Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
The KIPS Transactions:PartC
Journal Basic Information
Journal DOI :
Korea Information Processing Society
Editor in Chief :
Volume & Issues
Volume 11C, Issue 7 - Dec 2004
Volume 11C, Issue 6 - Dec 2004
Volume 11C, Issue 5 - Oct 2004
Volume 11, Issue 5 - Oct 2004
Volume 11C, Issue 4 - Aug 2004
Volume 11C, Issue 3 - Jun 2004
Volume 11C, Issue 2 - Apr 2004
Volume 11C, Issue 1 - Feb 2004
Volume 11, Issue 2 - 00 2004
Volume 11, Issue 1 - 00 2004
Selecting the target year
Performance Analysis of Packet Sampling Mechanisms for DDoS Attack Detection
Kang Kil-Soo ; Lee Joon-Hee ; Choi Kyung-Hee ; Jung Gi-Hyun ; Shim Jae-Hong ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 711~718
DOI : 10.3745/KIPSTC.2004.11C.6.711
Packet sampling is the techniques to collect a part of the packets through network and analyze the characteristicsof the traffic for managing the network and keeping security. This paper presents a study on the sampling techniques applied to DDoS traffic and on the characteristics of the sampled traffic to detect DDoS attack efficiently and improve traffic analysis capacity. Three famous sampling techniques are evaluated with different sampling rates on various DDoS traffics. To analyze traffic characteristics, one of the DDoS attack detection method. Traffic Rate Analysis (TRA) is used. Simulation results verify that using sampling techniques preserve the traffic characteristics of DDoS and do not significantly reduce the detection accuracy.
Anomaly Detection Model based on Network using the Session Patterns
Park Soo-Jin ; Choi Yong-Rak ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 719~724
DOI : 10.3745/KIPSTC.2004.11C.6.719
Recently, since the number of internet users is increasing rapidly and, by using the public hacking tools, general network users can intrude computer systems easily, the hacking problem is getting more serious. In order to prevent the intrusion, it is needed to detect the sign in advance of intrusion in a positive prevention by detecting the various foms of hackers` intrusion trials to know the vulnerability of systems. The existing network-based anomaly detection algorithms that cope with port- scanning and the network vulnerability scans have some weakness in intrusion detection. they can not detect slow scans and coordinated scans. therefore, the new concept of algorithm is needed to detect effectively the various forms of abnormal accesses for intrusion regardless of the intrusion methods. In this paper, SPAD(Session Pattern Anomaly Detector) is presented, which detects the abnormal service patterns by comparing them with the ordinary normal service patterns.
Permission-Based Separation of Duty Model on Role-Based Access Control
Oh Se-Jong ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 725~730
DOI : 10.3745/KIPSTC.2004.11C.6.725
Separation of Duty(SOD), with delegation, is one of important security principles in access control area. The role-based access control model adopts SOD principle, but it has some problems; SOD concept is inconsistent with role hierarchy, permissions that have no relation with SOD may be restricted, and delegation may violate SOD. We propose permission-based SOD model on role-based access control. We establishes SOD as a set of permissions instead of role level SOD. Furthermore we propose a principle of role activation. It solves SOD problems of RBAC and supports easy implementation of SOD policy.
Design and Implementation of a Protection and Distribution System for Digital Broadcasting Contents
Lee Hyejoo ; Choi BumSeok ; Hong Jinwoo ; Seo Jongwon ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 731~738
DOI : 10.3745/KIPSTC.2004.11C.6.731
With the increase of digital content usages, the protection for digital content and intellectual property becomes more important. The DRM(digital rights management) technologies are applicable to protect not only any kind of digital contents but also intellectual property. Besides such techniques are required for recorded digital broadcasting contents due to introduction of digital broadcasting techniques and storage devices such as personal video recorder. The conventional protection scheme for broadcasting content is the CAS(conditional access system) by which the access of viewer is controlled on the specific channels or programs. The CAS prohibits the viewer from delivering the digital broadcasting content to other person, so it results in restriction of superdistribution on the digital broadcasting content. In this paper, for broadcast targeting unspecfic many people, we will design the service model of the protection and distribution of digital broadcasting content using encryption and license by employing the concept of DRM. The results of implementation are also shown to verify some functions of each component. An implemented system of this paper has some advantages that the recording of broadcast content is allowed on set-top-box and superdistribution is available by consumer. Hence it provides content providers and consumers with trustworthy environment for content protection and distribution.
Member/Group License Mechanism for Secure and Flexible Sharing of Protected Contents in DRM Systems
Chang Hai Jin ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 739~746
DOI : 10.3745/KIPSTC.2004.11C.6.739
License mechanisms are the key elements in almost all DRM(digital rights management) systems. The license mechanisms are designed for the clear identification and enforcement of contents, principals, and usage rules in DRM systems. But current license mechanisms are lacking in the flexibility for the secure and efficient sharing of the contents among the members of a group such as a family or a part of an enterprise. This paper suggests a new license mechanism for efficient and secure sharing of contents in DRM systems among the members of a group. We named it member/group license mechanism. The mechanism extends the current license mechanisms by introducing new concepts such as group licenses, member licenses, and derivation relationships between licenses.
An Efficient Authentication Protocol Using Single Bit Synchronization for Wireless LAN Environment
Jo Hea Suk ; Youn Hee Yong ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 747~754
DOI : 10.3745/KIPSTC.2004.11C.6.747
Today, wireless LANs are widely deployed in various places such as corporate office conference rooms, industrial warehouses, Internet-ready classrooms, etc. However, new concerns have been raised regarding suity. Currently, both virtual private network(VPN) and WEP are used together as a strong authentication mechanism. While security is increased by using VPN and WEP together, unnecessary redundancy occurs causing power consumption increase and authentication speed decrease in the authentication process. In this paper a new synchronization protocol for authentication is proposed which allows simple authentication, minimal power consumption at the mobile station, and high utilization of authentication stream. This is achieved by using one bit per a frame authentication, while main authentication process including synchronization is handled by access points. Computer simulation reveals that the proposed scheme significantly improves the authentication efficiency in terms of the number of authenticated frames and authentication speed compared with an earlier protocol employing a similar authentication approach.
Payment PKI based on EMV and Efficient IC Card Authentication Mechanism
Song Sang Heon ; Choi Seok Jin ; Ryou Jea Cheol ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 755~764
DOI : 10.3745/KIPSTC.2004.11C.6.755
Recently `Banking IC Card Standard` and EMV Standard by the domestic standard is selected, and it is situation that is developing infrastructure vigorously to alternate Magnetic Stripe card by IC card. This paper analyzes EMV standard that is selecting public key cipher, and research wishes to study unexhausted EMV PKI relatively than internet PKI, WAP PKI etc. This paper propose utilizable EMV base Payment PKI model in IC card base payment system development, and developed EMV CA system with this. Also, this paper supplemented IC card Authentication mechanism that is defined in EMV standard, and propose `Efficient smart card Authentication mechanism` to improve performance of this mechanism, and estimate performance.
Authentication Mechanism for Efficient Multicast Service
Jung Yumi ; Par Jung-Min ; Chae Kijoon ; Lee Sang-Ho ; Nah Jaehoon ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 765~772
DOI : 10.3745/KIPSTC.2004.11C.6.765
Multicast communication is simultaneous transmission of data to multiple receivers and saves considerably sender resources and network bandwidth. It has high risk to attack using group address and inherent complexity of routing packets to a large group of receivers. It is therefore critical to provide source authentication, allowing a receiver to ensure that received data is authentic. In this paper, we propose the multiple chain authentication scheme for secure and efficient multicast stream. To evaluate the performance of our scheme, we compare our technique with two other previously proposed schemes using simulation results. Our scheme provides non-repudiation of origin, low overhead by amortizing the signature operation over multiple packets, and high packet loss resistance.
Evaluation of Transmission Quality for Stream-type traffics on Very High-speed Network
Lee Yang Min ; Lee Jae Kee ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 773~780
DOI : 10.3745/KIPSTC.2004.11C.6.773
In this paper, we measured the transmission characteristics of a MPEG2 and a DV that are typical stream-type traffics on the very high speed network and carried out the subjective evaluation of end users for these stream-types. In the subjective evaluation of these stream-type data, video quality evaluation is based on ITU-R BT.500-1 and audio qualify evaluation is based on ITU-R BS.1116-1. Also experiment method to acquire the subjective evaluation of end users is selected the 5 grades method of DSCQS. Under the same condition, in case of MPEG2, the evaluation grade of the video and the audio duality becomes deteriorated at the load rate of
that network traffic increases rapidly. In case of DV the evaluation grade of video duality began decrease, but the degree of the change was slower than MPEG2 at the same load rate. Moreover the subjective evaluation grade of end users was superior to load rate
in case of DV audio quality, traffic and QoS control that consider the subjective evaluation of end user is required. Conclusively, in case of MPEG2, we can perform traffic control that only use the actual measurement values on the network. However in case of DV, we can perform traffic control that the actual measurement values on the network and the subjective evaluation of end users are considered at the same time.
Development of a High Performance Web Server Using A Real-Time Compression Architecture
Min Byungjo ; Hwang June ; Kim Hagbae ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 781~786
DOI : 10.3745/KIPSTC.2004.11C.6.781
In these days, such services are popularized as E-commerce, E- government, multimedia services, and home networking applications. Most web traffics generated contemporarily basically use the Hyper Text Transfer Protocol(HTTP). Unfortunately, the HTTP is improper for these applications that comprise significant components of the web traffics. In this paper, we introduce a real-time contents compression architecture that maximizes the web service performance as well as reduces the response time. This architecture is built into the linux kernel-based web accelerating module. It guarantees not only the freshness of compressed contents but also the minimum time delay using an server-state adaptive algorithm, which can determine whether the server sends the compressed message considering the consumption of sewer resources when heavy requests reach the web server. Also, We minimize the CPU overhead of the web server by exclusively implementing the compression kernel-thread. The testing results validates that this architecture saves the bandwidth of the web server and that elapsed time improvement is dramatic.
An Analysis on the Effect of Extended Frames to the End-to-end Performance
Jo Jinyong ; Kwak Jaiseung ; Byeon Okhwan ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 787~798
DOI : 10.3745/KIPSTC.2004.11C.6.787
High performance net재rking is one of key factors to provide support for data intensive applications in the Internet. Extended frame size has a major impact on end to-end performance with increasing effective TCP throughput and decreasing system overhead. Most of the research about extended frames has focused on local area network performance and the impact that extended frame size has on the system elements including memory, network interface card and so forth. In the paper, we analyse the effects of the extended frames to the other traffic flows sharing Internet paths for the wide area performance of TCP by conducting various network simulations. Results show that securing available bandwidth in no loss and low delay networks is indispensable to exploit the efficiency of extended frames.
Implementation of ATM/Internet Gateway System for Real Time Multimedia Service
Han Tae-Man ; Jeong You-Hyeon ; Kim Dong-Won ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 799~806
DOI : 10.3745/KIPSTC.2004.11C.6.799
A growing diversity of pervasive devices is gaming access to the Internet and other information. However, much of the rich multimedia contents cannot be easily handled by the client devices because of the limited communication, processing, storage and display capabilities. The in-tegration of voice, data and video service modified the target of networking technologies. Networks must have some the capabilities for in-tegration of various services and also for QoS support as required by each of those service. Because of these reasons, we developed EAGIS(Efficient ATM Gateway for real time Internet Service) to provide seamless multimedia service between the ATM network and the Internet. EAGIS consists of the interworking unit, content server, transcoding server, and the serveice broker to provide seamless multimedia service be-tween the ATM network and the Internet. In this paper, we design the architecture and transcoding service scenario of the EAGIS. When the RTP is used for the bi-directional communication, transcoding time is configured by the time-stamp of RTCP. When HTTP is used for unidirec-tional communication, self-timer is used. By using these reference time, standard transcoding method is applicable according to the frame trans-mission rate and network traffic load. And we can also assure the QoS of the multiple users` effective bandwidth by our algorithm.
An Experimental Evaluation of Active Bandwidth Allocation Model for DiffServ Support in MPLS Networks
Kim Sung-Chan ; Chang Kun-Won ; Oh Hae-Seok ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 807~814
DOI : 10.3745/KIPSTC.2004.11C.6.807
This paper researches and evaluates a bandwidth reallocation mechanism for efficient DiffServ QoS support in MPLS networks by monitoring the network traffic status and reallocating unused bandwidth. While the Differentiated Services in MPLS Networks architecture provides QoS management through the RSVP resource reservation, this mechanism is based on a static provisioning of resource. But this approach can lead to waste bandwidth in some service classes or, leave some service classes` resource starved. This paper presents the bandwidth reallocation dynamically based on network traffic status for bandwidth usage maximization.
Evaluation on Effect of Message Overhead for Implementing a Scalable RSVP-TE Protocol in MPLS Networks
Lee Young-Woo ; Park Jaehyung ; Kim Sang-Ha ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 815~820
DOI : 10.3745/KIPSTC.2004.11C.6.815
For providing high quality-guaranteed service over Internet, traffic engineering based on an MPLS technology is being introduced. MPLS traffic engineering performs the computation on the path guaranteeing service`s quality and the reservation on network resources by an MPLS signaling protocol. As one of MPLS signaling protocol, RSVP-TE protocol transmits and receives periodic refresh messages for maintaining the path of a traffic flow. Such characteristic gives a heavy processing overhead to routers for maintaining states of large number of paths. In this paper, we propose a scalable implementation approach for RSVP-TE without dramatically increasing processing overhead. And we eval-uate the processing overhead on periodic messages by implementing the RSVP-TE protocol and the reduction mechanism of periodic messages.
The Development of Kernel-based Monitoring System for Grid Application
Kim Tae-Kyung ; Kim Dong-Su ; Byeon Ok-Hwan ; Chung Tai M. ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 821~828
DOI : 10.3745/KIPSTC.2004.11C.6.821
To analyze the usage information of system and network resources to the each grid application by measuring the real time traffic and calculating the statistic information, we suggested the kernel-based monitoring methods by researching the efficient monitoring method. This method use small system resourcesand measure the monitoring information accurately with less delay than the usual packet capture methods such as tcpdump. Also we implemented the monitoring systems which can monitor the used resources of system and network for grid application using the suggested kernel-based monitoring method. This research can give the useful information to the development of grid application and to grid network scheduler which can assign the proper resources to the grid application to perform efficiently. Network administrator can decide whether the expansion of network is required or not using the monitoring information.
A Leader Election Algorithm and Performance Evaluation for Mobile Ad hoc Networks
Parvathipuram Pradeep ; Yang Gi-Chul ; Oh Sooyul ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 829~834
DOI : 10.3745/KIPSTC.2004.11C.6.829
Nodes communicate through wireless channels under peer-to-peer level in ad-hoc mobile networks. The nodes are free to move around in a geographical area and are loose]y bounded by the transmission range of the wireless channels. Also, a node is completely free to move around, there is no fixed final topology. Hence, to manage the inter-node communication and data exchange among them a leader node is required. In this paper we introduce an efficient leader election algorithm for mobile ad hoc networks where inter-node communication is allowed only among the neighboring nodes. Furthermore we present the result of performance evaluation through simulation. The algorithm is efficient and practical since it uses least amount of wireless resources and does not affect the movement of the nodes.
Performance Analysis of MC-DS/CDMA System with Phase Error and Hybrid SC/MRC-(2/3) Diversity
Kim Won-Sub ; Park Jin-Soo ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 835~842
DOI : 10.3745/KIPSTC.2004.11C.6.835
In this paper, we have analyzed the MC-DS/CDMA system with input signal synchronized completely through adjustment of the gain in the PLL loop, by using the hybrid SC/MRC-(2/3) technique, which is said to one of the optimal diversity techniques under the multi-path fading environment, assuming that phase error is defined to the phase difference between the received signal from the multi-path and the reference signal in the PLL of the receiver. Also, assuming that the regarded radio channel model for the mobile communication is subject to the Nakagami-m fading channel, we have developed the expressions and performed the simulation under the consideration of various factor, in the MC/DS-CDMA system with the hybrid SC.MRC-(2/3) diversity method, such as the Nakagami fading index(m),
the number of hybrid SC.MRC-(2/3)
the number of users (K), the number of subcarriers (U), and the gain in the PLL loop. As a result of the simulation, it has been confirmed that the performance improvement of the system can be achieved by adjusting properly the PLL loop in order for the MC/DS-CDMA system with the hybrid SC/MRC-(2/3) diversity method to receive a fully synchronized signal. And the value of the gain in the PLL loop should exceed 7dB in order for the system to receive the signal with prefect synchronization, even though there might be a slight difference according to the values of the fading index and the spread processing gain of the subcarrier.
An Improved Way of Remote Storage Service based on iSCSI for Mobile Device using Intermediate Server
Kim Daegeun ; Park Myong-Soon ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 843~850
DOI : 10.3745/KIPSTC.2004.11C.6.843
As mobile devices prevail, requests for various services using mobile devices have increased. Requests for application services that require large data space such as multimedia, game and database  specifically have greatly increased. However, mobile appliances have difficulty in applying various services like a wire environment, because the storage capacity of one is not enough. Therefore, research (5) which provides remote storage service for mobile appliances using iSCSI is being conducted to overcome storage space limitations in mobile appliances. But, when iSCSI is applied to mobile appliances, iSCSI I/O performance drops rapidly if a iSCSI client moves from the server to a far away position. In the case of write operation,
reduction of I/O performance occurred when the latency of network is 64ms. This is because the iSCSI has a structural quality that is very .sensitive to delay time. In this paper, we will introduce an intermediate target server and localize iSCSI target to improve the shortcomings of iSCSI performance dropping sharply as latency increases when mobile appliances recede from a storage server.
A Study on the Tree based Memoryless Anti-Collision Algorithm for RFID Systems
Quan Chenghao ; Hong Wonkee ; Lee Yongdoo ; Kim Hiecheol ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 851~862
DOI : 10.3745/KIPSTC.2004.11C.6.851
RFID(Radio frequency IDentification) is a technology that automatically identifies objects containing the electronic tags by using radio wave. The multi-tag identification problem is the core issue in the RFID and could be resolved by the anti-collision algorithm. However, most of the existing anti-collision algorithms have a problem of heavy implementation cost and low performance. In this paper. we propose a new tree based memoryless anti-collision algorithm called a collision tracking tree algorithm and presents its performance evaluation results obtained by simulation. The Collision Tracking Tree algorithm proves itself the capability of an identification rate of 749 tags per second and the performance evaluation results also show that the proposed algorithm outperforms the other two existing tree-based memoryless algorithms, i.e., the tree-walking algorithm and the query tree algorithm about 49 and 2.4 times respectively.
An Improved Packet Scheduling Algorithm for DSCH of UMTS
Cho Hyunjoon ;
The KIPS Transactions:PartC, volume 11C, issue 6, 2004, Pages 863~870
DOI : 10.3745/KIPSTC.2004.11C.6.863
UMTS(Universal Mobile Telecommunication System) is recently recognized as a standard for 3rd generation of wireless networks and DSCH(Down-link Shared Chanel) is considered as a very effective multiplexing method in UMTS. So, it is inevitable to develope an effective packet scheduling algorithms for DSCH in UMTS. This paper describes an improved packet scheduling algorithm for DSCH of UMTS. The algorithm takes consideration in channel state for each mobile terminal to maximize link utilization, delay threshold for class 3 traffic and throughput for class 4 to get long term fairness. To verify the algorithm, we programmed a simulator using PARSEC simulation tool and got some simulation results by it. The simulation results show that the algorithm has reasonable characteristics in both of link utilization and fair-ness by trade-off.