Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
The KIPS Transactions:PartC
Journal Basic Information
Journal DOI :
Korea Information Processing Society
Editor in Chief :
Volume & Issues
Volume 10C, Issue 7 - Dec 2003
Volume 10C, Issue 6 - Oct 2003
Volume 10C, Issue 5 - Oct 2003
Volume 10C, Issue 4 - Aug 2003
Volume 10C, Issue 3 - Jun 2003
Volume 10C, Issue 2 - Apr 2003
Volume 10C, Issue 1 - Feb 2003
Volume 10, Issue 7 - 00 2003
Volume 10, Issue 5 - 00 2003
Volume 10, Issue 4 - 00 2003
Volume 10, Issue 3 - 00 2003
Volume 10, Issue 2 - 00 2003
Volume 10, Issue 1 - 00 2003
Selecting the target year
An Analysis of Network Traffic on DDoS Attacks against Web Servers
Lee, Cheo-Iho ; Choi, Kyung-Hee ; Jung, Gi-Hyun ; Noh, Sang-Guk ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 253~264
DOI : 10.3745/KIPSTC.2003.10C.3.253
This paper presents the analytic model of Distributed Denial-of-Service (DDoS) attacks in two settings: the normal Web server without any attack and the Web server with DDoS attacks. In these settings, we measure TCP flag rate, which is expressed in terms of the ratio of the number of TCP flags, i.e., SYN, ACK, RST, etc., packets over the total number of TCP packets, and Protocol rate, which is defined by the ratio of the number of TCP (UDP or ICMP) packets over the total number of W packets. The experimental results show a distinctive and predictive pattern of DDoS attacks. We wish our approach can be used to detect and prevent DDoS attacks.
A Study on The Delegation of Role in Role Based Access Control
Lee, Hee-Kyu ; Lee, Jea-Kwang ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 265~272
DOI : 10.3745/KIPSTC.2003.10C.3.265
RBAC is an Access Control Mechanism for security administration of system resource and technique attracting in commercial fields because of reducing cost and complexity of security administration in large network. Many RBAC`s research is progressive but several problems such as the delegation of role have been pointed out concerning the mechanism. It is necessary that a person`s role delegate someone with reliability by reasons of a leave of absence, sick leave and the others. But the existing RBAC standards don`t give definition of the delegation of roles. In this paper, we propose RBAC model that delegator can delegate subset of role and permission to a delegatee so that more efficient access control may be available.
A Study on Authentication and Authorization on Entity in Grid
Kug, Joung-Ook ; Lee, Jae-Kwang ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 273~280
DOI : 10.3745/KIPSTC.2003.10C.3.273
When an existing user authorization systems in Grid access many user to local system and subject DN (Distinguished Name) in a user-proxy authenticate and ID in local system is one-to-one mapping, they have difficulties in ID management, memory resource management and resource management. At this, a variety of subject DN is shared of one local ID in an existing Grid. But this faces many difficulties in applying all requirements for many Grid users. Thus, we suppose user authorization system based on a certificate not them based on ID in this paper. That is, we add user`s access level to extension field in a certificate, and make a supposed authorization system decide access limitation level on resources instead of an existing ID mapping methods.
Implementation of the Electronic Prescription Security System Using by an If Card
Kang, Se-Na ; Lee, Ki-Han ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 281~286
DOI : 10.3745/KIPSTC.2003.10C.3.281
Nowadays, a patient`s private medical data which is exposed to the outside world has a severe effect on not only the patient`s private life but also his/her social activities and environment. So, it is important to securely protect the patient`s private medical data from the illegal manipulation. This paper studies the method to store the electronic prescription information in an IC card. For that, an access control for users, such as a doctor, a nurse, a medical institute member, a pharmacy, a pharmacist, or a patient, is proposed to access the data stored in an IC card. The certificate is issued using the Crypto API of a certificate management model supported by Windows 2000. The public/private key is created by the Cryptographic Service Provider program, and the electronic prescription is signed using the digital signature. The proposed system, therefore, can improve the quality of medical services by securing the safety and integrity of the electronic prescription, stored in an IC card.
Design of a effective Authorization Mechanism based on Kerberos
Kim, Eun-Hwan ; Jun, Moon-Seog ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 287~294
DOI : 10.3745/KIPSTC.2003.10C.3.287
Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.
Classification of the Intrusion Tolerant Systems and Integrated Framework for Survivability Enhancement
Kim, Gi-Han ; Chio, Myeong-Ryeoi ; Lee, Kyung-Whan ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 295~304
DOI : 10.3745/KIPSTC.2003.10C.3.295
Currently security researchers focus on protection of program and data from malicious users and accidents. Therefore, many firewalls and intrusion detection systems have been developed commercially. The intrusion tolerance is a new concept that is the last line of defense for the information survivability. It emphasizes availability and integrity to provide critical system services continuously even when system is compromised. In this paper, we classify current intrusion tolerant technologies from the point of view of program and data. Furthermore, we propose an integrated framework that supports intrusion tolerance of program and data.
A Fairness Improvement Algorithm using Dynamic Threshold in ATM-GFR Service
Kim, Nam-Hee ; Kim, Byun-Gon ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 305~310
DOI : 10.3745/KIPSTC.2003.10C.3.305
The performance of various GFR implementations has been recently studied due to the interest to provide bandwidth guarantees with a simpler implementation than ABR in ATM networks. One of the important factors is buffer management for guaranteeing QoS in GFR service. An efficient buffer management algorithm is necessary to guarantee MCR for untagged cell in ATM switch. In this paper, we propose and evaluate a buffer management scheme to provide the GFR service guarantees. The proposed scheme can control the cell discarding for fairness in each VC, and compared with Double-EPD and DFBA. Our results show that the proposed buffer management with per-VC queuing achieves significant enhancement on goodputs and fairness index than those of existing methods.
Enhancing the Fairness of PGMCC
Park, Young-Sun ; Hyun, Do-Won ; Jang, Ju-Wook ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 311~316
DOI : 10.3745/KIPSTC.2003.10C.3.311
To deploy multicast protocols, fairness to current Internet traffic, particularly TCP, is an important requirement. PGMCC is one of the most promising multicast congestion control proposals but it suffers from degradation of fairness by fixed timeout and uncertain acker selection. In this paper, we suggest addition of an adaptive timeout mechanism and NAK suppression in router using throughput comparison to improve fairness. Our simulation show improved fairness.
Proposal of optical subscriber access network using optical CDMA method with optical switches
Park, Sang-Jo ; Kim, Bong-Kyu ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 317~324
DOI : 10.3745/KIPSTC.2003.10C.3.317
In this paper, we propose the ATM based Passive Optical Network (PON) using the optical CDMA scheme with optical switches and PN codes in time domain. We also propose the bipolar optical receiving correlator for PN codes. As optical CDMA is performed by driving directly an optical switch on-off switching with PN codes, the number of distinct code sequences can be increased and the flexibility in assigning PN codes can be improved. Finally we theoretically analyze the signal-to-interference -plus-noise ratio and the bit error probability of regenerated signal and compare the performance of proposed scheme compared with ATM based PON using conventional optical CDMA with optical delay lines.
Asynchronous Cache Invalidation Strategy to Support Read-Only Transaction in Mobile Environments
Kim, Il-Do ; Nam, Sung-Hun ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 325~334
DOI : 10.3745/KIPSTC.2003.10C.3.325
In stateless server, if an asynchronous cache invalidation scheme attempts to support local processing of read-only transaction in mobile client/sever database systems, a critical problem may occur ; the asynchronous invalidation reports provide no guarantees of waiting time for mobile transactions requesting commit. To solve this problem, the server in our algorithm broadcasts two kind of messages, asynchronous invalidation report to reduce transaction latency and periodic guide message to avoid the uncertainty of waiting time for the next invalidation report. The asynchronous invalidation report has its own sequence number and the periodic guide message has the sequence number of the most recently broadcast asynchronous invalidation report. A mobile client checks its cache validity by using the sequence numbers of these messages.
A Secure Monitoring Mechanism for Short Distance Wireless Communication
Seo, Dae-Hee ; Lee, Im-Yeong ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 335~344
DOI : 10.3745/KIPSTC.2003.10C.3.335
In accordance with the changes in the wireless communication environment, there has been a great need to satisfy the demand for diverse modes of information exchange. Various types of short-distance wireless communication technology have been developed and studied to meet this demand. Among them, Bluetooth and WLAN which has recently been acclaimed as the standard for short-distance wireless communication, has been the focus of many such studies. However, Bluetooth and WLAN has weaknesses in its security features when its in real services are applied to m-commerce. The purpose of this study is to propose techniques that affinity considers to item that is non-security enemy who is although there is no public secure division direct connection in peculiar environment of radio environment as well as limitation security enemy of short distance radio communication. Propose secure monitoring techniques for straggling device to user center also applying proposed way to Bluetooth and WLAN that are short distance communication representative technology based on item that is security enemy and item that is rain suity enemy.
Preceding Error Recovery Algorithm for Multimedia Stream in the Tree-based Multicast Environments
Kim, Ki-Young ; Yoon, Mi-Youn ; Shin, Young-Tae ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 345~354
DOI : 10.3745/KIPSTC.2003.10C.3.345
IP Multicast is required of more little network resources than one in unicast. Furthermore, reliable multicast has been researched for supporting reliability at IP Multicast mechanism. Although these studies are carried out, they only have focused on general data. In other words, in case that realtime packet, they can not support reliability since they do not consider realtime properties such as dependency of interframe and playback in time. Besides, we also request to support scalability because we are based on Mobile IP network together with internet. Thus, we need a mechanism to guarantee reliability and scalability of realtime stream data. In this paper, we propose PER (Preceding Error Recovery) that reflect characteristics of the realtime data, especially for H.323. PER provides scalable reliability because it is based on tree-based multicast basically and helps to support scalable relibility as reducing control packet and recovers stream buffer space from underflow status as soon as possible. PER shows much better scalable and reliable than existing works.
An Efficient Resource Reservation Schemes using PMRSVP in Wireless Mobile Networks
Han, Seung-Jin ; Park, Yang-Jae ; Rim, Kee-Wook ; Lee, Jung-Hyun ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 355~366
DOI : 10.3745/KIPSTC.2003.10C.3.355
Today`s market share of mobile internet service is growing rapidly in internet due to the rapid advances in wireless mobile networks. To guarantee for QoS of Mobile Nodes in wireless mobile networks, we propose the Proxy MRSVP (PMRSVP) which is efficient resource reservation protocol. The PMRSVP using a modified regional registration restrains excessive message generation from existing protocols that propose an alternative plan of existing best effort service in wireless mobile networks. We show that signaling message generation quantities and resource registration costs of the PMRSVP are lower than MRSVP and Hierarchical MRSVP (HMRSVP) because as Mobile Agent (MA) plays a proxy role instead of Corresponding Host (CH). We evaluate resource reservation cost with registration cost of intradomain and interdomain of the proposed method in the paper by comparing to that of the MRSVP and HMRSVP.
Two Phase Heuristic Algorithm for Mean Delay constrained Capacitated Minimum Spanning Tree Problem
Lee, Yong-Jin ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 367~376
DOI : 10.3745/KIPSTC.2003.10C.3.367
This study deals with the DCMST (Delay constrained Capacitated Minimum Spanning Tree) problem applied in the topological design of local networks or finding several communication paths from root node. While the traditional CMST problem has only the traffic capacity constraint served by a port of root node, the DCMST problem has the additional mean delay constraint of network. The DCMST problem consists of finding a set of spanning trees to link end-nodes to the root node satisfying the traffic requirements at end-nodes and the required mean delay of network. The objective function of problem is to minimize the total link cost. This paper presents two-phased heuristic algorithm, which consists of node exchange, and node shift algorithm based on the trade-off criterions, and mean delay algorithm. Actual computational experience and performance analysis show that the proposed algorithm can produce better solution than the existing algorithm for the CMST problem to consider the mean delay constraint in terms of cost
An Efficient Core-Based Multicast Tree using Weighted Clustering in Ad-hoc Networks
Park, Yang-Jae ; Han, Seung-Jin ; Lee, Jung-Hyun ;
The KIPS Transactions:PartC, volume 10C, issue 3, 2003, Pages 377~386
DOI : 10.3745/KIPSTC.2003.10C.3.377
This study suggested a technique to maintain an efficient core-based multicast tree using weighted clustering factors in mobile Ad-hoc networks. The biggest problem with the core-based multicast tree routing is to decide the position of core node. The distance of data transmission varies depending on the position of core node. The overhead`s effect on the entire network is great according to the recomposition of the multicast tree due to the movement of core node, clustering is used. A core node from cluster head nodes on the multicast tree within core area whose weighted factor is the least is chosen as the head core node. Way that compose multicast tree by weighted clustering factors thus and propose keeping could know that transmission distance and control overhead according to position andmobility of core node improve than existent multicast way, and when select core node, mobility is less, and is near in center of network multicast tree could verification by simulation stabilizing that transmission distance is short.