• Journal of the Korea Convergence Society
• /
• v.12 no.5
• /
• pp.9-16
• /
• 2021

Due to the prolonged infectious disease of COVID-19 worldwide, there are various security threats due to network attacks on Internet of Things devices that are vulnerable to telecommuting. Initially, users of Internet of Things devices were exploited for vulnerabilities in Remote Desktop Protocol, spear phishing and APT attacks. Since then, the technology of network attacks has gradually evolved, exploiting the simple service discovery protocol of Internet of Things devices, and DRDoS attacks have continued to increase. Existing SSDPs are accessible to unauthorized devices on the network, resulting in problems with information disclosure and amplification attacks on SSDP servers. To compensate for the problem with the authentication procedure of existing SSDPs, we propose a hash-based SSDP that encrypts server-specific information with hash and adds authentication fields to both Notify and M-Search message packets to determine whether an authorized IoT device is present.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.108-110
• /
• 2021

Since 2015, attacks using the IoT protocol have been continuously reported. Among various IoT protocols, attackers attempt DDoS attacks using SSDP(Simple Service Discovery Protocol), and as statistics of cyber shelters, Korea has about 1 million open SSDP servers. Vulnerable SSDP servers connected to the Internet can generate more than 50Gb of traffic and the risk of attack increases gradually. Until recently, distributed denial of service attacks and distributed reflective denial of service attacks have been a security issue. Accordingly, the purpose of this study is to analyze the request packet of the existing SSDP protocol to identify an amplification attack and to avoid a response when an amplification attack is suspected, thereby preventing network load due to the occurrence of a large number of response packets due to the role of traffic reflection amplification.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.109-117
• /
• 2009

In this paper, we propose an efficient service discovery scheme that combines peer-to-peer caching advertisement and node ID-based selective forwarding service requests. P2P caching advertisement quickly spreads available service information and reduces average response hop count since service information store in neighbor node cache. In addition, node ID-based service requests can minimize network transmission delay and can reduce network load since do not broadcast to all neighbor node. Proposed scheme does not require a central lookup server or registry and not rely on flooding that create a number of transmission messages. Simulation results show that proposed scheme improved network loads and response times since reduce a lot of messages and reduce average response hop counts using adaptive selective nodes among neighbor nodes compared to traditional flooding-based protocol.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.1399-1402
• /
• 2001

네트워크가 발전하면서 무선 환경에서 각종 장치들을 연결하고자 하는 요구가 늘어나고 있다. 무선 장치들은 전력소모를 줄여야하기 때문에 보다 많은 기능을 탑재하는 데에 어려움이 따른다. 특히, 실행중에 다른 장치를 인식하고 환경설정하며 실행상태를 관찰하는 것은 많은 에너지를 필요로 하는 복잡한 작업일 수 있다. Jini 기술은 장치들을 자동으로 인식하고 설정하는 데에 있어 강력하면서도 단순한 Service Discovery Protocol을 포함하고 있다. 그러나 Jini는 유선 네트워크를 기준으로 개발되어졌기 때문에 무선, 특히 Ad-hoc 네트워크 환경에 적응하기 위해서는 각 요소들이 어떠한 중계도 없이 독립적으로 서로를 인식한 수 있도록 개선되어야 한다. Lookup Server가 작동을 멈추거나 룩업서비스를 받을 수 없는 지역에 있다면, 클라이언트는 서비스를 찾을 수 없고 서비스들도 새롭게 등록될 수 없다. 특히 이동성을 지닌 Ad-hoc 네트워크에서 룩업서비스의 존재는 보장받기 어렵다. 본 논문은 Jini를 기반으로 Ad-hoc 네트워크를 구축한 때 룩업서비스의 일부 기능을 클라이언트에게 분산시키고 다른 클라이언트와 정보를 공유한 수 있도록 개선된 Jini Discovery를 제안한다.

• Journal of Internet of Things and Convergence
• /
• v.2 no.2
• /
• pp.15-20
• /
• 2016

MicroSoft Windows 10 IoT version, released in August 2015, successfully drew consumer interest by introducing the familiar Windows into the IoT market, and enabled an easier system construction of IoT web servers. Meanwhile, overdiagnosis has recently emerged as a controversy in medical society. Establishment of communication between IoT servers and medical devices will send treatment results to users and activate communication between hospitals, greatly reducing this problem. The IoT server, with its limited resources, utilizes lightweight protocols that do not generate traffic and are easy to use. This paper proposes IoT networks which will enable medical devices to easily provide ubiquitous environments to their users, through utilization of the lightweight Simple Service Discovery Protocol (SSDP) and the secure Extensible Messaging and Presence Protocol (XMPP).

• Journal of Internet Computing and Services
• /
• v.12 no.2
• /
• pp.55-62
• /
• 2011

To make service location protocol of IETF which is to be used in the wide area network to discover the location of desired service when computing resources are connected to the network, and to support simless connectivity between wired and wireless network in service viewpoint, to support the diversity trend of service agents in WIF, it needs to improve SLP, so as to add Liaison Agent and Forwarding Agent with FAAdvert message that is to communicate in between those entities. LA entity confirms the location of service located in wide area network, and FA transfers service information. The usage of existing messages such as SrvRqst, SrvRply, AttrRqst, AttrRply, DAAdvert, SrvReg, SrvAck, SrvDeReg is same as ever in wide area service network. The behaviors of improved protocol is modeled into petri-net and prove that it is free of deadlock and live-lock by execution of the model.

• Journal of KIISE:Information Networking
• /
• v.35 no.6
• /
• pp.538-548
• /
• 2008

In the Internet Engineering Task Force(IETF), Next Step in Signaling(NSIS) working group, proposed a mechanism to discover the Crossover Node(CRN), when the route is changed by Mobile Node(MN) handover. The CRN is divergence or convergence node on old and new path for reserving resources. Trough the CRN discovery mechanism, it possible to reduce a signaling delay and avoid the redundant reservation on the common path between old and new path. However, the QoS(Quality of Service) can be guaranteed continuously while the MN is performing handover, it is needed to pre-reserve the resource on the new path before completion of the handover. When the nodes on the new path try to make a pre-resource reservation before the handover, it is difficult to pre-reserve the resource with the existing CRN discovery mechanism. Therefore, we proposed a Passive CRN(PCRN) discovery scheme and pre-resource reservation mechanism. The PCRN which means an initial common point between the current reserved and the new paths, where the handover can take place.

• Proceedings of the IEEK Conference
• /
• 2000.11a
• /
• pp.481-484
• /
• 2000

In this paper, we describe the design and implementation of IPv6 LAN. The legacy protocol for Internet is IPv4(IP version 4). The ability of IPv4 is not enough for modern real time multimedia communication services. So IPv6(IP version 6) protocol was suggested to resolve the problems of IPv4. We implemented IPv6 LAN using sTLA(sub Top Level Aggregation identifier) address and KOREN(KOrea Research and Experimental Network). Our IPv6 LAN is connected with 6TAP(Chicago), WIDE(Tokyo), and SingAREN(Singapore). We used a dedicated router, Windows 2000 PC host FreeBSD PC host, Solaris 7 workstation and Solaris 8 workstation for IPv6 NDP(Neighbor Discovery Protocol) protocol test. To support all data services including voice and video, IP protocol should be enhanced because the characteristics of modern network services are requiring QoS(Quality of Service) functions, auto-configuration, security, mobility and so on. So a new IP protocol, IPv6, has been developing to meet the requirements. In this paper, we introduce the implementation method and configuration information of IPv6 LAN.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.5
• /
• pp.701-708
• /
• 2021

In this paper, I investigate the performances of the discovery and the message transmission of the DDS (Data Distribution Service) included the security function. The DDS serves the communication protocol, a publication- subscription method, for the real-time communication in the distributed system. The publication-subscription method is used in the various area in terms of defence, traffic and medical due to the strength such as a performance, scailability and availability. Nowadays, many communication standard has included and re-defined the security function to prepare from dramatically increased a threat of the security, the DDS also publishes the standard included the security function. But it had been not researched that the effect of increased a overhead for legacy systems due to the using of the security DDS function. The experimental results show that the comparative performance of legacy DDS and security DDS in terms of the discovery and the message transmission.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.04a
• /
• pp.340-342
• /
• 2001

본 논문에서는 홈네트워크에서 반드시 필요하게될 무선데이타통신 전송기술로서 블루투스 인터페이스의 상위 프로토콜 스택중 소프트웨어와 관련된 HCI(Host Controller Interface), L2CAP(Logical Link Control and Adaptation Protocol), SDP(Service Discovery Protocol)레이어에 관해 정의를 하고, 홈네트워크 미들웨어로서 자바를 기반으로한 Jini 시스템의 서비스제공자(services) 서비스관리자(Lookup service), 서비스이용자(client)간의 통신 구조에 대해 살펴본다. 블루투스 인터페이스를 이용한 Jini 시스템에서 client에 PDA, service로는 프린터로 구성하여 이에 기반한 여러 프로토콜의 사용을 설명하고 현재 SA-1110 보드상의 Jini 시스템을 구현중인 모델의 구성과 원격제어를 위한 향후 확장계획에 대해 간단하게 소개한다.