• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.243-248
• /
• 2014

IPSec provides two services that are authentication header and Encapsulating Security Payload(ESP). In this research work, security issues on the Internet and the basic concept of IPSec are described. Security issues on the Internet are presented and proposed a possible solution for DDoS attack using IPSec. Therefore, this research will be able to contribute for building secure communication against DDoS attack.

• Information and Communications Magazine
• /
• v.32 no.7
• /
• pp.72-81
• /
• 2015

개방형 구조를 갖는 인터넷 기술의 불안전 특성으로 인하여 기업망은 별도의 폐쇄망 구조를 취할 수밖에 없었다. 그러나 디지털 기술 및 ICT 기술의 급격한 발전에 따라 기업의 경영환경 자체가 시공간을 초월하여 다양한 경영주체들과 불특정 다수의 고객들 간의 다이내믹한 네트워킹 환경을 요구하게 되었다. 이러한 이유로, 기업들은 인터넷의 불안정성이 해소되지 않는 상태에서 인터넷 상에서의 폐쇄성을 보장해야 하는 새로운 인프라의 도입이라는 당면문제를 자연스럽게 안게 된다. 폐쇄성을 부여하는 기술로 VPN(Virtual Private Network) 기술이 보편적으로 사용되어 왔으나 안전성을 보장하는 데는 한계가 있다. 본고에서는 폐쇄망의 속성을 인터넷 상에서도 그대로 유지하면서 사용하는 네트워크를 외부로부터 안전하게 보호할 수 있는 새로운 TIPN(Trust IP Networking) 기술 개념을 설명하고 이를 이용하여 엔터프라이즈 모바일 클라우드의 고신뢰화 방안을 제시한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04d
• /
• pp.593-595
• /
• 2003

패킷 분류는 품질보장(QoS), VPN(Virtual Private Network), 고성능 방화벽(high speed firewall). 인터넷 사용료 부과(pricing)를 제공하는 차세대 라우터에 반드시 필요한 기능이다. 라우터는 송신 주소, 수신 주소. 프로토콜 타입. 흑은 포트 번호와 같은 패킷 헤더의 설러 필드를 주어진 필터 리스트와 비교하여 패킷을 분류한다. 기존에 제시된 하드웨어 기반의 패킷 분류 기법은 빠른 검색 시간을 제공하지만 확장성과 테이블 갱신 면에서 문제점이 있다. 본 논문에서는 하드웨어 기반의 빠르고 확장성있고 갱신이 가능한 2차원 필드 검색 기법을 제시한다. 차후 연구에서는 본 기법을 보다 면밀히 분석하고 다차원 필터 검색이 가능하도록 확장한 기법을 제시하겠다.

• Journal of KIISE:Information Networking
• /
• v.30 no.2
• /
• pp.270-281
• /
• 2003

ETF made the RFCs of MPLS technologies for providing the QoS of ATM or Frame Relay and the flexibility&scalability of IP on the Internet services. IETF has been expanding MPLS technologies as a common control component for supporting the various switching technologies called GMPLS. Also, IETF has standardized the signaling protocols based on such technologies, such as LDP, CR-LDP and RSVP-TE. ETRI developed the MPLS system based on ATM switch in order to provide more reliable services, differentiated services and value-added services like the VPN and traffic engineering service on the Korea Public Sector network. We are planning on deploying model services and commercial services on that network. This paper explains the basic functions of LDP, design and development of LDP on our system, and compares with LDP development and operation on other MPLS systems made by Cisco, Juniper, Nortel and Riverstone. In conclusion, this paper deduces the future services and applications by LDP through these explanation and comparison.

• Journal of Information Processing Systems
• /
• v.6 no.1
• /
• pp.1-20
• /
• 2010

Due to the convergence of voice, data, and video, today's telecom operators are facing the complexity of service and network management to offer differentiated value-added services that meet customer expectations. Without the operations support of well-developed Business Support System/Operations Support System (BSS/OSS), it is difficult to timely and effectively provide competitive services upon customer request. In this paper, a suite of NGOSS-based Telecom OSS (TOSS) is developed for the support of fulfillment and assurance operations of telecom services and IT services. Four OSS groups, TOSS-P (intelligent service provisioning), TOSS-N (integrated large-scale network management), TOSS-T (trouble handling and resolution), and TOSS-Q (end-to-end service quality management), are organized and integrated following the standard telecom operation processes (i.e., eTOM). We use IPTV and IP-VPN operation scenarios to show how these OSS groups co-work to support daily business operations with the benefits of cost reduction and revenue acceleration.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.3B
• /
• pp.339-348
• /
• 2004

Packet classification is an important factor to support various services such as QoS guarantee and VPN for users in Internet. Packet classification is a searching process for best matching rule on rule tables by employing multi-field such as source address, protocol, and port number as well as destination address in If header. In this paper, we propose hardware based packet classification algorithm by employing tree bitmap of multi-bit trio. We divided prefixes of searching fields and rule into multi-bit stride, and perform a rule searching with multi-bit of fixed size. The proposed scheme can reduce the access times taking for rule search by employing indexing key in a fixed size of upper bits of rule prefixes. We also employ a marker prefixes in order to remove backtracking during searching a rule. In this paper, we generate two dimensional random rule set of source address and destination address using routing tables provided by IPMA Project, and compare its memory usages and performance.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.4B
• /
• pp.298-305
• /
• 2003

In this paper, we proposed a high performance lookup controller for IP packet forwarding engine of ATM based label edge routers. The lookup controller is designed to provide services such as MPLS, VPN, ELL, and RT services as well as the best effort. For high speed searching for IP addresses, we employed a TCAM based hardware search device not using traditional algorithmic approaches. We also implement lookup control functions into FPGA for fast processing of packet header and lookup control. The proposed lookup controller is designed to support differenciated services for users and to process in pipelined mechanism for performance improvement. A two-step search scheme is also applied to perform lookup for the key combined with multi-field of packet header. We found that the proposed lookup controller provides the performance of about 16M packets per second through simulations.

• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.1-13
• /
• 2012

This study aims to analyze actual conditions of the present national defense information network operation, the structure and management of the system, communication lines, security equipments for the lines, the management of network and software, stored data and transferred data and even general vulnerable factors of our army tactical C4I system. Out of them, by carrying out an extensive analysis of the army tactical C4I system, likely to be the core of future information warfare, this study suggested plans adaptive to better information security, based on the vulnerable factors provided. Firstly, by suggesting various information security factor technologies, such as VPN (virtual private network), IPDS (intrusion prevention & detection system) and firewall system against virus and malicious software as well as security operation systems and validation programs, this study provided plans to improve the network, hardware (computer security), communication lines (communication security). Secondly, to prepare against hacking warfare which has been a social issue recently, this study suggested plans to establish countermeasures to increase the efficiency of the army tactical C4I system by investigating possible threats through an analysis of hacking techniques. Thirdly, to establish a more rational and efficient national defense information security system, this study provided a foundation by suggesting several priority factors, such as information security-related institutions and regulations and organization alignment and supplementation. On the basis of the results above, this study came to the following conclusion. To establish a successful information security system, it is essential to compose and operate an efficient 'Integrated Security System' that can detect and promptly cope with intrusion behaviors in real time through various different-type security systems and sustain the component information properly by analyzing intrusion-related information.

• Journal of KIISE:Information Networking
• /
• v.33 no.3
• /
• pp.277-287
• /
• 2006

Most of the existing broadband access networks based on DSL, cable modem, and Ethernet support the best-effort internet access service, and adopt the flat rate pricing mechanism. It is almost impossible to provide the differentiated communication services, in current broadband access networks, for the different users and/or the different application services. Currently, however, the advances in multimedia, communication, and security technologies push the interactive and/or streaming multimedia services and VPN services to be widely deployed over Internet, and they require more QoS-sensitive services than the best-effort service. Though various QoS technologies such as RSVP-based IntServ and DiffSern were already developed and under standardization in Internet world, it is impractical to replace the existing QoS-unaware access networks with the QoS-enabled ones at a time to deploy QoS-sensitive services. In this paper, after analyzing current broadband access network architectures and the status of QoS support, we propose a practical approach to support multimedia QoS in the broadband access networks. The approach will be based on the integration of the differentiated pricing and the DiffServ technology. And it will be a step-wise approach to support backward compatibility with the legacy broadband access networks as much as possible.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.4B
• /
• pp.444-454
• /
• 2004

To support diverse transmission requirements of multimedia applications, Quality of Service (QoS) should be provided in the Internet, where only the best-effort service is available. In this paper, we describe our recent effort on the implementation and verification of an extendable and flexible QoS allocation and resource management system based on the bandwidth broker model for realizing the IETF differentiated service (DiffServ). Focusing on the bandwidth issue over single administrative domain, the implemented system provides real-time resource reservation and allocation, delayed call admission control, simple QoS negotiation between sewer and users, and simple resource monitoring. The implemented system is verified by evaluating the performance of a resource-intensive application over the real-world testbed network.