Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
The KIPS Transactions:PartD
Journal Basic Information
Journal DOI :
Korea Information Processing Society
Editor in Chief :
Volume & Issues
Volume 10D, Issue 7 - Dec 2003
Volume 10D, Issue 6 - Oct 2003
Volume 10D, Issue 5 - Aug 2003
Volume 10D, Issue 4 - Aug 2003
Volume 10D, Issue 3 - Jun 2003
Volume 10D, Issue 2 - Apr 2003
Volume 10C, Issue 2 - Apr 2003
Volume 10D, Issue 1 - Feb 2003
Volume 10, Issue 7 - 00 2003
Volume 10, Issue 5 - 00 2003
Volume 10, Issue 4 - 00 2003
Volume 10, Issue 3 - 00 2003
Volume 10, Issue 2 - 00 2003
Volume 10, Issue 1 - 00 2003
Selecting the target year
Generation of Finite Automata for Intrusion Detection
Lim, Young-Hwan ; Wee, Kyu-Bum ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 119~124
Although there have been many studies on using finite automata for intrusion detection, it has been a difficult problem to generate compact finite automata automatically. In a previous research an approach to profile normal behaviors using finite automata was proposed. They divided the system call sequence of each process into three parts prefix, main portion, and suffix, and then substituted macros for frequently occurring substrings. However, the procedure was not automatic. In this paper we present algorithms to automatically generate intrusion detection automata from the sequence of system calls resulting from the normal runs of the programs. We also show the effectiveness of the proposed method through experiments
A Study on The Practical Risk Mitigation Methodology for Systematical Risk Management of Information System
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 125~132
In the paper, we can select the best safeguard as proposed the definite and systematical method and procedure on risk mitigation of risk management for information system. The practical risk mitigation methodology has a good fulfillment procedure and a definition to fulfill procedure on each phase. So, it is easy to fulfill and can apply to any risk management methodology. The practical risk mitigation is composed of 6 phases, which are the existing safeguard assessment, safeguard means selection, safeguard technique selection, risk admission assessment, cost-effective analysis and safeguard embodiment. The practical risk mitigation''''s advantages are as follow. Efficient selection of safeguards to apply to risk''''s features with safeguard''''s means and techniques before embodying safeguards. Prevention of redundant works and security budgets waste as re-using the existing excellent safeguards through the existing safeguard assessment. Reflection of organization''''s CEO opinions to require special safeguards for the most important information system.
A study on the key management protocols for the Internet
Lee, Gye Sang ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 133~140
IKE, which is the standard key management protocol for IPSEC, is said to have several known problems. To resolve the problems of the IKE, two protocol proposals are being discussed in the IETF. the IKE version 2 and Just Fast Keying protocols. They should satisfy several protocol design requirements such as the protocol simplicity, the endurability against DOS attacks, the degree of the PFS, the identity protection, the cryptographic negotiation, and the authentication methods. In this paper, we summarize the characteristics of these two protocols and try to analyze their implications according to the protocol design requirements.
Secure Password System against Imposter
Park, Seung Bae ; Park, Seong Bae ; Gang, Mun Seol ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 141~144
We present a new password system, called dual password system, with the user verification procedure. Dual password system is the first password system in the world preventing the exposure of secret information to imposter at the terminal. User of dual password system matches two alphabets at same location of first password and second password iteratively for inputting password. Therefore, the deriving method of first password and second password from the password is important in dual password system. Related to the deriving method of first password and second password from password, a new problem, called dual password derivation problem, is defined, and the evaluation factors for the solutions of the dual password derivation problem are presented.
Implementation of Security Kernel based on Linux OS
Shon, Hyung-Gil ; Park, Tae-Kyou ; Lee, Keum-Suk ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 145~154
Current security efforts provided in such as firewall or IDS (intrusion detection system) of the network level suffer from many vulnerabilities in internal computing servers. Thus the necessity of secure OS is especially crucial in today''s computing environment. This paper identifies secure OS requirements, analyzes tile research trends for secure Linux in terms of security kernel, and provides the descriptions of the multi-level security(MLS) Linux kernel which we have implemented. This security kernel-based Linux meets the minimum requirements for TCSEC Bl class as well providing anti-hacking, real-time audit trailing, restricting of root privileges, and enterprise suity management functions.
Analysis of the Bandwidth Consumed by Restoration Paths for Service Guarantee in the Protection Switching Scheme
Lee, Hwang-Kyu ; Hong, Sug-Won ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 155~162
Fast restoration time and service guarantee are the important goals to achieve the network reliability. In the protection switching scheme, one way to guarantee service fro an application session if a network happens to fail is to establish the restoration path that amounts to the same bandwidth of the working path of the session at the same time. When we setup the restoration path, we can reduce the bandwidth consumption by the restoration path if the path can share the bandwidth required by the other paths. This paper explains the methods how to determine the shared bandwidth of the restoration path in the protection switching scheme, given the maximum bandwidth assigned to a link along the working path. We point out that such sharing algorithm can not reduce the bandwidth consumption by the restoration paths in some cases, which contradict the general conception. We explain why this can happen, and show the simulation results in real network topologies to prove our arguments. We explain the reason of the failure of the sharing effect by the simple sharing algorithm. Finally we propose the way of how we can overcome the failure of the sharing effect, using the complete sharing algorithm based on the link database and showing the results.
A Study on a Robust Clustered Group Multicast in Ad-hoc Networks
Park, Yang-Jae ; Lee, Jeong-Hyun ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 163~170
In this paper we propose a robust clustered croup Multicast in Ad-hoc network. The proposed scheme applies to weighted clustered Algorithm. Ad-hoc network is a collection of wireless mobile hosts forming a temporary network without the aid of any centralized administration or reliable support services such as wired network and base station. In ad hoc network routing protocol because of limited bandwidth and high mobility robust, simple and energy consume minimal. WCGM method uses a base structure founded on combination weighted value and applies combination weight value to cluster header keeping data transmission by scoped flooding, which is the advantage of the exiting FGMP method. Because this method has safe and reliable data transmission, it shows the effect to decrease both overhead to preserve transmission structure and overhead for data transmission.
A Policy Based Management Model of Quality of Service for Differentiated Services Networks
Cha, Si-Ho ; Gang, Yeong-Man ; Jo, Guk-Hyeon ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 171~178
Differentiated Services (DiffServ) is a technique to provide Quality of Service (QoS) in an efficient and scalable way. However, current DiffServ specifications have limitations in providing the complete QoS management framework and its implementation model. This paper proposes a policy-based QoS management model that supports DiffServ policies for managing QoS of DiffServ networks. The management model conforms to Model-View-Controller (MVC) architecture, and is based on Enterprise JavaBeans (EJBs) technologies. In our model, high-level DiffServ QoS policies are represented as valid XML documents with an XML Schema and are translated to low-level EJB policy beans in the EJB-based policy server. The routing topology and role information required to define QoS policies is discovered by using SNMP MIB-II, and the QoS policy distribution and monitoring is accomplished by using SNMP DiffServ MIB.
A Simulation to Test Join Latency for PIM-DM Multicast
Kim, Han Su ; Jang, Ju Uk ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 179~184
One of the remarkable problems in PIM-DM (Protocol Independent Multicast - Dense Mode) is the join latency time, increasing for specific periods. The reason of this problem is proved to the confusion of flooding prune message and leave prune message. We propose a new solution to this problem, reducing the average join latency by 37.4%, and prove the proposed solution by network simulation.
An Efficient Scheduling Scheme for Bluetooth Scatternets Based on the Sniff Mode
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 185~190
Bluetooth communication is based on piconet, which is composed by one master and maximum seven slaves. Several piconets can be interconnected via an inter-piconet Bluetooth unit called a bridge unit to form a Bluetooth scatternet. This bridge node can make its presence in each piconet by switching. This switching must be carefully scheduled so that slot wastage and, hence, packet delays are minimized. In this paper, we introduce an efficient inter-piconet scheduling scheme based on sniff mode. This scheme tries to minimize the wastage of slots by having the bridge unit sniff with its peering masters with time limits and communicate with its slaves in remaining slots. The sniff time limits are determined adaptively based on the amount of traffic in each piconet. Simulation results show this scheme outperforms round-robin scheme based on sniff intervals of equal lengths.
A Location Tracking Strategy with Spatial Locality in Personal Communication Networks
Lee, Jong-Min ; Kwon, Bo-Seob ; Maeng, Seung-Ryoul ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 191~198
Location tracking is used to keep track of the location information of a mobile terminal in an idle state for a call setup between mobile terminals. In this paper, we introduce a new location tracking strategy that utilizes spatial locality to have better performance than a movement based location tracking strategy. We reduce a lot of unnecessary location updates by updating the location information of a mobile terminal using the virtual movement path, which is generated after removing spatial localities in the actual movement path. Simulation results show that the proposed strategy greatly reduces the overall location tracking cost.
A Robust LDAP Server Using Group Communication
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 199~208
LDAP (Lightweight Directory Access Protocol) Directory Service provides information for locating resources like files and devices over the network such as Internet or Intranet. Since LDAP is widely accepted as one of the standard directory service structure for the Internet, it is desirable that a group of LDAP servers works transparently and continuously even if the related network partitions temporally, through maintaining replicated directory information among those LDAP servers. In this paper, we describe the design and implementation of a robust LDAP sewer, which runs as a process group in JACE group communication system, and the associated LDAP service provider which enables Java applications to use the developed LDAP directory service.
A Design and Implementation of WAP Gateway/server Integration Structure based on Linux
Song, Byung-Kwen ; Oh, Tae-An ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 209~216
As the interest in the wireless internet services is increasing recently, the related technology development is in active progress. According to WAP (Wireless Application Protocol) specification which is currently considered as one of the most powerful international standardizations, mobile terminal and WAP server are supposed to communicate through WAP Gateway. This paper is about the design and implementation of IWAP platform where WAP Gateway and Server are integrated and supported based on Linux. The proposed WAP platform broadly consists of four modules like WAP Gateway, JAVA based Server development environment, WML Tool-Kit, and MUL (Management User Interface) and for bearer network, SMSC (Short Message Service Center) and CSD (Circuit Switched Data) router are considered.
A Server Based Routing Mechanism Providing QoS Routing with Efficient Support of Best Effort Traffic
Choe, Mi-Ra ; Kim, Seong-Ha ; Lee, Mi-Jeong ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 217~232
QoS routing can improve network performance while providing support for QoS guarantees. These benefits, however, comes with additional routing costs such as more complex and frequent route computation and the protocol overheads to exchange dynamic network state information. Moreover, little has been done to mininize the impact of the QoS traffic to the best effort traffic or to enhance the routine Performance of the best effort traffic when QoS routing is deployed. In this paper, it is proposed that a sewer based routing mechanism, which supports the QoS routing without incurring the QoS routing protocol overhead for the network state update exchanges and enhances the performance of the best effort traffic without affecting the performance of QoS routing. Simulation results show that the proposed scheme enhances the routing performance for the QoS traffic while reducing the routing protocol overhead. The routing performance of the best traffic is also improved with virtually no impact to the routine performance of the QoS traffic. The proposed scheme is shown to be especially effective when the ratio of QoS traffic is high, that is, when the impact of the QoS traffic to the performance of best effort traffic is significant.
Architecture Design of Turbo Codec using on-the-fly interleaving
Lee, Sung-Gyu ; Song, Nag-Un ; Kay, Yong-Chul ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 233~240
In this paper, an improved architecture of turbo codec for IMT-2000 is proposed. The encoder consists of an interleaver using an on-the-fly type address generator and a modified shift register instead of an external RAM, and the decoder uses a decreased number of RAM. The proposed architecture is simulated with C/VHDL languages, where BER (bit-error-rate) performances are generally in agreement with previous data by varying interaction numbers, interleaver block sizes and code rates.
A Secure Protocol for Contents Service in IMT-2000
Lee, Deok Gyu ; Lee, Im Yeong ;
The KIPS Transactions:PartD, volume 10C, issue 2, 2003, Pages 241~252
IMT-2000 appeared in order to satisfy the desires of the uses who wish to supply through wireless most of the services being provided through wire, such as Internet services and multimedia high-speed data information. However, during global roaming, the signal data and the user data get transmitted through the networks of other users. Also, it is judged that with the provision of high speed data communication the amount of data communication necessary for confidentiality protection will increase. It is planned that the recent IMT-2000 Project will begin its commercial service in 2002. From this viewpoint, wireless contents, due to their special characteristics, are greatly exposed to illegal actions by third persons. As a result, it can be said that security and certification issues in the mobile telecommunication environment are indispensable matters. For this purpose, it is intended that in this thesis through an analysis of the existent IMT-2000 certification method, a more safe and efficient authentication method is presented and, at the same time, a security protocol necessary in the provision of wireless contents is designed.