• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.585-596
• /
• 2001

In this paper, a new stream cipher algorithm based on the chaos theory is proposed and is applied to a Web security system. The Web security system is composed of three parts： certificate authority (CA), Web client, and Web server. The Web client and server system include a secure proxy client (SPC) and a secure management server (SMS), respectively, for data encryption and decryption between them. The certificate is implemented based on X.509 and the RSA public key algorithm is utilized for key creation and distribution to certify both the client and server. Once a connection is established between the client and server, outgoing and incoming data are encrypted and decrypted, respectively, using one of the three cipher algorithms： chaos, SEED, and DES. The proposed chaos algorithm outperforms the other two conventional algorithms in processing time and complexity. Thus, the developed Web security system can be widely used in electronic commerce (EC) and Internet banking.

• Proceedings of the CALSEC Conference
• /
• 1997.11a
• /
• pp.161-166
• /
• 1997

현재 많은 기업들은 인터넷을 기반으로 Intranet, Extranet등을 구축하며 기업간 전자 상거래에 활발한 움직임이 있다. Extranet은 WWW으로 대표되는 인터넷 기술을 사용한 기업간 정보 시스템이라 할 수 있고, 종래의 기업간 정보시스템 보다 훨씬 구축하기 쉽기 때문에 Extranet의 수요는 점점더 확산되고 있는 추세이다. 즉 Intranet에서 Extranet으로 기업의 정보 시스템이 확대되기 시작했다. 그러나 Extranet은 Intranet과는 달리 영업데이타가 공용 통신 회선을 타고 전송된다든지 다른 회사의 사용자가 사내 서버에 액세스해 들어오기 때문에 반드시 고려돼야 할 과제가 보안(Security) 문제이다. 즉 어떤 거래에 대한 데이터의 전달과정에서의 변조 및 누락이 없었는지 거래자가 거래사실을 부인하지 못하게 하는 조치, 혹은 제3자가 거래내용을 도청하지 못하게 하는 조치와 내부에 보관된 정보를 허가받지 않은 사용자가 알지 못하게 한다든지 하는 조치가 반드시 필요하다. 따라서 본 연구에서는 Web기반 CALS시스템 구현에 있어 보안성을 확보하기 위하여 내부 정보보호를 위한 미들웨어 구현, 인증 및 접근제어를 위한 Proxy구현 기술, 인증 및 데이터 보호를 위한 암호화 기술등을 확보하여 이에 대한 시제품의 개발과 구현에 관해 알아보고자 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06a
• /
• pp.97-99
• /
• 2011

논문에서는 일반 웹 브라우저를 대상으로 제작된 웹 페이지로부터 사용자가 원하는 정보를 추출하여 모바일 환경에서 활용할 수 있는 방법을 제안한다. 기존에 별도의 프록시(proxy) 서버를 통해 데이터를 저장하고 이를 제공하는 방식이 제안되었으나 이는 보안에 민감한 데이터 및 실시간 데이터 처리에 적합하지 않다. 본 논문에서는 모바일 기기상에서 웹 데이터 추출을 직접 처리하는 방법을 제안하며 이를 위해 웹 페이지로부터 데이터를 추출하는 방법 및 절차를 기술하는 정의 언어 (Web Extraction Definition Language)를 설계한다. 또한 설계된 WEDL 문서를 기반으로 동작하는 웹 클라이언트 라이브러리를 구현하여 실제 웹 페이지를 대상으로 동작하는지 실험한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.3
• /
• pp.91-98
• /
• 2021

In most hacking attacks, hackers tend to access target systems in a variety of circumvent connection methods to hide their original IP. Therefore, finding the attacker's IP(Internet Protocol) from the defender's point of view is one of important issue to recognize hackers. If an attacker uses a proxy, original IP can be obtained through a program other than web browser in attacker's computer. Unfortunately, this method has no effect on the connection through VPN(Virtual Private Network), because VPN affects all applications. In an academic domain, various IP traceback methods using network equipments such as routers have been studied, but it is very difficult to be realized due to various problems including standardization and privacy. To overcome this limitation, this paper proposes a practical way to use client's network configuration temporarily until it can detect original IP. The proposed method does not only restrict usage of network, but also does not violate any privacy. We implemented and verified the proposed method in real internet with various VPN tools.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.7B
• /
• pp.431-437
• /
• 2007

Web proxy caching provides an effective way to reduce access latency and bandwidth requirement. In particular, prefix caching is considered as an alternative for improving video delivery over wide area networks because video objects are usually too large to be cached in their entirety. Nevertheless, many studies have pointed that the user-perceived latency is often not dominated by object transmission time, but rather by setup process such as TCP connection time that precedes it. We propose pre-connecting techniques and show that the techniques can be used efficiently in TCP splicing. Our analysis shows the pre-connection significantly reduces start-up latency and TCP connection time in simple analytical model. The deployment of the proposed pre-connection does not require protocol modification or the cooperation of other entities.

• Journal of Communications and Networks
• /
• v.4 no.4
• /
• pp.266-281
• /
• 2002

The General Packet Radio Service (GPRS) is being deployed by GSM network operators world-wide, and promises to provide users with “always-on” data access at bandwidths comparable to that of conventional fixed-wire telephone modems. However, many users have found the reality to be rather different, experiencing very disappointing performance when, for example, browsing the web over GPRS. In this paper, we examine the causes, and show how unfortunate interactions between the GPRS link characteristics and TCP/IP protocols lead to poor performance. A performance characterization of the GPRS link-layer is presented, determined through extensive measurements taken over production networks. We present measurements of packet loss rates, bandwidth availability, link stability, and round-trip time. The effect these characteristics have on TCP behavior are examined, demonstrating how they can result in poor link utilization, excessive packet queueing, and slow recovery from packet losses. Further, we show that the HTTP protocol can compound these issues, leading to dire WWW performance. We go on to show how the use of a transparent proxy interposed near the wired-wireless border can be used to alleviate many of these performance issues without requiring changes to either client or server end systems.

• IEIE Transactions on Smart Processing and Computing
• /
• v.5 no.2
• /
• pp.94-99
• /
• 2016

Application layer attacks have for years posed an ever-serious threat to network security, since they always come after a technically legitimate connection has been established. In recent years, cyber criminals have turned to fully exploiting the web as a medium of communication to launch a variety of forbidden or illicit activities by spreading malicious automated software (auto-ware) such as adware, spyware, or bots. When this malicious auto-ware infects a network, it will act like a robot, mimic normal behavior of web access, and bypass the network firewall or intrusion detection system. Besides that, in a private and large network, with huge Hypertext Transfer Protocol (HTTP) traffic generated each day, communication behavior identification and classification of auto-ware is a challenge. In this paper, based on a previous study, analysis of auto-ware communication behavior, and with the addition of new features, a method for classification of HTTP auto-ware communication is proposed. For that, a Not Only Structured Query Language (NoSQL) database is applied to handle large volumes of unstructured HTTP requests captured every day. The method is tested with real HTTP traffic data collected through a proxy server of a private network, providing good results in the classification and detection of suspicious auto-ware web access.

• Journal of Korea Multimedia Society
• /
• v.4 no.5
• /
• pp.377-389
• /
• 2001

It has a tendency to build Workflow Systems based on the web with the spread of web environment. The important function in Workflow Systems are to automatize job flow according to the predefined regulations, procedures or conditions. Hence, there needs to consider excluding passive jobs, supporting GUI and a migratory information processing for information flow. Distributed Workflow System for workflow of a distributed service system should perform transfer control and Fault-Tolerance between tasks based on process logic, and real time processing. However, the existing mail systems being used are just for transmission and it doesn't fit to automatize job flow. To solve the matter, there needs a Distributed Workflow Engine to design workflow and automatize its control. In this paper, we design a web browser with graphic interface using web mail, a browser creating a script code for a procedural performance. Also, we design a Process-engine has a Preprocessor which tolerates process scheduler for task transaction or server node's faults on distributed environment. The proposed system enhances the reliability and usability of a system reduces the cost rather than a workflow system based on database, for they execute as proxy for a server's fault or suers' absence.

• The KIPS Transactions:PartA
• /
• v.13A no.7 s.104
• /
• pp.615-622
• /
• 2006

Caching in a Wireless Internet Proxy Server Cluster Environment has an effect that minimizes the time on the request and response of Internet traffic and Web user As a way to increase the hit ratio of cache, we can use a hash function to make the same request URLs to be assigned to the same cache server. The disadvantage of the hashing scheme is that client requests cannot be well-distributed to all cache servers so that the performance of the whole system can depend on only a few busy servers. In this paper, we propose an improved load balancing scheme using hashing and Round Robin scheme that distributes client requests evenly to cache servers. In the existing hashing scheme, if a hashing value for a request URL is calculated, the server number is statically fixed at compile time while in the proposed scheme it is dynamically fixed at run time using round robin method. We implemented the proposed scheme in a Wireless Internet Proxy Server Cluster Environment and performed experiments using 16 PCs. Experimental results show the even distribution of client requests and the 52% to 112% performance improvement compared to the existing hashing method.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.5
• /
• pp.25-38
• /
• 2013

Future wireless systems will be required to support the increasingly nomadic lifestyle of people. This support will be provided through the use of multiple overlaid networks which have very different characteristics. Moreover, these networks will be required to support the seamless delivery of today's popular desktop services, such as web browsing, interactive multimedia and video conferencing to the mobile devices. Thus one of the major challenges in the design of these mobile systems will be the provision of the quality of service (QoS) guarantees that the applications demand under this diverse networking infrastructure. We believe that it is necessary to use resource reservation and adaptation techniques to deliver these QoS guarantee to applications. However, reservation and pre-configuration in the entire service region is overly aggressive, and results in schemes that are extremely inefficient and unreliable. To overcome this, the mobility pattern of a user can be exploited. If the movement of a user is known, the reservation and configuration procedure can be limited to the regions of the network a user is likely to visit. Our proposed Proxy-UMP is not sensitive to increase of the search cost than other schemes and shows that the increasing rate of total cost is low as the SMR increases.