39 results on '"Minho Park"'
Search Results
2. Solar-CTP: An Enhanced CTP for Solar-Powered Wireless Sensor Networks
- Author
-
Dong Kun Noh, Younghyun Kim, Minho Park, Seok Hyun Cheong, Minjae Kang, and Jinho Park
- Subjects
General Computer Science ,Computer science ,mobile sink ,02 engineering and technology ,Sink (geography) ,0202 electrical engineering, electronic engineering, information engineering ,General Materials Science ,solar-CTP ,Solar power ,geography ,geography.geographical_feature_category ,business.industry ,Topology control ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,General Engineering ,020206 networking & telecommunications ,solar-powered ,CTP ,020201 artificial intelligence & image processing ,lcsh:Electrical engineering. Electronics. Nuclear engineering ,Solar powered ,business ,Wireless sensor network ,Collection Tree Protocol ,lcsh:TK1-9971 ,Computer network - Abstract
Wireless sensor networks (WSNs) suffer not only from short lifetimes because of limited energy but also from an energy imbalance between the nodes close to the sink and the other nodes. To fundamentally resolve the issue of short lifetimes, recent studies have utilized environmental energy, such as solar power. Additionally, WSNs that employ energy-aware dynamic topology control are also being studied to address the energy imbalance. This paper proposes an improved collection tree protocol (CTP) scheme, called solar-CTP, that uses the two approaches of energy-harvesting and energy-aware topology control simultaneously. The proposed scheme is derived from the CTP scheme, which is a widely adopted data collection strategy designed for typical battery-based WSNs with a fixed sink. We tailor the CTP scheme for solar-powered WSNs operating with a mobile sink. Performance verification confirms that our scheme significantly reduces the number of blackout nodes compared to other CTP variants, thus increasing the amount of data collected by the sink.
- Published
- 2020
3. Resource-aware relay selection for inter-cell interference avoidance in 5G heterogeneous network for Internet of Things systems
- Author
-
Joongheon Kim, Sungrae Cho, Jeongyeup Paek, Minho Park, and Nhu-Ngoc Dao
- Subjects
Computer Networks and Communications ,business.industry ,Computer science ,Node (networking) ,020206 networking & telecommunications ,Throughput ,02 engineering and technology ,law.invention ,Hardware and Architecture ,Relay ,law ,Default gateway ,0202 electrical engineering, electronic engineering, information engineering ,Key (cryptography) ,020201 artificial intelligence & image processing ,business ,Software ,Heterogeneous network ,5G ,Computer network ,Communication channel - Abstract
The fifth-generation (5G) heterogeneous networks (HetNets) are gaining attention to be a key enabler that provides promising infrastructure for the massive proliferation of Internet of Things (IoT) devices and their services. However, one of the key challenges that the IoT terminals face is the inter-cell interference (ICI) problem since the 5G HetNets are generally deployed based on a co-channel model that overlays numerous pico eNodeBs (eNBs) on top of macro eNBs grid on the same frequency band. In order to overcome the ICI problem, we propose a relay-assisted communication approach by which the data of interfered IoT terminal (iIT) in the ICI area is relayed, via a device-to-device connection, to its neighboring IoT terminals which has good signal to and from the network. The key component in this proposed scheme is the relay selection algorithm which aims at maximizing the network resource availability at the highest priority, as well as device data rate. Firstly, resource availability maximization (RAmax) function determines an eNB that has maximum resource availability among all neighboring eNBs of the iIT to be a gateway node for the relay connection to the network (referred to as reNB). Among the IoT terminals associated with the reNB, a relay IoT terminal (called rIT) linking iIT and reNB is selected by a condition of maximum channel quality to the reNB. Simulation results show that our proposed algorithm increases total network throughput and the number of simultaneously served ITs by 44% and 20%, respectively.
- Published
- 2019
4. Analysis on Secondary User Receiver SINR in Spectrum Sharing MIMO Cognitive Radio Networks with Multi Secondary Users
- Author
-
Jeung Won Choi, Joonhyuk Kang, Honggu Kang, Youngsu Jang, and Minho Park
- Subjects
Cognitive radio ,business.industry ,Computer science ,MIMO ,business ,Spectrum sharing ,Computer network - Published
- 2019
5. Efficient Distributed Denial-of-Service Attack Defense in SDN-Based Cloud
- Author
-
Trung V. Phan and Minho Park
- Subjects
General Computer Science ,Computer science ,business.industry ,Testbed ,General Engineering ,Distributed denial-of-service attacks ,020206 networking & telecommunications ,Cloud computing ,Denial-of-service attack ,02 engineering and technology ,Traffic classification ,machine learning ,0202 electrical engineering, electronic engineering, information engineering ,Key (cryptography) ,network function virtualization ,020201 artificial intelligence & image processing ,General Materials Science ,The Internet ,lcsh:Electrical engineering. Electronics. Nuclear engineering ,business ,Software-defined networking ,lcsh:TK1-9971 ,software defined networks ,Computer network - Abstract
Software-defined networking (SDN) is the key outcome of extensive research efforts over the past few decades toward transforming the Internet infrastructure to be more programmable, configurable, and manageable. However, critical cyber-threats in the SDN-based cloud environment are rising rapidly, in which distributed denial-of-service (DDoS) attack is one of the most damaging cyber attacks. In this paper, we propose an efficient solution to tackle DDoS attacks in the SDN-based cloud environment. We first introduce a new hybrid machine learning model based on support vector machine and self-organizing map algorithms to improve the traffic classification. Then, we propose an enhanced history-based IP filtering scheme ( $eHIPF$ ) to improve the attack detection rate and speed. Finally, we introduce a novel mechanism that combines both the hybrid machine learning model and the $eHIPF$ scheme to make a DDoS attack defender for the SDN-based cloud environment. The testbed is implemented in an SDN-based cloud with service function chaining. Through practical experiments, the proposed DDoS attack defender is proven to outperform existing mechanisms for DDoS attack classification and detection. The comprehensive experiments conducted with various DDoS attack levels prove that the proposed mechanism is an effective, innovative approach to defend DDoS attacks in the SDN-based cloud.
- Published
- 2019
6. ARP Poisoning Defense System for Software-Defined Networks
- Author
-
Young-pin Kim, Minho Park, and Yang-Ick Joo
- Subjects
business.industry ,Computer science ,ARP spoofing ,business ,Software-defined networking ,Computer network - Published
- 2018
7. Protection against Flow Table Overflow Attack in Software Defined Networks
- Author
-
Minho Park, Minjae Kang, and Sichul Noh
- Subjects
Scheme (programming language) ,OpenFlow ,Hardware_MEMORYSTRUCTURES ,Computer science ,business.industry ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,020206 networking & telecommunications ,02 engineering and technology ,Idle ,Flow (mathematics) ,0202 electrical engineering, electronic engineering, information engineering ,Table (database) ,020201 artificial intelligence & image processing ,business ,Software-defined networking ,Timeout ,Protocol (object-oriented programming) ,computer ,Computer network ,computer.programming_language - Abstract
In this paper, we propose a history-based dynamic timeout scheme to alleviate the flow table overflow attack which is one of typical attacks against Software Defined Networks (SDN). We investigated hard timeout and idle timeout used in OpenFlow which is the most popular protocol for SDN, and developed the proposed scheme that dynamically adjusts both hard timeout and idle timeout to reduce the number of flow rules. The experiment results shows it can protect SDN switches from the flow table overflow efficiently.
- Published
- 2021
8. Detecting Compromised Switches And Middlebox-Bypass Attacks In Service Function Chaining
- Author
-
Minho Park and Nguyen Canh Thang
- Subjects
Service (systems architecture) ,business.industry ,Computer science ,Network packet ,media_common.quotation_subject ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Packet processing ,Chaining ,Middlebox ,business ,Function (engineering) ,Computer network ,media_common - Abstract
Service Function Chaining (SFC) provides a special capability that defines an ordered list of network services as a virtual chain and makes a network more flexible and manageable. However, SFC is vulnerable to various attacks caused by compromised switches, especially the middlebox-bypass attack. In this paper, we propose a system that can detect not only middlebox-bypass attacks but also other incorrect forwarding actions by compromised switches. The existing solutions to protect SFC against compromised switches and middlebox-bypass attacks can only solve individual problems. The proposed system uses both probe-based and statistics-based methods to check the probe packets with random pre-assigned keys and collect statistics from middleboxes for detecting any abnormal actions in SFC. It is shown that the proposed system takes only 0.08 ms for the packet processing while it prevents SFC from the middlebox-bypass attacks and compromised switches, which is the negligible delay.
- Published
- 2019
9. An Effective Defense Against SYN Flooding Attack in SDN
- Author
-
Junmin Yi, DongHyuk Kim, Sichul Noh, Phuc Trinh Dinh, and Minho Park
- Subjects
Scheme (programming language) ,business.industry ,Computer science ,Packet processing ,020206 networking & telecommunications ,Denial-of-service attack ,02 engineering and technology ,Resource (project management) ,0202 electrical engineering, electronic engineering, information engineering ,Bandwidth (computing) ,020201 artificial intelligence & image processing ,SYN flood ,business ,computer ,Computer network ,computer.programming_language - Abstract
Software-Defined Networking (SDN) brings us an opportunity to manage the network more efficiently with the separation of control and data planes. However, SDN is still vulnerable to existing threats from the security point of view. Especially, SYN Flooding Attack, one of the typical Denial of Service attacks, may not only exhaust the resource of a victim but also paralyze the entire SDN network by a large number of control messages between controllers and SDN switches. Although various approaches have been proposed to defend the SYN flooding attack, they still have some drawbacks such as packet processing overload and delay. Therefore, this paper proposes an efficient SYN flooding defense scheme utilizing the TCP Time Out mechanism and Round-Trip Time (RTT). The experiment results show the proposed scheme can defend the attack with low bandwidth occupation between the controller and SDN switches and little computing resources.
- Published
- 2019
10. DAAD: DNS Amplification Attack Defender in SDN
- Author
-
Junmin Yi, Myoungbo Han, Si chul Noh, Thang Nguyen Canh, and Minho Park
- Subjects
Flow control (data) ,Computer science ,business.industry ,Server ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Web navigation ,business ,Computer network - Abstract
Public DNS servers have been deployed more and more because of some reasons such as faster web browsing or censorship bypassing. However, they are open to anyone, which can be used as a tool for network attacks. A typical attack using public DNS servers is a DNS amplification attack. In this paper, we propose a DNS amplification attack defense system which can block response messages from unsolicited DNS queries in the SDN environment by using the flow control technique. The system is emerged into the SDN controller to manages all the flow rules of the switches. The results show that our system can maintain stable bandwidth and prevent the DNS amplification attack effectively.
- Published
- 2019
11. DDoS Detection System Based on Multiple Machine Learning Combination for Software Defined Networking
- Author
-
mai tieu long, Young-pin Kim, Dongho Choi, Phan Van Trung, and Minho Park
- Subjects
OpenFlow ,Computer science ,business.industry ,Distributed computing ,Denial-of-service attack ,Software-defined networking ,business ,Computer network - Published
- 2017
12. Distributed-SOM: A novel performance bottleneck handler for large-sized software-defined networks under flooding attacks
- Author
-
Nguyen Khac Bao, Trung V. Phan, and Minho Park
- Subjects
OpenFlow ,Computer Networks and Communications ,Computer science ,business.industry ,Distributed computing ,020206 networking & telecommunications ,Denial-of-service attack ,02 engineering and technology ,Application layer ,Bottleneck ,Computer Science Applications ,Flooding (computer networking) ,Hardware and Architecture ,0202 electrical engineering, electronic engineering, information engineering ,Forwarding plane ,020201 artificial intelligence & image processing ,business ,Software-defined networking ,Computer network - Abstract
Software-Defined Networking (SDN) is a new programmable networking model that features the detachment of control and data planes. In this network, the network brain is an SDN controller that is used to centrally monitor and control the data plane based on the OpenFlow protocol and applications located in the application layer. In recent years, a vast number of issues relating to security have been seriously debated for this networking paradigm, especially the large-scale model. In particular, flooding attacks have been on the rise, providing great challenges for the SDN architecture to cope with. In this paper, we present a novel mechanism using the Self-Organizing Map (SOM) application to solve the performance bottleneck and overload problems for the upper layers in a large-sized SDN in case of flooding attacks. Our proposed approach integrates a Distributed Self-Organizing Map (DSOM) system to OpenFlow Switches instead of using a standalone SOM. By exploiting SDN advantages, such as flexibility and overhead reduction, we implement and test both a DSOM system and a single SOM system on multi-criteria to compare the performance of our introduced system. Our experimental results show that the DSOM solution can effectively detect abnormal traffic, solve bottleneck problems and increase the system reaction speed to attack traffic, while presenting a smaller overhead to the network system.
- Published
- 2017
13. Adaptive Beaconing for Effective Inter-Vehicle Collision Avoidance System
- Author
-
Yang-Ick Joo and Minho Park
- Subjects
Vehicular ad hoc network ,business.industry ,Computer science ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,020206 networking & telecommunications ,020302 automobile design & engineering ,02 engineering and technology ,Computer Science Applications ,0203 mechanical engineering ,Transmission (telecommunications) ,Packet loss ,0202 electrical engineering, electronic engineering, information engineering ,Wireless ,Collision avoidance system ,Electrical and Electronic Engineering ,business ,Collision avoidance ,Computer network ,Communication channel - Abstract
Cooperative awareness among vehicles is required to make driving safer. Inter-vehicle communication is achieved by beaconing in the vicinity of the respective vehicles. The beaconing includes the exchange of periodic messages on each vehicle’s status information. The shorter the period of the beacon message transmission is, the higher the status information accuracy is. Accordingly, driving is safer. However, frequent exchanges of the periodic beacon cause wireless channel congestion and packet loss. To address the trade-off problem between the accuracy of information and the channel load, this paper presents a scheme to determine the optimum beacon interval for guaranteeing fundamental accuracy, while maintaining a moderate load on the communication channel. A performance evaluation using a computer simulation showed that the proposed scheme guarantees sufficient information accuracy for effectively avoiding inter-vehicle collisions and information overload. Furthermore, the proposed scheme is compatible with, and can be directly applied to, the current vehicular ad hoc network system implementation.
- Published
- 2017
14. SDNbox: A portable open-source testbed for SDN study
- Author
-
Minho Park, Quang D. Tran, Sungrae Cho, and Nhu-Ngoc Dao
- Subjects
Emulation ,OpenFlow ,business.product_category ,Computer science ,computer.internet_protocol ,business.industry ,Cost effectiveness ,010401 analytical chemistry ,Testbed ,020206 networking & telecommunications ,02 engineering and technology ,Network topology ,01 natural sciences ,0104 chemical sciences ,Internet protocol suite ,0202 electrical engineering, electronic engineering, information engineering ,Internet access ,The Internet ,business ,Software-defined networking ,computer ,Computer network - Abstract
Software defined networking (SDN) technology promises a new bright future to IP network. Significant number of SDN researches have been done so far to facilitate network operation and management efficiently. However, until now there are only few frameworks to support emulation, verification, and implementation of the SDN. Mininet is one of the most popular tools because of the openness, cost effectiveness, and full Openflow support. By default, Mininet helps to create a stand alone typical SDN network along with lightweight clients. In this article, we contribute the extended functions of network topology emulation in Mininet based on Virtualbox, such as Internet connection, independent OS clients, standard routing controller, and automatic flow logging. It is highly expected to bring an easier and convenient facility to SDN research and training.
- Published
- 2017
15. Efficient Handover Strategy for Inbound Mobility to LTE Small Cell
- Author
-
Minho Park and Yang-Ick Joo
- Subjects
LTE Advanced ,Handover ,Computer science ,business.industry ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Handover latency ,Electrical and Electronic Engineering ,business ,Computer Science Applications ,Computer network - Abstract
Hierarchical macro/small cell deployment is one of the most promising technologies to enhance cell coverage and network capacity in 3GPP LTE/LTE-Advanced systems. However, latency of inbound mobility to the small cell is a critical obstacle to its deployment because it takes much time to detect an associated small cell due to its sparse deployment and to identify the target small cell because of the delay in the verification procedure required before performing inbound handover to the target. Therefore, in order to invigorate the deployment of the LTE small cells, the inbound handover latency must be reduced. To tackle the problem, this paper proposes an efficient handover strategy for inbound mobility to LTE small cells. Performance evaluation by computer simulation shows that the proposed scheme effectively reduces the inbound handover latency. Furthermore, the proposed scheme is compatible and can be directly applied with small overhead to the current LTE/LTE Advanced system implementation.
- Published
- 2015
16. Optimizing resource allocation for elastic security VNFs in the SDNFV-enabled cloud computing
- Author
-
Nguyen Khac Bao, Hyun-Jin Lee, Trung V. Phan, Minho Park, and Youngpin Kim
- Subjects
Queueing theory ,Network packet ,Computer science ,business.industry ,Distributed computing ,Quality of service ,020206 networking & telecommunications ,Cloud computing ,02 engineering and technology ,Virtualization ,computer.software_genre ,0202 electrical engineering, electronic engineering, information engineering ,Resource allocation ,020201 artificial intelligence & image processing ,Resource management ,business ,Software-defined networking ,computer ,Computer network - Abstract
This paper proposes a proactive optimal resource allocation scheme for elastic security Virtualized Network Functions (VNFs) in the Service Function Chaining on the Software Defined Network Function Virtualization (SDNFV-enabled) cloud environment. We firstly analyze our system model, and transform them into M/M/1/∞ and M/M/k queueing model. Then we define mathematical requirements by analyzing the new VNF resource allocation function and estimating the total number of packets in an SFC i system. From these requirements, we finally propose a proactive resource allocation optimizer with solvable and practical constraints.
- Published
- 2017
17. Efficient Rekeying Framework for Secure Multicast with Diverse-Subscription-Period Mobile Users
- Author
-
Dong-Hyun Je, Seung-Woo Seo, Minho Park, and Young-Hoon Park
- Subjects
Multicast ,Computer Networks and Communications ,Computer science ,business.industry ,Distributed computing ,Mobile computing ,Access control ,Cryptography ,Rekeying ,Overhead (computing) ,Algorithm design ,Mobile telephony ,Electrical and Electronic Engineering ,business ,Software ,Computer network ,Group key - Abstract
Group key management (GKM) in mobile communication is important to enable access control for a group of users. A major issue in GKM is how to minimize the communication cost for group rekeying. To design the optimal GKM, researchers have assumed that all group members have the same leaving probabilities and that the tree is balanced and complete to simplify analysis. In the real mobile computing environment, however, these assumptions are impractical and may lead to a large gap between the impractical analysis and the measurement in real-life situations, thus allowing for GKM schemes to incorporate only a specific number of users. In this paper, we propose a new GKM framework supporting more general cases that do not require these assumptions. Our framework consists of two algorithms: one for initial construction of a basic key-tree and another for optimizing the key-tree after membership changes. The first algorithm enables the framework to generate an optimal key-tree that reflects the characteristics of users' leaving probabilities, and the second algorithm allows continual maintenance of communication with less overhead in group rekeying. Through simulations, we show that our GKM framework outperforms the previous one which is known to be the best balanced and complete structure.
- Published
- 2014
18. Collaborative approach to mitigating ARP poisoning-based Man-in-the-Middle attacks
- Author
-
Seung Yeob Nam, Sirojiddin Djuraev, and Minho Park
- Subjects
Ethernet ,Proxy ARP ,Computer Networks and Communications ,Computer science ,business.industry ,media_common.quotation_subject ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Man-in-the-middle attack ,Computer security ,computer.software_genre ,IEEE 802.11 ,Voting ,Wireless lan ,Node (computer science) ,ARP spoofing ,Address Resolution Protocol ,business ,computer ,Computer network ,media_common - Abstract
In this paper, we propose a new mechanism for counteracting ARP (Address Resolution Protocol) poisoning-based Man-in-the-Middle (MITM) attacks in a subnet, where wired and wireless nodes can coexist. The key idea is that even a new node can be protected from an ARP cache poisoning attack if the mapping between an IP and the corresponding MAC addresses is resolved through fair voting among neighbor nodes under the condition that the number of good nodes is larger than that of malicious nodes. Providing fairness in voting among the nodes that are heterogeneous in terms of the processing capability and access medium is quite a challenge. We attempt to achieve fairness in voting using the uniform transmission capability of Ethernet LAN cards and smaller medium access delays of Ethernet than for wireless LAN. Although there is another scheme that resolves the same issue based on voting, i.e. MR-ARP, the voting fairness is improved further by filtering the voting reply messages from the too-early responding nodes, and the voting-related key parameters are determined analytically considering the fairness in voting. This paper shows that fairness in voting can be achieved using the proposed approach, overcoming the limitations of other voting-based schemes, and ARP poisoning-based MITM attacks can be mitigated in a more generalized environment through experiments.
- Published
- 2013
19. IAM Clustering Architecture for Inter-Cloud Environment
- Author
-
Jungsoo Park, Jinouk Kim, Minho Park, and Souhwan Jung
- Subjects
Authentication ,User authentication ,Database ,business.industry ,Computer science ,Authorization ,Cloud computing ,computer.software_genre ,Authentication protocol ,Architecture ,business ,Cluster analysis ,computer ,Computer network - Abstract
In this paper, we propose a new type of IAM clustering architecture for the efficiency of user authentication and authorization in the Inter-Cloud environment. clustering architecture allows users to easily use un-registered services with their registered authentication and access permissions through pre-Access Agreement. through this paper, we explain our authentication protocol and IAM clustering architecture components.
- Published
- 2015
20. Key Management for Multiple Multicast Groups in Wireless Networks
- Author
-
Seung-Woo Seo, Han-You Jeong, Minho Park, and Young-Hoon Park
- Subjects
Multicast ,Computer Networks and Communications ,business.industry ,Wireless network ,Computer science ,Distributed computing ,Key distribution center ,Cryptography ,Encryption ,Public-key cryptography ,Secure communication ,Rekeying ,Electrical and Electronic Engineering ,business ,Key management ,Software ,Computer network ,Group key - Abstract
With the emergence of diverse group-based services, multiple multicast groups are likely to coexist in a single network, and users may subscribe to multiple groups simultaneously. However, the existing group key management (GKM) schemes, aiming to secure communication within a single group, are not suitable in multiple multicast group environments because of inefficient use of keys, and much larger rekeying overheads. In this paper, we propose a new GKM scheme for multiple multicast groups, called the master-key-encryption-based multiple group key management (MKE-MGKM) scheme. The MKE-MGKM scheme exploits asymmetric keys, i.e., a master key and multiple slave keys, which are generated from the proposed master key encryption (MKE) algorithm and is used for efficient distribution of the group key. It alleviates the rekeying overhead by using the asymmetry of the master and slave keys, i.e., even if one of the slave keys is updated, the remaining ones can still be unchanged by modifying only the master key. Through numerical analysis and simulations, it is shown that the MKE-MGKM scheme can reduce the storage overhead of a key distribution center (KDC) by 75 percent and the storage overhead of a user by up to 85 percent, and 60 percent of the communication overhead at most, compared to the existing schemes.
- Published
- 2013
21. A Whitelist-Based Scheme for Detecting and Preventing Unauthorized AP Access Using Mobile Device
- Author
-
Jungsoo Park, Minho Park, and Souhwan Jung
- Subjects
Scheme (programming language) ,Engineering ,Terminal (telecommunication) ,Wireless network ,business.industry ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Whitelist ,Computer security ,computer.software_genre ,Variety (cybernetics) ,Wireless lan ,business ,computer ,Mobile device ,Security system ,Computer network ,computer.programming_language - Abstract
In this paper, we proposed a system in a wireless LAN environment in case of security threats, the mobile terminal and the remote server-based WLAN security. The security of the wireless LAN environment in the recent technology in a variety of ways have been proposed and many products are being launched such as WIPS and DLP. However, these products are expensive and difficult to manage so very difficult to use in small businesses. Therefore, in this paper, we propose a security system, wireless LAN-based terminal and a remote server using whitelist according to development BYOD market and smartphone hardware. The proposed system that AP and personal device information to be stored on the server by an administrator and Application installed on a personal device alone, it has the advantage that can be Applicationlied to a variety of wireless network environment.
- Published
- 2013
22. Single-Adversary Relaying Attack Defense Mechanism in Wireless Ad Hoc Networks
- Author
-
Minho Park and Ji-Hoon Yun
- Subjects
Computer science ,Network packet ,business.industry ,Wireless ad hoc network ,computer.internet_protocol ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Cryptographic protocol ,Computer security ,computer.software_genre ,Neighbor Discovery Protocol ,Computer Science Applications ,law.invention ,Packet drop attack ,Relay ,law ,Network performance ,Electrical and Electronic Engineering ,business ,computer ,Computer network - Abstract
There have been many security protocols to provide authenticity and confidentiality in wireless ad hoc networks. However, they fail to defend networks against relaying attack in which attacker nodes simply broadcast received packets without compromising any legitimate nodes. Wormhole attack is a representative example of relaying attack, in which a pair of attacker nodes relay received packets to each other and selectively drop them. The wormhole attack is known to ruin routing and communication of a network considerably, however, is not very straightforward to be accomplished due to the pairwise nature. In this paper, we introduce two new types of relaying attack, called teleport and filtering attacks that require a single attacker node only for accomplishment. We describe their accomplishment conditions and impacts on the network performance in a formal manner. We then propose a countermeasure framework against these attacks called Single-Adversary Relaying Attack defense Mechanism (SARAM), which is composed of a bandwidth-efficient neighbor discovery customized for multi-hop environments and neighbor list management combined into an on-demand ad hoc routing protocol. SARAM does not require any special hardware such as location-aware equipments and tight synchronized clocks, thus is cost-efficient as well. We show via ns-2 simulation that the new relaying attacks deteriorate the network performance significantly and SARAM is effective and efficient in defending a network against these attacks.
- Published
- 2013
23. Adaptive Suspicious Prevention for Defending DoS Attacks in SDN-BasedConvergent Networks
- Author
-
Nhu-Ngoc Dao, Joongheon Kim, Minho Park, and Sungrae Cho
- Subjects
computer.internet_protocol ,Computer science ,0211 other engineering and technologies ,lcsh:Medicine ,Social Sciences ,Denial-of-service attack ,02 engineering and technology ,Workflow ,Learning and Memory ,0202 electrical engineering, electronic engineering, information engineering ,Psychology ,Routing control plane ,Computer Networks ,lcsh:Science ,Data Management ,Multidisciplinary ,Applied Mathematics ,Simulation and Modeling ,Label switching ,Physical Sciences ,Telecommunications ,Engineering and Technology ,Heterogeneous network ,Algorithms ,Computer network ,Research Article ,OpenFlow ,Computer and Information Sciences ,Neural Networks ,Context (language use) ,Multiprotocol Label Switching ,Research and Analysis Methods ,Computer Communication Networks ,Learning ,Resilience (network) ,Computer Security ,Taxonomy ,021110 strategic, defence & security studies ,Internet ,business.industry ,lcsh:R ,Cognitive Psychology ,Biology and Life Sciences ,020206 networking & telecommunications ,Telecommunications network ,Cognitive Science ,lcsh:Q ,business ,computer ,Mathematics ,Software ,Neuroscience - Abstract
The convergent communication network will play an important role as a single platform to unify heterogeneous networks and integrate emerging technologies and existing legacy networks. Although there have been proposed many feasible solutions, they could not become convergent frameworks since they mainly focused on converting functions between various protocols and interfaces in edge networks, and handling functions for multiple services in core networks, e.g., the Multi-protocol Label Switching (MPLS) technique. Software-defined networking (SDN), on the other hand, is expected to be the ideal future for the convergent network since it can provide a controllable, dynamic, and cost-effective network. However, SDN has an original structural vulnerability behind a lot of advantages, which is the centralized control plane. As the brains of the network, a controller manages the whole network, which is attractive to attackers. In this context, we proposes a novel solution called adaptive suspicious prevention (ASP) mechanism to protect the controller from the Denial of Service (DoS) attacks that could incapacitate an SDN. The ASP is integrated with OpenFlow protocol to detect and prevent DoS attacks effectively. Our comprehensive experimental results show that the ASP enhances the resilience of an SDN network against DoS attacks by up to 38%.
- Published
- 2016
24. Power Adaptive Data Encryption for Energy-Efficient and Secure Communication in Solar-Powered Wireless Sensor Networks
- Author
-
Jong Min Kim, Junmin Yi, Minho Park, and Hong Sub Lee
- Subjects
Article Subject ,Computer science ,business.industry ,Client-side encryption ,020206 networking & telecommunications ,02 engineering and technology ,Encryption ,computer.software_genre ,Bus encryption ,Control and Systems Engineering ,lcsh:Technology (General) ,0202 electrical engineering, electronic engineering, information engineering ,40-bit encryption ,56-bit encryption ,lcsh:T1-995 ,020201 artificial intelligence & image processing ,Attribute-based encryption ,Link encryption ,Electrical and Electronic Engineering ,On-the-fly encryption ,business ,Instrumentation ,computer ,Computer network - Abstract
Basic security of data transmission in battery-powered wireless sensor networks (WSNs) is typically achieved by symmetric-key encryption, which uses little energy; but solar-powered WSNs sometimes have sufficient energy to achieve a higher level of security through public-key encryption. However, if energy input and usage are not balanced, nodes may black out. By switching between symmetric-key and public-key encryption, based on an energy threshold, the level of security can be traded off against the urgency of energy-saving. This policy can also reduce the amount of energy used by some nodes in a WSN, since data encrypted using a public-key is simply relayed by intermediate nodes, whereas data encrypted using a symmetric-key must be decrypted and reencrypted in every node on its path. Through a simulation, we compared the use of either symmetric-key or public-key encryption alone with our scheme, which was shown to be more secure, to use energy more effectively, and to reduce the occurrence of node blackouts.
- Published
- 2016
- Full Text
- View/download PDF
25. Privacy enhancement using selective encryption scheme in dataoutsourcing
- Author
-
Jungsoo Park, Souhwan Jung, Minho Park, and Long Nguyen-Vu
- Subjects
Scheme (programming language) ,Service (systems architecture) ,Computer Networks and Communications ,business.industry ,Computer science ,General Engineering ,Process (computing) ,020206 networking & telecommunications ,02 engineering and technology ,Encryption ,lcsh:QA75.5-76.95 ,Cloud privacy ,bring your own device ,data outsourcing ,database as aservice ,Data outsourcing ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,lcsh:Electronic computers. Computer science ,business ,computer ,computer.programming_language ,Computer network - Abstract
In this article, we introduce a practical scheme that dynamically secures and outsources data on demand as well as propose a corresponding architecture to securely process data in database service provider. We also adopt the application of bring your own device in this scheme as an enhanced security solution. After studying over 1300 database models, we expect this scheme can be applied in production with justifiable result.
- Published
- 2016
26. Privacy enhancement for data outsourcing
- Author
-
Jungsoo Park, Souhwan Jung, Minho Park, and Long Nguyen-Vu
- Subjects
business.industry ,Computer science ,Business service provider ,Plaintext ,Cloud computing ,Service provider ,Encryption ,Computer security ,computer.software_genre ,Outsourcing ,Server ,business ,computer ,Computer network ,Database model - Abstract
The demand of storing and processing data online grows quickly to adapt to the rapid change of business. It could lead to crisis if the cloud service provider is compromised and data of users are exposed to attackers in plaintext. In this paper, we introduce a practical scheme that dynamically protects and outsources data on demand, as well as propose a corresponding architecture to securely process data in Database Service Provider. After studying over 1300 database models, we believe this scheme can be applied in production with justifiable result.
- Published
- 2015
27. A new access mode for femtocells in 5G networks
- Author
-
Souhwan Joung, Nguyen Khac Bao, and Minho Park
- Subjects
Base station ,Mode (computer interface) ,Access network ,business.industry ,Computer science ,Femtocell ,business ,Telecommunications ,5G ,Computer network - Abstract
A femtocell is a small, and low-power cellular base station, typically designed for use in a home or a small business. Since femtocells are likely to be deployed by subscribers individually, we can expect the most of femtocells will be operating as the closed access mode that allows the only authorized users or owners to access the femtocell. Although a lot of femtocells are able to provide the network access covering a large area, they are only used by their owners in the deployed place. This paper addresses the inefficient femtocell operation and proposes a new access mode for femtocells which is called Give-And-Take (GAT) mode. This mode encourages users to share their femtocell access points, and resolve the femtocell inefficiency resulting from the closed access mode. This paper shows that GTA mode can be a feasible solution to improve the femtocell efficiency through a game theory model.
- Published
- 2015
28. RSU-Based Distributed Key Management (RDKM) For Secure Vehicular Multicast Communications
- Author
-
Minho Park, Han-You Jeong, Gi-Poong Gwon, and Seung-Woo Seo
- Subjects
Secure multicast ,Multicast ,Delegation ,Computer Networks and Communications ,Computer science ,business.industry ,Distributed computing ,media_common.quotation_subject ,Mobile computing ,Cryptography ,Encryption ,Rekeying ,Overhead (computing) ,Electrical and Electronic Engineering ,business ,Key management ,media_common ,Computer network - Abstract
Although lots of research efforts have focused on group key management (GKM) for secure multicast, existing GKM schemes are inadequate for vehicle communication (VC) systems since they incur unnecessary rekeying overhead without considering the characteristics of VC systems such as Vehicle-to-Infrastructure communications and a great number of high mobility vehicles. Therefore, we propose a GKM scheme, called RSU-based decentralized key management (RDKM), dedicated for the multicast services in the VC systems. The RDKM scheme significantly reduces the rekeying overhead through delegating a part of the key management functions to the road-side infrastructure units (RSUs) and through updating the key encryption keys (KEKs) within a RSU. The performance of the RDKM scheme is analyzed in terms of communication overhead and storage overhead each of which has a strong impact on the performance of GKM. Furthermore, we propose an optimization algorithm that minimizes the weighted sum of the communication and the storage overhead, called the GKM overhead (GKMO), by appropriately determining the design parameters. The numerical results from the extensive analysis demonstrate that the RDKM scheme outperforms the existing GKM schemes in terms of the GKMO.
- Published
- 2011
29. Anonymous Communication in Ubiquitous Computing Environments
- Author
-
Minho Park, Seung-Woo Seo, and Son Juhyung
- Subjects
Provable security ,Access network ,Ubiquitous computing ,Cloud computing security ,Traffic analysis ,Wireless network ,business.industry ,Computer science ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Computer security ,computer.software_genre ,Computer Science Applications ,Broadcasting (networking) ,Network Access Control ,Header ,Wireless ,Message authentication code ,Electrical and Electronic Engineering ,business ,computer ,Computer network - Abstract
Wireless networks such as WLANs which have already been commonplace will play an important role in providing the last mile access for ubiquitous computing environments. However, the wireless access technologies are accompanied with some security vulnerabilities that stem from the broadcasting medium. Although most of the vulnerabilities can be solved by the existing security countermeasures, there still exists the vulnerability of a message header. In most wireless access networks, the header part of each message, including the source and destination addresses, is transmitted in a plain-text format. This can be a security hole with adversaries collecting the revealed header information for a traffic analysis attack that can breach the privacy of the transmitter and receiver. In this paper, we focus on describing a solution to this problem, namely, the undesirable loss of privacy. Our main idea is to integrate address information with a conventional Message Authentication Code (MAC) and to replace both fields of the address and the MAC by an integrated code called the Address-embedded MAC (AMAC). Through detailed performance and security analysis of our scheme, we show that our AMAC scheme can guarantee privacy of a network while providing a provable security level with less overhead.
- Published
- 2009
30. A Distributed Self-Organizing Map for DoS attack detection
- Author
-
Minho Park, Minhoe Kim, and Souhwan Jung
- Subjects
Self-organizing map ,ComputingMethodologies_PATTERNRECOGNITION ,business.industry ,Computer science ,ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION ,Denial-of-service attack ,business ,Computer security ,computer.software_genre ,Throughput (business) ,computer ,Computer network ,Vulnerability (computing) - Abstract
Self-Organizing Map (SOM), one of data mining techniques, has been used as a tool to detect DoS attacks. However, existing SOM-based approaches have the potential drawbacks, the limited detection throughput and vulnerability to DoS attack. Therefore, this paper proposes a new form of SOM, Distributed SOM (DSOM), and shows the feasibility of DSOM through comprehensive experiments.
- Published
- 2015
31. A feasible method to combat against DDoS attack in SDN network
- Author
-
Junho Park, Sungrae Cho, Nhu-Ngoc Dao, and Minho Park
- Subjects
Spoofing attack ,Network packet ,Computer science ,business.industry ,Quality of service ,Application layer DDoS attack ,Denial-of-service attack ,Computer security ,computer.software_genre ,Network traffic control ,Bandwidth (computing) ,Software-defined networking ,business ,computer ,Computer network - Abstract
In Software Defined Network, the controller is so vulnerable to flooding attack. By injecting spoofed request packets continuously, attackers make a burdensome process to the controller, cause bandwidth occupation in the controller-switch channel, and overload the flow table in switch. The final target of attackers is to downgrade or even shutdown the stability and quality of service of the network. In this paper, we introduce a feasible method to protect the network against Distributed Denial of Service attacks more effectively.
- Published
- 2015
32. Challenge-response based ACK message authentication
- Author
-
Minho Park
- Subjects
Authentication ,business.industry ,Computer science ,Network packet ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Acknowledgement ,Cryptography ,Challenge response ,Computer security ,computer.software_genre ,Header ,Message authentication code ,Electrical and Electronic Engineering ,Challenge–response authentication ,business ,Wireless sensor network ,computer ,Data Authentication Algorithm ,Computer network - Abstract
Although ACK (acknowledgement) should be short since it simply notifies a successful receipt, the actual size of ACK packets increases because of a message header or security options. Especially, in wireless sensor networks where efficiency is the highest priority due to the limited sensor resources, the size of ACK may be reduced by omitting some header fields or security options. However, this pursuit of efficiency can cause security vulnerability such as a faked ACK. In turn, the ACK cannot achieve the original purpose, i.e. to provide reliable communication, any more. Therefore, proposed is a novel ACK message authentication method based on a challenge-response authentication, which can achieve efficiency and security at the same time.
- Published
- 2012
33. An efficient uplink admission control for ertPS in IEEE 802.16
- Author
-
Minho Park, Dong Kun Noh, and Souhwan Jung
- Subjects
IEEE 802 ,Voice over IP ,Dynamic bandwidth allocation ,business.industry ,Computer science ,Quality of service ,Call Admission Control ,Admission control ,WiMAX ,Bandwidth allocation ,Telecommunications link ,Bandwidth (computing) ,Statistical time division multiplexing ,business ,Computer network - Abstract
In this paper, we propose an efficient call admission control scheme for ertPS, one of QoS services in IEEE 802.16, which is designed for Voice over IP. In ertPS, a user's unused spare bandwidth is temporally shared with others, which can achieve the efficient bandwidth usage. Since the bandwidth sharing happens among the connected calls, a BS should retain the appropriate number of connected calls. If it has too small number of calls, the unallocated spare BW will be waisted. Otherwise, the excessive number of calls accepted by the BS may cause cell-overloading and call-dropping. By using the statistical multiplexing and probabilistic guard channel reservation, the proposed scheme increases the bandwidth utilization. The results show that the analytical model and the simulation are the very close, and our scheme can achieve 10% less blocking probability of a new call and higher utilization of bandwidth than a conventional guard channel scheme.
- Published
- 2014
34. An improvement of TCP performance over wireless networks
- Author
-
Youngsik Youn, Souhwan Jung, Thi-Ha Nguyen, and Minho Park
- Subjects
CUBIC TCP ,TCP Friendly Rate Control ,TCP Westwood ,TCP acceleration ,business.industry ,Computer science ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Zeta-TCP ,TCP tuning ,Compound TCP ,business ,TCP global synchronization ,Computer network - Abstract
TCP (Transport Control Protocol) is the most important protocol in the transport layer of TCP/IP model. TCP works very well in wired network. However, in wireless networks TCP has faced with decrease of performance due to the fact that it treats every packet loss as a congestive loss. In this paper, we propose a new scheme based on TCP Snoop to improve performance of TCP over wireless network. Our scheme efficiently uses Access Point's buffer space by selectively caching policy using fluctuation of Received Signal Strength Indicator (RSSI). Access Point performs local retransmission the cached packets in case corruption loss is detected. By analyzing, the proposed scheme can improve TCP throughput when compare with Snoop in some specific cases.
- Published
- 2013
35. Enhancement of cell-based decentralized Key Management in vehicular communication networks
- Author
-
Minho Park, Seung-Woo Seo, and Gi-Poong Gwon
- Subjects
Secure multicast ,Vehicular ad hoc network ,Multicast ,Computer science ,business.industry ,Distributed computing ,Rekeying ,Cellular network ,Overhead (computing) ,Key management ,business ,Group key ,Computer network - Abstract
Cell-based Decentralized Key Management (CDKM) was proposed to manage a group key for secure multicast in mobile cellular networks efficiently. It achieves better performance with less management overhead than other currently available schemes by dividing a group into the cell-based multiple subgroups and delegating key management functions to each base station governing each subgroup. However, room for improvement still remains in the subgroup size affecting the rekeying overhead directly. This paper proposes the enhanced CDKM which improves the rekeying performance through the reduction of the size of the subgroup, and adopts this scheme to group key management in vehicular communication networks. The proposed scheme further splits the cell-based subgroups into several segments, which is simple but very efficient way to reduce the rekeying overhead. We prove mathematically that the additional split enhances the performance, and show the proposed scheme can improve the rekeying performance by up to 15% over the original CDKM and by at least 80% over the existing schemes.
- Published
- 2011
36. An Implementation of AODV Routing Protocol with Multi-Metrics
- Author
-
Honggil Lee, Suk-Gyu Lee, Seungyong Oh, Jangkyu Yun, Icksoo Lee, Kijun Han, Minho Park, Junhyung Kim, and Keuchul Cho
- Subjects
Routing protocol ,Zone Routing Protocol ,Dynamic Source Routing ,Computer science ,business.industry ,Distributed computing ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Enhanced Interior Gateway Routing Protocol ,Path vector protocol ,Wireless Routing Protocol ,Optimized Link State Routing Protocol ,Destination-Sequenced Distance Vector routing ,business ,Computer network - Abstract
A Mobile Ad-hoc Network (MANET) is actually a set of nodes which are self-configured and organized dynamically. Furthermore, nodes can communicate with each other without any fixed infrastructure as the base stations. The Ad-hoc On demand Distance Vector (AODV) is the most typical reactive routing protocol in MANET. It has been extensively studied through not only computer simulations but also implementations on real network. In this paper, an implementation of AODV routing protocol with multi-metric was presented. In the implementation, an Uppsala University routing protocol, AODVUU was modified in order to apply multi-metrics. Moreover, both AODV-UU and modified AODV-UU were implemented within a Linux-based test bed: a real ad-hoc network. Finally, the performance of both protocols was evaluated experimentally.
- Published
- 2010
37. A Cell-Based Decentralized Key Management Scheme for Secure Multicast in Mobile Cellular Networks
- Author
-
Seung-Woo Seo, Minho Park, and Young-Hoon Park
- Subjects
Secure multicast ,Computer science ,business.industry ,Wireless network ,Distributed computing ,Mobile computing ,Cryptography ,Network topology ,Key (cryptography) ,Cellular network ,Rekeying ,Overhead (computing) ,business ,Key management ,Group key ,Computer network - Abstract
A logical key hierarchy (LKH) based key managementapproach is the most common way to manage a group keywith less rekeying overhead. However, the LKH approach causes inefficiency of rekeying the group key in mobile cellular networks since it does not consider the characteristics of the networks, such as the cell-based network topology and the user's mobility. This paper proposes an efficient and practical group key management scheme dedicated to the mobile cellular networks. This new approach can achieve better performance with less management overhead than other currently available schemes, by the cell-based decentralization of key management functions. Through comparisons with other possible approaches, it is shown that the proposed scheme can obtain much better performance in terms of the communication overhead.
- Published
- 2010
38. The Continuous Communication Method for Mobile Circumstances in WMNs
- Author
-
Kijun Han, Byunghwa Lee, Keuchul Cho, Jeongbae Yun, Minho Park, and Junhyung Kim
- Subjects
Routing protocol ,Wireless mesh network ,Computer science ,business.industry ,Distributed computing ,Mesh networking ,Hybrid Wireless Mesh Protocol ,Order One Network Protocol ,Switched mesh ,Shared mesh ,business ,Optical mesh network ,Computer network - Abstract
The Hybrid Wireless Mesh Protocol is a mesh routing protocol that combines the flexibility of on-demand routing with proactive topology tree extensions. The Wireless Mesh Network consists of mesh points and stations. Even if mesh points or stations have mobility, the path should be kept continuously. The Direction of present mobility research is achieved by research in a mobility of stations. In case the MAP moves, this research is very weak. The proposal scheme emphasized in the MAP (Mesh Access Point) mobility. After the Mesh Access Point moves, it re-establishes an existing full path by using the RRER message. However, our scheme is available in an existing path that is changed locally by using a MR (Message Registration) -message which accomplishes locally reestablished path techniques. In this paper, we analyze problems in existent HWMP's path establishment technique.We propose the New Path Selection Scheme by using MR-message produces. Simulation results show that this proposal scheme is designed to reduce packet loss.
- Published
- 2008
39. A Pseudonym Assignment for the Last Mile Wireless Access to 4G Networks
- Author
-
Seung-Woo Seo and Minho Park
- Subjects
Traffic analysis ,Computer science ,business.industry ,Node (networking) ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Pseudonym ,Computer security ,computer.software_genre ,Broadcasting (networking) ,Header ,Wireless ,business ,Pseudonymity ,computer ,Anonymity ,Computer network - Abstract
The last mile wireless access to 4G networks is inherently vulnerable to various attacks due to broadcasting feature of transmission. Although most wireless communication systems provide the security measures, they focus on the protection of the contents of a message. Therefore, the header part of each message including the source and destination addresses is transmitted in a plain-text format, which can reveal the information that is useful to an attacker. In this paper, we solve the loss of anonymity of the last mile wireless access through a novel pseudonym assignment scheme. Specifically, a master node generates pseudonym sets for slave nodes by using Unique Pair Sequence (UPS) which we first devised, and assigns them to each node. Since every node randomly uses one of pseudonyms in the set as ID whenever it transmits a message, our scheme can prevent an attacker from attempting a traffic analysis attack.
- Published
- 2007
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.