• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.9_10
• /
• pp.441-451
• /
• 2008

Currently, the X.509 proxy certificate is widely used to delegate an entity's right to another entity in the computational grid environment. However it has two drawbacks: the potential security threat caused by intraceability of a delegation chain and the inefficiency caused by an interactive communication between the right grantor and the right grantee on the delegation protocol. To address these problems for computational grids, we propose a new delegation protocol without additional cost. We use an ID-based key generation technique to generate a proxy private key which is a means to exercise the delegated signing right. By applying the ID-based key generation technique, the proposed protocol has the delegation traceability and the non-interactive delegation property. Since the right delegation occurs massively in the computational grid environment, our protocol can contribute the security enhancement by providing the delegation traceability and the efficiency enhancement by reducing the inter-domain communication cost.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.1-6
• /
• 2014

The IoT (Internet of Things) is considered as a core technology to realize interconnected world. At this, companies composing ICT industry and standard organizations make efforts to accelerate it. IETF CoRE(Constrained RESTful Environment) working group standardized CoAP (Constrained Application Protocol) for the constrained device. CoAP has RESTful architecture and CoAP option is provided to use forward-proxy. The forward-proxy is used to translate protocol and perform requests on behalf of the client. However, communication between Internet based client and LLN(Low-power and Lossy Network) based CoAP server architecture has limitations to deploy real IoT service. In this architecture, problems like response delay, URI assignment and DoS attack can be occurred. To solve these problems, we propose the reverse-proxy based system. We consider both of static IoT and mobility IoT environments. Finally, our proposed system is expected to provide efficient IoT service.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.4
• /
• pp.121-126
• /
• 2009

Video poxy server which is located near clients can store the frequently requested video data in storage space in order to minimize initial latency and network traffic significantly. However, due to the limited storage space in video proxy server, an appropriate deletion algorithm is needed to remove the old video data which is not serviced for a long time. Thus, we propose an efficient video data deletion algorithm for video proxy server. The proposed deletion algorithm removes the video which has the lowest request possibility based on the user access patterns. In our algorithm, we arrange the videos which are stored in video proxy server according to the requested time sequence and then, select the video which has the oldest requested time. The selected video is partially removed in order to free up storage space in video poky server. The simulation results show that the proposed algorithm performs better than other algorithms in terms of the block hit rate and the number of block deletion.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.6
• /
• pp.167-172
• /
• 2013

In a paper recently published in the International Journal of Parallel, Emergent and Distributed Systems, Biswas et al. proposed a VANET message authentication scheme which uses an identity-based proxy signature mechanism as an underlying primitive. The authors claimed that their scheme supports various security features including the security of proxy-key, the security against message forgery and the security against replay attack, with non-repudiation and resistance to proxy-key compromise. Here, we show how an active attacker, who has no knowledge of an original message sender's private key, can compute the proxy-signature key of the corresponding message sender, meaning that the scheme is completely insecure. We also suggest an enhanced version of the protocol capable of solving such serious security holes.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.45 no.3
• /
• pp.61-67
• /
• 2008

Proxy MIPv6 (PMIPv6) is that network-based mobility management protocol that network supports mobile node's mobility on behalf of the MN. In PMIPv6, when two MNs located within the same PMIPv6 domain want to communicate each other, sub-optimal path is established between the two MN. Route optimization method for PMIPv6 is proposed to resolve the problem. However, the method still suffer from the performance degradation due to out-of-sequence packet problem. In this paper, we propose the route optimization mechanism in PMIPv6 based on Flush message to resolve the out-of-sequence packet problem. The proposed mechanism is evaluated by performing simulations, and the simulation results show that the proposed one gives better performance.

• The KIPS Transactions:PartD
• /
• v.10D no.1
• /
• pp.153-160
• /
• 2003

Recently, deployments of firewalls and NATs ire increasing to provide network security features or to solve the problem of public IP shortage. But, in these environments, peers in different firewall or NAT environments may get limited services because they cannot open direct communicate channels. This can be a significant problem in pure P2P environments where the peers should get or provide services by opening direct channels among themselves. In this paper, we propose a scheme for dynamically selecting a peer that fan be used as a proxy server. The proxy server supports the communication between the peers in different firewall or NAT environments. The proposed scheme is operating system independent and supports bidirectional communication among the peers in P2P environments. Additionally, the proposed scheme can distribute network traffic by dynamically allocating proxy servers to the peers that is not located in the firewall or NAT environments.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.1B
• /
• pp.7-20
• /
• 2011

Recently, Proxy Mobile IPv6(PMIPv6) networks have been studied as the mobility management protocol to effectively use limited wireless resources. And the multicasting, which is core technology of the Internet broadcast system such as mobile IPTV, has been discussed mainly based on PMIPv6 network. However, multicasting based on PMIPv6 network causes disconnection of services because it does not solve problems of packet loss during binding and group joining procedure. Hence, we propose a seamless multicast scheme which prevents packet loss in PMIPv6 networks. The proposed scheme achieves lower latency than the existing scheme because it combines binding and group joining procedure, a1so it does not cause about packet losses due to performing buffering. We proved the performance using the simulations.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.6
• /
• pp.698-701
• /
• 2010

Recently, Vehicular Networks is being developed to provide variety of services such as email, ftp, and video streaming services. As IP mobility technology, Proxy Mobile IP is developed to provide these services for a VANET user. By adopting Proxy Mobile IPv6 (PMIPv6), Vehicular Networks can support IP mobility, but it may cause a proxy binding update (PBU) message when a vehicle moves from one MAG to another. In addition, if the density of vehicles on the road is high, significant PBU messages are generated. In this paper, we propose bulk PBU message to reduce signaling overhead by those PBU messages when a bunch of vehicles move from one MAG to another. When the vehicles move from one MAG to another, it generates only one bulk PBU message to update those vehicle's location. Through numerical and simulation results, we show that our proposed bulk registration reduces signaling overhead when the density of vehicles and the speed of them are high.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.37-48
• /
• 2008

VoIP service is a transmission of voice data using SIP protocol on IP based network, The SIP protocol has many advantages such as providing IP based voice communication and multimedia service with cheap communication cost and so on. Therefore the SIP protocol spread out very quickly. But, SIP protocol exposes new forms of vulnerabilities on malicious attacks such as Message Flooding attack and protocol parsing attack. And it also suffers threats from many existing vulnerabilities like on IP based protocol. In this paper, we propose a new Virtual Proxy Server system in front of the existed Proxy Server for anomaly detection of SIP attack and stateful management of SIP session with enhanced security. Based on stateful virtual proxy server, out solution shows promising SIP Message Flooding attack verification and detection performance with minimized latency on SIP packet transmission.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.46 no.4
• /
• pp.82-88
• /
• 2009

Video proxy server which is located near clients can store the frequently requested video data in storage space in order to minimize initial latency and network traffic significantly. However, due to the limited storage space in video proxy server, an appropriate video selection method is needed to store the videos which are frequently requested by users. Thus, we present a virtual caching technique to efficiently store the video in video proxy server. For this purpose, we employ a virtual memory in video poky server. If the video is requested by user, it is loaded in virtual memory first and then, delivered to the user. A video which is loaded in virtual memory is deleted or moved into the storage space of video poxy sewer depending on the request condition. In addition, virtual memory is divided into each segment area in order to store the segments efficiently and to avoid the fragmentation. The simulation results show that the proposed method performs better than other methods in terms of the block hit rate and the number of block deletion.