Hyungbae Park

SuVMF: software-defined unified virtual monitoring function for SDN-based large-scale networks

Traffic and resource monitoring is the essential function for large-scale enterprises, service providers, and network operators to ensure reliability, availability, and security of their resources. For this reason, many large-scale enterprises and providers have been investing in various standalone dedicated monitoring solutions. However, they find the cost of a dedicated standalone appliance per-feature prohibitive, inflexible, slow to install and difficult to maintain. Network Function Virtualization (NFV)-based virtualization trends represent an attractive opportunity for such stakeholders trying to meet the above requirements while controlling OPEX and CAPEX. Although there are many advantages that virtualization of monitoring function brings, some challenges remained to be solved are ensuring scalability and performance of single or distributed multiple virtual monitoring functions and flexibility and easiness of virtual functions lifecycle management. In this paper, to address such problems, we propose a novel architecture of software-defined unified virtual monitoring function for SDN-based large-scale networks (SuVMF). SuVMF is an essential component to build a scalable, reliable, secure and high-performance SDN architecture by providing intelligent control and monitoring management abstraction and filtering layer. In this paper, we present design, implementation, and evaluation results of SuVMF.

PASSAGES: Preserving Anonymity of Sources and Sinks against Global Eavesdroppers

While many security schemes protect the content of messages in the Distributed Sensing Systems (DSS), the contextual information, such as communication patterns, is left vulnerable and can be utilized by attackers to identify critical information such as the locations of event sources and message sinks. Existing solutions for location anonymity are mostly designed to protect source or sink location anonymity individually against limited eavesdroppers on a small region at a time. However, they can be easily defeated by highly motivated global eavesdroppers that can monitor entire communication events on the DSS. To grapple with these challenges, we propose a mechanism for Preserving Anonymity of Sources and Sinks against Global Eavesdroppers (PASSAGES). PASSAGES uses a small number of stealthy permeability tunnels such as wormholes and message ferries to scatter and hide the communication patterns. Unlike prior schemes, PASSAGES effectively achieves a high anonymity level for both source and sink locations, without incurring extra communication overheads. We quantify the location anonymity level and evaluate the effectiveness of PASSAGES via analysis as well as extensive simulations. We also perform evaluations on the synergistic effect when PASSAGES is combined with other traditional solutions.

SUMA: Software-defined Unified Monitoring Agent for SDN

Software-Defined Network (SDN) enables agile network traffic control and configuration as well as shortens the network function deployment time. Despite the projected benefits of SDN, the abstractions toward the remote and centralized control tend to impose excessive control traffic overhead in order for the controller to acquire the global network visibility as well as to extend the legacy networks inaccurate and unreliable management problems into the control plane. In addition, a complex combination of multiple and heterogeneous management channels further aggravates the scalability problem. In this paper, to address the above management problems. We propose an intelligent management middlebox called Software-defined Unified Monitoring Agent (SUMA). SUMA builds a hybrid SDN architecture by providing intelligent control, management abstraction, and a filtering layer, that eventually will serve as an essential component for the reliable, scalable, and secure SDN deployment. In this paper, we present design, implementation, deployment, and evaluation results of a SUMA.

Energy-Efficient Cooperative Opportunistic Positioning for Heterogeneous Mobile Devices

The fast growing popularity of smartphones and tablets enables us the use of various intelligent mobile applications. As many of those applications require position information, a smart mobile device provides positioning methods such as GPS, WiFi, or Cell-ID based positioning services. However, those positioning methods have different characteristics of energy efficiency, accuracy, and service availability. In this paper, we present an Energy- Efficient Cooperative and Opportunistic Positioning System (ECOPS) for heterogeneous mobile devices. ECOPS facilitates mobile devices with estimated locations using WiFi in cooperation with a few available GPS broadcasting devices, in order to achieve high energy efficiency and accuracy within available budget constraints. ECOPS estimates the location using heterogeneous positioning services and the combination methods including a received signal strength indicator, 2D trilateration, and available power measurement of mobile devices. The evaluation shows that ECOPS significantly reduces energy consumption and achieves the good accuracy of a location.

ECOPS: Energy-Efficient Collaborative Opportunistic Positioning for Heterogeneous Mobile Devices

The fast growing popularity of smartphones and tablets enables us to use various intelligent mobile applications. As many of those applications require position information, smart mobile devices provide positioning methods such as Global Positioning System (GPS), WiFi-based positioning system (WPS), or Cell-ID-based positioning service. However, those positioning methods have different characteristics of energy-efficiency, accuracy, and service availability. In this paper, we present an Energy-Efficient Collaborative and Opportunistic Positioning System (ECOPS) for heterogeneous mobile devices. ECOPS facilitates a collaborative environment where many mobile devices can opportunistically receive position information over energy-efficient and prevalent WiFi, broadcasted from a few other devices in the communication range. The position-broadcasting devices in ECOPS have sufficient battery power and up-to-date location information obtained from accurate but energy-inefficient GPS. A position receiver in ECOPS estimates its location using a combination of methods including received signal strength indicators and 2D trilateration. Our field experiments show that ECOPS significantly reduces the total energy consumption of devices while achieving an acceptable level of location accuracy. ECOPS can be especially useful for unique resource scarce, infrastructureless, and mission critical scenarios such as battlefields, border patrol, mountaineering expeditions, and disaster area assistance.

Fast booting based on nand flash memory

Fast booting is an important tool for minimizing the booting time of embedded systems, and a major factor in determining the usability of the systems. Most fast booting tools have focused on minimizing the booting time by optimizing the processing time from the starting stage of the boot loader to mounting stage of the root file system. However, previous research works did not consider read and write overheads of nand flash memory. In this paper we propose an efficient fast booting for embedded systems based on nand flash memory. We also show that the proposed fast booting mechanism has better performance.

STEP: Source Traceability Elimination for Privacy against Global Attackers in Sensor Networks

Preserving privacy is one of the most challenging yet essential issues in many mission critical WSN applications. As most of the existing privacy solutions additionally inject fake traffic assuming limited local adversary models, they can be easily defeated by highly motivated global attackers that monitor the entire network communications. We propose a scheme against a global adversary model, named Source Traceability Elimination for Privacy (STEP) using heterogeneous links. The STEP uses wormhole pairs (WHPs) to hide the communication of an original source location and scatter it to a remote location. Unlike the existing privacy mechanisms, the STEP provides privacy without incurring any additional communication overhead. We quantify a source location privacy level, evaluate the STEP with various parameters, and discuss its effect when used with other privacy techniques simultaneously.

IRIS-CoMan: Scalable and Reliable Control and Management Architecture for SDN-Enabled Large-Scale Networks

Abstract A software-defined network (SDN) enables agile network control and configuration as well as shortens the network function deployment time. Despite the projected benefits of an SDN, the abstractions toward the remote and centralized control tend to impose excessive control traffic overhead in order for the controller to acquire global network visibility as well as extend the legacy network’s inaccurate and unreliable management problems into the control plane. In addition, many recent SDNs facilitate multiple management pillars (such as customized interfaces and protocols) so that user applications can directly communicate to the data plane to measure and monitor specific information. Not only logical control centralization, but also virtualization of the underlying computing and network resources add demands of more flexible and programmable monitoring functions per the virtual domain. A complex combination of multiple and heterogeneous management channels introduces the significant scalability, control tuning, and reliability problems in SDN. In this paper, to address the above control and management problems, we propose a highly scalable and reliable SDN control and management architecture, called IRIS Control and Management (IRIS-CoMan). It builds an intelligent agent based hybrid SDN architecture by providing a control and management abstraction and filtering layer. It serves an essential component for the reliable, scalable, and secure SDN deployment. We present design, implementation, deployment, and feasibility evaluation results of IRIS-CoMan.

Optical Wireless authentication for smart devices using an onboard ambient light sensor

As recent smartphone technologies in software and hardware keep on improving, many smartphone users envision to perform various mission critical applications on their smart-phones that were previously accomplished by using PCs. Hence, smartphone authentication has become one of the most critical security issues. Due to the relatively small smartphone form factor, the traditional user id and password typed authentication is considered as an inconvenient and time-taking approach. Taking advantage of various sensor technologies of smartphones, alternative authentication methods such as pattern, gesture, finger print, and face recognition have been actively researched. However, those authentication methods still pose one of speed, reliability, and usability issues. They are especially not suitable for the users in rugged conditions and with physical challenges. In this paper, we evaluate existing alternative smartphone authentication approaches in various usage scenarios to propose ambient light sensor based authentication for smartphones. We have designed and prototyped a challenge-based programmable Fast, Inexpensive, Reliable, and Easy-to-use (FIRE) hardware authentication token. FIRE token uses an onboard LED to transmit passwords via an Optical Wireless Signal (OWS) to the smartphone that captures, and interprets it via its ambient light sensor. FIRE token is a part of the challenge-response technique in the Inverse Dual Signature (IDS) that we designed to facilitate a multi-factor authentication for the mission critical smartphone applications. Our experiments validate that FIRE can authenticate a user on a smartphone in a simple, fast, and reliable way without compromising the security quality and user experience.

CO-REDUCE: Collaborative Redundancy Reduction Service in Software-Defined Networks

A large portion of digital data is transferred repeatedly across networks and duplicated in storage systems, which costs excessive bandwidth, storage, energy, and operations. Thus, great effort has been made in both areas of networks and storage systems to lower the redundancies. However, due to the lack of the coordination capabilities, expensive procedures of C-H-I (Chunking, Hashing, and Indexing) are incurring recursively on the path of data processing. In this paper, we propose a collaborative redundancy reduction service (CO-REDUCE) in Software-Defined Networks (SDN). Taking advantage of SDN control, CO-REDUCE renders the promising vision of Redundancy Elimination as a network service (REaaS) as a real practical service. CO-REDUCE is a new virtualized network function service that dynamically offloads computational operations and memory management tasks of deduplication to the group of the software designed network middleboxes. Chaining various redundant REs of both storage and network into a service, COREDUCE consolidates and simplifies the expensive C-H-I processes. We develop service coordination protocols and virtualization and control mechanisms in SDN, and indexing algorithms for CO-REDUCE software-designed middleboxes (SDMB). Our evaluation results from the system and Mininet-based prototypes show that CO-REDUCE achieves 2-4 times more bandwidth reduction than existing RE technologies and has compatible storage space savings to existing storage de-duplication techniques while reducing expensive overhead of processing time and memory size.