• Proceedings of the Korea Contents Association Conference
• /
• 2003.11a
• /
• pp.227-233
• /
• 2003

In paper, we present design and implementation of MPLS based VPN with QoS capabilities. We propose a design architecture of an edge router for MPLS based VPN with QoS capabilities in backbone network. We design functional blocks, interface specifications, detail routing and forwarding information based structure, and packet forwarding engine for the purpose of implementation of an edge router, We extend bgp-4 software for implementation differentiated service packet forwarding schemes in MPLS based VPN.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.661-664
• /
• 2003

Trade-off of sorority and speed always exists in the latest network environment. Recently, developed security processors is improved very performance, and sorority connection algorithms of a lot of part were embodied by hardware. This high speed security processor is essential ingredient in string network security solution equipment development that require very big band width. In this paper, we wish to describe about design and implementation of 10 Giga VPN equipments. In this system, embodied 10 Giga to use Cavium company's Nitrox-II processor, and supports two SP14-2 interface and PCI interface. All of the password algorithm that password algorithm that support is used in common use VPN equipment for compatibility with common use VPN equipment are supported and support SEED algorithm developed in domestic. Designed to support IPsec and SSL protocol, and supports all of In-Line structure that is profitable in high speed transaction and the Look-Aside structure that is profitable in practical use degree of NPU(Network Processor Unit).

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.3
• /
• pp.91-98
• /
• 2021

In most hacking attacks, hackers tend to access target systems in a variety of circumvent connection methods to hide their original IP. Therefore, finding the attacker's IP(Internet Protocol) from the defender's point of view is one of important issue to recognize hackers. If an attacker uses a proxy, original IP can be obtained through a program other than web browser in attacker's computer. Unfortunately, this method has no effect on the connection through VPN(Virtual Private Network), because VPN affects all applications. In an academic domain, various IP traceback methods using network equipments such as routers have been studied, but it is very difficult to be realized due to various problems including standardization and privacy. To overcome this limitation, this paper proposes a practical way to use client's network configuration temporarily until it can detect original IP. The proposed method does not only restrict usage of network, but also does not violate any privacy. We implemented and verified the proposed method in real internet with various VPN tools.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.519-526
• /
• 2004

This paper presents an efficient interoperation scheme of a VPN(Virtual Private Network) and Mobile IP using a hierarchical structure of a FA(Foreign Agent). In the proposed scheme, the GFA(Gateway Foreign Agent) plays a role of VPN gateway on behalf of the MN(Mobile Node). When the MN moves in the same GFA domain, because the GFA has already an IPsec security association with a VPN gateway in the home network of the MN, the MN does not need an IPsec re-negotiaion. In this way, our mechanism reduces a message overhead and a delay resulted from an IPsec negotiation. And a MN can send a data to a correspondent node without a packet leakage. We show a performance of our scheme by using a discrete analytical model. Analytical results demonstrated that the total processing cost calculated by a registration update cost and a packet delivery cost is significantly reduced through our proposed scheme.

• Proceedings of the IEEK Conference
• /
• 2002.06a
• /
• pp.117-120
• /
• 2002

This paper is proposed structure which it sees currently the problem point which it follows in the independent space for work which the members who do a same work from the environment which is to fall tile at distance, therefore the MPLS based VPN necessary to follow, it forms the small-scale group which is closed again with the CUG(Closed User Group) it will be able to own jointly information to present a structure, the individual small-scale groups are closed from outside and the group members are the CUG authentication Process for the security maintenance the model which is possible.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.26 no.12C
• /
• pp.280-291
• /
• 2001

LL (Leased Line service) is a facility-based service as a traditional business data service, but new competition services, such as FR (Frame Relay), VPN (Virtual Private Network), and ATM (Asynchronous Transfer Mode), are value-added services. Because of different service classifications, it is hard to gather necessary data for the service providers to plan their market strategies and regulations and policies are also applied asymmetrically to each service provider. Therefore an appropriate market classification is required for the business data services. After various methods of market classification are reviewed, the Hendry model is selected in this paper to analyze substitution-degree among brands or among services. Since the structure of virtual competitions is required for the Hendry model to be applied to data service market, the market is analyzed first by the well-known Porter's model. By the analysis of Porter's model, two virtual competition structures are set up - one is for the competitions among leased line service providers, and the other is for the competitions among business data services such as LL, FR, VPN and ATM. After the Hendry model is applied to each competition structure, it is confirmed that 7 LL service providers do not compete directly, but 2 sub-markets exist for the LL service provisions. However, it is shown that 4 business data services compete directly. Using the Switching Probability Matrix from Hendry model, future market shares of LL service providers and market shares of business data services are forecasted. These empirical results are helpful for service providers to set competitive strategies with the minimization of cannibalization effect and they can easily and efficiently predict their market demands.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.141-148
• /
• 2004

This paper proposes an IPSec accelerator performance analysis model based a queue model. It assumes Poison distribution as its input traffic load. The decoding delay is employed as a performance analysis measure. Simulation results based on the proposed model show around 15% differences with respect to actual measurements on field traffic for the BCM5820 accelerator device. The performance analysis model provides with reasonable hardware structure of network servers, and can be used to span design spaces statistically.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.4
• /
• pp.824-831
• /
• 2005

Past corporaion's network security system is single security solution, or mixed several ways, but there was inefficient system because doing not get into organic link But, constructed more strong security system by ESM enterance on. ESM uses way to integrate of each agent to manage easily various kinds security solution. That is, it is system that connect system of existent VPN, FireWall, IDS and so on configurationally depending on security policy and manage. ESM is security system that is developed more than existent security system. But, practical use of network and the development speed of technology being increasing with the mon faster speed, is heightening the level more as well as dysfunction of information crime and so on. Many improvements are required at ESM system, this research wished to make up for the weak-point in the ESM system about interior security. Studied on structure of security solution that is basis of security policy. VPN, Firewall, IDS's link that is main composition of existing security system analysis, reconstructed. And supplemented security of ESM system itself. Establish imaginary intrusion and comparative analysis access data that apply each Telnet Log analysys IDS existent ESM system and proposed ESM system comparative analysis. Confirm the importance of interior security and inspected security of proposed system.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.9 s.339
• /
• pp.85-96
• /
• 2005

A ' Virtual Private Network (YPN) over Internet' has the benefits of being cost-effective and flexible. However, given the increasing demands for high bandwidth Internet and for reliable services in a 'VPN over Intemet,' an IP/GMPLS over DWDM backbone network is regarded as a very favorable approach for the future 'Optical VPN (OVPN)' due to the benefits of transparency and high data rate. Nevertheless, OVPN still has survivability issues such that a temporary fault can lose a large amount of data in seconds, moreover unauthorized physical attack can also be made on purpose to eavesdrop the network through physical components. Also, logical attacks can manipulate or stop the operation of GMPLS control messages and menace the network survivability of OVPN. Thus, network survivability in OVPN (i.e. fault/attack tolerant recovery mechanism considering physical structure and optical components, and secured transmission of GMPLS control messages) is rising as a critical issue. In this Paper, we propose a new path establishment scheme under shared risk link group (SRLG) constraint for physical network survivability. And we also suggest a new logical survivability management mechanism by extending resource reservation protocol-traffic engineering extension (RSVP-TE+) and link management protocol (LMP). Finally, according to the results of our simulation, the proposed algorithms are revealed more effective in the view point of survivability.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.767-772
• /
• 2005

The Internet is a packet switched network which offers best-effort service, but current IP network provide enhanced services such Quality of Services, Virtual Private Network (VPN) services, Distribute Firewall and IP Security Gateways. All such services need packet classification for determining the flow. The problem is performing scalable packet classification at wire speeds even as rule databases increase in size. Therefore, this research offer packet classification algorithm that increase classifier performance when working with enlarge rules database by rearrange rule structure into Bitmap Intersection Lookup (BIL) tables. It will use packet's header field for looking up BIL tables and take the result with intersection operation by logical AND. This approach will use simple algorithm and rule structure, it make classifier have high search speed and fast updates.