• Journal of the Korea Society of Computer and Information
• /
• v.29 no.11
• /
• pp.209-216
• /
• 2024

In This paper, we proposed a technology to provide safety and convenience for cloud computing services. The proposed technology strengthens user authentication for the safe service of digital content in a cloud computing environment and proposes a technology to prevent packet infringement on the network. For user authentication, a dual authentication method and an access medium authentication method were applied, and a secure service was provided through session authentication to protect packets on the network. Real-time synchronization between systems as a cloud system's multiplexed service method ensures smooth service is always supported in the event of a system failure. The proposed user authentication technology prevents illegal user access and enables management by access license with the system simultaneous access user management function. Authentication session tickets of authenticated users provide convenience in system access and service use during the validity of the ticket, and packet infringement prevention functions.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.45 no.3
• /
• pp.68-74
• /
• 2008

Ethernet is the very successful technology in private local area network. Therefore, we can obtain the advantage to reduce network overhead due to such as protocol translation when to apply Ethernet to the public backbone network. However, in order to do that, it is required to restore the network within 50msec when link failure occurs, in order to provide seamless connections to end users. Currently, ITU-T standardized the automatic protection switching (APS) based Ethernet protection switching system. In this paper, we propose the improved Ethernet protection switching system to minimize the number of Ethernet frames lost when the network is restored from the failure. The proposed mechanism is analyzed by using simulation based on ns-2 and numerical results show that the proposed one provides superior performance.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.51 no.10
• /
• pp.34-40
• /
• 2014

With the economical data service delivery, the packet transport network (PTN) technologies have emerged as an important player in the next-generation transport networks. As the PTN continues to make such considerable progress, it is being challenged by network providers who need rapid and reliable recovery capabilities to guarantee the availability of their services. This paper introduces several fault detection mechanisms for a client signal failure in packet transport networks and proposes a reliable transmission method of IP flows from routers using the combination of Ethernet services. Based on the first fault detection methods, client signal fault is detected within tens or hundreds of milliseconds. It enables the client network devices to perform their own recovery processes within one second. The second mechanism enables failed Ethernet services to be bypassed via other Ethernet services over disjoint paths, so as to contribute on reducing packet loss of IP traffic.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2067-2072
• /
• 2016

Recently, due to the development of attack techniques that can circumvent existing information protection systems, continuous threats in a form unrecognized by the user have threatened information assets. Therefore, it is necessary to support the prompt responses to anticipated attempts of APT attacks, bypass access attacks, and encryption packet attacks, which the existing systems have difficulty defending against through a single response, and to continuously monitor information protection systems with a defense strategy based on Indicators of Attack (IOA). In this paper, I suggest a centralized intelligent information protection system to support the intelligent response to a violation by discerning important assets through prevention control in a performance impact assessment about information properties in order to block the attack routes of APT; establishing information control policies through weakness/risk analyses in order to remove the risks in advance; establishing detection control by restricting interior/exterior bypass networks to server access and monitoring encrypted communications; and lastly, performing related corrective control through backup/restoration.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.1B
• /
• pp.41-51
• /
• 2004

Operation and maintenance (OAM) in optical burst switching (OBS) networks has not yet been addressed even though OBS has been gaining research interest in recent years. In this paper, we defined five OBS functions such as Burst Termination (BT), Burst Transmission (BTX), Burst Switching (BSW), Routing and Switching Control (RSC), and Protection and Restoration (PAR). A functional model for OBS networks and an OAM architecture are designed to meet the operational requirements. We present the first framework to realize OAM in OBS networks, including OAM activities, OAM-capable OBS nodes such as ingress edge, core, and egress edge nodes, OAM information and communication models and protocols. A number of examples of possible network failures are pointed out and the corresponding reactions to these using the proposed OAM architecture are presented.

• Journal of The Institute of Information and Telecommunication Facilities Engineering
• /
• v.2 no.4
• /
• pp.71-77
• /
• 2003

Security system in internet as well as the performance in information network became more important as the internet environment is getting popular and complicate. In this study, the security system (Firewall and IDS) was installed in high speed information network and analyzed for a change in the speed of data transfer and the possibility of invasion. The selection of appropriate system, efficient detection and protection and surveillance method were suggested and analyzed In order to do experiments, an experimental model was com prized to analyze the parameters that was affected by the detection and protection system in network. This will give a standard how much we can pull up the security system maintaining the network speed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.908-911
• /
• 2003

In this study, the security system (Firewall and IDS) was installed in high speed information network and analyzed for a change in the speed of data transfer and the possibility of invasion. The selection of appropriate system, efficient detection and protection and surveillance method were suggested and analyzed. In order to do experiments, an experimental model was comprized to analyze the parameters that was affected by the detection and protection system in network. This will give a standard how much we can pull up the security system maintaining the network speed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.558-575
• /
• 2013

The purpose of a data leakage prevention system is to protect corporate information assets. The system monitors the packet exchanges between internal systems and the Internet, filters packets according to the data security policy defined by each company, or discretionarily deletes important data included in packets in order to prevent leakage of corporate information. However, the problem arises that the system may monitor employees' personal information, thus allowing their privacy to be violated. Therefore, it is necessary to find not only a solution for detecting leakage of significant information, but also a way to minimize the leakage of internal users' personal information. In this paper, we propose two models for representing the level of personal information disclosure during data leakage detection. One model measures only the disclosure frequencies of keywords that are defined as personal data. These frequencies are used to indicate the privacy violation level. The other model represents the context of privacy violation using a private data matrix. Each row of the matrix represents the disclosure counts for personal data keywords in a given time period, and each column represents the disclosure count of a certain keyword during the entire observation interval. Using the suggested matrix model, we can represent an abstracted context of the privacy violation situation. Experiments on the privacy violation situation to demonstrate the usability of the suggested models are also presented.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.53 no.9
• /
• pp.26-37
• /
• 2016

The core technologies of the current transport network are OAM and protection switching to meet the sub-50ms protection switching time via a path redundancy when a link or node failure occurs. The transport networks owned by public network operators, central/local governments, and major enterprises are individually configured and managed with service resiliency in each own protected sub-network. When such networks are cascaded, it is also important to provide a node resiliency between two protected sub-networks. However, the linear protection switching in packet transport networks, such as MPLS-TP and Carrier Ethernet, does not define a solution of dual node interconnection. Although Ethernet ring protection switching covers the dual node interconnection scheme, a large amount of duplicated data frames may be flooded when a failure occurs on an adjacent (sub) ring. In this paper, we suggest a dual node interconnection scheme with linear protection switching technology in multiple protected sub-networks. And we investigate how various protected sub-network combinations with a proposed linear or ring protection process impact the service resiliency of multiple protected sub-networks through extensive experiments on link and interconnected node failures.

• Information and Communications Magazine
• /
• v.31 no.3
• /
• pp.103-116
• /
• 2014

This paper proposes the design of Vehicular Cyber-Physical Systems (called VCPS) based on vehicular cloud for smart road networks. Our VCPS realizes mobile cloud computing services where vehicles themselves or mobile devices (e.g., smartphones and tablets of drivers or passengers in vehicles) play a role of both cloud server and cloud client in the vehicular cloud. First, this paper describes the architecture of vehicular networks for VCPS and the delay modeling for the event prediction and data delivery, such as a mobile node's travel delay along its navigation path and the packet delivery delay in vehicular networks. Second, the paper explains two VCPS applications as smart road services for the driving efficiency and safety through the vehicular cloud, such as interactive navigation and pedestrian protection. Last, the paper discusses further research issues for VCPS for smart road networks.