Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
The KIPS Transactions:PartC
Journal Basic Information
Journal DOI :
Korea Information Processing Society
Editor in Chief :
Volume & Issues
Volume 12C, Issue 7 - Dec 2005
Volume 12C, Issue 6 - Oct 2005
Volume 12C, Issue 5 - Oct 2005
Volume 12C, Issue 4 - Aug 2005
Volume 12C, Issue 3 - Jun 2005
Volume 12C, Issue 2 - Apr 2005
Volume 12C, Issue 1 - Feb 2005
Selecting the target year
Challenge-Response Based Secure RFID Authentication Protocol for Distributed Database Environment
Rhee Keun-Woo ; Oh Dong-Kyu ; Kwak Jin ; Oh Soo-Hyun ; Kim Seung-Joo ; Won Dong-Ho ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 309~316
DOI : 10.3745/KIPSTC.2005.12C.3.309
Recently, RFID system is a main technology to realize ubiquitous computing environments, but the feature of the RFID system may bring about various privacy problem. So, many kinds of protocols To resolve this problem are researched. In this paper, we analyse the privacy problem of the previous methods and propose more secure and effective authentication protocol to protect user's privacy. Then we prove that the proposed protocol is secure and effective as we compare the proposed protocol with previous methods. The proposed protocol is based on Challenge-Response using one-way hash function and random number. The proposed protocol is secure against replay attack, spoofing attack and so on. In addition, the proposed protocol is proper for distributed database environment.
The Integrated Identification Number Checking and Key Management Protocol with Certificates
Kim Sung Duk ; Jung Jae Dong ; Won Dong Ho ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 317~322
DOI : 10.3745/KIPSTC.2005.12C.3.317
The existing certificate based authentication or identification just verifies whether the owner of private key corresponding to public key of certificate is the DN user set in the user field in the certificate or not, then we cannot find out who is the actual private key owner in a real world. To make up for this weak points, the method to insert the identification number like the resident registration number into the certificate extension field is applied as a technical standard to current domestic PKI system. In this paper, we propose the ECC based integrated identification, identification number checking and key management protocol providing user validation during the login.
Efficient Buffer-Overflow Prevention Technique Using Binary Rewriting
Kim Yun-Sam ; Cho Eun-Sun ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 323~330
DOI : 10.3745/KIPSTC.2005.12C.3.323
Buffer overflow is one of the most prevalent and critical internet security vulnerabilities. Recently, various methods to prevent buffer overflow attacks have been investigated, but they are still difficult to apply to real applications due to their run-time overhead. This paper suggests an efficient rewrite method to prevent buffer-overflow attacks only with lower costs by generating a redundant copy of the return address in stack frame and comparing return address to copied return address. Not to be overwritten by the attack data the new copy will have the lower address number than local buffers have. In addition, for a safer execution environment, every vulnerable function call is transformed during the rewriting procedure.
Packet Replacement Technique for Securing Anonymity in P2P Network
Kim Byung Ryong ; Kim Ki Chang ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 331~338
DOI : 10.3745/KIPSTC.2005.12C.3.331
Flooding based P2P system basically provides anonymity and under the anonymity circumstances user and provider exchange information. Most of packets transferred from node to node do not contain identity information on node that sent packet. And these packets are transmitted to the destination through the routing systems dynamically composed of intermediate nodes. Therefore it is impossible to know who transmitted it for the first and who the designated recipient is. But since downloading and uploading host's IP address is exposed it does not provide anonymity. This study introduces techniques to provide anonymity for protecting identification of users and resource Providers by replacing QueryHit Packets in systems where anonymity can cause trouble.
Design and Implementation of a Java-Based Single Sign-On Library Supporting SAML (Security Assertion Markup Language) for Grid and Web Services Security
Jeong Jongil ; Yu Seokhwan ; Shin Dongkyoo ; Shin Dongil ; Cha Moohong ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 339~346
DOI : 10.3745/KIPSTC.2005.12C.3.339
In recent years, the Grid development focus is transitioning from resources to services, A Grid Service is defined as a Web Service that provides a set of well-defined interfaces and follows specific conventions. SAML as a standard for Web Services which enables exchange of authentication, authorization, and profile information between different entities provides interoperability among different security services in distributed environments. In this paper, we implemented SAML API. By offering interoperability for non XML-based authentication technologies using SAML specification offering a method to integrate the existing Single Sign-On technologies, the API provides convenience for accessing different services in Grid architecture.
A Study on Security of E-Government Service Based on Web Service
Lee Eun-Seon ; Yang Jin-Seok ; Lim Jung-Muk ; Moon Ki-Young ; Lee Jae-Seung ; Chung Tai-Myoung ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 347~360
DOI : 10.3745/KIPSTC.2005.12C.3.347
E-Government service is national project that is necessary for international competitiveness, openness of government and effectiveness of governmental work process. E-Government security is very important because it treats data has relatively high sensitivity. But, until now, the development point of E-Government service has been limited to only it's contents and infrastructure based on web without consideration of E-Government security. Lately research for E-Government security has been studied by some advanced country of E-Government service, but it is insufficient. To construct E-Government security based on web Infra, first of all, analysis of web service security technology is needed to precede. And then research for appling the technology to E-Government service are required. We propose secure E-Government service scenario with web service security technology based on development stages of E-Government service. We also suggest overall view and secure scenario of E-Government service in Integrated Computing Environment.
An Implementation and Evaluation of FQDN Check System to Filter Junk Mail
Kim Sung-Chan ; Lee Sang-Hun ; Jun Moon-Seog ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 361~368
DOI : 10.3745/KIPSTC.2005.12C.3.361
Internet mail has become a common communication method around the world because of tremendous Internet service usage increment. In other respect, Most Internet users' mail addresses are exposed to spammer, and the damage of Junk mail is growing bigger and bigger. These days, Junk mail delivery problem is becoming more serious, because this is used for an attack or propagation scheme of malicious code. It's a most dangerous dominant cause for computer system accident. This paper shows the Junk mail filtering model and implementation which is based on FQDN (Fully Qualified Domain Name) check and evaluates it for proposing advanced scheme against Junk mail.
Design and Implementation of Security System for Wargame Simulation System
Song Jong Seok ; Kim Jin Soo ; Shin Moon Sun ; Ryu Keun Ho ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 369~378
DOI : 10.3745/KIPSTC.2005.12C.3.369
War simulation system is a virtual space that my tactical simulation exercise is held. The data used in this system are considered sensitive and needs to be protected. But suity vulnerabilities and possible security loopholes were not considered when designing the war game simulation system. So currently the systemis highly vulnerable against hackers and data leakages. This paper proposed a security system for war game simulation system based on considering the currently vulunerabilities and possible suity leakages. The proposed security system supports security patches. In this paper, we analyze vulunerabilities of the running environment of current system and we design and implement the security system that is consisted of three components : Authentication System, Encryption System and Network Security System. The security patches are safe and there are no negative effects on the system's performance. The patches are proved to be effective and very reliable towards solving the security vulnerabilities.
Secure Asymmetric Watermarking Based on Correlation Detection
Li De ; Kim JongWeon ; Choi JongUk ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 379~386
DOI : 10.3745/KIPSTC.2005.12C.3.379
Traditional watermarking technologies are symmetric method which embedding and detection keys are same. Although the symmetric watermarking method is easy to detect the watermark, has method has weakness against to malicious attacks to remove or modify the watermark information when the symmetric key is disclosure. Recently, the asymmetric watermarking method that has different keys to embed and detect is watched several researchers as a next generation watermarking technology. In this paper, we have expanded search space of secret key using the solution set of linear simultaneous equations. Secret key is generated by secure linear transformation method to prevent of guessing secret key from public key, and the correlation value between secret key and public key is high. At the results, the multi bits information can be embedded and high correlation value was detected after JPEG compression.
Polling Scheme Adapted to Unbalanced Traffic Load in IEEE 802.11x Wireless LAN
Shin Soo-Young ; Park Soo-Hyun ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 387~394
DOI : 10.3745/KIPSTC.2005.12C.3.387
Every MAC (Medium Access Control) sub-layers of IEEE 802.11x, including IEEE 802.11e, defines Connection-based and CF (Contention Free)-based service functions in common. In this paper, a New-CF method is proposed. In the proposed method, conventional Round Robin method, which is used as a polling method by IEEE 802.11x PCF (Point Coordination Function) or IEE 802.11e HCCA, is modified to give weights to channels with heavier traffic load and to provide those weighted channels with more services. Based on NS-2 simulations, it is verified the proposed method shows better throughput in general, particularly under unbalanced traffic load conditions.
Analysis of WLAN Performance Depending on ARF Scheme with TCP and UDP Protocols
Kim Namgi ; Lee Min ; Yoon Hyunsoo ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 395~400
DOI : 10.3745/KIPSTC.2005.12C.3.395
The IEEE 802.11b WLAN supports multiple transmission rates and the rate is chosen in an adaptive manner by an auto rate control algorithm. This auto rate control algorithm deeply affects the total system performance of the IEEE 802.11b WLAN. In this paper, we examine the WLAN performance with regard to the auto rate control algorithm especially the ARF scheme. The experimental results indicate that the ARF scheme works well in the face of signal noise due to node location. However, the ARF scheme severely degrades system performance when multiple nodes contend to obtain the wireless channel and the packet is lost due to signal collision. In addition, TCP prevent the performance degradation due to ARF scheme by retaining number of active nodes. However, some applications, such as transporting multimedia data, adopt the UDP. Therefore, the TCP cannot be an optimal solution for all WLAN applications.
MPLS Alternate Path Rerouting and Restoration
Lee Kil-Hung ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 401~408
DOI : 10.3745/KIPSTC.2005.12C.3.401
We propose a new MPLS restoration scheme that uses network resources more efficiently and minimizes the backup path cost effectively. Contrary to other restoration strategies, the proposed restoration scheme starts the recovery action at the selected node of a working LSP. At LSP setup, the working and backup path cost is evaluated and the starting node of restoration is designated. By doing so, the restoration speed could be further increased and resource utilization could be maximized. We simulated the proposed scheme and compared with other restoration and protection schemes. The result shows that our scheme can provide fast restoration with acceptable delay and loss characteristics.
An efficient Multicast Delivery Mechanism Based on Locality in Mobile IPv6 Networks
Sung Sulyun ; Kim Kiyoung ; Shin Yongtae ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 409~418
DOI : 10.3745/KIPSTC.2005.12C.3.409
This paper presents an efficient multicast method based on a locality in mobile IPv6 networks. We exploit the repetitive movement pattern of mobile node to reduce the total number of experience of graft and join procedure. We defined the locality scope by a movement pattern. While the network is included in the locality scope, the network should maintain a multicast tree even when the mobile node moves to the other network. In this way, the mobile host can receive a multicast service without a delay when it moves to the network in the locality scope later. We compare our scheme with existing schemes under the total signaling cost and the service delay time by using a discrete analytical model for cost analysis. Analytical results demonstrated that the total signaling cost and service delay time was significantly reduced through our proposed scheme.
A QoS Guaranteed Mechanism Using the FRSVP in the Hierarchical Mobile IPv6
Kim Bo-Gyun ; Hong Choong-Seon ; Lee Dae-Young ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 419~428
DOI : 10.3745/KIPSTC.2005.12C.3.419
This paper divides domains into the intra, inter domain according to the mobile node's movement and .proposes the Fast RSVP algorithm on the HMIPv6. It is done to advance reservation using L2 beacon signal when MN is located to overlapped cell area. In case of intra-region handoff, the advance reservation is reserved at the nearest common router and In case of inter-region handoff, it is done to advance reservation through the other site MAP's QA(QoS Agent) to the AR and optimize CN's path. Because of using the bandwidth efficiently and switching the data path quickly, the proposal algorithm minimizes the service disruption by data routing.
A Maximally Disjoint Multipath Routing Protocol Based on AODV in Mobile Ad Hoc Networks
Kim Jungtae ; Moh Sangman ; Chung Ilyong ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 429~436
DOI : 10.3745/KIPSTC.2005.12C.3.429
A mobile ad hoc network (MANET) is a collection of mobile nodes without any fixed infrastructure or my form of centralized administration such as access points and base stations. The ad hoc on-demand distance vector routing (AODV) protocol is an on-demand routing protocol for MANETs, which is one of the Internet-Drafts submitted to the Internet engineering task force (IETF) MANET working group. This paper proposes a new multipath routing protocol called maximally disjoint multipath AODV (MDAODV), which exploits maximally node- and link-disjoint paths and outperforms the conventional multipath protocol based on AODV as well as the basic AODV protocol. The key idea is to extend only route request (RREQ) message by adding source routing information and to make the destination node select two paths from multiple RREQs received for a predetermined time period. Compared to the conventional multipath routing protocol, the proposed MDAODV provides more reliable and robust routing paths and higher performance. It also makes the destination node determine the maximally node- and link-disjoint paths, reducing the overhead incurred at intermediate nodes. Our extensive simulation study shows that the proposed MDAODV outperforms the conventional multipath routing protocol based on AODV in terms of packet delivery ratio and average end-to-end delay, and reduces routing overhead.
Measurement of End-to-End Forward/Backward Delay Variation
Hwang Soon-Han ; Kim Eun-Gi ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 437~442
DOI : 10.3745/KIPSTC.2005.12C.3.437
The measurement of RTT (Round Trip Time) can be used for the analysis of Internet congestion. However, simple measuring of RTT which measures only hun around time of a packet can not infer a packet forward/backward delay variation. In this thesis, we present a new algorithm which can be used for the estimation of forward/backward delay variation of packets. These delay variations are implication of network congestion state. In this algorithm, the reference forward/backward delay can be determined based on the minimum RTT value. The delay variation of each packet can be calculated by comparing reference delay with the packet delay. We verified our proposed algorithm by NS-2 simulation and delay measuring in a real network.
A Design and Performance Analysis of Web Cache Replacement Policy Based on the Size Heterogeneity of the Web Object
Na Yun Ji ; Ko Il Seok ; Cho Dong Uk ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 443~448
DOI : 10.3745/KIPSTC.2005.12C.3.443
Efficient using of the web cache is becoming important factors that decide system management efficiency in the web base system. The cache performance depends heavily on the replacement algorithm which dynamically selects a suitable subset of objects for caching in a finite cache space. In this paper, the web caching algorithm is proposed for the efficient operation of the web base system. The algorithm is designed based on a divided scope that considered size reference characteristic and heterogeneity on web object. With the experiment environment, the algorithm is compared with conservative replacement algorithms, we have confirmed more than
of an performance improvement.
Managed Object and Distributed Network Management Model in Open Interface of OBS Network
Kwon TaeHyun ; Kim ChoonHee ; Cha YoungWook ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 449~456
DOI : 10.3745/KIPSTC.2005.12C.3.449
Optical burst switching (OBS) overcomes the inefficient resource usage of optical circuit switching and minimizes the optical buffering requirement of optical packet switching. General switch management protocol (GSMP) is an open interface between a label switch and a controller, and it provides connection, configuration, performance, event management and synchronization. GSMP open interface in the OBS network allows the implementation of OBS switch to be simple by separating the data forward plane from the control plane. We defined managed objects to support connection, configuration, performance, and fault management for the management of OBS network in the GSMP open interface. We proposed the network management model, in which the above managed objects are distributed in a controller and an OBS switch according to network management functions. We verified the possibility of connection management using distributed network management model in the GSMP open interface of OBS network by implementing GSMP and network management functions with managed objects of OBS.
An MDA-Based Adaptive Context-Aware Service Using PARLAY X in Ubiquitous Computing Environments
Hong Sung June ;
The KIPS Transactions:PartC, volume 12C, issue 3, 2005, Pages 457~464
DOI : 10.3745/KIPSTC.2005.12C.3.457
This paper describes an Adaptive Context-aware Service (ACS) using Model Driven Architecture (MDA)-based Service Creation Environment (SCE) on PARLAY X based service delivery platform in ubiquitous computing environments. It can be expected that both the context-awareness and adaptation in ubiquitous computing environments will be deployed. But the existing context-aware middleware lacks in considering adaptation. Therefore, the object of this paper is to support the architecture and the Application Programming Interface (API) of the network service for both the context-awareness and adaptation in ubiquitous computing environment. ACS is to provide users with the adaptive network service to the changing context constraints as well as detecting the changing context. For instance, ACS can provide users with QoS in network according to the detected context, after detecting the context such as location and speed. The architecture of ACS is comprised of a Service Creation Environment (SCE), Adaptive Context Broker and PARLAY gateway. SCE is to use Context-based Constraint Language (CCL) for an expression of context-awareness and adaptation. Adaptive Context Broker is to make a role of the broker between SCE and PARLAY G/W. PARLAY G/W is to support API for PARLAY X-based service delivery platform.