Yoon-Jung Rhee

Connection management for QoS service on the Web

The current Web service model treats all requests equivalently, both while being processed by servers and while being transmitted over the network. For some uses, such as multiple priority schemes, different levels of service are desirable. We propose application-level TCP connection management mechanisms for Web servers to provide two different levels of Web service, high and low service, by setting different time-outs for inactive TCP connections. We evaluated the performance of the mechanism under heavy and light loading conditions on the Web server. Our experiments show that, though heavy traffic saturates the network, high level class performance is improved by as much as 25?28%. Therefore, this mechanism can effectively provide QoS guaranteed services even in the absence of operating system and network support.

Heuristic Connection Management for Improving Server-Side Performance on the Web

HTTP/1.1 standard reduces latencies and overhead from closing and re-establishing connections by supporting persistent connections as a default, which encourage multiple transfers of objects over one connection. HTTP/1.1, however, does not define explicitly connection-closing time but specifies a certain fixed holding time model. This model may induce wasting servers resource when server maintains connection with the idle-state client that requests no data for a certain time. This paper proposes the mechanism of a heuristic connection management supported by the client-side under persistent HTTP, in addition to HTTP/1.1s fixed holding time model on server-side. The client exploits the tag information within transferred HTML page so that decides connection-closing time. As a result, the mechanism allows server to use servers resource more efficiently without servers efforts.

Key recovery in IPSec for improving robustness

IPSec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the Internet. Key recovery has been the subject of a lot of discussion, of much controversy and of extensive research. The widespread opinion of the research community is that large-scale deployment of a key recovery system is essentially impossible. Despite this fact, key recovery might be needed at a corporate level, as a form of key management. The basic observation of the present paper is that cryptographic solutions that have been proposed so far; completely ignore the communication context. Static systems are put forward for key recovery at network layer and solutions that require connections with a server are proposed at application layer. We propose an example to provide key recovery capability by adding key recovery information to an IP datagram. It is possible to take advantage of the communication environment in order to design key recovery protocols that are better suited and more efficient.

Client-side mechanism for improving busy Web server's performance

The HTTP/1.1 standard reduces latencies and overhead from closing and re-establishing connections by supporting persistent connections as a default, which encourages multiple transfers of objects over a single connection. HTTP/1.1, however, does not explicitly define the connection-closing time but specifies a certain fixed holding-time model. This model may induce wasting of a servers resources when the server maintains a connection with an idle-state client that requests no data for a certain time. This paper proposes a mechanism for heuristic connection management supported on the client-side under persistent HTTP, in addition to the fixed holding-time model on the server-side. The client exploits the tag information within transferred HTML documents so that it decides the connection-closing time. We compare this to the fixed holding-time model used in the current implementation of the Apache Web server. An experimental evaluation of connection management policies, conducted using Web server logs, shows that our policy achieves a 15-20% reduction on a busy Web server in terms of cost with respect to the fixed holding-time policy. As a result, the mechanism allows busy Web servers to use server resources more efficiently without additional server load, and it distributes services to clients more fairly.

Secure initialization vector transmission on IP security

IPSec is a security protocol suite that provides encryption and authentication for IP messages at the network layer of the Internet. ESP Protocol that is one of the two major protocols of IPSec offers encryption as well as optional authentication and integrity of IP Payloads. IV attacks are a security risk of the CBC encryption mode of block ciphers that can be applied to IPSec. We propose methods for protection against IV attack, which provide IV encapsulation and authentication of ESP payloads.

Practical Solutions to Key Recovery Based on PKI in IP Security

IPSec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the Internet. Key recovery has been the subject of a lot of discussion, of much controversy and of extensive research. Key recovery, however, might be needed at a corporate level, as a form of key management. The basic observation of the present paper is that cryptographic solutions that have been proposed so far completely ignore the communication context. We propose example to provide key recovery capability by adding key recovery information to an IP datagram. It is possible to take advantage of the communication environment in order to design key recovery protocols that are better suited and more efficient.

QoS Performance Improvement for Web Applications

The current Web service model treats all requests equivalently, both while being processed by servers and while being transmitted over the network. For some uses, such as multiple priority schemes, different levels of service are desirable. We propose application-level TCP connection management mechanisms of web server to provide two different levels of Web service, high and low service by setting different timeout for inactive TCP connection. We evaluated the performance of the mechanism under heavy and light loading conditions on Web server. Our experiments show that, though heavy traffic saturates the network, high level class performance is improved by at most 25-28%. Therefore this mechanism can effectively provide QoS services even in the absence of operating system and network support.

Efficient Connection Management for Web Applications

HTTP/1.1 may induce wasting servers resource when server maintains connection with the idle-state client that requests no data for a certain time. This paper proposes the mechanism of a connection management supported by the client under persistent HTTP. For the mechanism, we defined finishing time of transmission for HTML page and all embedded file in it as connection-closing time on client-side. For the experimental environment, clients ran on 300Mhz Pentium II PC with 32MB of physical memory running the windows95 and servers ran on OpenWin of Solaris 2.4. An experimental evaluation of connection management policies, conducted using Web server logs, shows that our policy achieves 15-20% reduction on busy Web server in cost with respect to the fixed holding-time policy.

Differentiated service on the Web by managing TCP connection

Despite the explosive growth of the Web and the ever-increasing resource demands on the servers, the current Web service model treats all requests equivalently, both while being processed by servers and while being transmitted over the network. For some uses, such as multiple-priority schemes, different levels of service are desirable. We propose Web-server application-level TCP connection management mechanisms to provide two different levels of Web service (high and low service) by setting different time-outs for inactive TCP connections. We evaluated the performance of the mechanism under heavy and light loading conditions on a Web server. Our experiments showed that, though heavy traffic saturates the network, the high-level class performance is improved by at most 25-28%. Therefore, this mechanism can effectively provide QoS even in the absence of operating system and network support.