Updated on 2024/10/18

写真a

 
OKAYAMA Kiyohiko
 
Organization
Center for Information Technology and Management Associate Professor
Position
Associate Professor
External link

Degree

  • Doctor of Philosophy in Engineering ( 2001.3   Osaka University )

Research Areas

  • Informatics / Information network

 

Papers

  • Design and Implementation of SDN-Based Proactive Firewall System in Collaboration with Domain Name Resolution

    Hiroya Ikarashi, Yong Jin, Nariyoshi Yamai, Naoya Kitagawa, Kiyohiko Okayama

    IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS   E101D ( 11 )   2633 - 2643   2018.11

     More details

    Language:English   Publishing type:Research paper (scientific journal)   Publisher:IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG  

    Security facilities such as firewall system and IDS/IPS (Intrusion Detection System/Intrusion Prevention System) have become fundamental solutions against cyber threats. With the rapid change of cyber attack tactics, detail investigations like DPI (Deep Packet Inspection) and SPI (Stateful Packet Inspection) for incoming traffic become necessary while they also cause the decrease of network throughput. In this paper, we propose an SDN (Software Defined Network) - based proactive firewall system in collaboration with domain name resolution to solve the problem. The system consists of two firewall units (lightweight and normal) and a proper one will be assigned for checking the client of incoming traffic by the collaboration of SDN controller and internal authoritative DNS server. The internal authoritative DNS server obtains the client IP address using EDNS (Extension Mechanisms for DNS) Client Subnet Option from the external DNS full resolver during the name resolution stage and notifies the client IP address to the SDN controller. By checking the client IP address on the whitelist and blacklist, the SDN controller assigns a proper firewall unit for investigating the incoming traffic from the client. Consequently, the incoming traffic from a trusted client will be directed to the lightweight firewall unit while from others to the normal firewall unit. As a result, the incoming traffic can be distributed properly to the firewall units and the congestion can be mitigated. We implemented a prototype system and evaluated its performance in a local experimental network. Based on the results, we confirmed that the prototype system presented expected features and acceptable performance when there was no flooding attack. We also confirmed that the prototype system showed better performance than conventional firewall system under ICMP flooding attack.

    DOI: 10.1587/transinf.2017ICP0014

    Web of Science

    researchmap

  • Redundant Configuration of Geographically Distributed Servers for Failover and Failback in a General Organization

    57 ( 3 )   967 - 975   2016.3

     More details

    Language:Japanese  

    High Availability of ICT systems is an important requirement. In an organization, in order to improve the reliability and availability of services, and construct Business Continuity Planning, a configuration of redundant servers which are geographically distributed is valid. However, there exist some clients that cannot configure to use two or more servers. Among clients that can configure to use two or more servers, there exist some clients that can fail over to an alternative server but cannot fail back to the main server. In this paper, we propose a redundant configuration method that introduces IP Anycast technique to geographically distributed replication servers for some kinds of TCP based services. This method can not only fail over to an alternative server but also fail back to the main server by virtue of pop switch on TCP based services. We also show the conditions that should be satisfied by services applicable to the proposed method. According to our operation experience of the LDAP service in Okayama University, we confirmed the proposed method works effectively.

    CiNii Article

    CiNii Books

    researchmap

  • Design and Implementation of Proactive Firewall System in Cooperation with DNS and SDN

    Tomokazu Otsuka, Nariyoshi Yamai, Kiyohiko Okayama, Yong Jin, Hiroya Ikarashi, Naoya Kitagawa

    IEICE Proceeding Series   ( 61 )   25 - 28   2016

     More details

    Language:English   Publisher:The Institute of Electronics, Information and Communication Engineers  

    DOI: 10.34385/proc.61.M1-1-3

    CiNii Article

    researchmap

  • Design and Implementation of Optimal Route Selection Mechanism for Outbound Connections on IPv6 Multihoming Environment

    Jin Yong, Yamai Nariyoshi, Okayama Kiyohiko, Nakamura Motonori

    Journal of information processing   23 ( 4 )   441 - 448   2015.7

     More details

    Language:English   Publisher:Information Processing Society of Japan  

    The Internet has been widely deployed as an infrastructure to provide various ICT (Information and Communication Technology) services today. Some typical services such as e-mail, SNS (Social Network Service) and WWW rely considerably on the Internet in terms of reliability and effectiveness. In this paper, we focus on the IPv6 site multihoming technology and its collaboration with route selection mechanism, which have been reported as one solution to accomplish these goals. Even if a host can easily obtain multiple IP addresses in IPv6 multihomed site, it has to select a proper site-exit router when sending out a packet in order to avoid ingress filtering. Especially, when an inside host initializes an outbound connection it can barely select a proper site-exit router based on its source IP address. To solve this problem, we propose an optimal route selection method for IPv6 multihomed site. With this method, a middleware will be deployed within each inside host so as to connect to the destination host through multiple site-exit router during the initialization phase simultaneously, and then use the first established one for data communication. We also embedded a kind of Network Address Translation (NAT) feature into the middleware to avoid the ingress filtering. By analyzing the results of our experiments on the prototype system we confirmed that the proposed method worked as well as we expected and the collaboration of the site multihoming technology and the proper route selection method can be one possible solution for IPv6 site multihoming in a real network environment.The Internet has been widely deployed as an infrastructure to provide various ICT (Information and Communication Technology) services today. Some typical services such as e-mail, SNS (Social Network Service) and WWW rely considerably on the Internet in terms of reliability and effectiveness. In this paper, we focus on the IPv6 site multihoming technology and its collaboration with route selection mechanism, which have been reported as one solution to accomplish these goals. Even if a host can easily obtain multiple IP addresses in IPv6 multihomed site, it has to select a proper site-exit router when sending out a packet in order to avoid ingress filtering. Especially, when an inside host initializes an outbound connection it can barely select a proper site-exit router based on its source IP address. To solve this problem, we propose an optimal route selection method for IPv6 multihomed site. With this method, a middleware will be deployed within each inside host so as to connect to the destination host through multiple site-exit router during the initialization phase simultaneously, and then use the first established one for data communication. We also embedded a kind of Network Address Translation (NAT) feature into the middleware to avoid the ingress filtering. By analyzing the results of our experiments on the prototype system we confirmed that the proposed method worked as well as we expected and the collaboration of the site multihoming technology and the proper route selection method can be one possible solution for IPv6 site multihoming in a real network environment.

    DOI: 10.2197/ipsjjip.23.441

    CiNii Article

    CiNii Books

    researchmap

  • A Location Free Network System Which Can Be Identified the Location of the User in the Same Subnet

    IPSJ Journal   56 ( 3 )   788 - 797   2015.3

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    Recently, by the authentication function of a network device, it became possible to configure a location free network system in an organization, the user of the organization can connect his/her terminal to their own network anywhere. However, in some cases, it become a problem when the user's current location cannot be distinguished. So, a configuration method that changes relation of the subnet IP address and VLAN-IDs at each site has been proposed. But, when a user moves the site, his/her terminal is not connected to the same subnet. In this paper, we propose a location free network system that the user is possible to connect to the same subnet and is identified the location from a source IP address of the terminal by configuring a NAT router and a DHCP server dynamically, even if the user moves the site. We confirmed the effectiveness by evaluating the prototype system.

    CiNii Article

    CiNii Books

    researchmap

  • Countermeasure of Spam Mails Sent by Trusted MTAs on E-mail Priority Delivery System

    IPSJ Journal   56 ( 3 )   777 - 787   2015.3

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    Enormous traffic generated by spam mails brings heavy load to networks and mail servers, which causes a large delay on legitimate mail delivery. In order to deliver important e-mails without unnecessary delay, we proposed an e-mail priority delivery system, where a dedicated receiving Mail Transfer Agent (MTA) receives all messages sent from trusted MTAs and performs only simple anti-spam measures. However, this system has some problems such that the dedicated receiving MTA easily receives even spam mails sent from trusted MTAs through only simple anti-spam measures. In this paper, we propose a method to perform full anti-spam measures on suspicious messages sent from trusted sending MTAs, by introducing tempfailing and SMTP session abort on the dedicated receiving MTA.

    CiNii Article

    CiNii Books

    researchmap

  • Design and Implementation of Client IP Notification Feature on DNS for Proactive Firewall System

    Tomokazu Otsuka, Gada, Nariyoshi Yamai, Kiyohiko Okayama, Yong Jin

    IEEE 39TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSAC 2015), VOL 3   127 - 132   2015

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    The attempts of malicious access and attacks from the Internet to the internal computers of organizations never stop today and corresponding countermeasure for each technique is required. Most organizations introduce some firewall facilities as one of the solutions to protect their internal computers as well networks from those attacks. However, in most organizations, the network administrator has to deploy the policies on the firewall system manually based on the layer 3 and 4 information and only identified communication peers can be controlled by the policy-base firewall system. To solve these problems, we focused on the domain name resolution which happens prior to most TCP/IP communications and approach a new mechanism: adaptively investigable firewall system based on DNS query initiator by notifying the DNS query side client IP address to the target DNS server. In this paper, we mainly present the detail of design and implementation of the client IP address notification feature in the caching DNS server by embedding the subnet address as well as subnet mask of the query source client by practically using the DNS expanded standard (EDNS0).

    DOI: 10.1109/COMPSAC.2015.220

    Web of Science

    researchmap

  • Domain Registration Date Retrieval System for Improving Spam Mail Discrimination

    Yamai Nariyoshi, Matsuoka Masayuki, Okayama Kiyohiko, Kawano Keita, Nakamura Motonori, Minda Masato

    Journal of information processing   22 ( 3 )   480 - 485   2014.7

     More details

    Language:English   Publisher:Information Processing Society of Japan  

    Recently, many spam mails associated with "One-click fraud," "Phishing," and so on have been sent to unspecified large number of e-mail users. According to some previous works, most spam mails contained some URLs whose domains were registered relatively recently, such that the age of the domain used in the URL in the messages would be a good criterion for spam mail discrimination. However, it is difficult to obtain the age or the registration date of a specific domain for each message by WHOIS service since most WHOIS services would block frequent queries. In this paper, we propose a domain registration date retrieval system, which updates zone files of some Top Level Domains (TLDs) every day, keeps track of the registration date for new domains, and works as a DNS server that replys with the registration date of the queried domain. According to the performance evaluation, the prototype system could update the registration date for all the domains of "com" TLD in two hours.Recently, many spam mails associated with "One-click fraud," "Phishing," and so on have been sent to unspecified large number of e-mail users. According to some previous works, most spam mails contained some URLs whose domains were registered relatively recently, such that the age of the domain used in the URL in the messages would be a good criterion for spam mail discrimination. However, it is difficult to obtain the age or the registration date of a specific domain for each message by WHOIS service since most WHOIS services would block frequent queries. In this paper, we propose a domain registration date retrieval system, which updates zone files of some Top Level Domains (TLDs) every day, keeps track of the registration date for new domains, and works as a DNS server that replys with the registration date of the queried domain. According to the performance evaluation, the prototype system could update the registration date for all the domains of "com" TLD in two hours.

    DOI: 10.2197/ipsjjip.22.480

    CiNii Article

    CiNii Books

    researchmap

  • E-mail Priority Delivery System with Dynamic Whitelist in the Layer 3 Switch

    55 ( 3 )   1151 - 1159   2014.3

     More details

  • Performance Improvement of SCTP Communication Using Selective Bicasting on Lossy Multihoming Environment

    Koki Okamoto, Nariyoshi Yamai, Kiyohiko Okayama, Keita Kawano, Motonori Nakamura, Tokumi Yokohira

    2014 IEEE 38TH ANNUAL INTERNATIONAL COMPUTERS, SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC)   551 - 557   2014

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    In recent years, with proliferation of smart phones and tablet PCs, speedup of wireless LAN communication is required for dealing with increase of traffic in wireless networks. However, transmission speed through a wireless network often slows down in comparison with that through a wired network since packets of wireless networks frequently drop due to the influence of surrounding environment such as electromagnetic noise. In this paper, we propose a method to mitigate the impacts caused by packet loss by virtue of SCTP bicasting in lossy multihoming environment with two or more wireless networks. This method bicasts not all packets but only important packets concerning retransmission for efficiency since bicasting all packets would cause congestion. We also implemented a prototype system based on the proposed method. According to the result of performance evaluation experiment, we confirmed the effectiveness of the proposed method by the fact that the prototype system performed faster transmission than normal SCTP transmission even in high packet loss rate environment.

    DOI: 10.1109/COMPSAC.2014.78

    Web of Science

    researchmap

  • A Site-Exit Router Selection Method Using Routing Header in IPv6 Site Multihoming

    Jin Yong, Yamaguchi Takuya, Yamai Nariyoshi, Okayama Kiyohiko, Nakamura Motonori

    Journal of information processing   21 ( 3 )   441 - 449   2013.7

     More details

    Language:English   Publisher:Information Processing Society of Japan  

    With proliferation of the Internet and its services, how to provide stable and efficient Internet services via reliable high-speed network has become an important issue. Multihomed network is attracted much attention to provide stable and efficient Internet services. In this paper, we focus on the multihoming method in the IPv6 environment. In the IPv6 environment, each host can be assigned multiple IP addresses from different ISPs on one network interface, thus the multihoming is relatively easier than that in the IPv4 environment. However, since many ISPs adopt ingress filtering for security concerns, a multihomed site should select a proper site-exit router according to the source IP address of the packet to communicate with the outside the site successfully. In most site-exit router selection methods, a kind of source IP address dependent routing method is introduced which has some problems in terms of high deployment cost and lack of fault-tolerance and so on.In this paper, we propose a new site-exit router selection method using the routing header which can indicate the router to pass through in the IPv6 environment. This method introduces two middlewares, one into the inside server and the other into the site-exit router. The one in the inside server attaches a routing header which indicates a specific site-exit router to pass through according to the source IP address of the packet, and the other in the site-exit router removes the attached routing header from the packet, thus the inside server can communicate with the outside the site successfully as usual. We also implemented a prototype system including the proposed inside server and the site-exit router and performed feature evaluation as well as performance evaluation. From the evaluation results, we confirmed the proposed method worked well and the overhead of the middlewares are acceptable for practical use in the real network environments.With proliferation of the Internet and its services, how to provide stable and efficient Internet services via reliable high-speed network has become an important issue. Multihomed network is attracted much attention to provide stable and efficient Internet services. In this paper, we focus on the multihoming method in the IPv6 environment. In the IPv6 environment, each host can be assigned multiple IP addresses from different ISPs on one network interface, thus the multihoming is relatively easier than that in the IPv4 environment. However, since many ISPs adopt ingress filtering for security concerns, a multihomed site should select a proper site-exit router according to the source IP address of the packet to communicate with the outside the site successfully. In most site-exit router selection methods, a kind of source IP address dependent routing method is introduced which has some problems in terms of high deployment cost and lack of fault-tolerance and so on.In this paper, we propose a new site-exit router selection method using the routing header which can indicate the router to pass through in the IPv6 environment. This method introduces two middlewares, one into the inside server and the other into the site-exit router. The one in the inside server attaches a routing header which indicates a specific site-exit router to pass through according to the source IP address of the packet, and the other in the site-exit router removes the attached routing header from the packet, thus the inside server can communicate with the outside the site successfully as usual. We also implemented a prototype system including the proposed inside server and the site-exit router and performed feature evaluation as well as performance evaluation. From the evaluation results, we confirmed the proposed method worked well and the overhead of the middlewares are acceptable for practical use in the real network environments.

    DOI: 10.2197/ipsjjip.21.441

    CiNii Article

    CiNii Books

    researchmap

  • A Configuration of Location Free Network Applicable to Location Dependent Services

    Ohsumi Yoshihiro, Okayama Kiyohiko, Yamai Nariyoshi

    Journal of information processing   21 ( 3 )   433 - 440   2013.7

     More details

    Language:English   Publisher:Information Processing Society of Japan  

    By using a dynamic VLAN feature of recent network equipment, we can configure a location-free network environment which can authenticate a user of a terminal and assign a VLAN for his/her terminal dynamically so that the user can connect his/her terminal to the same VLAN anywhere in the organization. However, on such a location-free network environment, it is difficult to use some location dependent services. One typical location dependent service is site license of an electronic journal (e-journal) that users can access the contents only if they are in specific locations. In this paper, we propose configuration of a location free network which can adapt location dependent services by devising the allocation of the VLAN-IDs and the subnet IP addresses. By this method, since no special equipment is required, it is possible to build a network system without extra cost. We configured the network system based on the proposed method on the campus network of Okayama University and confirmed the effectiveness and the practicability on accessing some site-licensed e-journals.By using a dynamic VLAN feature of recent network equipment, we can configure a location-free network environment which can authenticate a user of a terminal and assign a VLAN for his/her terminal dynamically so that the user can connect his/her terminal to the same VLAN anywhere in the organization. However, on such a location-free network environment, it is difficult to use some location dependent services. One typical location dependent service is site license of an electronic journal (e-journal) that users can access the contents only if they are in specific locations. In this paper, we propose configuration of a location free network which can adapt location dependent services by devising the allocation of the VLAN-IDs and the subnet IP addresses. By this method, since no special equipment is required, it is possible to build a network system without extra cost. We configured the network system based on the proposed method on the campus network of Okayama University and confirmed the effectiveness and the practicability on accessing some site-licensed e-journals.

    DOI: 10.2197/ipsjjip.21.433

    CiNii Article

    CiNii Books

    researchmap

  • A Configuration of Location Free Network Applicable to Location Dependent Services

    Ohsumi Yoshihiro, Okayama Kiyohiko, Yamai Nariyoshi

    IMT   8 ( 3 )   749 - 756   2013

     More details

    Language:English   Publisher:Information and Media Technologies Editorial Board  

    By using a dynamic VLAN feature of recent network equipment, we can configure a location-free network environment which can authenticate a user of a terminal and assign a VLAN for his/her terminal dynamically so that the user can connect his/her terminal to the same VLAN anywhere in the organization. However, on such a location-free network environment, it is difficult to use some location dependent services. One typical location dependent service is site license of an electronic journal (e-journal) that users can access the contents only if they are in specific locations. In this paper, we propose configuration of a location free network which can adapt location dependent services by devising the allocation of the VLAN-IDs and the subnet IP addresses. By this method, since no special equipment is required, it is possible to build a network system without extra cost. We configured the network system based on the proposed method on the campus network of Okayama University and confirmed the effectiveness and the practicability on accessing some site-licensed e-journals.

    DOI: 10.11185/imt.8.749

    CiNii Article

    researchmap

  • An Optimal Route Selection Mechanism for Outbound Connection on IPv6 Site Multihoming Environment

    Takuya Yamaguchi, Yong Jin, Nariyoshi Yamai, Kiyohiko Okayama, Koki Okamoto, Motonori Nakamura

    2013 IEEE 37TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSACW)   575 - 580   2013

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    Recently, the Internet is widely used as a social basis and is not only providing many kinds of services but also offering these at high speed with high reliability. As one method for such a demand, multihoming technique, by which the inside network is connected with two or more ISPs (Internet Service Providers) and can use them properly according to network condition, attracts attention. In IPv6 site multihoming environment, multiple IP addresses are usually assigned to each host in the site. However, when a packet is sent from an inside node to outside, the packet has to go through a proper site-exit router in order to avoid ingress filtering. Therefore, especially, when communicating on the outbound connection initiated on an inside node, it is impossible to select a proper site-exit router since the source IP address is selected before initiating a connection. To solve this problem, we propose a route selection method for outbound connections. This method introduces a middleware into each inside node to establish a connection via each site-exit router simultaneously and then uses the first established connection. This middleware also introduces a kind of Network Address Translation (NAT) function to avoid ingress filtering. According to simulation experiments, we confrmed that the proposed method can select proper routes.

    DOI: 10.1109/COMPSACW.2013.77

    Web of Science

    researchmap

  • Domain Registration Date Retrieval System of URLs in E-mail Messages for Improving Spam Discrimination

    Masayuki Matsuoka, Nariyoshi Yamai, Kiyohiko Okayama, Keita Kawano, Motonori Nakamura, Masato Minda

    2013 IEEE 37TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSACW)   587 - 592   2013

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    In recent years, many spam mails intending for "One-click fraud" or "Phishing" have been sent to many unspecified e-mail users. As one anti-spam technology, URL Blacklist based on the URLs in the spam mails is well used. However, spanuners have been avoiding this technique by getting many new domains, using them only in a few spam mails, and throwing them away. In this paper, we focus on the domain registration date related to the URLs in the messages in order to improve the discrimination accuracy of spam mails. Thus, we address design and implementation of the domain registration date retrieval system which obtains domain lists from some Top Level Domain registries and records registration dates for each domain in the lists. With this system, we can retrieve the registration date of a domain by DNS.

    DOI: 10.1109/COMPSACW.2013.79

    Web of Science

    researchmap

  • E-mail Priority Delivery System with Dynamic White list in the Layer 3 Switch

    Gada, Nariyoshi Yamai, Kiyohiko Okayama, Keita Kawano, Motonori Nakamura

    2013 IEEE 37TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSACW)   581 - 586   2013

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    In order to deliver important e-mails without unnecessary delay, some priority delivery methods with a whitelist, which includes trusted sending Mail Transfer Agents (MTAs), are proposed so far. However, most conventional methods have some problems with a large sized whitelist such as performance degradation, delivery failure, and so on. To alleviate these problems,we proposed a priority delivery system (Prototype system) by using a layer 3 switch (L3SW) with policy based routing (PBR) function. By updating PBR entries dynamically, prototype system implements a large sized whitelist without performance degradation. In this paper,we investigated the case many sending MTAs same time send Email performance of the prototype system. we also describe prototype system improvements.

    DOI: 10.1109/COMPSACW.2013.78

    Web of Science

    researchmap

  • An Adaptive Route Selection Mechanism Per Connection Based on Multipath DNS Round Trip Time on Multihomed Networks

    Jin Yong, Yamai Nariyoshi, Okayama Kiyohiko, Nakamura Motonori

    Journal of information processing   20 ( 2 )   386 - 395   2012.4

     More details

    Language:English   Publisher:Information Processing Society of Japan  

    With the explosive expansion of the Internet, many fundamental and popular Internet services such as WWW and e-mail are becoming more and more important and are indispensable for the human's social activities. As one technique to operate the systems reliably and efficiently, the way of introducing multihomed networks attracts much attention. However, conventional route selection mechanisms on multihomed networks reveal problems in terms of properness of route selection and dynamic traffic balancing which are two key criteria of applying multihomed networks. In this paper, we propose an improved dynamic route selection mechanism based on multipath DNS (Domain Name System) round trip time to address the existing problems. The evaluation results on the WWW system and the e-mail system indicate that the proposal is effective for a proper route selection based on the network status as well as for dynamic traffic balancing on multihomed networks and we also confirmed the resolution of problems that occur in the case of conventional mechanisms.With the explosive expansion of the Internet, many fundamental and popular Internet services such as WWW and e-mail are becoming more and more important and are indispensable for the human's social activities. As one technique to operate the systems reliably and efficiently, the way of introducing multihomed networks attracts much attention. However, conventional route selection mechanisms on multihomed networks reveal problems in terms of properness of route selection and dynamic traffic balancing which are two key criteria of applying multihomed networks. In this paper, we propose an improved dynamic route selection mechanism based on multipath DNS (Domain Name System) round trip time to address the existing problems. The evaluation results on the WWW system and the e-mail system indicate that the proposal is effective for a proper route selection based on the network status as well as for dynamic traffic balancing on multihomed networks and we also confirmed the resolution of problems that occur in the case of conventional mechanisms.

    DOI: 10.2197/ipsjjip.20.386

    CiNii Article

    CiNii Books

    researchmap

  • Multihoming Method Using Routing Header in IPv6 Environment

    Takuya Yamaguchi, Yong Jin, Ryoichi Tokumoto, Nariyoshi Yamai, Kiyohiko Okayama, Motonori Nakamura

    2012 IEEE/IPSJ 12TH INTERNATIONAL SYMPOSIUM ON APPLICATIONS AND THE INTERNET (SAINT)   351 - 356   2012

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    With the wide spread of the Internet and the increasing of the Internet users, the fact of concentrated accesses to a specific server becomes a critical problem and it is important to process those accesses effectively. Multihomed network is attracted much attention to provide stable and efficient Internet services. In this paper, we focus on the multihoming methodin the IPv6 environment. In the IPv6 environment, each host can obtain multiple IP addresses from different ISPs on one network interface, thus the multihoming is relatively easier than that in IPv4 environment. Also, for the multihoming in the IPv6 environment neither special operations are needed in the client side nor deep technical knowledges are required to the administrator. However, since many ISPs adopt ingress filtering for security concern, a multihomed site should select a proper site-exit router according to the source IP addresses of the packets. In most site existing methods, a kind of source IP address dependent routing function is introduced which have some problems in terms of high deployment cost.In this paper, we propose a new site-exit router selection method using the routing header in the IPv6 environment. This method introduces two middle-wares, one in server that attaches a routing header which indicates a specific site-exit router, and the other in site-exit router that removes it. We implemented a prototype system and confirmed it worked well with reasonable overhead.

    Web of Science

    researchmap

  • A Location Free Network System Applicable to Geographical Terms of the Electronic Journal Site License

    Yoshihiro Ohsumi, Kiyohiko Okayama, Nariyoshi Yamai, Takaoki Fujiwara, Takashi Hieda

    2012 IEEE/IPSJ 12TH INTERNATIONAL SYMPOSIUM ON APPLICATIONS AND THE INTERNET (SAINT)   357 - 362   2012

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    In the research institutes such as universities or companies, they contract electronic journals for document retrieval and document collection. When an organization contracts electronic journals, the site license is preferred. Because of terms of a site license include location or affiliation of users, available electronic journals differ from users. On the other hand, the user and the terminal are authenticated when the terminal was connected to the network, so an illegal user is excluded, and the terminal is able to connect to a VLAN that had been allocated by dynamic VLAN. With dynamic VLAN, the user can connect to the same VLAN everywhere. However, in such network environment, it cannot be determined where a user accessed by the IP address of the user's terminal, and it is not able to warrant the terms of the site license. In this paper, we propose a network system that adjusts to the site license of electronic journals in the location free network.

    Web of Science

    researchmap

  • Spam Mail Discrimination System Based on Behavior of DNS Servers Associated with URLs

    Shuji Suwa, Nariyoshi Yamai, Kiyohiko Okayama, Motonori Nakamura, Keita Kawano, Gada

    2012 IEEE/IPSJ 12TH INTERNATIONAL SYMPOSIUM ON APPLICATIONS AND THE INTERNET (SAINT)   381 - 386   2012

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    As one of anti-spam technologies, DNSBL based on the URLs or their corresponding IP addresses in the messages is well used. However, some spam mails cannot be filtered by conventional DNSBLs since the spammers create websites using various techniques such as botnet, fast-flux and Wildcard DNS record. To discriminate such spam mails, we ananalyzed DNS record characteristics corresponding to the domain name in the URLs in actual spam mails. According to this analysis, in this paper we propose a spam mail discrimination system based on the behavior of DNS servers. Since the behavior checking process is likely to wait for a timeout, the system queries some records to a DNS server simultaneously and decides whether the mail is spam or not on receiving the first reply. In addition, the system also introduces a blacklist for the IP addresses of the DNS servers.

    Web of Science

    researchmap

  • NAT-based Multihoming Method Applicable to Inbound Connection

    52 ( 12 )   3745 - 3754   2011.12

     More details

    Language:Japanese  

    With wide spread of the Internet and increasement of the Internet users, the concentrated accesses to a specific server becomes a critical problem. Multihoming network is attracted attention to provide stable and efficient Internet services. In this paper, we focus on the multihoming technology using NAT router which is easy to administrate.However, when control route selection using NAT router, problems occur in terms of load balancing and communication failure. Also, the problem that the log of the original access does not remain in the server causes. Thus, in this paper, we propose a new method to solve the problems by using loose source and record route option that can control the communication route without changing the source IP address. It is expected to make the bound and return communication route identical without changing the source IP address by using loose source and record route option. We also designed and implemented a NAT router with loose source and record route function. According to the result of experiments, we can confirm that the proposal system can control the communication route with remaining the access log as expected.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00079577/

  • A MAC-address Relaying NAT Router for Host Identification from Outside of Internal Network

    52 ( 3 )   1348 - 1356   2011.3

     More details

    Language:Japanese  

    As an alleviation method against IPv4 address exhaustion problem, NAT (Network Address Translation) has been commonly used. Since NAT allows many internal hosts to share one single global IP address, it can save the number of required global IP addresses. However, with NAT, each internal host cannot be identified from the external network. Consequently, if access control system on external network would permit network access from one internal host, it automatically would permit all network access from any other internal hosts as well, for example. In this paper, we propose a NAT router with MAC address relaying function that copies the source MAC address of receiving frames sent by internal hosts into frames sent to the external network since source MAC addresses, which are the sender identifiers in data link layer, are basically unused except for MAC address learning function of layer 2 switches. According to the results of experiments, we confirmed that the prototype NAT router with MAC address relaying function allows access to external networks by internal hosts to be controlled individually based on MAC address and obtains high throughput as well.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://ousar.lib.okayama-u.ac.jp/46928

  • DNS resource record analysis of URLs in e-mail messages for improving spam filtering

    Suwa, Shuji, Yamai, Nariyoshi, Okayama, Kiyohiko, Nakamura, Motonori

    Proceedings - 11th IEEE/IPSJ International Symposium on Applications and the Internet, SAINT 2011   2011

  • An identification method of PCs behind NAT router with proxy authentication on HTTP communication

    Ishikawa, Yoshiki, Yamai, Nariyoshi, Okayama, Kiyohiko, Nakamura, Motonori

    Proceedings - 11th IEEE/IPSJ International Symposium on Applications and the Internet, SAINT 2011   2011

  • A Dynamic Route Selection Method Using Multiple DNS Replies for Inbound E-mail Delivery on Multihomed Environment

    51 ( 3 )   998 - 1007   2010.3

     More details

    Language:Japanese  

    As a way to improve throughput and fault tolerance of E-mail system, multihomed network is taken into account. To take full advantage of multihomed network, it is required to conduct proper route selection based on topology and utilization statistics of network. However, most conventional operation schemes have some issues such that do not perform appropriate route selection nor dynamic traffic balancing since they do not take network topology into account. In this paper, we propose a dynamic route selection method for inbound e-mail delivery. In this method, different replies corresponding to a DNS (Domain Name System) query launched right before e-mail delivery are sent back simultaneously through multiple routes and the one through which the first arrived reply was delivered is selected for e-mail delivery. With this method, an appropriate route based on the topology and utilization statistics of network can be selected for inbound e-mail delivery. Furthermore, unavailable routes with failure can be avoided automatically as well.

    CiNii Article

    CiNii Books

    researchmap

  • A solution for mail forwarding problem of SPF by tracing recipient addresses

    Seike, Takumi, Jin, Yong, Yamai, Nariyoshi, Okayama, Kiyohiko, Kawano, Keita, Nakamura, Motonori

    Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010   2010

  • A dynamic routing method for inbound e-mail delivery considering route and MTA conditions on multihomed environment

    Jitsuto, Sho, Jin, Yong, Okayama, Kiyohiko, Yamai, Nariyoshi

    Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010   2010

  • A MAC-address relaying NAT router for PC identification from outside of a LAN

    Murakami, Ryo, Yamai, Nariyoshi, Okayama, Kiyohiko

    Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010   2010

  • An adaptive route selection mechanism per connection based on multipath DNS round trip time on multihomed networks

    Jin, Yong, Yamai, Nariyoshi, Okayama, Kiyohiko, Nakamura, Motonori

    Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010   2010

  • An Anti-spam Method with SMTP Session Abort

    50 ( 3 )   940 - 949   2009.3

     More details

    Language:Japanese  

    Tempfailing, which temporarily refuses the first delivery attempt of a message from an untrusted Mail Transfer Agent (MTA), is one of typical anti-spam technologies commonly used in many organizations. This method can refuse spam mails considerably. However, it also may refuse legitimate mails sent from domains resending the temporarily failed message with a different MTA or those without resending function. In such a case, an administrator of the receiver MTA has to register those domains by hand. In this paper, in order to reduce these drawbacks, we propose an anti-spam method introducing SMTP session abort function. This method performs the same effect as existing tempfailing methods by means of SMTP session abort during the first delivery attempt. In addition, this method can obtain the header or the whole message even if it would not be resent and can use the header for second delivery checking and can use the whole message of unresent messages in case of false positives. According to the operation tests of the prototype systems, we confirmed that the proposed method received messages from domains using a different MTA for retry.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00009235/

  • An Improvement Method of Communication Efficiency with Avoidance of Duplicated Encryption on Wireless LAN Environment

    OKAYAMA KIYOHIKO, YAMAI NARIYOSHI, KAWANO KEITA

    IPSJ journal   49 ( 3 )   1072 - 1080   2008.3

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    On IEEE 802.11a/b/g, the most popular standards of wireless LAN networks, encryption functions called WEP (Wire Equivalent Privacy) or WPA (Wi-Fi Protected Access) are used for preventing malicious users from both eavesdropping and unauthorized access. However, along with end-to-end encryption, WEP and WPA have large overhead due to duplicated encryption. In this paper, we propose a method to reduce this drawback. On this method, a wireless client can choose packet encryption or packet authentication in its wireless LAN automatically depending on whether end-to-end encryption is performed or not. With packet authentication in case that end-to-end encryption is performed, we can improve the communication speed on the wireless environment while preventing invalid access.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00009606/

  • Transparent Establishment Methods of Virtual Links on Hierarchical VPN

    TOYODA HIROTOSHI, KAWAI HIROAKI, SAKANE EISAKU, OKAYAMA KIYOHIKO, YAMAI NARIYOSHI, ISHIBASHI HAYATO, ABE KOTA, MATSUURA TOSHIO

    IPSJ journal   49 ( 3 )   1090 - 1096   2008.3

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    As the Internet evolves, VPN (Virtual Private Network), which establishes secure connections between off-site clients and on-site servers, is getting important. In VPN, a part of network which is protected from the Internet is called "VPN domain." In the environment where VPN domains are hierarchically configured (Hierarchical VPN), the next hop VPN gateway (VGW) must be discovered depending on the destination host. In this paper, we propose some routing methods which are transparent from users. In these methods, the next hop VGW is automatically discovered by querying to DNS servers and/or receiving ICMP and TCP packets. We have implemented proposed methods by extending the VTun software. The effectiveness of these methods are experimentally confirmed.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00009608/

  • A LAN Access Control System with Protection of Restricted Services from Guest Users

    YAMAI NARIYOSHI, OKAYAMA KIYOHIKO, KIZAWA MASAO, DOI MASAYUKI, KAWANO KEITA, OOSUMI YOSHIHIRO

    IPSJ journal   48 ( 4 )   1573 - 1583   2007.4

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    LAN access control systems are often used at many organizations such as universities, to provide network accessibility to both insiders and guest users. However, most of existing LAN access control systems have some problems such that guest users can access some services restricted to insiders. In this paper, we propose a LAN access control method by assigning to user terminals a kind of external addresses such as private addresses. By applying NAT function conditionally depending on whether access to an internal server or not, this method makes it possible to protect restricted services from guest users, without modifying any configuration of existing servers. According to a field testing, the proposed system has been confirmed to be effective and practical.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00009948/

  • A Method of Interconnection of VLANs for Large-scale VLAN Environment

    OKAYAMA KIYOHIKO, YAMAI NARIYOSHI, NIKUSHI NOBUHIRO, KAWANO KEITA, OKAMOTO TAKUJI

    IPSJ journal   48 ( 4 )   1584 - 1594   2007.4

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    VLAN (Virtual LAN) is a technology which can configure logical networks independent of the physical network structure. With VLAN, users in common spaces (such as meeting rooms) can access to their department networks temporarily because changing of logical network structure is achieved only by configuration of VLAN switches. However, in the general configuration method, because VLANs are managed statically by administrators, various problems such as high administrative cost and conflict or insufficiency of VLAN-IDs may arise especially in large scale organizations where VLANs are managed by each department. To solve these problems, we propose a method which provides an interconnection between a temporary configured VLAN in a common space and a VLAN of a user's department. In the proposed method, a user in a common space can access to his/her department network seamlessly by converting a temporary VLAN-ID in the common space and a VLAN-ID used in his/her department each other automatically. The effectiveness of the proposed method is confirmed by the experiment on the actual network using VLAN managers, VLAN-ID converters and authentication servers based on the proposed method.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00009949/

  • Effect of Premature ACK Transmission Timing on Throughput in TCP with a Performance Enhancing Proxy

    WANG Hui, OSADA Shigeyuki, YOKOHIRA Tokumi, OKAYAMA Kiyohiko, YAMAI Nariyoshi

    IEICE Trans. Commun., B   90 ( 1 )   31 - 41   2007.1

     More details

    Language:English   Publisher:The Institute of Electronics, Information and Communication Engineers  

    In order to improve TCP performance, the use of a PEP (Performance Enhancing Proxy) has been proposed. The PEP operates on a router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host on behalf of the destination host, and stores a copy of the packet in a local buffer (PEP buffer) in case the packet needs to be retransmitted. In this paper, in accordance with a strategy that keeps the number of prematurely acknowledged packets in the PEP buffer below a fixed threshold (watermark) value, we investigate the relation between the watermark value and the average throughput. Extensive simulations show that the results can be roughly classified into two cases. In the first case, the average throughput becomes larger for larger watermark values and becomes a constant value when the watermark value is over a certain value. In the second case, although the average throughput becomes larger for lager watermark value in the same way, it decreases when the watermark value is over a certain value. We also show that the latter (former) case can occur more easily as the propagation delay in the input side network of the PEP becomes smaller (larger) and the propagation delay in the output side network of the PEP becomes larger (smaller), and also show that the latter (former) case can occur more easily as the transmission speed in the input side network becomes larger (smaller) and the transmission speed in the output side network becomes smaller (larger) while the PEP buffer capacity becomes smaller (larger).

    DOI: 10.1093/ietcom/e90-b.1.31

    CiNii Article

    CiNii Books

    researchmap

  • An efficient management method of access policies for hierarchical virtual private networks

    Kiyohiko Okayama, Nariyoshi Yamai, Hayato Ishibashi, Kota Abe, Toshio Matsuura

    2007 2ND INTERNATIONAL CONFERENCE ON COMMUNICATION SYSTEMS SOFTWARE & MIDDLEWARE, VOLS 1 AND 2   254 - +   2007

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    VPN (Virtual Private Network) is one of the most important technologies on the Internet. With VPN, we can securely access to resources in the organizational network via the Internet. In VPNs having hierarchical structure, since each VPN domain has different access policy (whether VPN gateway should perform authentication, data encryption, and so on or not), an administrator of a VPN domain may need to configure access policies which are different from every VPN sub-domain. However, in the existing VPN methods, since access policies are stored in a static configuration file of each VPN gateway, an administrator of a VPN domain has to cooperate with the other administrators of its sub-domains. Therefore, management cost of access policies becomes considerably large if the organization has large and complicated structure.In this paper, we propose an efficient management method of access policies for hierarchical VPNs. In order to reduce management cost, we introduce a database with hierarchical structure to represent access policies easily and policy servers to get access policies automatically. The effectiveness of our proposed method is confirmed by an experiment on an actual network using policy servers based on the proposed method.

    Web of Science

    researchmap

  • High-Speed Calculation of Worst-Case Link Delays in the EDD Connection Admission Control Scheme

    YOKOHIRA Tokumi, OKAYAMA Kiyohiko

    IEICE transactions on communications   89 ( 7 )   2012 - 2022   2006.7

     More details

    Language:English   Publisher:The Institute of Electronics, Information and Communication Engineers  

    The EDD connection admission control scheme has been proposed for supporting real-time communication in packet-switched networks. In the scheme, when a connection establishment request occurs, the worst-case link delay in each link along the connection is calculated to determine whether the request can be accepted or not. In order to calculate the worst-case link delay, we must perform a check called the point schedulability check for each of some discrete time instants (checkpoints). Therefore when there are many checkpoints, the worst-case link delay calculation is time-consuming. We have proposed a high-speed calculation method. The method finds some checkpoints for which the point schedulability check need not be performed and removes such unnecessary checkpoints in advance before a connection establishment request occurs, and the check is performed for each of the remaining checkpoints after the request occurs. However, the method is not so effective under the situation that the maximum packet length in networks is large, because the method can find few unnecessary checkpoints under the situation. This paper proposes a new high-speed calculation method. We relax the condition which determines whether or not the point schedulability check need not be performed for each checkpoint in our previous method and derive a new condition for finding unnecessary checkpoints. Using the proposed method based on the new condition, we can increase the number of unnecessary checkpoints compared to our previous method. Numerical examples which are obtained by extensive simulation show that the proposed method can attain as much as about 50 times speedup.

    CiNii Article

    CiNii Books

    researchmap

  • Priority Control in Receiving E-mails by Giving a Separate Response to Each DNS Query

    MARUYAMA SHIN, NAKAMURA MOTONORI, OKABE YASUO, YAMAI NARIYOSHI, OKAYAMA KIYOHIKO, MIYASHITA TAKUYA

    IPSJ journal   47 ( 4 )   1021 - 1030   2006.4

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    Delivering e-mails without unnecessary delay is one of the very important issues as the spread of e-mail service and its use become very common. But in case that a "Mail Transfer Agent (MTA)" is heavily loaded by huge amount of mails sent to the MTA, not only the delay on mail delivery is inevitable but also managing the MTA service becomes difficult. Thus, a delivery method that treats legitimate mails with priority is requested. In this paper, we focus on the query to the "Domain Name Service (DNS)" which is usually processed just before the mail transfer, and propose a new delivery method which separates legitimate mails from others according to the source IP address of the DNS query. That is, employing a crafted DNS server which responds to each DNS query with separate IP address, and wait for incoming mails at each address, we get a correspondence table between a DNS query and the incoming mail. And we also show that we can lead legitimate mails to the separated mail servers by dynamically changing the DNS response based on this table, and deliver them with short delay even in the case that others servers are loaded by many other mails.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00010316/

  • Design and Implementation of User-based Network Access Control Mechanism on Multiuser Systems

    YAMAI NARIYOSHI, MANABE HIROTAKA, OKAYAMA KIYOHIKO, MIYASHITA TAKUYA, MATSUURA TOSHIO

    IPSJ journal   47 ( 4 )   1157 - 1165   2006.4

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    On educational computer environment, a user-based network access control mechanism is important since there exist many kinds of users. However, as for existing multiuser systems such as UNIX and LINUX, most of them have no such a mechanism or otherwise they have some problems on this access control mechanism, such that administrative cost becomes considerably large, and the performance of network degrades, since a huge number of access control rules are required. In this paper, in order to solve these problems, we propose a method that divides the whole rules into individual rule sets and that refers to only the rule set of the packet owner. In addition, access control per flow is performed on both TCP and UDP communications. Accordingly, this proposed method reduces administrative cost by sharing of rule sets among users and improves performance. According to the result of performance evaluation of a prototype system based on the proposed method, the performance of access control is improved significantly even if many users exist on the system, and consequently we confirm that the proposed method works effectively and efficiently.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00010329/

  • A Protection Method against Massive Bounce Mails Caused by Sender Spoofed Spam Mails

    YAMAI NARIYOSHI, OKAYAMA KIYOHIKO, MIYASHITA TAKUYA, SHIGETA NOBUFUMI, MARUYAMA SHIN, NAKAMURA MOTONORI

    IPSJ journal   47 ( 4 )   1010 - 1020   2006.4

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    Wide spread of spam mails is a serious problem on e-mail environment. Particularly, spam mails with a spoofed sender address is very serious, since they make the MTA (Mail Transfer Agent) corresponding to the spoofed address be overloaded with massive bounce mails generated by the non-deliverable spam mails, and since they waste a lot of network and computer resources. In this paper, we propose a protection method of the MTA against such massive bounce mails, which is suitable for relatively small sites. This method introduces additional mail servers that mainly deal with the bounce mails, considering that the most MTAs sending back bounce mails are likely to have never sent any mails to the target domain recently. This causes the load of the original mail server to be reduced. According to the analysis of the access logs in the the practical example we have experienced, we confirm that the proposed method can fairly separate massive bounce mails from normal mails and can effectively protect the original MTA against massive bounce mails.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00010315/

  • An Efficient Management Method of Access Policies for Hierarchical Virtual Private Networks

    OKAYAMA KIYOHIKO, YAMAI NARIYOSHI, ISHIBASHI HAYATO, ABE KOTA, MATSUURA TOSHIO

    IPSJ journal   47 ( 4 )   1136 - 1145   2006.4

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    VPN (Virtual Private Network) is one of important technologies on the Internet. With VPN, we can securely access to resources in the organizational network via the Internet. In VPNs having hierarchical structure, since each VPN domain has different access policy (whether VPN gateway should perform authentication and data encryption, and so on), the administrator of a VPN domain may need to configure access policies which are different from every VPN subdomain. However, in the existing VPN methods, since access policies are stored in static configuration file of each VPN gateway, the administrator of a VPN domain has to cooperate with the other administrators of its subdomains. Therefore, management cost of access policies becomes fairly large if the organization has complicated structure. In this paper, we propose an efficient management method of access policies for hierarchical VPN. To reduce management cost, we introduce databases where access policies are represented hierarchically and policy servers which can inquire access policies to lower VPN domains automatically and recursively to each VPN domains. The effectiveness of our method is confirmed by the experiment on the actual network using policy servers based on our method.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00010327/

  • Throughput optimization in TCP with a performance enhancing proxy

    Shigeyuki Osada, Wang Hui, Tokumi Yokohira, Yukinobu Fukushima, Kiyohiko Okayama, Nariyoshi Yamai

    2006 10TH INTERNATIONAL CONFERENCE ON COMMUNICATION TECHNOLOGY, VOLS 1 AND 2, PROCEEDINGS   392 - +   2006

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    To improve TCP throughput performance, a method using a PEP (Performance Enhancing Proxy) has been proposed. The PEP operates on a router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host in behalf of the destination host, and stores a copy of the packet into its own buffer (PEP buffer) in case retransmission of the packet is required. As a congestion control method on the PEP, a method which keeps the number of prematurely acknowledged packets in the PEP buffer below a threshold (watermark) value has been proposed. However, the relation between the watermark value and throughput is not sufficiently investigated, and an optimization method of the watermark value is not proposed. In this paper, we first investigate the relation between the watermark value and the average throughput. Extensive simulations show that the simulation results are roughly classified into two cases. In the first case, the average throughput becomes larger for larger watermark values and becomes a constant value when the watermark is over a certain value. In the second case, although the average throughput becomes larger for larger watermark values in the same way, it decreases when the watermark is over a certain value. Next, based on the results about the relation, we propose an watermark optimization algorithm which can adaptively maximize the average throughput of each connection and also satisfy a fairness condition that the average throughputs of connections are equal to each other.

    Web of Science

    researchmap

  • Priority control in receiving E-mails by giving a separate response to each DNS query

    Shin Maruyama, Nariyoshi Yamai, Motonori Nakamura, Kiyohiko Okayama, Yasuo Okabe, Takuya Miyashita

    Proceedings - 2006 International Symposium on Applications and the Internet, SAINT 2006   2006   90 - 93   2006

     More details

    Publishing type:Research paper (international conference proceedings)  

    Delivering e-mails without unnecessary delay is one of the very important issues as the spread of e-mail service and its use become very common. But in case that a "Mail Transfer Agent (MTA)" is heavily loaded by huge amount of mails sent to the MTA, not only the delay on mail delivery is inevitable but also managing the MTA service becomes difficult. Thus, a delivery method that treats legitimate mails with priority is requested. In this paper, we focus on the query to the "Domain Name Service (DNS)" which is usually processed just before the mail transfer, and propose a new delivery method which separates legitimate mails from others according to the source IP address of the DNS query. That is, employing a crofted DNS server which responds to each DNS query with separate IP address, and wait for incoming mails at each address, we get a correspondence table between a DNS query and the incoming mail. And we also show that we can lead legitimate mails to the separated mail servers by dynamically changing the DNS response based on this table, and deliver them with short delay even in the case that others servers are loaded by many other mails. © 2006 IEEE.

    DOI: 10.1109/SAINT.2006.50

    Scopus

    researchmap

  • Node Placement Algorithms in the Case that Routes are Design Variables in Shuffle-Like Multihop Lightwave Networks

    YOKOHIRA Tokumi, OKAYAMA Kiyohiko

    IEICE transactions on communications   88 ( 12 )   4578 - 4587   2005.12

     More details

    Language:English   Publisher:The Institute of Electronics, Information and Communication Engineers  

    The shuffle-like network (SL-Net) is known as a logical topology for WDM-based multihop packet-switched networks. Even if we fix the logical topology to an SL-Net, we can still reposition nodes in the SL-Net by re-tuning wavelengths of transmitters and/or receivers. In conventional node placement algorithms, routes between nodes are assumed to be given. In this paper, we propose two heuristic node placement algorithms for the SL-Net to decrease the average end-to-end packet transmission delay under a given traffic matrix in the case that routes are design variables. The principal idea is to prevent too many traffic flows from overlapping on any link. To attain the idea, in one of the algorithms, a node is selected one by one in a decreasing order of the sums of sending and receiving traffic requirements in nodes, and its placement and routes between the node and all the nodes already placed are simultaneously decided so that the maximum of the amounts of traffic on links at the moment is minimum. In the other algorithm, a node is selected in the same way, and first it is placed so that the average distance between the node and all the nodes already placed is as large as possible, and then routes between the node and all the nodes already placed are decided so that the maximum of the amounts of traffic on links at the moment is minimum. Numerical results for four typical traffic matrices show that either of the proposed algorithms has better performance than conventional algorithms for each matrix, and show that the proposed algorithms, which are based on a jointed optimization approach of node placement and routing, are superior to algorithms which execute node placement and routing as two isolated phases.

    CiNii Article

    CiNii Books

    researchmap

  • A framework for mobile agent systems with the capability of preceding and following users

    Tokumi Yokohira, Kiyohiko Okayama, Takashi Murakami, Kayo Takarako

    APSITT 2005: 6TH ASIA-PACIFIC SYMPOSIUM ON INFORMATION AND TELECOMMUNICATION TECHNOLOGIES, PROCEEDINGS   89 - 94   2005.11

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    <p>As one of mobile agent applications, many systems which provide continuous service for users moving on a network have been proposed. In these systems, because a movement of mobile agents is performed after a user movement, users must wait for arrival of mobile agents. To reduce users' waiting time, we propose a fundamental framework for mobile agent systems where an agent can move precedently before a user movement. In our frame-work, it is assumed that computers are connected on a network and users with rewritable devices move on the network. The framework supports precedent movement ofmobile agents based on prediction using movement history of users. Because the prediction may be wrong, the framework also provides the following movement of mobile agents. Moreover, the framework provides a recovery method of mobile agents in service in case that mobile agents disappear due to problems such as their bugs. Because we provide some APIs, via which various functions of our framework are accessed, developers of mobile agent systems can easily use our framework using the APIs. We implemented an experimental agent system using the APIs and confirmed that the framework perforned correctly using the experimental system.</p>

    DOI: 10.1109/APSITT.2005.203636

    Web of Science

    CiNii Article

    researchmap

  • A method of dynamic interconnection of VLANs for large scale VLAN environment

    Kiyohiko Okayama, Nariyoshi Yamai, Takuya Miyashita, Keita Kawano, Takuji Okamoto

    APSITT 2005: 6th Asia-Pacific Symposium on Information and Telecommunication Technologies, Proceedings   427 - 432   2005.11

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    <p>VLAN (Virtual LAN) is a technology which can configure logical networks independent of the physi cal network structure. With VLAN, users in common spaces (such as meeting rooms) can access to their department networks temporarily because changing of logical network structure is achieved only by con figuration of VLAN switches. However, in the general configuration method, because VLANs are managed statically by admin istrators, various problems such as high adminis trative cost and conflict or insufficiency of VLAN IDs may arise especially in large scale organiza tions where VLANs are managed by each depart ment. To solve these problems, we propose a method which provides an interconnection between a tem porary configured VLAN in a common space and a VLAN of a user's department. In the proposed method, a user in a common space can access to his/her department network seamlessly by convert ing a temporary VLAN-ID in the common space and a VLAN-ID used in his/her department each other automatically. The effectiveness of the pro posed method is confirmed by the experiment on the actual network using VLAN managers, VLAN ID converters and authentication servers based on the proposed method. </p>

    DOI: 10.1109/APSITT.2005.203697

    Web of Science

    CiNii Article

    researchmap

  • A Dynamic Traffic Balancing on Multihomed Networks Considering Application Protocol Properties

    OKAYAMA KIYOHIKO, YAMAI NARIYOSHI, KUBO TAKESHI, MIYASHITA TAKUYA

    IPSJ journal   46 ( 4 )   1007 - 1016   2005.4

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    To achieve efficient use of multihomed network, which is the network connected to the Internet with two or more backbones, dynamic traffic balancing, which is a method to select appropriate backbone according to the status of backbones, is important. However, existing methods have two problems : (1) they do not care of characteristics of application protocols bacause they apply the same backbone selection mechanism for all communication flows, (2) they can not correctly handle applications which have two or more communication flows depening each other in the same session. In this paper, we propose a dynamic traffic balanging method, which can select appropriate backbone selection mechanism according to characteristics of application protocols, and can allocate communication flows in the same session to the same backbone.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00010654/

  • An Operation Method of E-mail Systems for Large Scale Organizations Based on "POP before SMTP" with Minimal Administration

    YAMAI NARIYOSHI, OKAYAMA KIYOHIKO, SHIGETA NOBUFUMI, MIYASHITA TAKUYA

    IPSJ journal   46 ( 4 )   1041 - 1050   2005.4

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    In terms of security enhancement for e-mail, a large organization with many divisions often introduces a mail gateway, which receives all inbound e-mails, then examines and forwards them to other mail servers in the organization. However, in such an organization, "POP before SMTP" cannot be used for a legitimate user to send messages with an inner mail server from outside of the organization. To solve this problem, we propose an operation method that the mail gateway monitors all POP communication between a user's terminal and an inner mail server. Since this method does not require the configurations of either user's terminals or inner mail servers, it is easy for the administrators to introduce and maintain this method. Simulation experiments show that the overhead of the proposed method is small enough for practical use.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00010658/

  • An optical-drop wavelength assignment algorithm for efficient wavelength reuse under heterogeneous traffic in WDM ring networks

    FUNABIKI N., KAWASHIMA Jun, NAKANISHI Toru, OKAYAMA Kiyohiko, HIGASHINO Teruo

    IEICE Trans. Fundamentals, A   88 ( 5 )   1234 - 1240   2005

     More details

    Language:English   Publisher:The Institute of Electronics, Information and Communication Engineers  

    The wavelength-division multiplexing (WDM) technology has been popular in communication societies for providing very large communication bands by multiple lightpaths with different wavelengths on a single optical fiber. Particularly, a double-ring optical network architecture based on the packet-over-WDM technology such as the HORNET architecture, has been extensively studied as a next generation platform for metropolitan area networks (MANs). Each node in this architecture is equipped with a wavelength-fixed optical-drop and a fast tunable transmitter so that a lightpath can be established between any pair of nodes without wavelength conversions. In this paper, we formulate the optical-drop wavelength assignment problem (ODWAP) for efficient wavelength reuse under heterogeneous traffic in this network, and prove the NP-completeness of its decision problem. Then, we propose a simple heuristic algorithm for the basic case of ODWAP. Through extensive simulations, we demonstrate the effectiveness of our approach in reducing waiting times for packet transmissions when a small number of wavelengths are available to retain the network cost for MANs.

    CiNii Article

    CiNii Books

    researchmap

  • Performance improvement of TCP using Performance Enhancing Proxies - Effect of premature ACK transmission timing on throughput

    Shigeyuki Osada, Tokumi Yokohira, Wang Hui, Kiyohiko Okayama, Nariyoshi Yamai

    APSITT 2005: 6TH ASIA-PACIFIC SYMPOSIUM ON INFORMATION AND TELECOMMUNICATION TECHNOLOGIES, PROCEEDINGS   7 - 12   2005

     More details

    Language:English   Publishing type:Research paper (international conference proceedings)   Publisher:IEEE  

    In order to improve TCP performance, a method using a PEP (Performance Enhancing Proxy) is proposed. The PEP operates on a router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host in behalf of the destination host and stores the copy of the packet into its own buffer (PEP buffer) in case of the retransmission of the packet. In this paper, under the strategy which keeps the number of packets in the PEP buffer for which premature ACKs have been returned being less than or equal to a fixed threshold value (watermark value), we investigate the relation between the watermark value and the maximum throughput. Extensive simulation runs show that the simulation results are roughly classified into two cases. One case is that the maximum throughput becomes larger for larger watermark value and becomes a constant value when the watermark value is over a value. The other case is that though the maximum throughput becomes larger for lager watermark value in the same way, it reversely decreases when the watermark value is over a value. We also show that the latter (former) case is easier to occur as the propagation delay in the input side network of the PEP becomes smaller (larger) and the propagation delay in the output side network of the PEP becomes larger (smaller) and the PEP buffer capacity becomes smaller (larger).

    Web of Science

    researchmap

  • A protection method against massive error mails caused by sender spoofed spam mails

    Nariyoshi Yamai, Kiyohiko Okayama, Takuya Miyashita, Shin Maruyama, Motonori Nakamura

    Proceedings - 2005 Symposium on Applications and the Internet, SAINT'2005   384 - 390   2005

     More details

    Publishing type:Research paper (international conference proceedings)  

    Wide spread of spam mails is one of the most serious problems on e-mail environment. Particularly, spam mails with a spoofed sender address should not be left alone, since they make the mail server corresponding to the spoofed address be overloaded with massive error mails generated by the spam mails, and since they waste a lot of network and computer resources. In this paper, we propose a protection method of the mail server against such massive error mails. This method introduces an additional mail server that mainly deals with the error mails in order to reduce the load of the original mail server. This method also provide a function that refuses error mails to these two mail servers to save the network and computer resources.

    Scopus

    researchmap

  • A Minimum Dead Space Algorithm for Generalized Isochronous Channel Reuse Problems in DQDB Networks

    FUNABIKI Nobuo, KAWASHIMA Jun, OKAYAMA Kiyohiko, NAKANISHI Toru, HIGASHINO Teruo

    IEICE transactions on communications   87 ( 9 )   2692 - 2698   2004.9

     More details

    Language:English   Publisher:The Institute of Electronics, Information and Communication Engineers  

    With the explosive growth of the Internet system, demands for broadband communication networks have rapidly increased to provide high quality network services. For this purpose, the IEEE 802.6 MAC standard protocol defines the distributed-queue dual bus (DQDB) for metropolitan area networks (MANs). The isochronous channel reuse problem (ICRP) has been studied for efficient use of DQDB by finding proper channel assignments to incoming connection requests. In this paper, we first define the generalized isochronous channel reuse problem (GICRP) as a generalization of ICRP, to afford demands of simultaneously satisfying plural connection requests such as for multicast applications, where certain sets of connection requests must be assigned channels simultaneously. We prove the NP-completeness of its decision problem. Then, we propose a minimum dead space (MDS) algorithm as a heuristic approach to GICRP. The extensive simulation results show that with shorter computation time, our MDS algorithm can always find better channel assignments reducing the waiting time for packet transmissions than the best existing algorithm for conventional ICRP.

    CiNii Article

    CiNii Books

    researchmap

  • P2PMM_router : A Two-Stage Heuristic Algorithm to Peer-to-Peer Multicast Routing Problems in Multihome Networks

    FUNABIKI Nobuo, KAWASHIMA Jun, YOSHIDA Shoji, OKAYAMA Kiyohiko, NAKANISHI Toru, HIGASHINO Teruo

    IEICE Trans. Fundamentals, A   87 ( 5 )   1070 - 1076   2004.5

     More details

    Language:English   Publisher:The Institute of Electronics, Information and Communication Engineers  

    A variety of real-time multicast applications such as video conferences, remote lectures, and video-on-demand have become in commonplace with the expansion of broadband Internet services. Due to nontrivial problems in the IP multicast technology, the peer-to-peer multicast technology (P2P-multicast) has emerged as a practical implementation, although its network resource utilization is less efficient. A multihome network has the potential of alleviating this inefficiency by providing flexibility in communication path selections for each host with multiple gateways to the Internet. This paper has first formulated the P2P-multicast routing problem in the multihome network, and has proved the NP-completeness of its decision problem. Then, a two-stage heuristic algorithm called P2PMM-router has been presented for this P2P Multicast Multihome-network routing problem. The first stage constructs an initial multicast routing tree from an optimum spanning tree by Prim algorithm, through satisfying the constraints. The second stage improves the tree by repeating partial modifications and constraint satisfactions. The extensive simulation results using random network instances support the effectiveness of our P2PMM_router.

    CiNii Article

    CiNii Books

    researchmap

  • A Routing Method with LDAP Servers for Hierarchical Virtual Private Networks

    OKAYAMA KIYOHIKO, YAMAI NARIYOSHI, KANADECHI YUUJI, ISHIBASHI HAYATO, ABE KOTA, MATSUURA TOSHIO

    IPSJ journal   45 ( 1 )   46 - 55   2004.1

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    VPN (Virtual Private Network) is one of important technologies on the Internet. With VPN, we can securely access to resources in the organizational network via the Internet. In VPNs having hierarchical structure, clients and VPN gateways (VGWs) have to determine the next hop VGW according to the location of the destination. However, in the existing VPN methods, administrative cost is fairly large because the locations of next-hop VGWs are managed by static routing tables. In this paper, we propose a routing method for hierarchical VPNs. In the proposed method, LDAP servers are introduced for managing the routing and authentication information of VPN gateways efficiently. Moreover, clients and VGWs can determine the next hop VGW dynamically by mapping VPN domains to DNS domains and by storing the information of LDAP servers to DNS servers. The effectiveness of our method is confirmed by the experiment on the actual network using clients and VPN gateways based on our method.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00011002/

  • A two-stage hierarchical algorithm for wavelength assignment in WDM-based Bidirectional Manhattan Street Networks

    Tomoya Kitani, Masataka Yonedu, Nobuo Funabiki, Toru Nakanishi, Kiyohiko Okayama, Teruo Higashino

    IEEE International Conference on Networks, ICON   419 - 424   2003

     More details

    Publishing type:Research paper (international conference proceedings)  

    Wavelength Division Multiplexing (WDM) technology provides a wideband communication networks by realizing multiple communication channels with different wavelengths on a single optical fiber. In this technology, each node (wavelength router) has a finite number of transmitters/receivers dealing with different wavelengths, where each wavelength is exclusively used for the communication channel between a specific pair of nodes. Thus, some transmission request may require multiple wavelengths going through several nodes before reaching its destination. As a result, the wavelength assignment to nodes is very important for efficient transmission in WDM-based networks. Among regular wavelength assignment topologies, Bidirectional Manhattan Street Network (BMSN) gives high performance to WDM-based networks. In this paper, we present a two-stage heuristic algorithm for the wavelength assignment in BMSN, called a HIWAS (HIerarchical Wavelength Assignment algorithm for BMSN). The first stage of HIWAS finds an initial wavelength assignment hierarchically, not only to avoid a local minimum as best as possible but also to reduce the time complexity. The second stage improves the wavelength assignment by adopting the simulated annealing. The performance of HIWAS is verified through solving two types of random instances, where HIWAS provides a better solution with a shorter time than the best-known existing algorithm. ©2003 IEEE.

    DOI: 10.1109/icon.2003.1266227

    Scopus

    researchmap

  • New approach for configuring hierarchical virtual private networks using proxy gateways

    Hayato Ishibashi, Kiyohiko Okayama, Nariyoshi Yamai, Kota Abe, Toshio Matsuura

    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)   2662   772 - 782   2003

     More details

    Publishing type:Research paper (scientific journal)  

    VPN is one of key technologies on the Internet that allows users to access securely to resources in a domain via unsecure networks. For hierarchically nested security domains, such as an R&D division domain in a corporate domain, In such organizations, some existing VPN schemes with multiple security gateway traversal function is applicable for a user to access to the innermost security domain from the Internet. However, most of existing schemes have some drawbacks in terms of security, efficiency and availability. In this paper, we propose a new way to remedy these shortcomings using proxy gateways. The proposed method connects two deeply embedded security domains by a series of virtual paths to create a single VPN link; and by incorporating a proxy gateway to accommodate communication between clients and the security gateway, this permits secure and highly efficient communications without modifying the client or server. © Springer-Verlag Berlin Heidelberg 2003.

    DOI: 10.1007/978-3-540-45235-5_76

    Scopus

    researchmap

  • A Management and Operation Method of DNS for Alias Domain Names

    YAMAI NARIYOSHI, KUBO TAKESHI, OKAYAMA KIYOHIKO, YAMASOTO YOSHINOBU, MIYASHITA TAKUYA

    Transactions of Information Processing Society of Japan   43 ( 11 )   3458 - 3467   2002.11

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    Since operation of general-use JP domains started, organizations registering new domain names have been increasing. In case that new domain names are used as aliases of the existing domain name in such organizations, the current DNS mechanism has some problems in operation and management such that all DNS servers for the subdomains or the lower domains have to be configured for the new domains in addition to the existing domain. In this paper; to solve these problems, we propose a management and operation method of DNS for organization operating alias domains. By introducing a DNS proxy, this method allows alias domains to be operated without modifying the configurations of the DNS servers and the mail servers in the subdomains or the lower domains.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00011442/

  • A Construction Method of SOCKS Based Hierarchical Virtual Private Networks with Proxy Gateway

    OKAYAMA Kiyohiko, YAMAI Nariyoshi, ISHIBASHI Hayato, ABE Kota, MATSUURA Toshio

    Transactions of Information Processing Society of Japan   42 ( 12 )   2860 - 2868   2001.12

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    VPN is one of important technologies on the Internet. With VPN, we can access to resources in the organizational network via the Internet. As the VPN method applicable to hierachical security domains, following methods are known: the extension of the SOCKS version 5 protocol, SOCKS5 which is the reference implementation of SOCKS version 5 protocol and the method with proxy servers of SSL protocol. However, these VPN method has problems of either efficiency or availability. In this paper, we propose a new VPN method that makes it possible to establish more efficient VPN connections across hierarchical security domains and uses existing VPN software as client. The effectiveness of our method is confirmed by the experiment on the actual network using security gateways based on our method and evaluating the result of the experiment that our method gives more efficient communications across hirarchical security domains.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00011779/

  • A dynamic traffic sharing with minimal administration on multihomed networks

    N. Yamai, K. Okayama, H. Shimamoto, T. Okamoto

    IEEE International Conference on Communications   5   1506 - 1510   2001

     More details

    Publishing type:Research paper (international conference proceedings)  

    Multihomed network is one of the most efficient configuration to improve response time of network services. However, it is hard to introduce or manage because the existing configuration methods have several problems in that they require much technical skill, involve administrative over-burden for the administrator and so on. In this paper, we propose a dynamic traffic sharing technique and a suitable backbone selection metrics to address some of these problems. Using the proposed technique, an appropriate backbone can be selected per connection with mini-mal technical skill and low administrative cost. In addition, the proposed metrics performs more efficient traffic sharing as compared to others techniques that were investigated.

    Scopus

    researchmap

  • A Transparent Dynamic Traffic Balancing on Multihomed Networks

    OKAYAMA Kiyohiko, YAMAI Nariyoshi, SHIMAMOTO Hiroshi, MIYASHITA Takuya, OKAMOTO Takuji

    Transactions of Information Processing Society of Japan   41 ( 12 )   3255 - 3264   2000.12

     More details

    Language:Japanese   Publisher:Information Processing Society of Japan (IPSJ)  

    Multihomed network, that is a kind of network connected to the Internet via more than one backbones, is one of the most interesting networks to improve response time of network services. However, multihomed network is hard to introduce or manage because the existing construction methods have several problems such that it requires much technical skill and administrative cost for the administrator, traffic congestion may occur on a backbone while others have little traffic, and so on. In this paper, we propose a dynamic traffic balancing technique to solve these problems. Using our technique, the router connecting the inside network and backbones monitors the condition of each backbone and selects the appropriate backbone according to the current condition. Moreover, our technique balances traffic transparently and dose not require additional functions or configuration to client programs.

    CiNii Article

    CiNii Books

    researchmap

    Other Link: http://id.nii.ac.jp/1001/00012111/

  • Design and implementation of network management system splice/NM based on scripted operations

    Okayama, Kiyohiko, Yamaguchi, Suguru, Miyahara, Hideo

    Systems and Computers in Japan   31 ( 9 )   2000

  • Design and Implementation of Network Management System Based on Scripted Network Management Tasks

    OKAYAMA Kiyohiko, YAMAGUCHI Suguru, MIYAHARA Hideo

    The Transactions of the Institute of Electronics,Information and Communication Engineers.   81 ( 8 )   1014 - 1023   1998.8

     More details

    Language:Japanese   Publisher:The Institute of Electronics, Information and Communication Engineers  

    CiNii Article

    CiNii Books

    researchmap

  • Design and Implementation of Interactive Prefetching System on WWW

    CHINEN Ken-ichi, OKAYAMA Kiyohiko, YAMAGUCHI Suguru, Kenichi Chinenn, Kiyohiko Okayama, Suguru Yamaguchi, Graduate School of Information Science Nara Institute of Science and Technology, Graduate School of Information Science Nara Institute of Science and Technology, Graduate School of Information Science Nara Institute of Science and Technology

    15 ( 2 )   140 - 153   1998.3

     More details

  • Design and implementation of a hybrid prefetching proxy server for WWW

    Chinen, Ken-Ichi, Chinen, Ken-Ichi, Chinen, Ken-Ichi, Chinen, Ken-Ichi, Chinen, Ken-Ichi, Inoue, Hiroyuki, Okayama, Kiyohiko, Yamaguchi, Suguru

    Systems and Computers in Japan   29 ( 12 )   1998

  • The Design and Implementation of Hybrid Prefetching Proxy Server for WWW

    CHINEN Ken-ichi, INOUE Hiroyuki, OKAYAMA Kiyohiko, YAMAGUCHI Suguru

    The Transactions of the Institute of Electronics,Information and Communication Engineers.   80 ( 11 )   907 - 915   1997.11

     More details

    Language:Japanese   Publisher:The Institute of Electronics, Information and Communication Engineers  

    CiNii Article

    CiNii Books

    researchmap

  • The Design and Implementation of an Authentication System for the Wide Area Distributed Environment Reviewed

    Suguru Yamaguchi, Kiyohiko Okayama, Hideo Miyahara

    IEICE Trans. on Information and Systems   E74 ( 11 )   3902 - 3909   1991.11

     More details

    Publishing type:Research paper (scientific journal)  

    CiNii Article

    CiNii Books

    researchmap

  • Design and implementation of an authentication system in WIDE internet environment

    Suguru Yamaguchi, Kiyohiko Okayama, Hideo Miyahara

    653 - 657   1990

     More details

    Publishing type:Research paper (international conference proceedings)  

    The authors discuss the design and implementation of the authentication system called SPLICE/AS in the WIDE (widely integrated distributed environment) Internet environment. SPLICE/AS is designed based on the public-key encryption, and the authentication scheme originally proposed by R. M. Needham and M. O. Schroeder (1978). In order to manage a large-scale network like WIDE Internet, the hierarchical domain-based management scheme is introduced. Currently, the prototype of SPLICE/AS is working on the 4.3 Berkeley UNIX system. To improve the reliability and robustness of SPLICE/AS, the authors are modifying SPLICE/AS and developing a new protocol for database propagation which is discussed.

    Scopus

    researchmap

▼display all

MISC

  • Proactive firewall system in cooperation with DNS and SDN applicable to NAT environment

    115 ( 481 )   241 - 246   2016.3

     More details

    Language:Japanese  

    CiNii Article

    researchmap

  • Countermeasure against Spam Mail Submissions with Password Cracking

    2014 ( 9 )   1 - 6   2014.2

     More details

  • The 2012 IPSJ Best Paper Award: Toward the Construction of Organized Multihomed Networks with Minimal Administration

    54 ( 8 )   818 - 818   2013.7

     More details

  • Operation Issues of Large Scale Authentication Network in Okayama University

    2013 ( 10 )   1 - 6   2013.3

     More details

  • A Site-Exit Router Selection Method Using Routing Header in IPv6 Site Multihoming

    Jin Yong, Yamaguchi Takuya, Yamai Nariyoshi, Okayama Kiyohiko, Nakamura Motonori

    Information and Media Technologies   8 ( 3 )   757 - 765   2013

     More details

    Language:English   Publisher:Information and Media Technologies Editorial Board  

    With proliferation of the Internet and its services, how to provide stable and efficient Internet services via reliable high-speed network has become an important issue. Multihomed network is attracted much attention to provide stable and efficient Internet services. In this paper, we focus on the multihoming method in the IPv6 environment. In the IPv6 environment, each host can be assigned multiple IP addresses from different ISPs on one network interface, thus the multihoming is relatively easier than that in the IPv4 environment. However, since many ISPs adopt ingress filtering for security concerns, a multihomed site should select a proper site-exit router according to the source IP address of the packet to communicate with the outside the site successfully. In most site-exit router selection methods, a kind of source IP address dependent routing method is introduced which has some problems in terms of high deployment cost and lack of fault-tolerance and so on.In this paper, we propose a new site-exit router selection method using the routing header which can indicate the router to pass through in the IPv6 environment. This method introduces two middlewares, one into the inside server and the other into the site-exit router. The one in the inside server attaches a routing header which indicates a specific site-exit router to pass through according to the source IP address of the packet, and the other in the site-exit router removes the attached routing header from the packet, thus the inside server can communicate with the outside the site successfully as usual. We also implemented a prototype system including the proposed inside server and the site-exit router and performed feature evaluation as well as performance evaluation. From the evaluation results, we confirmed the proposed method worked well and the overhead of the middlewares are acceptable for practical use in the real network environments.

    DOI: 10.11185/imt.8.757

    CiNii Article

    researchmap

  • Design and Implementation of Spam Mail Discrimination System Based on Response of DNS Queries

    2012 ( 6 )   1 - 6   2012.9

     More details

  • E-mail Priority Delivery System with Large-sized Whitelist Using Layer 3 Switch

    2012 ( 37 )   1 - 6   2012.3

     More details

  • An Adaptive Route Selection Mechanism Per Connection Based on Multipath DNS Round Trip Time on Multihomed Networks

    Jin Yong, Yamai Nariyoshi, Okayama Kiyohiko, Nakamura Motonori

    Information and Media Technologies   7 ( 2 )   831 - 840   2012

     More details

    Language:English   Publisher:Information and Media Technologies Editorial Board  

    With the explosive expansion of the Internet, many fundamental and popular Internet services such as WWW and e-mail are becoming more and more important and are indispensable for the human's social activities. As one technique to operate the systems reliably and efficiently, the way of introducing multihomed networks attracts much attention. However, conventional route selection mechanisms on multihomed networks reveal problems in terms of properness of route selection and dynamic traffic balancing which are two key criteria of applying multihomed networks. In this paper, we propose an improved dynamic route selection mechanism based on multipath DNS (Domain Name System) round trip time to address the existing problems. The evaluation results on the WWW system and the e-mail system indicate that the proposal is effective for a proper route selection based on the network status as well as for dynamic traffic balancing on multihomed networks and we also confirmed the resolution of problems that occur in the case of conventional mechanisms.

    DOI: 10.11185/imt.7.831

    CiNii Article

    researchmap

  • 遠隔医療のための高品質画像取得システム

    岡山 聖彦, 平山 宏人, 山井 成良, 岡本 卓爾, 秦 正治, 岡田 宏基

    医療情報学連合大会論文集   27回   353 - 356   2007.11

     More details

    Language:Japanese   Publisher:(一社)日本医療情報学会  

    researchmap

  • Several Methods for Transparently Establishing Virtual Links on Hierarchical VPN

    3 ( 1 )   2006

     More details

    Language:Japanese  

    CiNii Article

    researchmap

  • Performance improvement of TCP using Performance Enhancing Proxies - Effect of premature ACK transmission timing on throughput

    Shigeyuki Osada, Tokumi Yokohira, Wang Hui, Kiyohiko Okayama, Nariyoshi Yamai

    APSITT 2005: 6TH ASIA-PACIFIC SYMPOSIUM ON INFORMATION AND TELECOMMUNICATION TECHNOLOGIES, PROCEEDINGS   7 - 12   2005.11

     More details

    Language:English   Publisher:IEEE  

    In order to improve TCP performance, a method using a PEP (Performance Enhancing Proxy) is proposed. The PEP operates on a router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host in behalf of the destination host and stores the copy of the packet into its own buffer (PEP buffer) in case of the retransmission of the packet. In this paper, under the strategy which keeps the number of packets in the PEP buffer for which premature ACKs have been returned being less than or equal to a fixed threshold value (watermark value), we investigate the relation between the watermark value and the maximum throughput. Extensive simulation runs show that the simulation results are roughly classified into two cases. One case is that the maximum throughput becomes larger for larger watermark value and becomes a constant value when the watermark value is over a value. The other case is that though the maximum throughput becomes larger for lager watermark value in the same way, it reversely decreases when the watermark value is over a value. We also show that the latter (former) case is easier to occur as the propagation delay in the input side network of the PEP becomes smaller (larger) and the propagation delay in the output side network of the PEP becomes larger (smaller) and the PEP buffer capacity becomes smaller (larger).

    Web of Science

    CiNii Article

    researchmap

  • LL-3 A Routing Method with LDAP Servers for Hierarchical Virtual Private Networks

    Okayama Kiyohiko, Kanadechi Yuji, Yamai Nariyoshi, Ishibashi Hayato, Matsuura Toshio

    1   211 - 212   2002.9

     More details

    Language:Japanese   Publisher:Forum on Information Technology  

    CiNii Article

    CiNii Books

    researchmap

  • A dynamic traffic sharing with minimal administration on multihomed networks

    Yamai Nariyoshi, Okayama Kiyohiko, Shimamoto Hiroshi, Okamoto Takuji

    Communications   1506 - 1510   2001.6

     More details

    Language:English  

    <p>Multihomed network is one of the most efficient configuration to improve the response time of network services. However, it is hard to introduce or manage because the existing configuration methods have several problems in that they require much technical skill, involve administrative over-burden for the administrator and so on. In this paper, we propose a dynamic traffic sharing technique and suitable backbone selection metrics to address some of these problems. Using the proposed technique, an appropriate backbone can be selected per connection with minimal technical skill and low administrative cost. In addition, the proposed metrics performs more efficient traffic sharing as compared to others techniques that were investigated </p>

    CiNii Article

    researchmap

  • Introduction to Network Control Techniques ; (20)Dial - up Access Through a Public Line

    OKAYAMA Kiyohiko

    The Journal of The Institute of Image Information and Television Engineers   52 ( 10 )   1421 - 1426   1998.10

     More details

    Language:Japanese   Publisher:The Institute of Image Information and Television Engineers  

    DOI: 10.3169/itej.52.1421

    CiNii Article

    CiNii Books

    researchmap

▼display all

Presentations

  • 岡山大学における多人数ノートPC必携授業のための無線LAN環境の改善

    河野圭太, 藤原崇起, 岡山聖彦, 村上昌己

    学術情報処理研究集会発表論文集(Web)  2018 

     More details

    Event date: 2018

    researchmap

  • 岡山大学におけるグローバルIPアドレスの削減に関する取り組み

    稗田隆, 岡山聖彦, 河野圭太, 村上昌己, 藤原崇起

    学術情報処理研究集会発表論文集(Web)  2017 

     More details

    Event date: 2017

    researchmap

  • Proactive firewall system in cooperation with DNS and SDN applicable to NAT environment

    2016.3.3 

     More details

    Event date: 2016.3.3

    Language:Japanese  

    researchmap

  • アクティブラーニングに向けた新情報実習室の構築

    稗田隆, 河野圭太, 岡山聖彦, 村上昌己

    学術情報処理研究集会発表論文集(CD-ROM)  2016 

     More details

    Event date: 2016

    researchmap

  • 岡大クラウドラーニングシステム構築に関する一考察

    稗田隆, 河野圭太, 岡山聖彦

    情報処理学会全国大会講演論文集  2015 

     More details

    Event date: 2015

    researchmap

  • Practice of Large e-Learning Class with Combination of Flipped Learning and Group Learning

    2014.9.25 

     More details

    Event date: 2014.9.25

    Language:Japanese  

    researchmap

  • 動的ファイアウォールシステムのためのDNSによるクライアントIPアドレス通知機能

    大塚友和, ガーダ, 山井成良, 岡山聖彦

    マルチメディア、分散協調とモバイルシンポジウム2014論文集  2014.7.2 

     More details

    Event date: 2014.7.2

    Language:Japanese  

    researchmap

  • Countermeasure against Spam Mail Submissions with Password Cracking

    YAMAI NARIYOSHI, FUJIWARA TAKAOKI, KAWANO KEITA, OHSUMI YOSHIHIRO, OKAYAMA KIYOHIKO

    IEICE technical report. Social Implications of Technology and Information Ethics  2014.2.27  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2014.2.27

    Language:Japanese  

    Recently, incidents of spam mail submissions via Message Submission Agent (MSA) in an organization, abusing illegally obtained passwords such as those used by password list attack, have been reported increasingly. In this paper, we propose a countermeasure against such incidents that detects spam mail submissions earlier using geographic information of each client derived from its source IP address. We also implemented a spam submission prevention system based on the proposed countermeasure. According to our operation experience of the system in Okayama University, we confirmed that the system works effectively.

    researchmap

  • High-speed SCTP Communication using Selective Bicasting on Multi-ISP Wireless LAN Environment

    2013.12.5 

     More details

    Event date: 2013.12.5

    Language:Japanese  

    researchmap

  • Processing of Spam Mail Sent by Trusted MTAs on E-mail Priority Delivery System

    2013.12.5 

     More details

    Event date: 2013.12.5

    Language:Japanese  

    researchmap

  • Proposal of proactive firewall system in cooporation with DNS and OpenFlow switches

    2013.12.5 

     More details

    Event date: 2013.12.5

    Language:Japanese  

    researchmap

  • RL-004 Redundant Configuration of Replication Servers for Failover and Failback Among Servers in Different Locations

    Ohsumi Yoshihiro, Yamai Nariyoshi, Okayama Kiyohiko, Kawano Keita, Fujiwara Takaoki

    2013.8.20  Forum on Information Technology

     More details

    Event date: 2013.8.20

    Language:Japanese  

    researchmap

  • Trouble and Solution of E-mail System in Okayama University

    Nariyoshi Yamai, Kiyohiko Okayama, Takaoki Fujiwara, Yoshihiro Ohsumi

    IPSJ SIG Technical Reports  2013.7.25  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2013.7.25

    Language:Japanese  

    Okayama University has been operating student e-mail systems using Gmail since April 2009. As for teachers and staff, we have been operating the new e-mail system along with the renewal of education and reseach computer system since April 2011. In this paper, we introduce how to configure and operate these e-mail systems. In addition, we exlain some issues of e-mail systems we have experienced during their operation.

    researchmap

  • メッセージ中URLに基づくドメイン登録日検索システムを用いた迷惑メール判別機構

    松岡政之, 井上達貴, 山井成良, 岡山聖彦, 河野圭太, 中村素典, 民田雅人

    マルチメディア、分散協調とモバイルシンポジウム2013論文集  2013.7.3 

     More details

    Event date: 2013.7.3

    Language:Japanese  

    researchmap

  • Operation and Issues of E-Mail System in Okayama University

    YAMAI Nariyoshi, OKAYAMA Kiyohiko, FUJIWARA Takaoki, OHSUMI Yoshihiro

    IEICE technical report. Information and communication system security  2013.6.20  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2013.6.20

    Language:Japanese  

    Okayama University has been operating student e-mail systems using Gmail since April 2009. As for teachers, we have started the operation of the new e-mail system along with the renewal of education and reseach computer system since April 2011. In this paper, we introduce how to configure and operate these e-mail systems. In addition, we exlain some issues of e-mail systems we have experienced during their operation, especially for those which were difficult to resolve by ourselves.

    researchmap

  • Operation Issues of Large Scale Authentication Network in Okayama University(2)

    YAMAI NARIYOSHI, OKAYAMA KIYOHIKO, OHSUMI YOSHIHIRO, FUJIWARA TAKAOKI, KAWANO KEITA, HIEDA TAKASHI

    IEICE technical report. Information and communication management  2013.5.9  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2013.5.9

    Language:Japanese  

    We replaced Okayama University Campus Information Network in 2009 fiscal year, and have operated the new network called ODnet2010 since June 2010.ODnet2010 not only improves its bandwidth and reliability, but also provides some new functions such as user authentication by floor switches, location-free function for VLANs. In this paper, we explain the operation of authenticated location-free VLANs called "Living Networks", and discuss some issues mainly caused by lack of resources.

    researchmap

  • Operation Issues of Large Scale Authentication Network in Okayama University

    YAMAI NARIYOSHI, OKAYAMA KIYOHIKO, OHSUMI YOSHIHIRO, FUJIWARA TAKAOKI, KAWANO KEITA, HIEDA TAKASHI

    IEICE technical report. Internet Architecture  2013.3.14  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2013.3.14

    Language:Japanese  

    We replaced Okayama University Campus Information Network in 2009 fiscal year, and have operated the new network called ODnet2010 since June 2010. ODnet2010 not only improves its bandwidth and reliability, but also provides some new functions such as user authentication by floor switches, location-free function for VLANs. In this paper, we explain the operation of authenticated location-free VLANs called "Living Networks", and discuss some issues experienced during the operation.

    researchmap

  • レイヤ3スイッチによる動的ホワイトリストを用いた電子メール優先配送システムの評価

    ガーダ, 山井成良, 岡山聖彦, 河野圭太, 中村素典

    全国大会講演論文集  2013.3.6  一般社団法人情報処理学会

     More details

    Event date: 2013.3.6

    Language:Japanese  

    重要な電子メールを遅延なく受信者へ配送するために,信頼できる送信MTAをあらかじめホワイトリストに登録し,優先的に配送する仕組みが考えられている.しかし,従来の方法では大規模なホワイトリストを扱えないか,扱える場合でも速度が遅くなるなどの問題があった.これに対して,我々はレイヤ3スイッチのポリシールーティング機能を用いてホワイトリストを実現し,また登録する送信MTAを動的に変更することにより,大規模なホワイトリストでも速度を落とさずに優先配送できるシステムを提案した.本稿では,提案システムを用いてメール配送を行った場合の評価を行い,その結果をもとに改良すべき点を考察する.

    researchmap

  • Domain Registration Date Retrieval System of URLs in E-mail Messages for Improving Spam Discrimination

    2012.12.6 

     More details

    Event date: 2012.12.6

    Language:Japanese  

    researchmap

  • Design and Implementation of Spam Mail Discrimination System Based on Response of DNS Queries

    2012.9.20 

     More details

    Event date: 2012.9.20

    Language:Japanese  

    researchmap

  • RL-001 A Site Exit Router Selection Method with Routing Header in IPv6 Site Multihoming

    Yamaguchi Takuya, Jin Yong, Yamai Nariyoshi, Okayama Kiyohiko, Nakamura Motonori

    2012.9.4  Forum on Information Technology

     More details

    Event date: 2012.9.4

    Language:Japanese  

    researchmap

  • Redundant Configuration of Replica Servers by IP Alias and IP Routing

    2012.6.21 

     More details

    Event date: 2012.6.21

    Language:Japanese  

    researchmap

  • E-mail Priority Delivery System with Large-sized Whitelist Using Layer 3 Switch

    GADA, SUWA SHUJI, YAMAI NARIYOSHI, OKAYAMA KIYOHIKO, NAKAMURA MOTONORI

    IEICE technical report. Internet Architecture  2012.3.8  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2012.3.8

    Language:Japanese  

    In order to deliver important e-mails without unnecessary delay, some priority delivery methods with a whitelist, which includes trusted sending MTAs, are proposed so far. However, most of conventional methods have some problems with a large sized whitelist such as performance degradation, delivery failure, and so on. In this paper, we propose a priority delivery system with a layer 3 switch having policy based routing (PBR) function. By updating PBR entries dynamically, this system implements a large sized whitelist without performance degradation. We also address the implementation of the prototype system and its performance.

    researchmap

  • A Location Free Network System applicable to geographical terms of the Electronic Journal Site License

    2011.11.24 

     More details

    Event date: 2011.11.24

    Language:Japanese  

    researchmap

  • RL-002 NAT-based Multihoming Method Applicable to Inbound Connection

    Yamaguchi Takuya, Jin Yong, Okayama Kiyohiko, Yamai Nariyoshi, Nakamura Motonori

    2011.9.7  Forum on Information Technology

     More details

    Event date: 2011.9.7

    Language:Japanese  

    researchmap

  • Improving Scalability for Software Asset Management System Using Authentication Switches

    2011.7.8 

     More details

    Event date: 2011.7.8

    Language:Japanese  

    researchmap

  • Construction of Location-free Network with Authentication in Okayama University

    2011 

     More details

    Event date: 2011

    Language:Japanese  

    researchmap

  • 岡山大学における生涯IDを実現する統合認証システムの構築

    河野圭太, 藤原崇起, 大隅淑弘, 岡山聖彦, 山井成良, 稗田隆

    学術情報処理研究  2011 

     More details

    Event date: 2011

    researchmap

  • RL-006 An Identification Method of PCs under NAT router with Proxy Authentication on HTTP Communication

    Ishikawa Yoshiki, Okayama Kiyohiko, Yamai Nariyoshi, Nakamura Motonori

    2010.8.20  Forum on Information Technology

     More details

    Event date: 2010.8.20

    Language:Japanese  

    researchmap

  • DNS Resource Record Anlysis of URLs in E-mail Messages for Improviing Spam Discrimination

    SUWA SHUJI, YAMAI NARIYOSHI, OKAYAMA KIYOHIKO, NAKAMURA MOTONORI

    2010.7.16 

     More details

    Event date: 2010.7.16

    Language:Japanese  

    researchmap

  • モバイルエージェントフレームワークにおけるデモンストレーション機能の実装

    北川訓康, 岡山聖彦, 横平徳美

    電気・情報関連学会中国支部連合大会講演論文集(CD-ROM)  2010 

     More details

    Event date: 2010

    researchmap

  • A MAC-address Relaying NAT Router for PC Identification from Outside of a LAN

    2009.12.10 

     More details

    Event date: 2009.12.10

    Language:Japanese  

    NAT(Network Address Translation) is well-known as one of the short-term solutions of IPv4 address exhaustion. NAT is a technique that shares a single IP address in several PCs, and is widely used for alleviating the IPv4 address exhaustion and as a securi

    researchmap

  • RL-002 A Routing Method of Inbound E-mail Delivery by Measuring Delay Time Using DNS on Multihomed Environment

    JIN YONG, SEIKE TAKUMI, OKAYAMA KIYOHIKO, NAKAMURA MOTONORI, YAMAI NARIYOSHI

    2009.8.20  Forum on Information Technology

     More details

    Event date: 2009.8.20

    Language:Japanese  

    With explosive spread of the Internet, e-mail as one of fundamental services is getting more and more important. As one way to operate e-mail system stably, multihomed networks are taken into account. However, in conventional route selection method in e-mail system with multihomed networks, problems about dynamic traffic balancing and appropriate route selection still exist. In this paper, we propose a dynamic route selection method by measuring delay time using DNS(Domain Name System). In this method, the proper route could be used for inbound e-mail delivery based on network status and traffic balancing could be performed dynamically as well.

    researchmap

  • A Dynamic Routing Method for Inbound E-mail Delivery Considering Route and MTA Conditions on Multihomed Environment

    JITSUTOU Shou, JIN Yong, SEIKE Takumi, OKAYAMA Kiyohiko, YAMAI Nariyoshi

    2009.5.28 

     More details

    Event date: 2009.5.28

    Language:Japanese  

    researchmap

  • Configuration of Redundant Network in Okayama University via Regional IXes and SINET

    YAMAI Nariyoshi, OKAYAMA Kiyohiko, JIN Yong, KAWANO Keita, OOSUMI Yoshihiro

    IPSJ SIG Technical Reports  2009.2.26  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2009.2.26

    Language:Japanese  

    Okayama University has been operating an external link and many inter-campus links via Science Information Network (SINET) and regional Internet eXchanges (IXes) operated by local governments. However, since there were no redundant links for them, we often experienced problems that external connections and inter-campus connections failed in case of some troubles on these links. To overcome these problems, we added a link between Misasa Campus and SINET via regional IXes and Tottori University in addition to the external link between Tsushima Campus and SINET, so that made redundant logical links for the external link and the inter-campus link between Tsushima and Misasa Campuses. According to operations test, we confirmed fault tolerance of these links was improved.

    researchmap

  • A Solving Method for SPF Forwarded Mail Problem by Tracing Recipient Addresses

    SEIKE Takumi, OKAYAMA Kiyohiko, KAWANO Keita, NAKAMURA Motonori, YAMAI Nariyoshi

    IPSJ SIG Technical Reports  2009.2.26  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2009.2.26

    Language:Japanese  

    Recently, one of sender authentication methods called SPF has been popularized as Anti-spam technology. However, SPF has a problem that the forwarded e-mail could not be authenticated. In this paper, we propose a solving method for SPF forwarded mail problem by tracing changing history of recipient address. According to the experiments, 88.3% of mails were authenticated with in the proposed method, and 69.5% of mails failed by the original SPF were authenticated in the proposed method.

    researchmap

  • Implementation of Okayama University E-mail Service using Google Apps

    Journal for academic computing and networking  2009 

     More details

    Event date: 2009

    Language:Japanese  

    researchmap

  • A Dynamic Route Selection Method for Inbound E-mail Delivery on Multihomed Environment With ALG

    2008.12.4 

     More details

    Event date: 2008.12.4

    Language:Japanese  

    With explosive spread of the Internet, e-mail as one of fundamental services is getting more important. To run e-mail system stably, multihomed networks are well used. However, in conventional operation scheme, issues about dynamic traffic balancing and f

    researchmap

  • RL-007 A LAN Access Contro1 System Against Unauthorized Copies of Software

    Yamamoto Satoshi, Okayama Kiyohiko, Yamai Nariyoshi

    2008.8.20  Forum on Information Technology

     More details

    Event date: 2008.8.20

    Language:Japanese  

    researchmap

  • Delivery Path Analysis of E-mail for Spam Mail Filtering

    SEIKE Takumi, HARUKUNI Tatsuya, OKAYAMA Kiyohiko, KAWANO Keita, NAKAMURA Motonori, YAMAI Nariyoshi

    IEICE technical report  2008.3.6  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2008.3.6

    Language:Japanese  

    Spam mails which bother us are dramatically been increasing. Filtering is one of the effective Anti-spam method. But if it based on analyzing the body of mail, some legitimate mails are not deliver to destination. In this thesis, we focused on Received field in the mail header, and analyze the delivery path. This paper presents delivery delay time at a legitimate mail server tends to be a constant. Furthermore, spam mails delivery delay time are dispersedly. Additionally, we described some spam mais uses wrong summer time, and have special count of Received fields.

    researchmap

  • TV電話機能付携帯電話とTV会議システムを利用した遠隔医療システム-総務省SCOPE-C研究成果報告-

    岡田宏基, 公文裕巳, 太田吉夫, 小田慈, 岡久雄, 秦正治, 山井成良, 岡山聖彦, 岡本卓爾, 道西博行, 山本信彦, 土居秀史, 下森智, 廣畑誠, 菅原英次, 菅崎仁美, 立石憲彦

    医療情報学連合大会論文集  2008 

     More details

    Event date: 2008

    researchmap

  • モバイルエージェントフレームワークにおけるSQLデータベースを用いた移動予測

    大森章充, 坂井勇介, 岡山聖彦, 横平徳美

    電気・情報関連学会中国支部連合大会講演論文集(CD-ROM)  2008 

     More details

    Event date: 2008

    researchmap

  • PCの仮想化環境によるUNIX系OSの演習環境の構築

    甲本卓也, 籠谷裕人, 岡山聖彦, 河野圭太

    電気・情報関連学会中国支部連合大会講演論文集(CD-ROM)  2008 

     More details

    Event date: 2008

    researchmap

  • TV電話機能付携帯電話に特化したTV会議システムの開発

    岡田宏基, 公文裕巳, 太田吉夫, 小田慈, 岡久雄, 秦正治, 山井成良, 岡山聖彦, 山本信彦, 光本幸夫, 高田彰俊, 谷口卓也

    日本遠隔医療学会雑誌  2008 

     More details

    Event date: 2008

    researchmap

  • An Efficient Access Control Method with Sharing Authentication Results among VPN Domains for Hierarchical Virtual Private Networks

    2007.11.26 

     More details

    Event date: 2007.11.26

    Language:Japanese  

    In a hierarchical VPN, in order to access into the lowermost VPN domain from a client at the outside of the organization, the client has to traverse all VPN gateways(VGWs) from the uppermost one toward the lowermost one, hop by hop. Therefore, user authen

    researchmap

  • LL-004 A Reliable Operation Method of E-mail systems on Multihomed Networks

    Yamai Nariyoshi, Doi Masayuki, Okayama Kiyohiko, Nakamura Motonori

    2007.8.22  Forum on Information Technology

     More details

    Event date: 2007.8.22

    Language:Japanese  

    researchmap

  • Transparently Establishing Methods of Virtual Links on Hierarchical VPN

    KAWAI Hiroaki, SAKANE Eisaku, TOYODA Hirotoshi, OKAYAMA Kiyohiko, YAMAI Nariyoshi, ISHIBASHI Hayato, ABE Kota, MATSUURA Toshio

    2007.3.9  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2007.3.9

    Language:Japanese  

    As the Internet evolves, VPN (Virtual Private Network), which establishes secure connections between off-site clients and on-site servers, is getting important. In VPN, a part of network which is protected from the Internet is called "VPN domain." In the environment where VPN domains are hierarchically configured (Hierarchical VPN), the next hop VPN gateway (VGW) must be discovered depending on the destination host. In this paper, we propose some routing methods which are transparent from users. In these methods, the next hop VGW is automatically discovered by querying to DNS servers and/or receiving ICMP and TCP packets. We have implemented proposed methods by extending the VTun software. The effectiveness of these methods are experimentally confirmed.

    researchmap

  • Design and Implementation of User Level Mail Reception Settings on Anti-Spam Method with SMTP Session Abort

    SEIKE Takumi, DOI Masayuki, OKAYAMA Kiyohiko, NAKAMURA Motonori, YAMAI Nariyoshi

    IEICE technical report  2007.3.1  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2007.3.1

    Language:Japanese  

    To protect recipients from receiving spam mails, our research group proposed an anti-spam method by means of tempfailing by SMTP session abort along with distributed collaborative spam filtering. However, this method can configure the behavior not of each user but of the whole system. To solve this problem, we propose a method that each user can configure his/her reception setting. This method allows each user to configure setting of blocking function, processing of unresent mails, using and learning distributed collaborative filtering, management of whitelist or bracklist, and so on.

    researchmap

  • Preservation of TCP Communications Considering Macro Mobility of User Terminals

    KIZAWA Masao, NIKUSHI Nobuhiro, OKAYAMA Kiyohiko, YAMAI Nariyoshi, YOKOHIRA Tokumi

    IEICE technical report  2007.3.1  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2007.3.1

    Language:Japanese  

    In recent years, inexpensive and lightweight portable terminals such as laptop PCs are spreading, and outdoor Internet services such as wireless hot spots are increasing. Therefore, users can connect to the Internet at various locations by their own terminal. However, if a terminal establishing TCP connections starts to move to another network, there is a problem that TCP connections are aborted due to retransmission timeout and the change of terminal's IP address. In this paper, we propose a method to preserve TCP connections for macro mobility of terminals by hiding the change of IP address from TCP layer using VPN and by preventing retransmission using proxies.

    researchmap

  • 遠隔医療のための高品質画像取得システム

    岡山聖彦, 平山宏人, 山井成良, 岡本卓爾, 秦正治, 岡田宏基

    医療情報学連合大会論文集  2007 

     More details

    Event date: 2007

    researchmap

  • モバイルエージェントフレームワークにおける地図情報データベースの作成

    王建, 坂井勇介, 岡山聖彦, 横平徳美

    電気・情報関連学会中国支部連合大会講演論文集(CD-ROM)  2007 

     More details

    Event date: 2007

    researchmap

  • 遠隔医療にTV電話機能付携帯電話を用いる際の画質の検討

    岡久雄, 山井成良, 岡山聖彦, 秦正治, 岡本卓爾, 岡田宏基, 太田吉夫, 公文裕巳

    日本生体医工学会大会プログラム・論文集(CD-ROM)  2007 

     More details

    Event date: 2007

    researchmap

  • A Method for Improvement of Communicative Efficiency with Packet Authentication on Wireless LAN Environment

    2006.11.23 

     More details

    Event date: 2006.11.23

    Language:Japanese  

    On IEEE 802.11a and 802.11g, that are the most popular standards of wireless LAN networks, encryption functions called WEP (Wire Equivarent Privacy) or WPA (Wi-Fi Protected Access) are used for preventing both eavesdropping and unauthorized access. Howeve

    researchmap

  • Throughput Optimization for TCP with an Active Proxy in Long-Delay Satellite Environments

    WANG Hui, OSADA Shigeyuki, YOKOHIRA Tokumi, FUKUSHIMA Yukinobu, DENG Chaolong, OKAYAMA Kiyohiko, YAMAI Nariyoshi

    IEICE technical report  2006.10.12  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2006.10.12

    Language:English  

    Although Transmission Control Protocol (TCP) is widely used in the Internet, its performance is poor in networks with long delays. To improve TCP performance in such networks as long-delay satellite environments, the use of a PEP (Performance Enhancing Proxy) has been proposed. The PEP operates on a router that connects a terrestrial link and a satellite link along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host on behalf of the destination host, and stores a copy of the packet in a local buffer (PEP buffer) in case retransmission of the packet is required. As a congestion control method on the PEP, a method that keeps the number of prematurely acknowledged packets in the PEP buffer below a threshold (watermark) value has been proposed. However, an optimization method of the watermark value has not been proposed. In this paper, we propose an adaptive watermark value optimization algorithm that maximizes the average throughput of each connection in response to dynamic establishment and release of connections, under a fairness condition that the average throughputs of connections are equal to each other. Numerical examples using the NS2 simulator for a simple network model show the effectiveness of the proposed algorithm.

    researchmap

  • Throughput Optimization in TCP with a Performance Enhancing Proxy

    OSADA S., WANG H., YOKOHIRA T., FUKUSHIMA Y., OKAYAMA K., YAMAI N.

    IEICE technical report  2006.9.7  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2006.9.7

    Language:Japanese  

    To improve TCP throughput performance, a method using a PEP (Performance Enhancing Proxy) has been proposed. The PEP operates on a router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host in behalf of the destination host, and stores a copy of the packet in its own buffer (PEP buffer) in case retransmission of the packet is required. As a congestion control method on the PEP, a method which keeps the number of prematurely acknowledged packets in the PEP buffer below a threshold (watermark) value has been proposed, and we have investigated the relation between the watermark value and the average throughput. In this paper, based on the relation, we propose an watermark optimization algorithm which can adaptively maximize the average throughput of each connection and also satisfy a fairness condition that the average throughputs of connections are equal to each other. We also show some numerical examples using the proposed algorithm.

    researchmap

  • LL_008 An Anti-Spam Method with SMTP Session Abort

    Yamai Nariyoshi, Sazanami Ippei, Okayama Kiyohiko, Kawano Keita, Nakamura Motonori, Maruyama Shin, Miyashita Takuya

    2006.8.21  Forum on Information Technology

     More details

    Event date: 2006.8.21

    Language:Japanese  

    researchmap

  • A LAN Access Control System with Protection of Restricted Services from Guest Users

    KIZAWA Masao, YAMAI Nariyoshi, OKAYAMA Kiyohiko, DOI Masayuki, KAWANO Keita, OOSUMI Yoshihiro

    2006.5.11  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2006.5.11

    Language:Japanese  

    LAN access control systems are often used at many organizations such as universities, to provide network accessibility to both insiders and guest users. However, most of existing LAN access control systems have some problems such that guest users can access services restricted to insiders. In this paper, we propose a LAN access control system to protect restricted services from guest users, without modifying any existing servers by applying NAT function conditionally. According to a field testing, the proposed system has been confirmed to be effective and practical.

    researchmap

  • An Access Control Method on a Per-User Basis with Certificates Issued by Other Domains in Hierarchical VPNs

    DOI Masayuki, OKAYAMA Kiyohiko, YAMAI Nariyoshi, ISHIBASHI Hayato, ABE Kota, MATSUURA Toshio

    2006.3.29  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2006.3.29

    Language:Japanese  

    In order to realize efficient account management in hierarchical VPNs, an access control method with certificates has been proposed. However, since this method assumes centralized CA (Certification Authority) which manages all users in an organization, administrative cost of the CA is considerably high if this method is applied to large scale organizations which have many users. To solve this problem, we propose an access control method which assumes distributed CAs environment. In the proposed method, in order to deal with VPN domains which have no CAs, a user name of a VPN domain which has no CA is registered to the optional field of the user's certificate issued by another domain as an "alternative name". By using alternative names of certificates, VPN gateways of VPN domains which have no CAs are able to perform access control on a per-user basis without registration of user accounts.

    researchmap

  • A Remote Access Method of Continuous Media Data with High Transparency and Portability Using File Systems

    KATO Masayuki, YAMAI Nariyoshi, OKAYAMA Kiyohiko, KUBO Ryosuke, MATSUURA Toshio

    IPSJ SIG Notes  2006.3.16  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2006.3.16

    Language:Japanese  

    NFS-based services have been proposed for transferring continuous media data. However, on a network environment like WAN that does not have enough bandwidth, NFS-based services are not suitable since they do not provide QoS function. To solve this problem, our research group proposed a remote access method of continuous media data by modifying file access APIs. However, the coverage of this method is limited. In this paper, we propose a remote access method of continuous media data using file system which provides QoS function. To solve the problem of the method with file access APIs, when a quality of media data need to be deteriorated, the file system of our method supplements data with padding according to the format of continuous media data so that file size of continuous media data will not be changed. This paper also discuss a design and implementation of the proposed method and shows that our method is effective even on narrow band network environment.

    researchmap

  • センター紹介 岡山大学総合情報基盤センター

    河野 圭太, 岡山 聖彦, 山井 成良

    学術情報処理研究  2006  学術情報処理研究編集委員会

     More details

    Event date: 2006

    Language:Japanese  

    researchmap

  • end-to-endの暗号化機能とパケット認証機能との併用による無線LAN環境での通信性能の改善

    谷渕陽祐, 岡山聖彦, 山井成良, 岡本卓爾

    電気・情報関連学会中国支部連合大会講演論文集(CD-ROM)  2006 

     More details

    Event date: 2006

    researchmap

  • TV電話機能付携帯電話機を用いた遠隔医療支援における画像条件の検討

    岡田宏基, 公文裕巳, 太田吉夫, 小田慈, 岡久雄, 秦正治, 山井成良, 岡山聖彦, 岡本卓爾, 谷浩司, 和田龍蔵, 川崎哲也, 廣畑誠, 菅原英次, 菅崎仁美

    医療情報学連合大会論文集  2006 

     More details

    Event date: 2006

    researchmap

  • 携帯機を用いた遠隔医療のための画像取得方法に関する一検討

    岡山聖彦, 山井成良, 秦正治, 岡本卓爾, 岡久雄, 岡田宏基, 公文裕巳

    日本遠隔医療学会雑誌  2006 

     More details

    Event date: 2006

    researchmap

  • Desingn and Implementation of A System Based on the Method of Interconnection of VLANs

    2005.12.1 

     More details

    Event date: 2005.12.1

    Language:Japanese  

    In a large-scale organization where VLANs are managed independently by each department, when users attempt to connect temporarily to their departments' network from another location, various problems such as high administrative cost and conflict or

    researchmap

  • Performance Improvement of TCP using Premature ACK Transmission : Performance Evaluation of TCP when Multiple Connections Exist

    OSADA S., WANG H., YOKOHIRA T., OKAYAMA K., YAMAI N.

    IEICE technical report  2005.11.17  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2005.11.17

    Language:Japanese  

    In order to improve TCP performance, a method using a PEP (Performance Enhancing Proxy) is proposed. In the method, the PEP is located in a intermediate router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet, stores the copy of the packet into its own buffer (PEP buffer), and returns the corresponding ACK (premature ACK) in behalf of the destination host. In previous researches, under the strategy which keeps the number of the packets in the PEP buffer for which premature ACKs have been returned being less than or equal to a fixed threshold value (watermark value), we have investigated the relation between the watermark value and throughput when only one TCP connection exists. In this paper, under the above strategy, we investigate the relation between the watermark value and the maximum throughput when multiple TCP connections exist. Simulation results under the assumption that each connection uses a dedicated PEP buffer show that the average throughput of each connection is nearly equal to each other regardless of the watermark value. We also show that the relation between the watermark value and throughput is the same as that when only one connection exists.

    researchmap

  • LL-008 A Routing Method Considering QoS and Access Policy on Hierarchical Virtual Private Networks

    Okayama Kiyohiko, Yamai Nariyoshi, Kawano Keita, Ishibashi Hayato, Matsuura Toshio

    2005.8.22  Forum on Information Technology

     More details

    Event date: 2005.8.22

    Language:Japanese  

    researchmap

  • Performance Improvement of TCP using Premature ACK Transmission

    OSADA Shigeyuki, YOKOHIRA Tokumi, OKAYAMA Kiyohiko, YAMAI Nariyoshi

    IEICE technical report  2005.7.14  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2005.7.14

    Language:Japanese  

    In order to improve TCP performance, a method using a PEP (Performance Enhancing Proxy) is proposed. In the method, the PEP is located in a intermediate router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet, stores the copy of the packet into its own buffer (PEP buffer), and returns the corresponding ACK (premature ACK) in behalf of the destination host. In this paper, under the strategy which keeps the number of the packets in the PEP buffer for which premature ACKs have been returned being less than or equal to a fixed threshold value (watermark value), we investigate the relation between the watermark value and the maximum throughput. Simulation results show that (i) when there exist the upper and lower bounds of the watermark value at which the maximum throughput becomes maximum, the both bounds increase for the increase of the propagation delay in the input side network of the PEP, and the upper bound increases and the lower bound decreases for the increase of the propagation delay in the output side network of the PEP, (ii) when there exists the lower bound only, the bound increases (decreases) for the increase of the propagation delay in the input (output) side network. We also show that when the watermark value is greater than the upper bound, the larger the PEP buffer capacity is, the smaller the decreasing ratio of the maximum throughput is.

    researchmap

  • An Accuracy Improvement Method of Distributed Collaborative Spam Filter Using Invalid Recipient Mail

    SAZANAMI Ippei, YAMAI Nariyoshi, OKAYAMA Kiyohiko, MIYASHITA Takuya, MARUYAMA Shin, NAKAMURA Motonori

    2005.5.12  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2005.5.12

    Language:Japanese  

    Spam filters are commonly used for a kind of protection measures of spam mail, which is one of the most serious problems on e-mail environment. As a kind of filtering methods, distributed collaborative filter is remarkable since its false positive rate is very small. However, this method has a significant drawback that its accuracy is considerably low. In this paper, in order to improve the accuracy of distributed collaborative filters, we propose a new method using mails sent to non-existent addresses that may potentially be spam mails We have also implemented the proposed method on a mail gateway, and shown that the accuracy may be improved.

    researchmap

  • Implementation and Evaluation of VLAN-ID Converter Based on the Method of Interconnection of VLANs

    2004.12.9 

     More details

    Event date: 2004.12.9

    Language:Japanese  

    In a large-scale organization where VLANs are managed independently by each department, when users attempt to connect temporarily to their departments' network from another location, various problems such as high administrative cost and conflict or insuff

    researchmap

  • A Remote Access Method of Continuous Media Data Using File Access APIs

    KATO Masayuki, YAMAI Nariyoshi, OKAYAMA Kiyohiko, KUBO Ryosuke, MATSUURA Toshio

    IPSJ SIG Notes  2004.9.2  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2004.9.2

    Language:Japanese  

    NFS-based services have been proposed for transferring continuous media data. However, on a network environment like WAN that does not have enough bandwidth, NFS-based services are not suitable since they do not, provide QoS function. In this paper, we propose a remote access method of continuous media data by modifying file access APIs. This method provides three functions: (1) prefetching on file open, (2) realtimeness support, on file access, and (3) cache invalidation for incomplete data. This paper also discusses a design and implementation of the proposed method and shows that our method is effective even on narrow band network environment.

    researchmap

  • LL-002 A Protection Method against Massive Error Mails Caused by Sender Spoofed Spam Mails

    Yamai Nariyoshi, Shigeta Nobufumi, Okayama Kiyohiko, Miyashita Takuya, Maruyama Shin, Nakamura Motonori

    2004.8.20  Forum on Information Technology

     More details

    Event date: 2004.8.20

    Language:Japanese  

    researchmap

  • An User-based Access Control Method with Certificates for Hierarchical Virtual Private Networks

    OHNISHI Takahiro, OKAYAMA Kiyohiko, YAMAI Nariyoshi, ISHIBASHI Hayato, MATSUURA Toshio

    2004.7.30  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2004.7.30

    Language:Japanese  

    In the existing methods which are applicable to Vertual Private Networks (VPNs) having hierarchical structure, an administrator of each VPN gateway (VGW) has to make user accounts to each VGW and to add user names to access control rules when user-based access control feature is required. Therefore, configuring access control rules becomes considerably complex, and the cost of user management also becomes considerably large if the users of other organizations are allowed to access temporarily. In this paper, we propose an access control method with certificates. With our method, the users of other organizations can access temporarily without accounts on each VGW by using certificates issued by their organizations. Moreover, By introducing user grouping, the cost of configuring access control rules is reduced.

    researchmap

  • An Accuracy Improvement Method of Distributed Cooperative Spam Filter Using Delayed Evaluation Technique

    SAZANAMI Ippei, YAMAI Nariyoshi, OKAYAMA Kiyohiko, MIYASHITA Takuya, MARUYAMA Shin, NAKAMURA Motonori

    IPSJ SIG Notes  2004.3.4  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2004.3.4

    Language:Japanese  

    Spam filters are commonly used for a kind of protection measures of spam mail, which is one of the most serious problems on e-mail environment. As a kind of filtering methods, distributed cooperative filter is remarkable since its false positive rate is very small. However, this method has a significant drawback that its accuracy is considerably low. In this paper, in order to improve the accuracy of distributed cooperative filters, we propose a delayed evaluation technique such that filtering is performed when a Mail User Agent (MUA) has access to the mail server. This method can generate an additional period for registration of new spam mails received by other users, therefore we expect it improves the accuracy. We have also implemented the proposed method as a POP proxy, and shows that the accuracy may be improved in small overheads.

    researchmap

  • A perfect k-ary peer-to-peer multicast routing tree search algorithm for multihome networks

    KAWASHIMA Jun, FUNABIKI Nobuo, OKAYAMA Kiyohiko

    IEICE technical report  2004.1.23  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2004.1.23

    Language:Japanese  

    In this paper, we present a two-stage heuristic algorithm for the peer-to-peer multicast routing problem in a multihome network. This problem requires finding a multicast routing tree satisfying the delay constraint between any two hosts and the degree constraint of any host while minimizing the total cost of the tree. In our algorithm, the routing tree topology is fixed to the perfect k-ary tree so as to always satisfy the degree constraint while minimizing the maximum hop count between hosts. The first stage of the algorithm greedily constructs an initial tree of minimizing the cost, and the second stage iteratively searches a feasible tree based on the annealing method. Through simulations using random network instances, we compare the performance of our algorithm to that of a similar existing algorithm.

    researchmap

  • A Method for Enhanced Network Security and Efficient Communication on IEEE 802.11b Environment

    2004.1.22 

     More details

    Event date: 2004.1.22

    Language:Japanese  

    On IEEE 802.llb, that is the most popular standard of wireless LAN networks, an encryption function called WEP (Wire Equivalent Privacy) is used for preventing both eavesdropping and unauthorized access. However, WEP is known to have some drawbacks that i

    researchmap

  • A Efficient Management Method of Access Policies for Hierarchical Virtual Private Networks

    FUKUI Kenta, OKAYAMA Kiyohiko, YAMAI Nariyoshi, ISHIBASHI Hayato, MATSUURA Toshio

    2003.9.26  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2003.9.26

    Language:Japanese  

    In Virtual Private Networks(VPNs) having hierarchical structure, since each VPN domain has different access policy (whether VPN gateway should perform authentication and data encryption, and so on), the administrator of a VPN domain may need to configure access policies which are different from every VPN subdomain. However, in the existing VPN methods, since access policies are stored in static configuration file of each VPN gateway, the administrator of a VPN domain has to cooperate with the other administrators of its subdomains. Therefore, management cost of access policies becomes fairly large if the organization has complicated structure. In this paper, we propose an efficient management method of access policies for hierarchical VPN. To reduce management cost, we introduce a database with hierarchical structure to represent access policies easily and policy servers to get access policies automatically. The effectiveness of our method is confirmed by the experiment on the actual network using policy servers based on our method.

    researchmap

  • A Routing Method with LDAP Servers for Hierarchical Virtual Private Networks

    OKAYAMA Kiyohiko, KANADECHI Yuji, YAMAI Nariyoshi, ISHIBASHI Hayato, MATSUURA Toshio

    2003.4.25  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2003.4.25

    Language:Japanese  

    In Virtual Private Networks (VPNs) having hierarchical structure, clients and VPN gateways (VGWs) have to determine the next, hop VGW according to the location of the destination. However, in the existing VPN methods, administrative cost is fairly large because the locations of next-hop VGWs are managed by static routing tables. In this paper, we propose a routing method for hierarchical VPNs. In the proposed method, LDAP servers are introduced for managing the routing and authentication information of VPN gateways efficiently. Moreover, clients and VGWs can determine the next hop VGW dynamically by mapping VPN domains to DNS domains and by storing the information of LDAP servers to DNS servers. The effectiveness of our method is confirmed by the experiment on the actual network using clients and VPN gateways based on our method.

    researchmap

  • An Efficient Management Method of Access Policies for Hierarchical Virtual Private Networks

    Kanadechi Yuji, Fukui Kenta, Okayama Kiyohiko, Yamai Nariyoshi, Ishibashi Hayato, Matsuura Toshio

    Proceedings of the IEICE General Conference  2003.3.3  The Institute of Electronics, Information and Communication Engineers

     More details

    Event date: 2003.3.3

    Language:Japanese  

    researchmap

  • A Method of Interconnection of VLANs for Large-scale VLAN Environment

    2003.1.30 

     More details

    Event date: 2003.1.30

    Language:Japanese  

    In this paper, we propose a method which provides the interconnection between the temporary configured VLAN in the common spaces such as conference rooms and the user's VLAN in the large-scale organization network which is managed independently by departm

    researchmap

  • マルチホームネットワークにおけるアプリケーションプロトコルに依存した動的トラフィック分散

    山井成良, 久保武志, 岡山聖彦, 宮下卓也

    情報科学技術フォーラム  2003 

     More details

    Event date: 2003

    researchmap

  • A Backbone Selection Method Based on Bandwidth for Multihomed Networks

    OKAYAMA Kiyohiko, YAMAI Nariyoshi, MIYASHITA Takuya

    2002.10.18  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2002.10.18

    Language:Japanese  

    To achieve dynamic traffic ballancing on multihomed networks, which are connected to the Internet with more than one backbone, the backbone selection method based on measurement of TCP connection setup time via each backbone has been proposed. However, because this method is equivalent to measurement of the round trip time(RTT), it does not necessarily improve the throughput. In this paper, we propose a backbone selection method which can estimate available bandwidth of each backbone by sending sequence of packets via each backbone.

    researchmap

  • A Transparent Load Sharing of UDP Traffic on Multihomed Networks

    2002.1.31 

     More details

    Event date: 2002.1.31

    Language:Japanese  

    Multihomed network, that is a kind of network connected to the Internet via more than one backbones, is one of the most interesting networks to improve response time of network services. In order to operate multihomed networks easily and efficiently, we p

    researchmap

  • 発信者詐称SPAMメールによるサービス不能攻撃の早期検出手法

    田中清, 山井成良, 岡山聖彦, 中村素典, 丸山伸, 宮下卓也

    情報処理学会全国大会講演論文集  2002 

     More details

    Event date: 2002

    researchmap

  • 階層型VPNのためのLDAPサーバを用いた経路制御手法

    岡山聖彦, 金出地友治, 山井成良, 石橋勇人, 松浦敏雄

    情報科学技術フォーラム  2002 

     More details

    Event date: 2002

    researchmap

  • A Management and Operation Method of DNS in Organizations with Multiple Domain Names

    YAMAI Nariyoshi, KUBO Takeshi, YAMASOTO Yoshinobu, OKAYAMA Kiyohiko, MITASHITA Takuya

    2001.10.5  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2001.10.5

    Language:Japanese  

    Since operation of general-use JP domains started, organizations with multiple domain names have been increasing. In such organizations, if the same domain structure as that in the existing domain is required in operation of the additional domains, the current DNS mechanism has some problems in operation and management such that all the administrators of DNS in the subtree of the additional domains have to configure the DNS setting for those domains. In this paper, we propose a management and operation method of DNS for such organization to solve these problems, using a DNS proxy. This method does not require any modification to the DNS servers and the mail servers in the subtree of the existing domain.

    researchmap

  • A Method to Establish a VPN Link across Hierarchical Security Domains

    ISHIBASHI Hayato, YAMAI Nariyoshi, OKAYAMA Kiyohiko, ABE Kota, MATSUURA Toshio

    2000.7.10  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 2000.7.10

    Language:Japanese  

    VPN is one of important technologies on the Internet. With VPN, we can access to remote private resource via the Internet. It also makes it possible to send secret messages safely via the Internet. However, there is one significant inconvenience in most current VPN methods like IPsec. Because it is impossible to establish VPN connections across hierarchical security domains. In this paper, we describe a new method that makes it possible to establish VPN connections across hierarchical security domains. It is also inter-operable with former methods by introducing our proxy gateways.

    researchmap

  • Design and Implementation of an Authentication System with the scalable key-exchange scheme for the Internet

    HAMAGUCHI Shin, OKAYAMA Kiyohiko, YAMAGUCHI Suguru, OIE Yuji

    IPSJ SIG Notes  1998.2.26  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 1998.2.26

    Language:Japanese  

    researchmap

  • A technology to improve perfomance of multimedia communication using ATM network

    TONOSHIBA Yoshiki, OKAYAMA Kiyohiko, YAMAGUCHI Suguru, YAMAMOTO Heiichi

    IPSJ SIG Notes  1995.1.26  Information Processing Society of Japan (IPSJ)

     More details

    Event date: 1995.1.26

    Language:Japanese  

    ATM (Asynchronous Transfer Mode) is widely noticed as a computer network which is base technology of multimedia communication. In this paper, we focus on the overhead of communication protocol in multimedia communication. This paper proposes a model of multimedia communication in which application and ATM adaptation layer directly communicate. It proved that this model could improve throughput between two terminals exchanging video data.

    researchmap

  • Design and Implementation of Network Monitoring System for Wide Area Networks:DIET

    1993.3.3 

     More details

    Event date: 1993.3.3

    Language:Japanese  

    researchmap

  • Design and Implementation of Security Functions for Large Scale Wide Area Networks.

    山口英, 岡山聖彦, 宮原秀夫

    情報処理学会研究報告  1991 

     More details

    Event date: 1991

    researchmap

▼display all

Research Projects

  • Effective Anti-Spam Method with SMTP Session Abort

    Grant number:17300018  2005 - 2007

    Japan Society for the Promotion of Science  Grants-in-Aid for Scientific Research  Grant-in-Aid for Scientific Research (B)

    YAMAI Nariyoshi, NAKAMURA Motonori, MIYASHITA Takuya, OKAYAMA Kiyohiko, KAWANO Keita

      More details

    Grant amount:\6250000 ( Direct expense: \5800000 、 Indirect expense:\450000 )

    This research project aims to develop an effective anti-spam method with minimal administration. This method introduces SMTP session abort function to obtain the header or the body of a message without actual delivery, in combination with existing techniques organically. This method has the following features.
    1. Speeding up processing
    We have developed a speeding up method of the existing tempfailing technique by introducing a secondary mail gateway (SMG). With this method, the sender would immediately resend the failed messages to the SMG after SMTP session abort, and hence delivery delay would be reduced.
    2. Improving spam detection rate
    Since most of non-resent messages destined to non-existing recipients are spam, we have improved the spam detection rate of the existing tempfailing method by registering them automatically into a distributed collaborative spam database. In addition, we have shown that delivery delay and the number ofReceived fields are possible criteria of spam detection according to delivery path analysis.
    3. Reducing administrative cost
    We have developed an advanced method of retransmission judgment using some header field or the message body obtained on the first delivery attempt. Since this method accepts a message from an untrusted SMTP client even in case of the second time delivery from a different SMTP client, the administrator does not have to keep such SMTP clients in the white list any more. In addition, this method can recover the non-rent messages in case of false positive, by showing their headers or bodies to users.
    4. Suppressing bounce mails
    5. Suppressing address leakage
    We have adopted the existing method that receives all messages even to non-existing recipients and sends bounce mails only if sender authentication by Sender Policy Framework (SPF) succeeds. However, SPF has some drawback that it is difficult to authenticate forwarded messages. We have solved this drawback by tracing recipient addresses in the header.

    researchmap

  • Astudy of peerto-peer multicast communications with multiple Internet interfaces

    Grant number:16500034  2004 - 2007

    Japan Society for the Promotion of Science  Grants-in-Aid for Scientific Research  Grant-in-Aid for Scientific Research (C)

    FUNABIKI Nobuo, OKAYAMA Kiyohiko, NAKANISHI Toru, HIGASHINO Teruo, OZAKI Toru

      More details

    Grant amount:\3970000 ( Direct expense: \3700000 、 Indirect expense:\270000 )

    In this year, we have realized the dynamic routing change function for PeerCast, which is adopted as the middleware for peer-to-peer communications in this study, in order to optimize the routing while continuing communications, because PeerCast usually cannot produce the optimal routing. Then, we have studied the multimedia distribution system using the Web technology by the form of the digital picture-card show that plays back each scene of a distance lecture and a video meeting with the combination of a high-resolution digital still image and a speaker's voice for one scene, due to the various problems of security holes, high communication loads, and degrades of usability in using designated software's for peer-to-peer multimedia communications. In this year, we have implemented this system, and evaluated it through its applications to several lectures in our department, where the effectiveness is confirmed by the contribution to the improvement of understandings of students. In addition, we have realized the multimedia distribution system with high response in the wireless mesh network by incorporating Web cashes into mesh routers. The wireless mesh network has been studied as a platform to provide the ubiquitous environment of this multimedia system by allocating multiple wireless routers in the field. We have proposed the two-layer mesh network architecture composed of expensive high-performance routers and inexpensive low-performance routers to achieve the flexibility, the expandability, and the accessibility, where trusted hosts with multiple network interfaces may become the former routers. For this purpose, we have implemented the host authentication function, the multiple channel function, and the IP address assignment function.

    researchmap

  • 大規模組織におけるVLANの相互接続方式に関する研究

    Grant number:16700071  2004 - 2005

    日本学術振興会  科学研究費助成事業  若手研究(B)

    岡山 聖彦

      More details

    Grant amount:\2400000 ( Direct expense: \2400000 )

    本年度は,VLANスイッチで構成される組織ネットワークにおいて,部署外から部署内へのデータリンク層レベルでの一時接続を実現するVLAN相互接続方式として,以下の各課題について研究開発を行った.
    1 VLAN管理サーバおよび認証サーバの実装
    前年度の設計を踏まえ,一時接続のためのVLAN-ID管理とVLANスイッチの自動設定を行うVLAN管理サーバと,部署外でユーザ認証を行う認証サーバの実装を行った.前者はPC上で動作するサーバプログラムとして新規作成し,後者は既存の認証サーバプログラムであるFreeRADIUSを拡張して,提案方式で使用する各サーバとの通信機能などを追加した.
    2 システム全体の動作確認と性能評価
    前述のサーバと前年度までに実装済みのVLAN-ID変換サーバに加え,VLANスイッチとユーザ端末を用いて実験ネットワークを構築し,動作確認実験と性能評価実験を実施した.動作確認実験として,ユーザ端末を部署外のVLANスイッチに接続すると,認証サーバによるユーザ認証後,VLAN管理サーバが一時接続のためのVLAN-IDを割り当ててVLANスイッチを設定すると共に,VLAN-ID変換サーバが部署外と部署内のVLAN-IDを変換することにより,ユーザ端末が所属部署のネットワークにデータリンク層レベルで接続され,これら一連の動作がすべて自動的に行われることを確認した.一方,性能評価実験については,VLAN-ID変換サーバ単体の性能評価は前年度に実施済みであるため,本年度は一時接続に要する時間を計測した.その結果,ユーザ認証の開始からVLANスイッチの設定とVLAN-IDの変換開始が完了するまでの平均時間は3.72秒であり,十分実用的であることを確認した.

    researchmap

  • A Protection Method against Denial of Service Attack Caused by Sender Spoofed Spam Mails

    Grant number:15500039  2003 - 2004

    Japan Society for the Promotion of Science  Grants-in-Aid for Scientific Research  Grant-in-Aid for Scientific Research (C)

    YAMAI Nariyoshi, NAKAMURA Motonori, MIYASHITA Takuya, OKAYAMA Kiyohiko

      More details

    Grant amount:\3600000 ( Direct expense: \3600000 )

    This research project aims to develop a protection method against Denial Service (DoS) attack to victim mail servers, by means of massive error mails generated by sender spoofed spam mails. We have developed the following functions.
    1.Early detection of DoS attacks
    We have verified two early detection methods of DoS attack, namely monitoring DNS query frequency and counting the number of error mails received. According to the attack log of a mail server of Okayama University in August 2004, we have confirmed that both methods are effective for early detection.
    2.Load sharing of error mail handling among mail servers
    We have developed a processing method to separate error mails from normal mails, depending on existence of MX record cache. According to the attack log in August 2004, we have confirmed that this method is effective for load sharing. We also have developed a priority control method of mail delivery from specified mail servers, by giving a different MX record to each DNS query.
    3.Speeding up of error mail processing
    We have developed a speeding up method of error mail processing, not by discarding after receiving, but by rejecting all mails with null sender address during DoS attack.
    4.Processing of complaint mails
    We have developed a method to distinguish complaint mails using a distributed spam database. In this method normal mails including the attacking spam mail are processed as complaint mails.
    5.Identification of spam sender
    We have developed a sender identification system which finds out the IP address of the spam sender and, if the sender exists on the inside network, pinpoints the location of spam sender to an accuracy of room level. We also developed an operation method of e-mail systems based on "POP before SMTP", applicable even to large scale organizations that introduce a mail gateway.

    researchmap

 

Class subject in charge

  • Introduction to Information Processing 1 (2024academic year) 1st semester  - 月1,木1

  • Introduction to Information Processing 1 (2024academic year) 1st semester  - 月2,木2

  • Introduction to Information Processing 2 (2024academic year) 1st semester  - 金7~8

  • Introduction to Information Processing 2 (2024academic year) Second semester  - 木3~4

  • Introduction to Information Processing 2 (2024academic year) Second semester  - 月1~2

  • Introduction to Information Processing 3 (2024academic year) Second semester  - 火7~8

  • Introduction to Information Processing 3 (2024academic year) Third semester  - 木3~4

  • Advanced Information Security Technology (2024academic year) Third semester  - 木1~2

  • Advanced Information Security Technology (2024academic year) 3rd and 4th semester  - 水9

  • Introduction to Information Processing 1 (2023academic year) 1st semester  - 月1,木1

  • Introduction to Information Processing 1 (2023academic year) 1st semester  - 月2,木2

  • Introduction to Information Processing 2 (2023academic year) 1st semester  - 金7~8

  • Introduction to Information Processing 2 (2023academic year) Second semester  - 木3~4

  • Introduction to Information Processing 2 (2023academic year) Second semester  - 月1~2

  • Introduction to Information Processing 3 (2023academic year) Second semester  - 火7~8

  • Introduction to Information Processing 3 (2023academic year) Third semester  - 木3~4

  • Advanced Information Security Technology (2023academic year) Third semester  - 木1~2

  • Advanced Information Security Technology (2023academic year) 3rd and 4th semester  - 水9

  • Introduction to Information Processing 1 (2022academic year) 1st semester  - 月1,木1

  • Introduction to Information Processing 1 (2022academic year) 1st semester  - 月2,木2

  • Introduction to Information Processing 2 (2022academic year) Second semester  - 木3~4

  • Introduction to Information Processing 3 (2022academic year) Second semester  - 火7~8

  • Introduction to Information Processing 3 (2022academic year) Third semester  - 木3~4

  • Introduction to Information Processing 3 (2022academic year) Third semester  - 月5~6

  • Advanced Information Security Technology (2022academic year) Third semester  - 木1~2

  • Advanced Information Security Technology (2022academic year) 3rd and 4th semester  - 水9

  • Introduction to Information Processing 1 (2021academic year) 1st semester  - 月1,木1

  • Introduction to Information Processing 1 (2021academic year) 1st semester  - 月2,木2

  • Introduction to Information Processing 2 (2021academic year) Second semester  - 木3~4

  • Introduction to Information Processing 3 (2021academic year) Third semester  - 木3~4

  • Introduction to Information Processing 3 (2021academic year) Second semester  - 火7~8

  • Introduction to Information Processing 3 (2021academic year) Third semester  - 月5~6

  • Advanced Information Security Technology (2021academic year) Third semester  - 木1~2

  • Advanced Information Security Technology (2021academic year) 3rd and 4th semester  - 水9

  • Introduction to Information Processing 1 (2020academic year) 1st semester  - 月1,木1

  • Introduction to Information Processing 1 (2020academic year) 1st semester  - 月2,木2

  • Introduction to Information Processing 2 (2020academic year) Second semester  - 木3,木4

  • Introduction to Information Processing 3 (2020academic year) Second semester  - 火7,火8

  • Introduction to Information Processing 3 (2020academic year) Third semester  - 木3,木4

  • Introduction to Information Processing 3 (2020academic year) Third semester  - 月5,月6

  • Advanced Information Security Technology (2020academic year) Third semester  - 木1,木2

  • Advanced Information Security Technology (2020academic year) 3rd and 4th semester  - 水9

▼display all