• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.4B
• /
• pp.191-199
• /
• 2007

Mobile node has to register its current location to Home Agent when it moves to another network while away from home. However, the registration procedure cannot be completed successfully when Home Agent is protected by the VPN gateway which guards MN's home network and discards the unauthorized packets incoming from outside as a lack of security association(SA) between the Care-of address and security policy of the home network so that the binding registration message without SA is discarded smoothly by the VPN gateway. This paper presents the authentication and key exchange scheme using the AAA infrastructure for a user in Internet to access the home network behind the VPN gateway. By defining the role of authentication and tunnel processing for each agent or relay entity, this paper presents the procedure to register the current location to its Home Agent with secure manner. Performance result shows cost improvement up to 40% comparing with existing scheme in terms of the packet loss cost, the property of mobility and traffic.

• The KIPS Transactions:PartC
• /
• v.8C no.6
• /
• pp.721-730
• /
• 2001

Nowadays corporation networks are growing rapidly and they are needed to communicate with branch offices. Therefore, a VPN (Virtual Private Network) appears to reduce the cost of access and facilitate to manage and operate the enterprise network. Along with this trend, many studies have been done on VPN. It is important that the performance issues should be considered when VPN protocols are applied. However, most of them are limited on the tunneling methods and implementation of VPN and a few studies are performed on how installation of VPN affects the network. Therefore, in this paper, a testbed is constructed and VPN protocols are installed on it. Real traffic is generated and transmitted on the testbed to test how installing a VPN affects the network. As a result, layer 3 VPN protocol shows lower network performance than layer 2 VPN protocols. And we realize that the combination of L2TP and IPSec is the better method to install VPN than using IPSec only in the aspects of performance and security.

• Journal of KIISE:Information Networking
• /
• v.32 no.4
• /
• pp.452-461
• /
• 2005

In the star VPN (Virtual Private Network) topology, the traffic between the communicating two CPE(Customer Premise Equipment) VPN GW(Gateway)s nay be inefficiently transferred. Also, the Center VPN GW nav erperience the overload due to excessive packet processing overhead. As a solution to this problem, a direct tunnel can be established between the communicating two CPE VPN GWs using the IKE (Internet Key Exchange) mechanism of IPSec(IP Security). In this case, however, the tunnel establishment and management nay be complicated. In this paper, we propose a mechanism called' SVOT (Star VPN On-demand Tunnel)', which automatically establishes a direct tunnel between the communicating CPE VPN GWs based on demand. In the SVOT scheme, CPE VPN GWs determine whether it will establish a direct tunnel or not depending on the traffic information monitored. CPE VPN GW requests the information that is necessary to establishes a direct tunnel to the Center VPN GW Through a simulation, we investigate the performance of the scheme performs better than the SYST scheme with respect to scalability, traffic efficiency and overhead of Center VPN GW, while it shows similar performance to the FVST with respect to end-to-end delay and throughput.

• The KIPS Transactions:PartC
• /
• v.8C no.6
• /
• pp.775-782
• /
• 2001

Recently the use of Linux OS is increasing to tremendous figures. But due to the fact that Linux is distributed on an open-source policy, the need of security is an upcoming question which leads to widespread development of security on a Linux based environment. Cryptography, however, can cause various problems because of difficulty of key management. A lot of researchers have been concentrating on the key recovery technique to eliminate the reverse effect of using these kinds of security and to promote positive aspects of using it. In this thesis I am suggesting an mechanism based on the key recovery technique, as a method to save time in recovery and resetting a disconnection between two end-users through IPSec (IP Security) protocols in a VPN (Virtual Private Network) environment. The main idea of the newly suggested mechanism, KRFSH (Key Recovery Field Storage Header), is to store the information of the session in advance for the case of losing the session information essential to establish a tunnel connection between a SG and a host in the VPN environment, and so if necessary to use the pre-stored information for recovery. This mechanism is loaded on the IPSec based FreeS/WAN program (Linux environment), and so the VPN problem mentioned above is resolved.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.37-42
• /
• 2011

In this paper, the design methodology of information security is analyzed to implement the ubiquitous city (u-City). The definition, concept, and main u-services of u-City are presented. The main components, functio ns and offering services of u-City management center are presented, and the laws and network security requirements related to protect the personal information in collecting, processing, and exchanging are also analyzed. Three step security levels of Router/Switch, Firewall/VPN, and IPS are applied where main functions of in terception of abnormal packets($1^{st}$ level), access control for each service($2^{nd}$ level), and real-time network monitoring($3^{rd}$ level) are performed. Finally, application cases are presented to validate the security of personal information in providing the u-City services.

• 제어로봇시스템학회:학술대회논문집
• /
• 2004.08a
• /
• pp.772-776
• /
• 2004

This paper proposes an interference avoidance approach for Constraint-Based Routing (CBR) algorithm in the Multi-Protocol Label Switching (MPLS) network. The MPLS network itself has a capability of integrating among any layer-3 protocols and any layer-2 protocols of the OSI model. It is based on the label switching technology, which is fast and flexible switching technique using pre-defined Label Switching Paths (LSPs). The MPLS network is a solution for the Traffic Engineering(TE), Quality of Service (QoS), Virtual Private Network (VPN), and Constraint-Based Routing (CBR) issues. According to the MPLS CBR, routing performance requirements are capability for on-line routing, high network throughput, high network utilization, high network scalability, fast rerouting performance, low percentage of call-setup request blocking, and low calculation complexity. There are many previously proposed algorithms such as minimum hop (MH) algorithm, widest shortest path (WSP) algorithm, and minimum interference routing algorithm (MIRA). The MIRA algorithm is currently seemed to be the best solution for the MPLS routing problem in case of selecting a path with minimum interference level. It achieves lower call-setup request blocking, lower interference level, higher network utilization and higher network throughput. However, it suffers from routing calculation complexity which makes it difficult to real task implementation. In this paper, there are three objectives for routing algorithm design, which are minimizing interference levels with other source-destination node pairs, minimizing resource usage by selecting a minimum hop path first, and reducing calculation complexity. The proposed CBR algorithm is based on power factor calculation of total amount of possible path per link and the residual bandwidth in the network. A path with high power factor should be considered as minimum interference path and should be selected for path setup. With the proposed algorithm, all of the three objectives are attained and the approach of selection of a high power factor path could minimize interference level among all source-destination node pairs. The approach of selection of a shortest path from many equal power factor paths approach could minimize the usage of network resource. Then the network has higher resource reservation for future call-setup request. Moreover, the calculation of possible path per link (or interference level indicator) is run only whenever the network topology has been changed. Hence, this approach could reduce routing calculation complexity. The simulation results show that the proposed algorithm has good performance over high network utilization, low call-setup blocking percentage and low routing computation complexity.

• Journal of KIISE:Information Networking
• /
• v.30 no.2
• /
• pp.270-281
• /
• 2003

ETF made the RFCs of MPLS technologies for providing the QoS of ATM or Frame Relay and the flexibility&scalability of IP on the Internet services. IETF has been expanding MPLS technologies as a common control component for supporting the various switching technologies called GMPLS. Also, IETF has standardized the signaling protocols based on such technologies, such as LDP, CR-LDP and RSVP-TE. ETRI developed the MPLS system based on ATM switch in order to provide more reliable services, differentiated services and value-added services like the VPN and traffic engineering service on the Korea Public Sector network. We are planning on deploying model services and commercial services on that network. This paper explains the basic functions of LDP, design and development of LDP on our system, and compares with LDP development and operation on other MPLS systems made by Cisco, Juniper, Nortel and Riverstone. In conclusion, this paper deduces the future services and applications by LDP through these explanation and comparison.

• Journal of Information Processing Systems
• /
• v.6 no.1
• /
• pp.1-20
• /
• 2010

Due to the convergence of voice, data, and video, today's telecom operators are facing the complexity of service and network management to offer differentiated value-added services that meet customer expectations. Without the operations support of well-developed Business Support System/Operations Support System (BSS/OSS), it is difficult to timely and effectively provide competitive services upon customer request. In this paper, a suite of NGOSS-based Telecom OSS (TOSS) is developed for the support of fulfillment and assurance operations of telecom services and IT services. Four OSS groups, TOSS-P (intelligent service provisioning), TOSS-N (integrated large-scale network management), TOSS-T (trouble handling and resolution), and TOSS-Q (end-to-end service quality management), are organized and integrated following the standard telecom operation processes (i.e., eTOM). We use IPTV and IP-VPN operation scenarios to show how these OSS groups co-work to support daily business operations with the benefits of cost reduction and revenue acceleration.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05b
• /
• pp.1093-1096
• /
• 2003

IP 망을 활용한 VPN(Virtual Private Network)은 비용과 운용측면에서 효율적이지만 QoS보장과 광대역 서비스 제공에 많은 문제점을 가진다. 이러한 IP 기반의 VPN에서 QoS 보장과 광대역폭에 대한 해결책으로 차세대 광 인터넷을 통한 OVPN(Optical VPN) 기술이 제시되고 있다. 차세대 광 인터넷의 구현이 IP/GMPLS over DWDM 프로토콜 프레임워크로 표준화되고 있는 현실에 비추어, IP/GMPLS over DWDM 백본망을 통한 OVPN은 차세대 가상사설 망으로써 멀티미디어 서비스 제공을 위한 유일한 대안이다. 차세대 DWDM 광인터넷 백본망을 활용한 OVPN에서 종단간 QoS를 보장하는 멀티미디어 서비스 제공을 위해서는 차등화 된 광 QoS 서비스 제공 메카니즘이 필수적으로 요구된다. 본 논문에서는 OVPN over IP/GMPLS over DWDM 에서 종단간 QoS 제공을 위한 차등화된 광 QoS 프로토콜 프레임워크를 제안한다.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.109-121
• /
• 2002

As the development of information technology and thus the growth of security incidents, there has been increasing demand on developing a system for centralized security management, also known as Enterprise Security Management(ESM), uniting functions of various security systems such as firewall, intrusion detection system, virtual private network and so on. Unfortunately, however, developers have been suffering with a lack of related standard. Although ISTF recently announced firewall system and intrusion detection system log format, it still needs for truly efficient ESM further development of the related standard including event and control messaging. This paper analyses ISTF standard and further suggests an additional event and control messaging standard for firewall and intrusion detection systems. It is expected that this effort would be helpful for the development of ESM and further related standard.