to communicate with IPv4-only devices and vice versa. But NAT-PT has the restriction that applies to IPv4 NAT where NAT-PT does not provide end-to-end security, which is a major goal of IPSec. Therefore it cannot support security services such as confidentiality, authentication, and integrity. In this paper, we propose secure NAT-PT(SNAT-PT) and the corresponding secure host architecture to support IPSec security service. And also tunneling scheme using dummy IP header is presented to show the valid operation of end-to-end IPSec protocol on the proposed architectures.