• International Journal of Computer Science & Network Security
• /
• v.24 no.3
• /
• pp.23-28
• /
• 2024

The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.

• Journal of Internet Computing and Services
• /
• v.25 no.4
• /
• pp.1-6
• /
• 2024

OMNeT++ (Objective Modular Network Testbed in C++) is an extensible and modular C++ simulation library and framework for building network simulators. OMNeT++ provides simulation models independently developed for various fields, including sensor networks, and Internet protocols. This enables researchers to use the tools and features required for their desired simulations. OMNeT++ uses NED (Network Description) Language to define nodes and network topologies, and it is able to implement the creation and behavior of defined network objects in C++. Moreover, the INET framework is an open-source model library for the OMNeT++ simulation environment, containing models for various networking protocols and components, making it convenient for designing and validating new network protocols. This paper aims to explain the concepts of OMNeT++ and the procedures for network simulation using the INET framework to assist novice researchers in modeling and analyzing various network scenarios.

• Journal of KIISE
• /
• v.42 no.10
• /
• pp.1254-1267
• /
• 2015

Recently, excessive installations of APs have caused WLAN interference, and many techniques have been suggested to solve this problem. The AP aggregation technique serves to reduce active APs by moving station connections to a certain AP. Since this technique forcibly moves station connections, the transmission performance of some stations may deteriorate. The AP transmit power control technique may cause station disconnection or deterioration of transmission performance when power is reduced under a certain level. The combination of these two techniques can reduce interference through AP aggregation and narrow the range of interferences further through detailed power adjustment. However, simply combining these techniques may decrease the probability of power adjustment after aggregation and increase station disconnections upon power control. As a result, improvement in performance may be insignificant. Hence, this study suggests a scheme to combine the AP aggregation and the AP transmit power control techniques in OpenFlow-based WLAN to ameliorate the disadvantages of each technique and to reduce interferences efficiently by performing aggregation for the purpose of increasing the probability of adjusting transmission power. Simulations reveal that the average transmission delay of the suggested scheme is reduced by as much as 12.8% compared to the aggregation scheme and by as much as 18.1% compared to the power control scheme. The packet loss rate due to interference is reduced by as much as 24.9% compared to the aggregation scheme and by as much as 46.7% compared to the power control scheme. In addition, the aggregation scheme and the power control scheme decrease the throughput of several stations as a side effect, but our scheme increases the total data throughput without decreasing the throughput of each station.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.48 no.9
• /
• pp.35-46
• /
• 2011

Future Internet should support more efficient mobility management, flexible traffic engineering and various emerging new services. So, lots of traffic engineering techniques have been suggested and developed, but it's impossible to apply them on the current running commercial Internet. To overcome this problem, OpenFlow protocol was proposed as a technique to control network equipments using network controller with various networking applications. It is a software defined network, so researchers can verify their own traffic engineering techniques by applying them on the controller. In addition, for high-speed packet processing in the OpenFlow network, programmable NetFPGA card with four 1G-interfaces and commercial Procurve OpenFlow switches can be used. In this paper, we implement an OpenFlow test-bed using hardware-accelerated NetFPGA cards and Procurve switches on the KREONET, and implement CSPF (Constraint-based Shortest Path First) algorithm, which is one of popular QoS routing algorithms, and apply it on the large-scale testbed to verify performance and efficiency of multimedia traffic engineering scheme in Future Internet.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.24-32
• /
• 2015

Recently, SDN is actively used as datacenter networks and gradually increase its applied areas. Along with this change of networking environment, research of deploying network security systems on SDN becomes highlighted. Especially, systems for detecting network flooding attacks by monitoring every packets through ports of OpenFlow switches have been proposed. However, because of the centralized management of a SDN controller which manage multiple switches, it may be substantial overhead that the attack detection system continuously monitors all the flows. In this paper, a sampling based network flooding attack detection and prevention system is proposed to reduce the overhead of monitoring packets and to achieve reasonable functionality of attack detection and prevention. The proposed system periodically takes sample packets of network flows with the given sampling conditions, analyzes the sampled packets to detect network flooding attacks, and block the attack flows actively by managing the flow entries in OpenFlow switches. As network traffic sampler, sFlow agent is used, and snort, an opensource IDS, is used to detect network flooding attack from the sampled packets. For active prevention of the detected attacks, an OpenDaylight application is developed and applied. The proposed system is evaluated on the local testbed composed with multiple OVSes (Open Virtual Switch), and the performance and overhead of the proposed system under various sampling condition is analyzed.

• Journal of Internet of Things and Convergence
• /
• v.2 no.2
• /
• pp.37-49
• /
• 2016

An IP address is used as a host identifier and a locator to bind hosts and applications to their location in existing Internet. Several protocols are proposed to eliminate this binding. Most of these protocols use IPv6-based host identifiers to maintain compatibility with existing Internet, but these identifiers cannot be handled by standard IPv6 routers because such identifiers are unroutable. Therefore, host identifiers need to be usually converted to locators at hosts, and the standard IPv6 protocol should be modified to interoperate with these protocols. In this paper, we propose a network-based host identifier locator separating scheme in software-defined networking. The proposed scheme separates the underlying network into Host Identity and IP domains in order to directly forward unroutable identifiers. The Host Identity domain operates as an overlaid network over IP domain, and it makes the unroutable identifiers to be routable using distributed hash table based routing strategy. For the evaluation, we compared the proposed scheme with the previous scheme using signaling costs and packet delivery costs. The result shows that the proposed scheme is more suitable in the recent mobile-based environments.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.6
• /
• pp.7-20
• /
• 2017

The advancement of cloud and big data and the considerable growth of traffic have increased the complexity and problems in the management inefficiency of existing networks. The software-defined networking (SDN) environment has been developed to solve this problem. SDN enables us to control network equipment through programming by separating the transmission and control functions of the equipment. Accordingly, several studies have been conducted to improve the performance of SDN controllers, such as the method of connecting existing legacy equipment with SDN, the packet management method for efficient data communication, and the method of distributing controller load in a centralized architecture. However, there is insufficient research on the control of SDN in terms of the quality of network-using applications. To support the establishment and change of the routing paths that meet the required network service quality, we require a mechanism to identify network requirements based on a contract for application network service quality and to collect information about the current network status and identify the violations of network service quality. This study proposes a method of identifying the quality violations of network paths through ontology to ensure the network service quality of applications and provide efficient services in an SDN environment.

• Journal of Intelligence and Information Systems
• /
• v.22 no.1
• /
• pp.107-118
• /
• 2016

The advent of 5G mobile communications, which is expected in 2020, will provide many services such as Internet of Things (IoT) and vehicle-to-infra/vehicle/nomadic (V2X) communication. There are many requirements to realizing these services: reduced latency, high data rate and reliability, and real-time service. In particular, a high level of reliability and delay sensitivity with an increased data rate are very important for M2M, IoT, and Factory 4.0. Around the world, 5G standardization organizations have considered these services and grouped them to finally derive the technical requirements and service scenarios. The first scenario is broadcast services that use a high data rate for multiple cases of sporting events or emergencies. The second scenario is as support for e-Health, car reliability, etc.; the third scenario is related to VR games with delay sensitivity and real-time techniques. Recently, these groups have been forming agreements on the requirements for such scenarios and the target level. Various techniques are being studied to satisfy such requirements and are being discussed in the context of software-defined networking (SDN) as the next-generation network architecture. SDN is being used to standardize ONF and basically refers to a structure that separates signals for the control plane from the packets for the data plane. One of the best examples for low latency and high reliability is an intelligent traffic system (ITS) using V2X. Because a car passes a small cell of the 5G network very rapidly, the messages to be delivered in the event of an emergency have to be transported in a very short time. This is a typical example requiring high delay sensitivity. 5G has to support a high reliability and delay sensitivity requirements for V2X in the field of traffic control. For these reasons, V2X is a major application of critical delay. V2X (vehicle-to-infra/vehicle/nomadic) represents all types of communication methods applicable to road and vehicles. It refers to a connected or networked vehicle. V2X can be divided into three kinds of communications. First is the communication between a vehicle and infrastructure (vehicle-to-infrastructure; V2I). Second is the communication between a vehicle and another vehicle (vehicle-to-vehicle; V2V). Third is the communication between a vehicle and mobile equipment (vehicle-to-nomadic devices; V2N). This will be added in the future in various fields. Because the SDN structure is under consideration as the next-generation network architecture, the SDN architecture is significant. However, the centralized architecture of SDN can be considered as an unfavorable structure for delay-sensitive services because a centralized architecture is needed to communicate with many nodes and provide processing power. Therefore, in the case of emergency V2X communications, delay-related control functions require a tree supporting structure. For such a scenario, the architecture of the network processing the vehicle information is a major variable affecting delay. Because it is difficult to meet the desired level of delay sensitivity with a typical fully centralized SDN structure, research on the optimal size of an SDN for processing information is needed. This study examined the SDN architecture considering the V2X emergency delay requirements of a 5G network in the worst-case scenario and performed a system-level simulation on the speed of the car, radius, and cell tier to derive a range of cells for information transfer in SDN network. In the simulation, because 5G provides a sufficiently high data rate, the information for neighboring vehicle support to the car was assumed to be without errors. Furthermore, the 5G small cell was assumed to have a cell radius of 50-100 m, and the maximum speed of the vehicle was considered to be 30-200 km/h in order to examine the network architecture to minimize the delay.