Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

Enormous traffic generated by spam mails brings heavy load to networks and mail servers, which causes a large delay on legitimate mail delivery. In order to deliver important e-mails without unnecessary delay, we proposed an e-mail priority delivery system, where a dedicated receiving Mail Transfer Agent (MTA) receives all messages sent from trusted MTAs and performs only simple anti-spam measures. However, this system has some problems such that the dedicated receiving MTA easily receives even spam mails sent from trusted MTAs through only simple anti-spam measures. In this paper, we propose a method to perform full anti-spam measures on suspicious messages sent from trusted sending MTAs, by introducing tempfailing and SMTP session abort on the dedicated receiving MTA.

CiNii Article

CiNii Books

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

The attempts of malicious access and attacks from the Internet to the internal computers of organizations never stop today and corresponding countermeasure for each technique is required. Most organizations introduce some firewall facilities as one of the solutions to protect their internal computers as well networks from those attacks. However, in most organizations, the network administrator has to deploy the policies on the firewall system manually based on the layer 3 and 4 information and only identified communication peers can be controlled by the policy-base firewall system. To solve these problems, we focused on the domain name resolution which happens prior to most TCP/IP communications and approach a new mechanism: adaptively investigable firewall system based on DNS query initiator by notifying the DNS query side client IP address to the target DNS server. In this paper, we mainly present the detail of design and implementation of the client IP address notification feature in the caching DNS server by embedding the subnet address as well as subnet mask of the query source client by practically using the DNS expanded standard (EDNS0).

DOI： 10.1109/COMPSAC.2015.220

Web of Science

researchmap

Language：English   Publisher：Information Processing Society of Japan  

Recently, many spam mails associated with "One-click fraud," "Phishing," and so on have been sent to unspecified large number of e-mail users. According to some previous works, most spam mails contained some URLs whose domains were registered relatively recently, such that the age of the domain used in the URL in the messages would be a good criterion for spam mail discrimination. However, it is difficult to obtain the age or the registration date of a specific domain for each message by WHOIS service since most WHOIS services would block frequent queries. In this paper, we propose a domain registration date retrieval system, which updates zone files of some Top Level Domains (TLDs) every day, keeps track of the registration date for new domains, and works as a DNS server that replys with the registration date of the queried domain. According to the performance evaluation, the prototype system could update the registration date for all the domains of "com" TLD in two hours.Recently, many spam mails associated with "One-click fraud," "Phishing," and so on have been sent to unspecified large number of e-mail users. According to some previous works, most spam mails contained some URLs whose domains were registered relatively recently, such that the age of the domain used in the URL in the messages would be a good criterion for spam mail discrimination. However, it is difficult to obtain the age or the registration date of a specific domain for each message by WHOIS service since most WHOIS services would block frequent queries. In this paper, we propose a domain registration date retrieval system, which updates zone files of some Top Level Domains (TLDs) every day, keeps track of the registration date for new domains, and works as a DNS server that replys with the registration date of the queried domain. According to the performance evaluation, the prototype system could update the registration date for all the domains of "com" TLD in two hours.

DOI： 10.2197/ipsjjip.22.480

CiNii Article

CiNii Books

researchmap

Language：Japanese  

CiNii Article

CiNii Books

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

In recent years, with proliferation of smart phones and tablet PCs, speedup of wireless LAN communication is required for dealing with increase of traffic in wireless networks. However, transmission speed through a wireless network often slows down in comparison with that through a wired network since packets of wireless networks frequently drop due to the influence of surrounding environment such as electromagnetic noise. In this paper, we propose a method to mitigate the impacts caused by packet loss by virtue of SCTP bicasting in lossy multihoming environment with two or more wireless networks. This method bicasts not all packets but only important packets concerning retransmission for efficiency since bicasting all packets would cause congestion. We also implemented a prototype system based on the proposed method. According to the result of performance evaluation experiment, we confirmed the effectiveness of the proposed method by the fact that the prototype system performed faster transmission than normal SCTP transmission even in high packet loss rate environment.

DOI： 10.1109/COMPSAC.2014.78

Web of Science

researchmap

Language：English   Publisher：Information Processing Society of Japan  

With proliferation of the Internet and its services, how to provide stable and efficient Internet services via reliable high-speed network has become an important issue. Multihomed network is attracted much attention to provide stable and efficient Internet services. In this paper, we focus on the multihoming method in the IPv6 environment. In the IPv6 environment, each host can be assigned multiple IP addresses from different ISPs on one network interface, thus the multihoming is relatively easier than that in the IPv4 environment. However, since many ISPs adopt ingress filtering for security concerns, a multihomed site should select a proper site-exit router according to the source IP address of the packet to communicate with the outside the site successfully. In most site-exit router selection methods, a kind of source IP address dependent routing method is introduced which has some problems in terms of high deployment cost and lack of fault-tolerance and so on.In this paper, we propose a new site-exit router selection method using the routing header which can indicate the router to pass through in the IPv6 environment. This method introduces two middlewares, one into the inside server and the other into the site-exit router. The one in the inside server attaches a routing header which indicates a specific site-exit router to pass through according to the source IP address of the packet, and the other in the site-exit router removes the attached routing header from the packet, thus the inside server can communicate with the outside the site successfully as usual. We also implemented a prototype system including the proposed inside server and the site-exit router and performed feature evaluation as well as performance evaluation. From the evaluation results, we confirmed the proposed method worked well and the overhead of the middlewares are acceptable for practical use in the real network environments.With proliferation of the Internet and its services, how to provide stable and efficient Internet services via reliable high-speed network has become an important issue. Multihomed network is attracted much attention to provide stable and efficient Internet services. In this paper, we focus on the multihoming method in the IPv6 environment. In the IPv6 environment, each host can be assigned multiple IP addresses from different ISPs on one network interface, thus the multihoming is relatively easier than that in the IPv4 environment. However, since many ISPs adopt ingress filtering for security concerns, a multihomed site should select a proper site-exit router according to the source IP address of the packet to communicate with the outside the site successfully. In most site-exit router selection methods, a kind of source IP address dependent routing method is introduced which has some problems in terms of high deployment cost and lack of fault-tolerance and so on.In this paper, we propose a new site-exit router selection method using the routing header which can indicate the router to pass through in the IPv6 environment. This method introduces two middlewares, one into the inside server and the other into the site-exit router. The one in the inside server attaches a routing header which indicates a specific site-exit router to pass through according to the source IP address of the packet, and the other in the site-exit router removes the attached routing header from the packet, thus the inside server can communicate with the outside the site successfully as usual. We also implemented a prototype system including the proposed inside server and the site-exit router and performed feature evaluation as well as performance evaluation. From the evaluation results, we confirmed the proposed method worked well and the overhead of the middlewares are acceptable for practical use in the real network environments.

DOI： 10.2197/ipsjjip.21.441

CiNii Article

CiNii Books

researchmap

Language：English   Publisher：Information Processing Society of Japan  

By using a dynamic VLAN feature of recent network equipment, we can configure a location-free network environment which can authenticate a user of a terminal and assign a VLAN for his/her terminal dynamically so that the user can connect his/her terminal to the same VLAN anywhere in the organization. However, on such a location-free network environment, it is difficult to use some location dependent services. One typical location dependent service is site license of an electronic journal (e-journal) that users can access the contents only if they are in specific locations. In this paper, we propose configuration of a location free network which can adapt location dependent services by devising the allocation of the VLAN-IDs and the subnet IP addresses. By this method, since no special equipment is required, it is possible to build a network system without extra cost. We configured the network system based on the proposed method on the campus network of Okayama University and confirmed the effectiveness and the practicability on accessing some site-licensed e-journals.By using a dynamic VLAN feature of recent network equipment, we can configure a location-free network environment which can authenticate a user of a terminal and assign a VLAN for his/her terminal dynamically so that the user can connect his/her terminal to the same VLAN anywhere in the organization. However, on such a location-free network environment, it is difficult to use some location dependent services. One typical location dependent service is site license of an electronic journal (e-journal) that users can access the contents only if they are in specific locations. In this paper, we propose configuration of a location free network which can adapt location dependent services by devising the allocation of the VLAN-IDs and the subnet IP addresses. By this method, since no special equipment is required, it is possible to build a network system without extra cost. We configured the network system based on the proposed method on the campus network of Okayama University and confirmed the effectiveness and the practicability on accessing some site-licensed e-journals.

DOI： 10.2197/ipsjjip.21.433

CiNii Article

CiNii Books

researchmap

Language：English   Publisher：Information and Media Technologies Editorial Board  

By using a dynamic VLAN feature of recent network equipment, we can configure a location-free network environment which can authenticate a user of a terminal and assign a VLAN for his/her terminal dynamically so that the user can connect his/her terminal to the same VLAN anywhere in the organization. However, on such a location-free network environment, it is difficult to use some location dependent services. One typical location dependent service is site license of an electronic journal (e-journal) that users can access the contents only if they are in specific locations. In this paper, we propose configuration of a location free network which can adapt location dependent services by devising the allocation of the VLAN-IDs and the subnet IP addresses. By this method, since no special equipment is required, it is possible to build a network system without extra cost. We configured the network system based on the proposed method on the campus network of Okayama University and confirmed the effectiveness and the practicability on accessing some site-licensed e-journals.

DOI： 10.11185/imt.8.749

CiNii Article

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

In recent years, many spam mails intending for "One-click fraud" or "Phishing" have been sent to many unspecified e-mail users. As one anti-spam technology, URL Blacklist based on the URLs in the spam mails is well used. However, spanuners have been avoiding this technique by getting many new domains, using them only in a few spam mails, and throwing them away. In this paper, we focus on the domain registration date related to the URLs in the messages in order to improve the discrimination accuracy of spam mails. Thus, we address design and implementation of the domain registration date retrieval system which obtains domain lists from some Top Level Domain registries and records registration dates for each domain in the lists. With this system, we can retrieve the registration date of a domain by DNS.

DOI： 10.1109/COMPSACW.2013.79

Web of Science

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

In order to deliver important e-mails without unnecessary delay, some priority delivery methods with a whitelist, which includes trusted sending Mail Transfer Agents (MTAs), are proposed so far. However, most conventional methods have some problems with a large sized whitelist such as performance degradation, delivery failure, and so on. To alleviate these problems,we proposed a priority delivery system (Prototype system) by using a layer 3 switch (L3SW) with policy based routing (PBR) function. By updating PBR entries dynamically, prototype system implements a large sized whitelist without performance degradation. In this paper,we investigated the case many sending MTAs same time send Email performance of the prototype system. we also describe prototype system improvements.

DOI： 10.1109/COMPSACW.2013.78

Web of Science

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

Recently, the Internet is widely used as a social basis and is not only providing many kinds of services but also offering these at high speed with high reliability. As one method for such a demand, multihoming technique, by which the inside network is connected with two or more ISPs (Internet Service Providers) and can use them properly according to network condition, attracts attention. In IPv6 site multihoming environment, multiple IP addresses are usually assigned to each host in the site. However, when a packet is sent from an inside node to outside, the packet has to go through a proper site-exit router in order to avoid ingress filtering. Therefore, especially, when communicating on the outbound connection initiated on an inside node, it is impossible to select a proper site-exit router since the source IP address is selected before initiating a connection. To solve this problem, we propose a route selection method for outbound connections. This method introduces a middleware into each inside node to establish a connection via each site-exit router simultaneously and then uses the first established connection. This middleware also introduces a kind of Network Address Translation (NAT) function to avoid ingress filtering. According to simulation experiments, we confrmed that the proposed method can select proper routes.

DOI： 10.1109/COMPSACW.2013.77

Web of Science

researchmap

Language：English   Publisher：Information Processing Society of Japan  

With the explosive expansion of the Internet, many fundamental and popular Internet services such as WWW and e-mail are becoming more and more important and are indispensable for the human's social activities. As one technique to operate the systems reliably and efficiently, the way of introducing multihomed networks attracts much attention. However, conventional route selection mechanisms on multihomed networks reveal problems in terms of properness of route selection and dynamic traffic balancing which are two key criteria of applying multihomed networks. In this paper, we propose an improved dynamic route selection mechanism based on multipath DNS (Domain Name System) round trip time to address the existing problems. The evaluation results on the WWW system and the e-mail system indicate that the proposal is effective for a proper route selection based on the network status as well as for dynamic traffic balancing on multihomed networks and we also confirmed the resolution of problems that occur in the case of conventional mechanisms.With the explosive expansion of the Internet, many fundamental and popular Internet services such as WWW and e-mail are becoming more and more important and are indispensable for the human's social activities. As one technique to operate the systems reliably and efficiently, the way of introducing multihomed networks attracts much attention. However, conventional route selection mechanisms on multihomed networks reveal problems in terms of properness of route selection and dynamic traffic balancing which are two key criteria of applying multihomed networks. In this paper, we propose an improved dynamic route selection mechanism based on multipath DNS (Domain Name System) round trip time to address the existing problems. The evaluation results on the WWW system and the e-mail system indicate that the proposal is effective for a proper route selection based on the network status as well as for dynamic traffic balancing on multihomed networks and we also confirmed the resolution of problems that occur in the case of conventional mechanisms.

DOI： 10.2197/ipsjjip.20.386

CiNii Article

CiNii Books

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

With the wide spread of the Internet and the increasing of the Internet users, the fact of concentrated accesses to a specific server becomes a critical problem and it is important to process those accesses effectively. Multihomed network is attracted much attention to provide stable and efficient Internet services. In this paper, we focus on the multihoming methodin the IPv6 environment. In the IPv6 environment, each host can obtain multiple IP addresses from different ISPs on one network interface, thus the multihoming is relatively easier than that in IPv4 environment. Also, for the multihoming in the IPv6 environment neither special operations are needed in the client side nor deep technical knowledges are required to the administrator. However, since many ISPs adopt ingress filtering for security concern, a multihomed site should select a proper site-exit router according to the source IP addresses of the packets. In most site existing methods, a kind of source IP address dependent routing function is introduced which have some problems in terms of high deployment cost.In this paper, we propose a new site-exit router selection method using the routing header in the IPv6 environment. This method introduces two middle-wares, one in server that attaches a routing header which indicates a specific site-exit router, and the other in site-exit router that removes it. We implemented a prototype system and confirmed it worked well with reasonable overhead.

Web of Science

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

In the research institutes such as universities or companies, they contract electronic journals for document retrieval and document collection. When an organization contracts electronic journals, the site license is preferred. Because of terms of a site license include location or affiliation of users, available electronic journals differ from users. On the other hand, the user and the terminal are authenticated when the terminal was connected to the network, so an illegal user is excluded, and the terminal is able to connect to a VLAN that had been allocated by dynamic VLAN. With dynamic VLAN, the user can connect to the same VLAN everywhere. However, in such network environment, it cannot be determined where a user accessed by the IP address of the user's terminal, and it is not able to warrant the terms of the site license. In this paper, we propose a network system that adjusts to the site license of electronic journals in the location free network.

Web of Science

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

As one of anti-spam technologies, DNSBL based on the URLs or their corresponding IP addresses in the messages is well used. However, some spam mails cannot be filtered by conventional DNSBLs since the spammers create websites using various techniques such as botnet, fast-flux and Wildcard DNS record. To discriminate such spam mails, we ananalyzed DNS record characteristics corresponding to the domain name in the URLs in actual spam mails. According to this analysis, in this paper we propose a spam mail discrimination system based on the behavior of DNS servers. Since the behavior checking process is likely to wait for a timeout, the system queries some records to a DNS server simultaneously and decides whether the mail is spam or not on receiving the first reply. In addition, the system also introduces a blacklist for the IP addresses of the DNS servers.

Web of Science

researchmap

Language：Japanese  

With wide spread of the Internet and increasement of the Internet users, the concentrated accesses to a specific server becomes a critical problem. Multihoming network is attracted attention to provide stable and efficient Internet services. In this paper, we focus on the multihoming technology using NAT router which is easy to administrate．However, when control route selection using NAT router, problems occur in terms of load balancing and communication failure. Also, the problem that the log of the original access does not remain in the server causes. Thus, in this paper, we propose a new method to solve the problems by using loose source and record route option that can control the communication route without changing the source IP address. It is expected to make the bound and return communication route identical without changing the source IP address by using loose source and record route option. We also designed and implemented a NAT router with loose source and record route function. According to the result of experiments, we can confirm that the proposal system can control the communication route with remaining the access log as expected.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00079577/

Language：Japanese  

As an alleviation method against IPv4 address exhaustion problem, NAT (Network Address Translation) has been commonly used. Since NAT allows many internal hosts to share one single global IP address, it can save the number of required global IP addresses. However, with NAT, each internal host cannot be identified from the external network. Consequently, if access control system on external network would permit network access from one internal host, it automatically would permit all network access from any other internal hosts as well, for example. In this paper, we propose a NAT router with MAC address relaying function that copies the source MAC address of receiving frames sent by internal hosts into frames sent to the external network since source MAC addresses, which are the sender identifiers in data link layer, are basically unused except for MAC address learning function of layer 2 switches. According to the results of experiments, we confirmed that the prototype NAT router with MAC address relaying function allows access to external networks by internal hosts to be controlled individually based on MAC address and obtains high throughput as well.

CiNii Article

CiNii Books

researchmap

Other Link： http://ousar.lib.okayama-u.ac.jp/46928

J-GLOBAL

researchmap

J-GLOBAL

researchmap

Language：Japanese  

As a way to improve throughput and fault tolerance of E-mail system, multihomed network is taken into account. To take full advantage of multihomed network, it is required to conduct proper route selection based on topology and utilization statistics of network. However, most conventional operation schemes have some issues such that do not perform appropriate route selection nor dynamic traffic balancing since they do not take network topology into account. In this paper, we propose a dynamic route selection method for inbound e-mail delivery. In this method, different replies corresponding to a DNS (Domain Name System) query launched right before e-mail delivery are sent back simultaneously through multiple routes and the one through which the first arrived reply was delivered is selected for e-mail delivery. With this method, an appropriate route based on the topology and utilization statistics of network can be selected for inbound e-mail delivery. Furthermore, unavailable routes with failure can be avoided automatically as well.

CiNii Article

CiNii Books

researchmap

J-GLOBAL

researchmap

J-GLOBAL

researchmap

J-GLOBAL

researchmap

J-GLOBAL

researchmap

Language：Japanese  

Tempfailing, which temporarily refuses the first delivery attempt of a message from an untrusted Mail Transfer Agent (MTA), is one of typical anti-spam technologies commonly used in many organizations. This method can refuse spam mails considerably. However, it also may refuse legitimate mails sent from domains resending the temporarily failed message with a different MTA or those without resending function. In such a case, an administrator of the receiver MTA has to register those domains by hand. In this paper, in order to reduce these drawbacks, we propose an anti-spam method introducing SMTP session abort function. This method performs the same effect as existing tempfailing methods by means of SMTP session abort during the first delivery attempt. In addition, this method can obtain the header or the whole message even if it would not be resent and can use the header for second delivery checking and can use the whole message of unresent messages in case of false positives. According to the operation tests of the prototype systems, we confirmed that the proposed method received messages from domains using a different MTA for retry.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00009235/

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

On IEEE 802.11a/b/g, the most popular standards of wireless LAN networks, encryption functions called WEP (Wire Equivalent Privacy) or WPA (Wi-Fi Protected Access) are used for preventing malicious users from both eavesdropping and unauthorized access. However, along with end-to-end encryption, WEP and WPA have large overhead due to duplicated encryption. In this paper, we propose a method to reduce this drawback. On this method, a wireless client can choose packet encryption or packet authentication in its wireless LAN automatically depending on whether end-to-end encryption is performed or not. With packet authentication in case that end-to-end encryption is performed, we can improve the communication speed on the wireless environment while preventing invalid access.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00009606/

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

As the Internet evolves, VPN (Virtual Private Network), which establishes secure connections between off-site clients and on-site servers, is getting important. In VPN, a part of network which is protected from the Internet is called "VPN domain." In the environment where VPN domains are hierarchically configured (Hierarchical VPN), the next hop VPN gateway (VGW) must be discovered depending on the destination host. In this paper, we propose some routing methods which are transparent from users. In these methods, the next hop VGW is automatically discovered by querying to DNS servers and/or receiving ICMP and TCP packets. We have implemented proposed methods by extending the VTun software. The effectiveness of these methods are experimentally confirmed.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00009608/

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

LAN access control systems are often used at many organizations such as universities, to provide network accessibility to both insiders and guest users. However, most of existing LAN access control systems have some problems such that guest users can access some services restricted to insiders. In this paper, we propose a LAN access control method by assigning to user terminals a kind of external addresses such as private addresses. By applying NAT function conditionally depending on whether access to an internal server or not, this method makes it possible to protect restricted services from guest users, without modifying any configuration of existing servers. According to a field testing, the proposed system has been confirmed to be effective and practical.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00009948/

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

VLAN (Virtual LAN) is a technology which can configure logical networks independent of the physical network structure. With VLAN, users in common spaces (such as meeting rooms) can access to their department networks temporarily because changing of logical network structure is achieved only by configuration of VLAN switches. However, in the general configuration method, because VLANs are managed statically by administrators, various problems such as high administrative cost and conflict or insufficiency of VLAN-IDs may arise especially in large scale organizations where VLANs are managed by each department. To solve these problems, we propose a method which provides an interconnection between a temporary configured VLAN in a common space and a VLAN of a user's department. In the proposed method, a user in a common space can access to his/her department network seamlessly by converting a temporary VLAN-ID in the common space and a VLAN-ID used in his/her department each other automatically. The effectiveness of the proposed method is confirmed by the experiment on the actual network using VLAN managers, VLAN-ID converters and authentication servers based on the proposed method.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00009949/

Language：English   Publisher：The Institute of Electronics, Information and Communication Engineers  

In order to improve TCP performance, the use of a PEP (Performance Enhancing Proxy) has been proposed. The PEP operates on a router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host on behalf of the destination host, and stores a copy of the packet in a local buffer (PEP buffer) in case the packet needs to be retransmitted. In this paper, in accordance with a strategy that keeps the number of prematurely acknowledged packets in the PEP buffer below a fixed threshold (watermark) value, we investigate the relation between the watermark value and the average throughput. Extensive simulations show that the results can be roughly classified into two cases. In the first case, the average throughput becomes larger for larger watermark values and becomes a constant value when the watermark value is over a certain value. In the second case, although the average throughput becomes larger for lager watermark value in the same way, it decreases when the watermark value is over a certain value. We also show that the latter (former) case can occur more easily as the propagation delay in the input side network of the PEP becomes smaller (larger) and the propagation delay in the output side network of the PEP becomes larger (smaller), and also show that the latter (former) case can occur more easily as the transmission speed in the input side network becomes larger (smaller) and the transmission speed in the output side network becomes smaller (larger) while the PEP buffer capacity becomes smaller (larger).

DOI： 10.1093/ietcom/e90-b.1.31

CiNii Article

CiNii Books

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

VPN (Virtual Private Network) is one of the most important technologies on the Internet. With VPN, we can securely access to resources in the organizational network via the Internet. In VPNs having hierarchical structure, since each VPN domain has different access policy (whether VPN gateway should perform authentication, data encryption, and so on or not), an administrator of a VPN domain may need to configure access policies which are different from every VPN sub-domain. However, in the existing VPN methods, since access policies are stored in a static configuration file of each VPN gateway, an administrator of a VPN domain has to cooperate with the other administrators of its sub-domains. Therefore, management cost of access policies becomes considerably large if the organization has large and complicated structure.In this paper, we propose an efficient management method of access policies for hierarchical VPNs. In order to reduce management cost, we introduce a database with hierarchical structure to represent access policies easily and policy servers to get access policies automatically. The effectiveness of our proposed method is confirmed by an experiment on an actual network using policy servers based on the proposed method.

Web of Science

researchmap

Language：English   Publisher：The Institute of Electronics, Information and Communication Engineers  

The EDD connection admission control scheme has been proposed for supporting real-time communication in packet-switched networks. In the scheme, when a connection establishment request occurs, the worst-case link delay in each link along the connection is calculated to determine whether the request can be accepted or not. In order to calculate the worst-case link delay, we must perform a check called the point schedulability check for each of some discrete time instants (checkpoints). Therefore when there are many checkpoints, the worst-case link delay calculation is time-consuming. We have proposed a high-speed calculation method. The method finds some checkpoints for which the point schedulability check need not be performed and removes such unnecessary checkpoints in advance before a connection establishment request occurs, and the check is performed for each of the remaining checkpoints after the request occurs. However, the method is not so effective under the situation that the maximum packet length in networks is large, because the method can find few unnecessary checkpoints under the situation. This paper proposes a new high-speed calculation method. We relax the condition which determines whether or not the point schedulability check need not be performed for each checkpoint in our previous method and derive a new condition for finding unnecessary checkpoints. Using the proposed method based on the new condition, we can increase the number of unnecessary checkpoints compared to our previous method. Numerical examples which are obtained by extensive simulation show that the proposed method can attain as much as about 50 times speedup.

CiNii Article

CiNii Books

researchmap

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

Delivering e-mails without unnecessary delay is one of the very important issues as the spread of e-mail service and its use become very common. But in case that a "Mail Transfer Agent (MTA)" is heavily loaded by huge amount of mails sent to the MTA, not only the delay on mail delivery is inevitable but also managing the MTA service becomes difficult. Thus, a delivery method that treats legitimate mails with priority is requested. In this paper, we focus on the query to the "Domain Name Service (DNS)" which is usually processed just before the mail transfer, and propose a new delivery method which separates legitimate mails from others according to the source IP address of the DNS query. That is, employing a crafted DNS server which responds to each DNS query with separate IP address, and wait for incoming mails at each address, we get a correspondence table between a DNS query and the incoming mail. And we also show that we can lead legitimate mails to the separated mail servers by dynamically changing the DNS response based on this table, and deliver them with short delay even in the case that others servers are loaded by many other mails.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00010316/

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

On educational computer environment, a user-based network access control mechanism is important since there exist many kinds of users. However, as for existing multiuser systems such as UNIX and LINUX, most of them have no such a mechanism or otherwise they have some problems on this access control mechanism, such that administrative cost becomes considerably large, and the performance of network degrades, since a huge number of access control rules are required. In this paper, in order to solve these problems, we propose a method that divides the whole rules into individual rule sets and that refers to only the rule set of the packet owner. In addition, access control per flow is performed on both TCP and UDP communications. Accordingly, this proposed method reduces administrative cost by sharing of rule sets among users and improves performance. According to the result of performance evaluation of a prototype system based on the proposed method, the performance of access control is improved significantly even if many users exist on the system, and consequently we confirm that the proposed method works effectively and efficiently.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00010329/

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

Wide spread of spam mails is a serious problem on e-mail environment. Particularly, spam mails with a spoofed sender address is very serious, since they make the MTA (Mail Transfer Agent) corresponding to the spoofed address be overloaded with massive bounce mails generated by the non-deliverable spam mails, and since they waste a lot of network and computer resources. In this paper, we propose a protection method of the MTA against such massive bounce mails, which is suitable for relatively small sites. This method introduces additional mail servers that mainly deal with the bounce mails, considering that the most MTAs sending back bounce mails are likely to have never sent any mails to the target domain recently. This causes the load of the original mail server to be reduced. According to the analysis of the access logs in the the practical example we have experienced, we confirm that the proposed method can fairly separate massive bounce mails from normal mails and can effectively protect the original MTA against massive bounce mails.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00010315/

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

VPN (Virtual Private Network) is one of important technologies on the Internet. With VPN, we can securely access to resources in the organizational network via the Internet. In VPNs having hierarchical structure, since each VPN domain has different access policy (whether VPN gateway should perform authentication and data encryption, and so on), the administrator of a VPN domain may need to configure access policies which are different from every VPN subdomain. However, in the existing VPN methods, since access policies are stored in static configuration file of each VPN gateway, the administrator of a VPN domain has to cooperate with the other administrators of its subdomains. Therefore, management cost of access policies becomes fairly large if the organization has complicated structure. In this paper, we propose an efficient management method of access policies for hierarchical VPN. To reduce management cost, we introduce databases where access policies are represented hierarchically and policy servers which can inquire access policies to lower VPN domains automatically and recursively to each VPN domains. The effectiveness of our method is confirmed by the experiment on the actual network using policy servers based on our method.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00010327/

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

To improve TCP throughput performance, a method using a PEP (Performance Enhancing Proxy) has been proposed. The PEP operates on a router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host in behalf of the destination host, and stores a copy of the packet into its own buffer (PEP buffer) in case retransmission of the packet is required. As a congestion control method on the PEP, a method which keeps the number of prematurely acknowledged packets in the PEP buffer below a threshold (watermark) value has been proposed. However, the relation between the watermark value and throughput is not sufficiently investigated, and an optimization method of the watermark value is not proposed. In this paper, we first investigate the relation between the watermark value and the average throughput. Extensive simulations show that the simulation results are roughly classified into two cases. In the first case, the average throughput becomes larger for larger watermark values and becomes a constant value when the watermark is over a certain value. In the second case, although the average throughput becomes larger for larger watermark values in the same way, it decreases when the watermark is over a certain value. Next, based on the results about the relation, we propose an watermark optimization algorithm which can adaptively maximize the average throughput of each connection and also satisfy a fairness condition that the average throughputs of connections are equal to each other.

Web of Science

researchmap

Publishing type：Research paper (international conference proceedings)  

Delivering e-mails without unnecessary delay is one of the very important issues as the spread of e-mail service and its use become very common. But in case that a "Mail Transfer Agent (MTA)" is heavily loaded by huge amount of mails sent to the MTA, not only the delay on mail delivery is inevitable but also managing the MTA service becomes difficult. Thus, a delivery method that treats legitimate mails with priority is requested. In this paper, we focus on the query to the "Domain Name Service (DNS)" which is usually processed just before the mail transfer, and propose a new delivery method which separates legitimate mails from others according to the source IP address of the DNS query. That is, employing a crofted DNS server which responds to each DNS query with separate IP address, and wait for incoming mails at each address, we get a correspondence table between a DNS query and the incoming mail. And we also show that we can lead legitimate mails to the separated mail servers by dynamically changing the DNS response based on this table, and deliver them with short delay even in the case that others servers are loaded by many other mails. © 2006 IEEE.

DOI： 10.1109/SAINT.2006.50

Scopus

researchmap

Language：English   Publisher：The Institute of Electronics, Information and Communication Engineers  

The shuffle-like network (SL-Net) is known as a logical topology for WDM-based multihop packet-switched networks. Even if we fix the logical topology to an SL-Net, we can still reposition nodes in the SL-Net by re-tuning wavelengths of transmitters and/or receivers. In conventional node placement algorithms, routes between nodes are assumed to be given. In this paper, we propose two heuristic node placement algorithms for the SL-Net to decrease the average end-to-end packet transmission delay under a given traffic matrix in the case that routes are design variables. The principal idea is to prevent too many traffic flows from overlapping on any link. To attain the idea, in one of the algorithms, a node is selected one by one in a decreasing order of the sums of sending and receiving traffic requirements in nodes, and its placement and routes between the node and all the nodes already placed are simultaneously decided so that the maximum of the amounts of traffic on links at the moment is minimum. In the other algorithm, a node is selected in the same way, and first it is placed so that the average distance between the node and all the nodes already placed is as large as possible, and then routes between the node and all the nodes already placed are decided so that the maximum of the amounts of traffic on links at the moment is minimum. Numerical results for four typical traffic matrices show that either of the proposed algorithms has better performance than conventional algorithms for each matrix, and show that the proposed algorithms, which are based on a jointed optimization approach of node placement and routing, are superior to algorithms which execute node placement and routing as two isolated phases.

CiNii Article

CiNii Books

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

<p>As one of mobile agent applications, many systems which provide continuous service for users moving on a network have been proposed. In these systems, because a movement of mobile agents is performed after a user movement, users must wait for arrival of mobile agents. To reduce users' waiting time, we propose a fundamental framework for mobile agent systems where an agent can move precedently before a user movement. In our frame-work, it is assumed that computers are connected on a network and users with rewritable devices move on the network. The framework supports precedent movement ofmobile agents based on prediction using movement history of users. Because the prediction may be wrong, the framework also provides the following movement of mobile agents. Moreover, the framework provides a recovery method of mobile agents in service in case that mobile agents disappear due to problems such as their bugs. Because we provide some APIs, via which various functions of our framework are accessed, developers of mobile agent systems can easily use our framework using the APIs. We implemented an experimental agent system using the APIs and confirmed that the framework perforned correctly using the experimental system.</p>

DOI： 10.1109/APSITT.2005.203636

Web of Science

CiNii Article

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

<p>VLAN (Virtual LAN) is a technology which can configure logical networks independent of the physi cal network structure. With VLAN, users in common spaces (such as meeting rooms) can access to their department networks temporarily because changing of logical network structure is achieved only by con figuration of VLAN switches. However, in the general configuration method, because VLANs are managed statically by admin istrators, various problems such as high adminis trative cost and conflict or insufficiency of VLAN IDs may arise especially in large scale organiza tions where VLANs are managed by each depart ment. To solve these problems, we propose a method which provides an interconnection between a tem porary configured VLAN in a common space and a VLAN of a user's department. In the proposed method, a user in a common space can access to his/her department network seamlessly by convert ing a temporary VLAN-ID in the common space and a VLAN-ID used in his/her department each other automatically. The effectiveness of the pro posed method is confirmed by the experiment on the actual network using VLAN managers, VLAN ID converters and authentication servers based on the proposed method. </p>

DOI： 10.1109/APSITT.2005.203697

Web of Science

CiNii Article

researchmap

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

To achieve efficient use of multihomed network, which is the network connected to the Internet with two or more backbones, dynamic traffic balancing, which is a method to select appropriate backbone according to the status of backbones, is important. However, existing methods have two problems : (1) they do not care of characteristics of application protocols bacause they apply the same backbone selection mechanism for all communication flows, (2) they can not correctly handle applications which have two or more communication flows depening each other in the same session. In this paper, we propose a dynamic traffic balanging method, which can select appropriate backbone selection mechanism according to characteristics of application protocols, and can allocate communication flows in the same session to the same backbone.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00010654/

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

In terms of security enhancement for e-mail, a large organization with many divisions often introduces a mail gateway, which receives all inbound e-mails, then examines and forwards them to other mail servers in the organization. However, in such an organization, "POP before SMTP" cannot be used for a legitimate user to send messages with an inner mail server from outside of the organization. To solve this problem, we propose an operation method that the mail gateway monitors all POP communication between a user's terminal and an inner mail server. Since this method does not require the configurations of either user's terminals or inner mail servers, it is easy for the administrators to introduce and maintain this method. Simulation experiments show that the overhead of the proposed method is small enough for practical use.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00010658/

Language：English   Publisher：The Institute of Electronics, Information and Communication Engineers  

The wavelength-division multiplexing (WDM) technology has been popular in communication societies for providing very large communication bands by multiple lightpaths with different wavelengths on a single optical fiber. Particularly, a double-ring optical network architecture based on the packet-over-WDM technology such as the HORNET architecture, has been extensively studied as a next generation platform for metropolitan area networks (MANs). Each node in this architecture is equipped with a wavelength-fixed optical-drop and a fast tunable transmitter so that a lightpath can be established between any pair of nodes without wavelength conversions. In this paper, we formulate the optical-drop wavelength assignment problem (ODWAP) for efficient wavelength reuse under heterogeneous traffic in this network, and prove the NP-completeness of its decision problem. Then, we propose a simple heuristic algorithm for the basic case of ODWAP. Through extensive simulations, we demonstrate the effectiveness of our approach in reducing waiting times for packet transmissions when a small number of wavelengths are available to retain the network cost for MANs.

CiNii Article

CiNii Books

researchmap

Publishing type：Research paper (international conference proceedings)  

Wide spread of spam mails is one of the most serious problems on e-mail environment. Particularly, spam mails with a spoofed sender address should not be left alone, since they make the mail server corresponding to the spoofed address be overloaded with massive error mails generated by the spam mails, and since they waste a lot of network and computer resources. In this paper, we propose a protection method of the mail server against such massive error mails. This method introduces an additional mail server that mainly deals with the error mails in order to reduce the load of the original mail server. This method also provide a function that refuses error mails to these two mail servers to save the network and computer resources.

Scopus

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

In order to improve TCP performance, a method using a PEP (Performance Enhancing Proxy) is proposed. The PEP operates on a router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host in behalf of the destination host and stores the copy of the packet into its own buffer (PEP buffer) in case of the retransmission of the packet. In this paper, under the strategy which keeps the number of packets in the PEP buffer for which premature ACKs have been returned being less than or equal to a fixed threshold value (watermark value), we investigate the relation between the watermark value and the maximum throughput. Extensive simulation runs show that the simulation results are roughly classified into two cases. One case is that the maximum throughput becomes larger for larger watermark value and becomes a constant value when the watermark value is over a value. The other case is that though the maximum throughput becomes larger for lager watermark value in the same way, it reversely decreases when the watermark value is over a value. We also show that the latter (former) case is easier to occur as the propagation delay in the input side network of the PEP becomes smaller (larger) and the propagation delay in the output side network of the PEP becomes larger (smaller) and the PEP buffer capacity becomes smaller (larger).

Web of Science

researchmap

Language：English   Publisher：The Institute of Electronics, Information and Communication Engineers  

With the explosive growth of the Internet system, demands for broadband communication networks have rapidly increased to provide high quality network services. For this purpose, the IEEE 802.6 MAC standard protocol defines the distributed-queue dual bus (DQDB) for metropolitan area networks (MANs). The isochronous channel reuse problem (ICRP) has been studied for efficient use of DQDB by finding proper channel assignments to incoming connection requests. In this paper, we first define the generalized isochronous channel reuse problem (GICRP) as a generalization of ICRP, to afford demands of simultaneously satisfying plural connection requests such as for multicast applications, where certain sets of connection requests must be assigned channels simultaneously. We prove the NP-completeness of its decision problem. Then, we propose a minimum dead space (MDS) algorithm as a heuristic approach to GICRP. The extensive simulation results show that with shorter computation time, our MDS algorithm can always find better channel assignments reducing the waiting time for packet transmissions than the best existing algorithm for conventional ICRP.

CiNii Article

CiNii Books

researchmap

Language：English   Publisher：The Institute of Electronics, Information and Communication Engineers  

A variety of real-time multicast applications such as video conferences, remote lectures, and video-on-demand have become in commonplace with the expansion of broadband Internet services. Due to nontrivial problems in the IP multicast technology, the peer-to-peer multicast technology (P2P-multicast) has emerged as a practical implementation, although its network resource utilization is less efficient. A multihome network has the potential of alleviating this inefficiency by providing flexibility in communication path selections for each host with multiple gateways to the Internet. This paper has first formulated the P2P-multicast routing problem in the multihome network, and has proved the NP-completeness of its decision problem. Then, a two-stage heuristic algorithm called P2PMM-router has been presented for this P2P Multicast Multihome-network routing problem. The first stage constructs an initial multicast routing tree from an optimum spanning tree by Prim algorithm, through satisfying the constraints. The second stage improves the tree by repeating partial modifications and constraint satisfactions. The extensive simulation results using random network instances support the effectiveness of our P2PMM_router.

CiNii Article

CiNii Books

researchmap

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

VPN (Virtual Private Network) is one of important technologies on the Internet. With VPN, we can securely access to resources in the organizational network via the Internet. In VPNs having hierarchical structure, clients and VPN gateways (VGWs) have to determine the next hop VGW according to the location of the destination. However, in the existing VPN methods, administrative cost is fairly large because the locations of next-hop VGWs are managed by static routing tables. In this paper, we propose a routing method for hierarchical VPNs. In the proposed method, LDAP servers are introduced for managing the routing and authentication information of VPN gateways efficiently. Moreover, clients and VGWs can determine the next hop VGW dynamically by mapping VPN domains to DNS domains and by storing the information of LDAP servers to DNS servers. The effectiveness of our method is confirmed by the experiment on the actual network using clients and VPN gateways based on our method.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00011002/

Publishing type：Research paper (international conference proceedings)  

Wavelength Division Multiplexing (WDM) technology provides a wideband communication networks by realizing multiple communication channels with different wavelengths on a single optical fiber. In this technology, each node (wavelength router) has a finite number of transmitters/receivers dealing with different wavelengths, where each wavelength is exclusively used for the communication channel between a specific pair of nodes. Thus, some transmission request may require multiple wavelengths going through several nodes before reaching its destination. As a result, the wavelength assignment to nodes is very important for efficient transmission in WDM-based networks. Among regular wavelength assignment topologies, Bidirectional Manhattan Street Network (BMSN) gives high performance to WDM-based networks. In this paper, we present a two-stage heuristic algorithm for the wavelength assignment in BMSN, called a HIWAS (HIerarchical Wavelength Assignment algorithm for BMSN). The first stage of HIWAS finds an initial wavelength assignment hierarchically, not only to avoid a local minimum as best as possible but also to reduce the time complexity. The second stage improves the wavelength assignment by adopting the simulated annealing. The performance of HIWAS is verified through solving two types of random instances, where HIWAS provides a better solution with a shorter time than the best-known existing algorithm. ©2003 IEEE.

DOI： 10.1109/icon.2003.1266227

Scopus

researchmap

Publishing type：Research paper (scientific journal)  

VPN is one of key technologies on the Internet that allows users to access securely to resources in a domain via unsecure networks. For hierarchically nested security domains, such as an R&D division domain in a corporate domain, In such organizations, some existing VPN schemes with multiple security gateway traversal function is applicable for a user to access to the innermost security domain from the Internet. However, most of existing schemes have some drawbacks in terms of security, efficiency and availability. In this paper, we propose a new way to remedy these shortcomings using proxy gateways. The proposed method connects two deeply embedded security domains by a series of virtual paths to create a single VPN link; and by incorporating a proxy gateway to accommodate communication between clients and the security gateway, this permits secure and highly efficient communications without modifying the client or server. © Springer-Verlag Berlin Heidelberg 2003.

DOI： 10.1007/978-3-540-45235-5_76

Scopus

researchmap

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

Since operation of general-use JP domains started, organizations registering new domain names have been increasing. In case that new domain names are used as aliases of the existing domain name in such organizations, the current DNS mechanism has some problems in operation and management such that all DNS servers for the subdomains or the lower domains have to be configured for the new domains in addition to the existing domain. In this paper; to solve these problems, we propose a management and operation method of DNS for organization operating alias domains. By introducing a DNS proxy, this method allows alias domains to be operated without modifying the configurations of the DNS servers and the mail servers in the subdomains or the lower domains.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00011442/

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

VPN is one of important technologies on the Internet. With VPN, we can access to resources in the organizational network via the Internet. As the VPN method applicable to hierachical security domains, following methods are known: the extension of the SOCKS version 5 protocol, SOCKS5 which is the reference implementation of SOCKS version 5 protocol and the method with proxy servers of SSL protocol. However, these VPN method has problems of either efficiency or availability. In this paper, we propose a new VPN method that makes it possible to establish more efficient VPN connections across hierarchical security domains and uses existing VPN software as client. The effectiveness of our method is confirmed by the experiment on the actual network using security gateways based on our method and evaluating the result of the experiment that our method gives more efficient communications across hirarchical security domains.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00011779/

Publishing type：Research paper (international conference proceedings)  

Multihomed network is one of the most efficient configuration to improve response time of network services. However, it is hard to introduce or manage because the existing configuration methods have several problems in that they require much technical skill, involve administrative over-burden for the administrator and so on. In this paper, we propose a dynamic traffic sharing technique and a suitable backbone selection metrics to address some of these problems. Using the proposed technique, an appropriate backbone can be selected per connection with mini-mal technical skill and low administrative cost. In addition, the proposed metrics performs more efficient traffic sharing as compared to others techniques that were investigated.

Scopus

researchmap

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

Multihomed network, that is a kind of network connected to the Internet via more than one backbones, is one of the most interesting networks to improve response time of network services. However, multihomed network is hard to introduce or manage because the existing construction methods have several problems such that it requires much technical skill and administrative cost for the administrator, traffic congestion may occur on a backbone while others have little traffic, and so on. In this paper, we propose a dynamic traffic balancing technique to solve these problems. Using our technique, the router connecting the inside network and backbones monitors the condition of each backbone and selects the appropriate backbone according to the current condition. Moreover, our technique balances traffic transparently and dose not require additional functions or configuration to client programs.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00012111/

J-GLOBAL

researchmap

Language：Japanese   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

researchmap

Language：Japanese  

CiNii Article

CiNii Books

researchmap

J-GLOBAL

researchmap

Language：Japanese   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

researchmap

Publishing type：Research paper (scientific journal)  

CiNii Article

CiNii Books

researchmap

Publishing type：Research paper (international conference proceedings)  

The authors discuss the design and implementation of the authentication system called SPLICE/AS in the WIDE (widely integrated distributed environment) Internet environment. SPLICE/AS is designed based on the public-key encryption, and the authentication scheme originally proposed by R. M. Needham and M. O. Schroeder (1978). In order to manage a large-scale network like WIDE Internet, the hierarchical domain-based management scheme is introduced. Currently, the prototype of SPLICE/AS is working on the 4.3 Berkeley UNIX system. To improve the reliability and robustness of SPLICE/AS, the authors are modifying SPLICE/AS and developing a new protocol for database propagation which is discussed.

Scopus

researchmap

Language：Japanese  

CiNii Article

CiNii Books

researchmap

Language：Japanese  

CiNii Article

CiNii Books

researchmap

Language：English   Publisher：Information and Media Technologies Editorial Board  

With the explosive expansion of the Internet, many fundamental and popular Internet services such as WWW and e-mail are becoming more and more important and are indispensable for the human's social activities. As one technique to operate the systems reliably and efficiently, the way of introducing multihomed networks attracts much attention. However, conventional route selection mechanisms on multihomed networks reveal problems in terms of properness of route selection and dynamic traffic balancing which are two key criteria of applying multihomed networks. In this paper, we propose an improved dynamic route selection mechanism based on multipath DNS (Domain Name System) round trip time to address the existing problems. The evaluation results on the WWW system and the e-mail system indicate that the proposal is effective for a proper route selection based on the network status as well as for dynamic traffic balancing on multihomed networks and we also confirmed the resolution of problems that occur in the case of conventional mechanisms.

DOI： 10.11185/imt.7.831

CiNii Article

researchmap

Language：Japanese   Publisher：(一社)日本医療情報学会  

researchmap

Language：Japanese  

CiNii Article

researchmap

Language：English   Publisher：IEEE  

In order to improve TCP performance, a method using a PEP (Performance Enhancing Proxy) is proposed. The PEP operates on a router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host in behalf of the destination host and stores the copy of the packet into its own buffer (PEP buffer) in case of the retransmission of the packet. In this paper, under the strategy which keeps the number of packets in the PEP buffer for which premature ACKs have been returned being less than or equal to a fixed threshold value (watermark value), we investigate the relation between the watermark value and the maximum throughput. Extensive simulation runs show that the simulation results are roughly classified into two cases. One case is that the maximum throughput becomes larger for larger watermark value and becomes a constant value when the watermark value is over a value. The other case is that though the maximum throughput becomes larger for lager watermark value in the same way, it reversely decreases when the watermark value is over a value. We also show that the latter (former) case is easier to occur as the propagation delay in the input side network of the PEP becomes smaller (larger) and the propagation delay in the output side network of the PEP becomes larger (smaller) and the PEP buffer capacity becomes smaller (larger).

Web of Science

CiNii Article

researchmap

Language：Japanese   Publisher：Forum on Information Technology  

CiNii Article

CiNii Books

researchmap

Language：English  

<p>Multihomed network is one of the most efficient configuration to improve the response time of network services. However, it is hard to introduce or manage because the existing configuration methods have several problems in that they require much technical skill, involve administrative over-burden for the administrator and so on. In this paper, we propose a dynamic traffic sharing technique and suitable backbone selection metrics to address some of these problems. Using the proposed technique, an appropriate backbone can be selected per connection with minimal technical skill and low administrative cost. In addition, the proposed metrics performs more efficient traffic sharing as compared to others techniques that were investigated </p>

CiNii Article

researchmap

Language：Japanese   Publisher：The Institute of Image Information and Television Engineers  

DOI： 10.3169/itej.52.1421

CiNii Article

CiNii Books

researchmap

Event date： 2014.9.25

Language：Japanese  

researchmap

Event date： 2014.7.2

Language：Japanese  

researchmap

Event date： 2014.2.27

Language：Japanese  

Recently, incidents of spam mail submissions via Message Submission Agent (MSA) in an organization, abusing illegally obtained passwords such as those used by password list attack, have been reported increasingly. In this paper, we propose a countermeasure against such incidents that detects spam mail submissions earlier using geographic information of each client derived from its source IP address. We also implemented a spam submission prevention system based on the proposed countermeasure. According to our operation experience of the system in Okayama University, we confirmed that the system works effectively.

researchmap

Event date： 2013.12.5

Language：Japanese  

researchmap

Event date： 2013.12.5

Language：Japanese  

researchmap

Event date： 2013.12.5

Language：Japanese  

researchmap

Event date： 2013.8.20

Language：Japanese  

researchmap

Event date： 2013.7.25

Language：Japanese  

Okayama University has been operating student e-mail systems using Gmail since April 2009. As for teachers and staff, we have been operating the new e-mail system along with the renewal of education and reseach computer system since April 2011. In this paper, we introduce how to configure and operate these e-mail systems. In addition, we exlain some issues of e-mail systems we have experienced during their operation.

researchmap

Event date： 2013.7.3

Language：Japanese  

researchmap

Event date： 2013.6.20

Language：Japanese  

Okayama University has been operating student e-mail systems using Gmail since April 2009. As for teachers, we have started the operation of the new e-mail system along with the renewal of education and reseach computer system since April 2011. In this paper, we introduce how to configure and operate these e-mail systems. In addition, we exlain some issues of e-mail systems we have experienced during their operation, especially for those which were difficult to resolve by ourselves.

researchmap

Event date： 2013.5.9

Language：Japanese  

We replaced Okayama University Campus Information Network in 2009 fiscal year, and have operated the new network called ODnet2010 since June 2010.ODnet2010 not only improves its bandwidth and reliability, but also provides some new functions such as user authentication by floor switches, location-free function for VLANs. In this paper, we explain the operation of authenticated location-free VLANs called "Living Networks", and discuss some issues mainly caused by lack of resources.

researchmap

Event date： 2013.3.14

Language：Japanese  

We replaced Okayama University Campus Information Network in 2009 fiscal year, and have operated the new network called ODnet2010 since June 2010. ODnet2010 not only improves its bandwidth and reliability, but also provides some new functions such as user authentication by floor switches, location-free function for VLANs. In this paper, we explain the operation of authenticated location-free VLANs called "Living Networks", and discuss some issues experienced during the operation.

researchmap

Event date： 2013.3.6

Language：Japanese  

重要な電子メールを遅延なく受信者へ配送するために,信頼できる送信MTAをあらかじめホワイトリストに登録し,優先的に配送する仕組みが考えられている.しかし,従来の方法では大規模なホワイトリストを扱えないか,扱える場合でも速度が遅くなるなどの問題があった.これに対して,我々はレイヤ3スイッチのポリシールーティング機能を用いてホワイトリストを実現し,また登録する送信MTAを動的に変更することにより,大規模なホワイトリストでも速度を落とさずに優先配送できるシステムを提案した.本稿では,提案システムを用いてメール配送を行った場合の評価を行い,その結果をもとに改良すべき点を考察する.

researchmap

Event date： 2012.12.6

Language：Japanese  

researchmap

Event date： 2012.9.20

Language：Japanese  

researchmap

Event date： 2012.9.4

Language：Japanese  

researchmap

Event date： 2012.6.21

Language：Japanese  

researchmap

Event date： 2012.3.8

Language：Japanese  

In order to deliver important e-mails without unnecessary delay, some priority delivery methods with a whitelist, which includes trusted sending MTAs, are proposed so far. However, most of conventional methods have some problems with a large sized whitelist such as performance degradation, delivery failure, and so on. In this paper, we propose a priority delivery system with a layer 3 switch having policy based routing (PBR) function. By updating PBR entries dynamically, this system implements a large sized whitelist without performance degradation. We also address the implementation of the prototype system and its performance.

researchmap

Event date： 2011.11.24

Language：Japanese  

researchmap

Event date： 2011.9.7

Language：Japanese  

researchmap

Event date： 2011.7.8

Language：Japanese  

researchmap

Event date： 2011

Language：Japanese  

researchmap

Event date： 2011

researchmap

Event date： 2010.8.20

Language：Japanese  

researchmap

Event date： 2010.7.16

Language：Japanese  

researchmap

Event date： 2010

researchmap

Event date： 2009.12.10

Language：Japanese  

NAT(Network Address Translation) is well-known as one of the short-term solutions of IPv4 address exhaustion. NAT is a technique that shares a single IP address in several PCs, and is widely used for alleviating the IPv4 address exhaustion and as a securi

researchmap

Event date： 2009.8.20

Language：Japanese  

With explosive spread of the Internet, e-mail as one of fundamental services is getting more and more important. As one way to operate e-mail system stably, multihomed networks are taken into account. However, in conventional route selection method in e-mail system with multihomed networks, problems about dynamic traffic balancing and appropriate route selection still exist. In this paper, we propose a dynamic route selection method by measuring delay time using DNS(Domain Name System). In this method, the proper route could be used for inbound e-mail delivery based on network status and traffic balancing could be performed dynamically as well.

researchmap

Event date： 2009.5.28

Language：Japanese  

researchmap

Event date： 2009.2.26

Language：Japanese  

Okayama University has been operating an external link and many inter-campus links via Science Information Network (SINET) and regional Internet eXchanges (IXes) operated by local governments. However, since there were no redundant links for them, we often experienced problems that external connections and inter-campus connections failed in case of some troubles on these links. To overcome these problems, we added a link between Misasa Campus and SINET via regional IXes and Tottori University in addition to the external link between Tsushima Campus and SINET, so that made redundant logical links for the external link and the inter-campus link between Tsushima and Misasa Campuses. According to operations test, we confirmed fault tolerance of these links was improved.

researchmap

Event date： 2009.2.26

Language：Japanese  

Recently, one of sender authentication methods called SPF has been popularized as Anti-spam technology. However, SPF has a problem that the forwarded e-mail could not be authenticated. In this paper, we propose a solving method for SPF forwarded mail problem by tracing changing history of recipient address. According to the experiments, 88.3% of mails were authenticated with in the proposed method, and 69.5% of mails failed by the original SPF were authenticated in the proposed method.

researchmap

Event date： 2009

Language：Japanese  

researchmap

Event date： 2008.12.4

Language：Japanese  

With explosive spread of the Internet, e-mail as one of fundamental services is getting more important. To run e-mail system stably, multihomed networks are well used. However, in conventional operation scheme, issues about dynamic traffic balancing and f

researchmap

Event date： 2008.8.20

Language：Japanese  

researchmap

Event date： 2008.3.6

Language：Japanese  

Spam mails which bother us are dramatically been increasing. Filtering is one of the effective Anti-spam method. But if it based on analyzing the body of mail, some legitimate mails are not deliver to destination. In this thesis, we focused on Received field in the mail header, and analyze the delivery path. This paper presents delivery delay time at a legitimate mail server tends to be a constant. Furthermore, spam mails delivery delay time are dispersedly. Additionally, we described some spam mais uses wrong summer time, and have special count of Received fields.

researchmap

Event date： 2008

researchmap

Event date： 2008

researchmap

Event date： 2008

researchmap

Event date： 2008

researchmap

Event date： 2007.11.26

Language：Japanese  

In a hierarchical VPN, in order to access into the lowermost VPN domain from a client at the outside of the organization, the client has to traverse all VPN gateways(VGWs) from the uppermost one toward the lowermost one, hop by hop. Therefore, user authen

researchmap

Event date： 2007.8.22

Language：Japanese  

researchmap

Event date： 2007.3.9

Language：Japanese  

As the Internet evolves, VPN (Virtual Private Network), which establishes secure connections between off-site clients and on-site servers, is getting important. In VPN, a part of network which is protected from the Internet is called "VPN domain." In the environment where VPN domains are hierarchically configured (Hierarchical VPN), the next hop VPN gateway (VGW) must be discovered depending on the destination host. In this paper, we propose some routing methods which are transparent from users. In these methods, the next hop VGW is automatically discovered by querying to DNS servers and/or receiving ICMP and TCP packets. We have implemented proposed methods by extending the VTun software. The effectiveness of these methods are experimentally confirmed.

researchmap

Event date： 2007.3.1

Language：Japanese  

To protect recipients from receiving spam mails, our research group proposed an anti-spam method by means of tempfailing by SMTP session abort along with distributed collaborative spam filtering. However, this method can configure the behavior not of each user but of the whole system. To solve this problem, we propose a method that each user can configure his/her reception setting. This method allows each user to configure setting of blocking function, processing of unresent mails, using and learning distributed collaborative filtering, management of whitelist or bracklist, and so on.

researchmap

Event date： 2007.3.1

Language：Japanese  

In recent years, inexpensive and lightweight portable terminals such as laptop PCs are spreading, and outdoor Internet services such as wireless hot spots are increasing. Therefore, users can connect to the Internet at various locations by their own terminal. However, if a terminal establishing TCP connections starts to move to another network, there is a problem that TCP connections are aborted due to retransmission timeout and the change of terminal's IP address. In this paper, we propose a method to preserve TCP connections for macro mobility of terminals by hiding the change of IP address from TCP layer using VPN and by preventing retransmission using proxies.

researchmap

Event date： 2007

researchmap

Event date： 2007

researchmap

Event date： 2007

researchmap

Event date： 2006.11.23

Language：Japanese  

On IEEE 802.11a and 802.11g, that are the most popular standards of wireless LAN networks, encryption functions called WEP (Wire Equivarent Privacy) or WPA (Wi-Fi Protected Access) are used for preventing both eavesdropping and unauthorized access. Howeve

researchmap

Event date： 2006.10.12

Language：English  

Although Transmission Control Protocol (TCP) is widely used in the Internet, its performance is poor in networks with long delays. To improve TCP performance in such networks as long-delay satellite environments, the use of a PEP (Performance Enhancing Proxy) has been proposed. The PEP operates on a router that connects a terrestrial link and a satellite link along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host on behalf of the destination host, and stores a copy of the packet in a local buffer (PEP buffer) in case retransmission of the packet is required. As a congestion control method on the PEP, a method that keeps the number of prematurely acknowledged packets in the PEP buffer below a threshold (watermark) value has been proposed. However, an optimization method of the watermark value has not been proposed. In this paper, we propose an adaptive watermark value optimization algorithm that maximizes the average throughput of each connection in response to dynamic establishment and release of connections, under a fairness condition that the average throughputs of connections are equal to each other. Numerical examples using the NS2 simulator for a simple network model show the effectiveness of the proposed algorithm.

researchmap

Event date： 2006.9.7

Language：Japanese  

To improve TCP throughput performance, a method using a PEP (Performance Enhancing Proxy) has been proposed. The PEP operates on a router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host in behalf of the destination host, and stores a copy of the packet in its own buffer (PEP buffer) in case retransmission of the packet is required. As a congestion control method on the PEP, a method which keeps the number of prematurely acknowledged packets in the PEP buffer below a threshold (watermark) value has been proposed, and we have investigated the relation between the watermark value and the average throughput. In this paper, based on the relation, we propose an watermark optimization algorithm which can adaptively maximize the average throughput of each connection and also satisfy a fairness condition that the average throughputs of connections are equal to each other. We also show some numerical examples using the proposed algorithm.

researchmap

Event date： 2006.8.21

Language：Japanese  

researchmap

Event date： 2006.5.11

Language：Japanese  

LAN access control systems are often used at many organizations such as universities, to provide network accessibility to both insiders and guest users. However, most of existing LAN access control systems have some problems such that guest users can access services restricted to insiders. In this paper, we propose a LAN access control system to protect restricted services from guest users, without modifying any existing servers by applying NAT function conditionally. According to a field testing, the proposed system has been confirmed to be effective and practical.

researchmap

Event date： 2006.3.29

Language：Japanese  

In order to realize efficient account management in hierarchical VPNs, an access control method with certificates has been proposed. However, since this method assumes centralized CA (Certification Authority) which manages all users in an organization, administrative cost of the CA is considerably high if this method is applied to large scale organizations which have many users. To solve this problem, we propose an access control method which assumes distributed CAs environment. In the proposed method, in order to deal with VPN domains which have no CAs, a user name of a VPN domain which has no CA is registered to the optional field of the user's certificate issued by another domain as an "alternative name". By using alternative names of certificates, VPN gateways of VPN domains which have no CAs are able to perform access control on a per-user basis without registration of user accounts.

researchmap

Event date： 2006.3.16

Language：Japanese  

NFS-based services have been proposed for transferring continuous media data. However, on a network environment like WAN that does not have enough bandwidth, NFS-based services are not suitable since they do not provide QoS function. To solve this problem, our research group proposed a remote access method of continuous media data by modifying file access APIs. However, the coverage of this method is limited. In this paper, we propose a remote access method of continuous media data using file system which provides QoS function. To solve the problem of the method with file access APIs, when a quality of media data need to be deteriorated, the file system of our method supplements data with padding according to the format of continuous media data so that file size of continuous media data will not be changed. This paper also discuss a design and implementation of the proposed method and shows that our method is effective even on narrow band network environment.

researchmap

Event date： 2006

Language：Japanese  

researchmap

Event date： 2006

researchmap

Event date： 2006

researchmap

Event date： 2006

researchmap

Event date： 2005.12.1

Language：Japanese  

In a large-scale organization where VLANs are managed independently by each department, when users attempt to connect temporarily to their departments' network from another location, various problems such as high administrative cost and conflict or

researchmap

Event date： 2005.11.17

Language：Japanese  

In order to improve TCP performance, a method using a PEP (Performance Enhancing Proxy) is proposed. In the method, the PEP is located in a intermediate router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet, stores the copy of the packet into its own buffer (PEP buffer), and returns the corresponding ACK (premature ACK) in behalf of the destination host. In previous researches, under the strategy which keeps the number of the packets in the PEP buffer for which premature ACKs have been returned being less than or equal to a fixed threshold value (watermark value), we have investigated the relation between the watermark value and throughput when only one TCP connection exists. In this paper, under the above strategy, we investigate the relation between the watermark value and the maximum throughput when multiple TCP connections exist. Simulation results under the assumption that each connection uses a dedicated PEP buffer show that the average throughput of each connection is nearly equal to each other regardless of the watermark value. We also show that the relation between the watermark value and throughput is the same as that when only one connection exists.

researchmap

Event date： 2005.8.22

Language：Japanese  

researchmap

Event date： 2005.7.14

Language：Japanese  

In order to improve TCP performance, a method using a PEP (Performance Enhancing Proxy) is proposed. In the method, the PEP is located in a intermediate router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet, stores the copy of the packet into its own buffer (PEP buffer), and returns the corresponding ACK (premature ACK) in behalf of the destination host. In this paper, under the strategy which keeps the number of the packets in the PEP buffer for which premature ACKs have been returned being less than or equal to a fixed threshold value (watermark value), we investigate the relation between the watermark value and the maximum throughput. Simulation results show that (i) when there exist the upper and lower bounds of the watermark value at which the maximum throughput becomes maximum, the both bounds increase for the increase of the propagation delay in the input side network of the PEP, and the upper bound increases and the lower bound decreases for the increase of the propagation delay in the output side network of the PEP, (ii) when there exists the lower bound only, the bound increases (decreases) for the increase of the propagation delay in the input (output) side network. We also show that when the watermark value is greater than the upper bound, the larger the PEP buffer capacity is, the smaller the decreasing ratio of the maximum throughput is.

researchmap

Event date： 2005.5.12

Language：Japanese  

Spam filters are commonly used for a kind of protection measures of spam mail, which is one of the most serious problems on e-mail environment. As a kind of filtering methods, distributed collaborative filter is remarkable since its false positive rate is very small. However, this method has a significant drawback that its accuracy is considerably low. In this paper, in order to improve the accuracy of distributed collaborative filters, we propose a new method using mails sent to non-existent addresses that may potentially be spam mails We have also implemented the proposed method on a mail gateway, and shown that the accuracy may be improved.

researchmap

Event date： 2004.12.9

Language：Japanese  

In a large-scale organization where VLANs are managed independently by each department, when users attempt to connect temporarily to their departments' network from another location, various problems such as high administrative cost and conflict or insuff

researchmap

Event date： 2004.9.2

Language：Japanese  

NFS-based services have been proposed for transferring continuous media data. However, on a network environment like WAN that does not have enough bandwidth, NFS-based services are not suitable since they do not, provide QoS function. In this paper, we propose a remote access method of continuous media data by modifying file access APIs. This method provides three functions: (1) prefetching on file open, (2) realtimeness support, on file access, and (3) cache invalidation for incomplete data. This paper also discusses a design and implementation of the proposed method and shows that our method is effective even on narrow band network environment.

researchmap

Event date： 2004.8.20

Language：Japanese  

researchmap

Event date： 2004.7.30

Language：Japanese  

In the existing methods which are applicable to Vertual Private Networks (VPNs) having hierarchical structure, an administrator of each VPN gateway (VGW) has to make user accounts to each VGW and to add user names to access control rules when user-based access control feature is required. Therefore, configuring access control rules becomes considerably complex, and the cost of user management also becomes considerably large if the users of other organizations are allowed to access temporarily. In this paper, we propose an access control method with certificates. With our method, the users of other organizations can access temporarily without accounts on each VGW by using certificates issued by their organizations. Moreover, By introducing user grouping, the cost of configuring access control rules is reduced.

researchmap

Event date： 2004.3.4

Language：Japanese  

Spam filters are commonly used for a kind of protection measures of spam mail, which is one of the most serious problems on e-mail environment. As a kind of filtering methods, distributed cooperative filter is remarkable since its false positive rate is very small. However, this method has a significant drawback that its accuracy is considerably low. In this paper, in order to improve the accuracy of distributed cooperative filters, we propose a delayed evaluation technique such that filtering is performed when a Mail User Agent (MUA) has access to the mail server. This method can generate an additional period for registration of new spam mails received by other users, therefore we expect it improves the accuracy. We have also implemented the proposed method as a POP proxy, and shows that the accuracy may be improved in small overheads.

researchmap

Event date： 2004.1.23

Language：Japanese  

In this paper, we present a two-stage heuristic algorithm for the peer-to-peer multicast routing problem in a multihome network. This problem requires finding a multicast routing tree satisfying the delay constraint between any two hosts and the degree constraint of any host while minimizing the total cost of the tree. In our algorithm, the routing tree topology is fixed to the perfect k-ary tree so as to always satisfy the degree constraint while minimizing the maximum hop count between hosts. The first stage of the algorithm greedily constructs an initial tree of minimizing the cost, and the second stage iteratively searches a feasible tree based on the annealing method. Through simulations using random network instances, we compare the performance of our algorithm to that of a similar existing algorithm.

researchmap

Event date： 2004.1.22

Language：Japanese  

On IEEE 802.llb, that is the most popular standard of wireless LAN networks, an encryption function called WEP (Wire Equivalent Privacy) is used for preventing both eavesdropping and unauthorized access. However, WEP is known to have some drawbacks that i

researchmap

Event date： 2003.9.26

Language：Japanese  

In Virtual Private Networks(VPNs) having hierarchical structure, since each VPN domain has different access policy (whether VPN gateway should perform authentication and data encryption, and so on), the administrator of a VPN domain may need to configure access policies which are different from every VPN subdomain. However, in the existing VPN methods, since access policies are stored in static configuration file of each VPN gateway, the administrator of a VPN domain has to cooperate with the other administrators of its subdomains. Therefore, management cost of access policies becomes fairly large if the organization has complicated structure. In this paper, we propose an efficient management method of access policies for hierarchical VPN. To reduce management cost, we introduce a database with hierarchical structure to represent access policies easily and policy servers to get access policies automatically. The effectiveness of our method is confirmed by the experiment on the actual network using policy servers based on our method.

researchmap

Event date： 2003.4.25

Language：Japanese  

In Virtual Private Networks (VPNs) having hierarchical structure, clients and VPN gateways (VGWs) have to determine the next, hop VGW according to the location of the destination. However, in the existing VPN methods, administrative cost is fairly large because the locations of next-hop VGWs are managed by static routing tables. In this paper, we propose a routing method for hierarchical VPNs. In the proposed method, LDAP servers are introduced for managing the routing and authentication information of VPN gateways efficiently. Moreover, clients and VGWs can determine the next hop VGW dynamically by mapping VPN domains to DNS domains and by storing the information of LDAP servers to DNS servers. The effectiveness of our method is confirmed by the experiment on the actual network using clients and VPN gateways based on our method.

researchmap

Event date： 2003.3.3

Language：Japanese  

researchmap

Event date： 2003.1.30

Language：Japanese  

In this paper, we propose a method which provides the interconnection between the temporary configured VLAN in the common spaces such as conference rooms and the user's VLAN in the large-scale organization network which is managed independently by departm

researchmap

Event date： 2003

researchmap

Event date： 2002.10.18

Language：Japanese  

To achieve dynamic traffic ballancing on multihomed networks, which are connected to the Internet with more than one backbone, the backbone selection method based on measurement of TCP connection setup time via each backbone has been proposed. However, because this method is equivalent to measurement of the round trip time(RTT), it does not necessarily improve the throughput. In this paper, we propose a backbone selection method which can estimate available bandwidth of each backbone by sending sequence of packets via each backbone.

researchmap

Event date： 2002.1.31

Language：Japanese  

Multihomed network, that is a kind of network connected to the Internet via more than one backbones, is one of the most interesting networks to improve response time of network services. In order to operate multihomed networks easily and efficiently, we p

researchmap

Event date： 2002

researchmap

Event date： 2002

researchmap

Event date： 2001.10.5

Language：Japanese  

Since operation of general-use JP domains started, organizations with multiple domain names have been increasing. In such organizations, if the same domain structure as that in the existing domain is required in operation of the additional domains, the current DNS mechanism has some problems in operation and management such that all the administrators of DNS in the subtree of the additional domains have to configure the DNS setting for those domains. In this paper, we propose a management and operation method of DNS for such organization to solve these problems, using a DNS proxy. This method does not require any modification to the DNS servers and the mail servers in the subtree of the existing domain.

researchmap

Event date： 2000.7.10

Language：Japanese  

VPN is one of important technologies on the Internet. With VPN, we can access to remote private resource via the Internet. It also makes it possible to send secret messages safely via the Internet. However, there is one significant inconvenience in most current VPN methods like IPsec. Because it is impossible to establish VPN connections across hierarchical security domains. In this paper, we describe a new method that makes it possible to establish VPN connections across hierarchical security domains. It is also inter-operable with former methods by introducing our proxy gateways.

researchmap

Event date： 1998.2.26

Language：Japanese  

researchmap

Event date： 1995.1.26

Language：Japanese  

ATM (Asynchronous Transfer Mode) is widely noticed as a computer network which is base technology of multimedia communication. In this paper, we focus on the overhead of communication protocol in multimedia communication. This paper proposes a model of multimedia communication in which application and ATM adaptation layer directly communicate. It proved that this model could improve throughput between two terminals exchanging video data.

researchmap

Event date： 1993.3.3

Language：Japanese  

researchmap

Event date： 1991

researchmap