• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.457-469
• /
• 2018

This study aimed to investigate the fundamental reasons for the presence of multi-homed host and the risks associated with such risky system. Furthermore, multi-homed host detection methods that have been researched and developed so far were compared and analyzed to determine areas for improvement. Based on the results, we propose the model of an improved automatic detection system and we implemented it. The experimental environment was configured to simulate the actual network configuration and endpoints of an organization employing network segmentation. And the functionality and performance of the detection system were finally measured while generating multi-homed hosts by category, after the developed detection system had been installed in the experiment environment. We confirmed that the system work correctly without false-positive, false-negative in the scope of this study. To the best of our knowledge, the presented detection system is the first academic work targeting multi-homed host under agent-based.

• Journal of Communications and Networks
• /
• v.10 no.4
• /
• pp.455-464
• /
• 2008

To provide network services consistently under various network failures, enterprise networks increasingly utilize path diversity through multi-homing. As a result, multi-homed non-transit autonomous systems become to surpass single-homed networks in number. In this paper, we address an inevitable problem that occurs when networks with multiple entry points deploy firewalls in their borders. The majority of today's firewalls use stateful inspection that exploits connection state for fine-grained control. However, stateful inspection has a topological restriction such that outgoing and incoming traffic of a connection should pass through a single firewall to execute desired packet filtering operation. Multi-homed networking environments suffer from this restriction and BGP policies provide only coarse control over communication paths. Due to these features and the characteristics of datagram routing, there exists a real possibility of asymmetric routing. This mismatch between the exit and entry firewalls for a connection causes connection establishment failures. In this paper, we formulate this phenomenon into a state-sharing problem among multiple fire walls under asymmetric routing condition. To solve this problem, we propose a stateful inspection protocol that requires very low processing and messaging overhead. Our protocol consists of the following two phases: 1) Generation of a TCP SYN cookie marked with the firewall identification number upon a SYN packet arrival, and 2) state sharing triggered by a SYN/ACK packet arrival in the absence of the trail of its initial SYN packet. We demonstrate that our protocol is scalable, robust, and simple enough to be deployed for high speed networks. It also transparently works under any client-server configurations. Last but not least, we present experimental results through a prototype implementation.

• The KIPS Transactions:PartC
• /
• v.11C no.2
• /
• pp.245-252
• /
• 2004

Stream Control Transmission Protocol(SCTP) is a new connection-oriented, reliable delivery transport protocol operating on top of an unreliable connectionless packet service such as IP. It inherits many of the functions developed for TCP, including flow control and packet loss recovery functions. In addition, it also supports transport layer multihoming and multistreaming In this paper, we study the impact of multi-homing on the performance of SCTP. We first compare performance of single-homed SCTP. multi-homed SCTP, TCP Reno and TCP SACK. We, then describe potential flaw in the current SCTP retransmission policy, when SCTP host is multihomed. Our Results show that SCTP performs better than TCP Reno and TCP SACK due to several changes from TCP in its congestion control mechanism. In particular. multi-homed SCTP shows the best result among the compared schemes. Through experimentation for multi-homed SCTP, we found that the current SCTP retransmission policy nay deteriorate the perfomance when the retransmission path it worse than the original path. Therefore, the condition of retransmission path is a very important factor In SCTP performance and a proper mechanism would be required to measure the condition of the retransmission path.

• 대한공업교육학회지
• /
• v.33 no.1
• /
• pp.233-248
• /
• 2008

Stream Control Transmission Protocol(SCTP) is a new transport protocol that is known to provide improved performance than Transmission Control Protocol(TCP) in multi-homing environment that is having two and more IP addresses. But currently single-homed computer is used primarily that is having one IP address. To identify whether mean transfer time for SCTP is faster that for TCP in single-homed environment considering packet loss, we make up real testbed regulating the bandwidth, delay time and packet loss rate on router and observe the transfer time. We write server and client applications to measure SCTP and TCP mean transfer time by C language. Analysis of these experimental results from the testbed implementation shows that mean transfer time of SCTP is not better than performance of TCP in single homed environment exceptional case. Main reasons of performance are that SCTP compared to TCP stops transmitting data by timeout and data transmission is often delayed when SACK congestion happens. The result of study shows that elaborate performance tuning is required in developing a new SCTP module or using a implemented SCTP module.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.8 s.350
• /
• pp.25-34
• /
• 2006

In this paper DynaMoNET is suggested as a novel IPv6-based multi-homed mobile network architecture which is composed of nested mobile ad hoc networks dynamically coming together through wireless personal area networks. Each ad hoc network has a mobile router which may work as a root mobile router instead of fixed mobile routers in a DynaMoNET. A root mobile router provides the reliable Internet connectivity for the entire mobile network. This paper includes a innovative handover protocol for multi-homed mobile networks, network switchover algorithm considering multiple decision factors, root mobile router election process based on token-based algorithm fast root mobile router discovery algorithm and fault avoidance mechanism to support reliable Internet connectivity. Finally the system architecture of a mobile router is given in detail.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.6B
• /
• pp.592-599
• /
• 2011

Proxy Mobile IPv6 (PMIPv6) is the network-based mobility management protocol that network supports the mobility of mobile node (MN) on behalf of the MN. In PMIPv6, a multi-homed MN can connect to the PMIPv6 domain by using only one interface even though it has multiple interfaces. It would be efficient when such a multi-homed MN connects to the PMIPv6 domain by using all of its interfaces. If such a multi-homed MN utilizes all of its interfaces, flow mobility can be provided that the MN handovers one or more flows from one interface to another without re-establishing session. In this paper, we propose the flow-based mobility management protocol by considering the intention of the user. The Router Advertisement (RA) message is used in order for the PMIPv6 domain to inform that the MN can utilize the flow mobility. The proposed mechanism is evaluated by analyzing signaling overhead and handover latency, and the numerical results show that the performance is affected by mobility speed of the MN and the failure probability of the wireless link.

• Journal of Internet Computing and Services
• /
• v.10 no.4
• /
• pp.199-211
• /
• 2009

Recent advancements in wireless networks have enabled support for mobile applications to transfer data over heterogeneous wireless paths in parallel using data striping technique [2]. Traditionally, high performance data transfer requires tuning of multiple TCP sockets, at sender's end, based on bandwidth delay product (BDP). Moreover, traditional techniques like Automatic TCP Buffer Tuning (ATBT), which balance memory and fulfill network demand, is designed for wired infrastructure assuming single flow on a single socket. Hence, in this paper we propose a buffer tuning technique at senders end designed to ensure high performance data transfer by striping data at transport layer across heterogeneous wireless paths. Our mechanism has the capability to become a resource management system for transport layer connections running on multi-homed mobile host supporting features for wireless link i.e. mobility, bandwidth fluctuations, link level losses. We show that our proposed mechanism performs better than ATBT, in efficiently utilizing memory and achieving aggregate throughput.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.05a
• /
• pp.915-918
• /
• 2009

다중 네트워크 인터페이스 단말과 멀티 네트워크 환경간의 통신을 위한 네트워크 구조에 관한 기존 연구는 GLL, A-MAC처럼 멀티네트워크 자원관리에 초점을 둔 프로토콜 연구가 대부분이며 이 프로토콜들은 2.5 계층, 즉, 네트워크 계층과 데이터 링크 계층 사이에 위치하여 응용을 위해서 다중 인터페이스 중 하나의 인터페이스를 선택할 수 있는 기능을 제공한다. 따라서 기존 연구에 초점은 기존 통신 프로토콜 및 인터넷 구조의 변화를 최소화 할 수 있으나 단말내의 응용이 다중 네트워크 인터페이스를 효율적으로 사용할 수 있는 기술은 아니다. 본 연구에서는 기존 통신 프로토콜 및 인터넷 구조에서 단말이 다중 네트워크 인터페이스 사용 시 발생하는 계층별 문제점 및 IETF MIF WG 표준화 동향을 분석한다. 특히 응용 계층이 멀티 네트워크 인터페이스 기반의 멀티 연결을 지원하지 못하는 문제점, 전송 계층에서의 다중 연결 시 발생하는 문제점, 네트워크 계층에서 다중 인터페이스별로 할당된 IP 주소에 대한 처리문제, 다중 인터페이스 라우팅 문제, Split DNS 문제, 응용별 서비스 요구에 적응적인 인터페이스 선택 방법에 관한 문제를 정의하고 이를 해결하기 위한 연구 방향을 제시한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.1
• /
• pp.79-95
• /
• 2016

In order to improve the Quality-of-Service (QoS) of latency sensitive applications in next-generation cellular networks, multi-path is adopted to transmit packet stream in real-time to achieve high-quality video transmission in heterogeneous wireless networks. However, multi-path also introduces two important challenges: out-of-order issue and reordering delay. In this paper, we propose a new architecture based on Software Defined Network (SDN) for flow aggregation and flow splitting, and then design a Multiple Access Radio Scheduling (MARS) scheme based on relative Round-Trip Time (RTT) measurement. The QoS metrics including end-to-end delay, throughput and the packet out-of-order problem at the receiver have been investigated using the extensive simulation experiments. The performance results show that this SDN architecture coupled with the proposed MARS scheme can reduce the end-to-end delay and the reordering delay time caused by packet out-of-order as well as achieve a better throughput than the existing SMOS and Round-Robin algorithms.

• Proceedings of the KAIS Fall Conference
• /
• 2005.05a
• /
• pp.234-237
• /
• 2005

본 논문에서는 중첩된 이동네트워크(nested mobile network) 환경에서 멀티홈 기능을 지원하도록 구현한 내용을 기술한다. 멀티 흠 환경에서 이동 노드는 중첩도가 낮은 이동 네트워크를 우선적으로 선택하도록 설계 구현하였다. 구현된 중첩 이동 네트워크 시스템은 계층적 프리픽스 위임 기법에 기반한 경로 최적화(Hierarchical Prefix Delegation)를 지원하고 있다. 구현된 시스템을 테스트한 결과 이동 노드 이동 라우터, 흠 에이전트 등이 기대한 대로 동작함을 확인하였는데, 특히 멀티 흠 환경에 접속된 모바일 노드는 중첩도가 낮은 이동라우터를 성공적으로 선택하여 통신한다는 것을 확인할 수 있었다.