• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10e
• /
• pp.127-129
• /
• 2002

NP Forum에서는 다양한 밴더의 네트워크 프로세서와 스위치 패브릭간에 물리적 인터페이스를 제공하기 위해 CSIX-L1(Common Switch Interface-Level 1 )인터페이스를 표준화하였다. IBM 네트워크 프로세서는 MPLS 및 VPN, VLAN, Security, Ipv6와 같은 다양한 어플리케이션과 TBI. SMII CMII. POS bus등 다양한 가입자 인터페이스를 지원하며, L2 기 반에서 2.5Gbps 이상의 패킷 처리를 수행하기 때문에 많은 시스템에 사용된다. 그러나 IBM네트워크 프로세서는 스위치 인터페이스로 DASL인터페이스를 사용한다. 따라서 DASL인 터페이스와 CSIX-L1 인터페이스를 정합하기 위해서는 IBM UDASL칩을 이용해 DASL인 터페이스를 UTOPIA-L3인터페이스로 변환해야 하며, 이것을 다시 CSIX-L1인터페이스로 변환해야 한다. 따라서 본 논문에서는 UTOPIA-L3인터페이스 패킷과 CSIX-L1인터페이스 프레임을 상호 변환하는 모듈을 설계하였으며, 32비트 데이터 버스와 최대 125MHz로클록을 사용해 최대 4Gbps의 패킷처리를 제공하도록 구현하였다. 또한 스위치 패브릭의 특정 포트에서 과잉 트래픽 전달로 인해 발생할 수 있는 블로킹을 방지하기 위해 네트워크 프로세서에게 3개의 Priority／최대 64개 포트수의 VOQ(Virtual Output Queue)를 제공하는 기법에 대해서 기술한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.1256-1259
• /
• 2013

최근 데이터의 양이 기하급수적으로 증가하면서 빅데이터가 이슈가 되어 많은 관심을 받고 있는 현실이다. 현재 빅데이터의 기술은 데이터 추출과 이용에만 초점이 맞춰져 있어 보안에 취약한 시스템에 해킹시도가 있을 경우 개인과 기업에 막대한 피해가 발생될 수 있다. 따라서 본 논문에서는 빅데이터 보안에 초점을 두어 외부로부터 피해를 방지하고 안전하게 빅데이터 서버를 운영하는 방법을 제시한다. 즉, Iptable을 이용한 IP나 포트 허용 여부를 지정하고 가상사설망(VPN)을 이용하여 외부 접속을 방지하며 패스워드 강화를 통해 빅데이터 서버의 보안 강화 및 활용 방안을 제시하였다.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.1
• /
• pp.49-57
• /
• 2016

Recently, marine accidents such as the sinking accident Mongol freighter ship and the sinking accident of Sewol ferry in Jindo continuously happen. In order to decrease the number of these marine accidents, Korean ships are obliged to follow the AIS(Automatic Identification System) system. The AIS protocol includes all information for sailing ships. However, the standard AIS protocol does not provide any security function, In addition, it is possible to hijack the standard AIS protocol in case of using a satellite communication device called FUNcuve Dongle Pro+. Therefore, this paper analyzes weak points of the security in the standard AIS protocol. Furthermore, this paper ensures reliability by marking the MAC Address of sender and receiver for secure communication and suggests the protocol that can securely send data, using the VPN Tunnelling method. Therefore, the suggested AIS protocol provides the secure communication to the AIS protocol and protect the messages in the AIS protocol, which can serve safe voyages by decreasing the marine accidents.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.7
• /
• pp.73-80
• /
• 2009

Internet accidents have skyrocketed every year. It always has been threatened by the methods such as hacking and Spyware. The majority of security accident is formed of the loss of authentication information, and the internal user who is not authorized. The importance of security is also emphasized when someone tries to do something accessing to the main information system. Accordingly, Biometrics has been used in many ways. OTP, however, must have a few devices accessing to several systems, and Biometrics involve some risk of mis-recognition rate and mis-denial rate. It also has the risk possible to access to the main information system when losing OTP. This research reduced risks about the loss as separating RFID leader for mobile, Tag and the accessor's cellular phone, and is about pseudo random validation key generated from the administration system through contact with RFID leader for mobile and Tag. As sending the key to user's cell phone which is already registered, security is strengthened more than existing connection methods through the ID and password. RFID for mobile not generalized to the present has been studied as a tool accessing to the main information system.

• Journal of KIISE:Information Networking
• /
• v.33 no.3
• /
• pp.277-287
• /
• 2006

Most of the existing broadband access networks based on DSL, cable modem, and Ethernet support the best-effort internet access service, and adopt the flat rate pricing mechanism. It is almost impossible to provide the differentiated communication services, in current broadband access networks, for the different users and/or the different application services. Currently, however, the advances in multimedia, communication, and security technologies push the interactive and/or streaming multimedia services and VPN services to be widely deployed over Internet, and they require more QoS-sensitive services than the best-effort service. Though various QoS technologies such as RSVP-based IntServ and DiffSern were already developed and under standardization in Internet world, it is impractical to replace the existing QoS-unaware access networks with the QoS-enabled ones at a time to deploy QoS-sensitive services. In this paper, after analyzing current broadband access network architectures and the status of QoS support, we propose a practical approach to support multimedia QoS in the broadband access networks. The approach will be based on the integration of the differentiated pricing and the DiffServ technology. And it will be a step-wise approach to support backward compatibility with the legacy broadband access networks as much as possible.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.3
• /
• pp.754-762
• /
• 2021

Seamless wireless communication network access technology enables users to guarantee service continuity. Hence, it is necessary for disaster situations in which network service may be interrupted. The Multi-path router is a technology to improve network stability and strengthen field operability, particularly in a disaster environment where network failure can occur by providing high-performance data transmission using multi-communication networks and network security by VPN-based wireless IP. In this paper, a prototype system for an MPR-based wireless communication network was proposed to improve the operation performance for disaster field investigation applications. A comparative experiment was performed on various data transmission performances with the existing single wireless communication network. In addition, another experiment was conducted by measuring the data packet transmission and receiving performance in the existing/new wireless communication system first and then assessing the UDP transmission performance in a single router environment to understand the transmission capability of the new MPR. The experimental results showed that the sending and receiving performance was improved by approximately double that of the existing single wireless communication system. The proposed prototype system is expected to allow users to share and disseminate collected on-site data more quickly and efficiently during a disaster site investigation.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.379-386
• /
• 2014

Recently, middleboxes play a key role in many network settings such as firewalls, VPN gateways, proxies, intrusion detection and prevention systems, and WAN optimizers. However, achieving the performance and security benefits that middleboxes offer is highly complex, and therefore it is essential to manage middleboxes efficiently and dynamically. In this respect, Software-Defined Networking (SDN) offers a promising solution for middlebox policy enforcement by using logically centralized management, decoupling the data and control planes, and providing the ability to programmatically configure forwarding rules. Also, cloud computing and distributed Network Function Virtualization (NFV) can enable to manage middleboxes more easily. We introduce SDN-based middlebox management framework in integrated wired and wireless networks and discuss the further issues.

• Journal of Aerospace System Engineering
• /
• v.13 no.4
• /
• pp.1-9
• /
• 2019

Integration of satellites with diverse missions, such as broadcast-communication, earth, meteorologicaland marine observations, and navigation, is vulnerable. The problems of the currently constructed ground station network were analyzed by constructing the test environment. Based on this, we designed a network that was capable of operating multiple satellites by one ground station. In addition, we proposed an interface and network configuration method with domestic and foreign ground stations. The network linking the domestic and foreign ground stations was composed of KREONET (Korea Research Environment Open Network) and GLORIAD (Global Ring Network for Advanced Application Development) of the KISTI(Korea Institute of Science and Technology Information). The internal network consists of VPN (Virtual Private Network), DMZ(De-Militarized Zone), and 1-way USB and so forth. By constructing the network by using the proposed method, harmful data, such as virus inflow and infection, can be blocked.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.1-17
• /
• 2015

A river water level monitoring system which prevents salt water damages and effectively excludes floods has been developed to contribute efficient operation of Nakdong river estuary barrage. The system can be used for monitoring upstream conditions more quickly and do appropriate responses over changes. Telemetry and telecontrols using PLCs have been built at the three sites that directly influence on the operation of barrage gates, and are linked to Nakdong river estuary barrage's IOS (Integrated Operation System) through public communication networks. By using PLC, the system can achieve even higher reliability and versatility than before as well as easy management. By power control devices, we can remotely control the power of PLCs to treat the minor troubles instantly without going on-sites. The power control devices also save data in preparation for the cases of communication failures. The system uses ADSL (FTTH) as a main network between SCADA server and PLCs, and CDMA (M2M) as a secondary network. In order to compensate security vulnerabilities of public communication network, we have installed the VPNs for secure communication between center and the observation stations, just like a dedicated network. Generally, river water level observations have been used custom-manufactured remote terminals to suit their special goals. However, in this case, we have established a system with open architecture considering the interface between different systems, the ease of use and maintenance, security, price, etc.