Journal of Computer Science Research | Vol.3, Iss.1 January 2021

Editor-in-Chief
Dr.Lixin Tao
Editorial Board Members
Pace University, United States
Yuan Liang,China
Chunqing Li,China
Roshan Chitrakar,Nepal
Nagesh Narayan Jadhav,India
Adnan Mohamad Abuassba, Palestinian
Dong Li, China
Omar Abed Elkareem Abu Arqub, Jordan
Lian Li, China
Suyel Namasudra, India
Bohui Wang, Singapore
Zhanar Akhmetova, Kazakhstan
Hashiroh Hussain, Malaysia
Imran Memon, China
Aylin Alin, Turkey
Xiqiang Zheng, United States
Manoj Kumar, India
Awanis Romli, Malaysia
Manuel Jose Cabral dos Santos Reis, Portugal
Zeljen Trpovski, Serbia
Milan Kubiatko, Slovakia
Zhihong Yao, China
Monjul Saikia, India
Lei Yang, United States
Alireza Bahramian, Iran
Degan Zhang, China
Shijie Jia, China
Marbe Benioug, China
Hakan Acikgoz, Turkey
Jingjing Wang, China
Kamal Ali Alezabi, Malaysia
Xiaokan Wang,China
Rodney Alexander,United States
Hla Myo Tun,Myanmar
Nur Sukinah Aziz, Malaysia
Shumao Ou, United Kingdom
Jiehan Zhou, Finland
Ammar Soukkou, Algeria
Hazzaa Naif Alshareef, Saudi Arabia
Serpil Gumustekin Aydin, Turkey
Nitesh Kumar Jangid,India
Xiaofeng Yuan,China
Michalis Pavlidis, United Kingdom
Dileep M R, India
Jie Xu, China
Malik Bader Alazzam, Jordan
Resul Coteli, Turkey
Muhammad Arif, China
Qian Yu, Canada
Jerry Chun-Wei Lin, Norway
Hamed Taherdoost, Malaysia
Teobaldo Ricardo Cuya, Brazil
Paula Maria Escudeiro, Portugal
Mustafa Cagatay Korkmaz, Turkey
Mingjian Cui, United States
Besir Dandil, Turkey
Jose Miguel Canino-Rodríguez, Spain
Yousef Awwad Daraghmi, Palestinian
Lisitsyna Liubov, Russian Federation
Chen-Yuan Kuo, United States
Antonio Jesus Munoz Gallego, Spain
Ting-Hua Yi, China
Norfadilah Kamaruddin, Malaysia
Lanhua Zhang, China
Ala Bassam Hamarsheh, Palestinian
Samer Al-khateeb, United States
Erhu Du, China
Francesco Caputo, Italy
Petre Anghelescu, Romania
Liu Liu, China
Ahmad Mansour Alhawarat, Malaysia
Christy Persya Appadurai, United States
Neha Verma, India
Viktor Manahov, United Kingdom
Mohsen Maleki, Iran
Gamze Ozel Kadilar, Turkey
Ronald Javier Martin, United States
Ebba S I Ossiannilsson, Sweden
Prasert Aengchuan, Thailand
Changjin Xu, China

Volume 3 Issue 1 · January 2021 · ISSN 2630-5151
Journal of
Computer Science
Research
Editor-in-Chief
Dr. Lixin Tao

Volume 3 ｜ Issue 1 ｜ January 2021 ｜ Page1-54
Journal of Computer Science Research
Contents
ARTICLE
Copyright
Journal of Computer Science Research is licensed under a Creative Commons-Non-Commercial 4.0 International
Copyright (CC BY- NC4.0). Readers shall have the right to copy and distribute articles in this journal in any form in
any medium, and may also modify, convert or create on the basis of articles. In sharing and using articles in this
journal, the user must indicate the author and source, and mark the changes made in articles. Copyright © BI-
LIN-GUAL PUBLISHING CO. All Rights Reserved.
Radio Network Planning and Optimization for 5G Telecommunication System Based on Physical Con-
straints
Hla Myo Tun
Secure Remote Access IPSEC Virtual Private Network to University Network System
Gajendra Sharma
A Dynamic Steganography Method for Web Images with Average Run-Length-Coding
Jin Liu Yiwen Zhang
Determining Learning Style Preferences of Learners
Sushil Shrestha Manish Pokharel
The Formation of the Electronic Tornado is the Basis of Superconductivity
Binggong Chang
1
16
28
33
44

1
Journal of Computer Science Research | Volume 03 | Issue 01 | January 2021
Distributed under creative commons license 4.0 DOI: https://doi.org/10.30564/jcsr.v3i1.2701
https://ojs.bilpublishing.com/index.php/jcsr
ARTICLE
Radio Network Planning and Optimization for 5G Telecommunication
System Based on Physical Constraints
Hla Myo Tun*
Department of Electronic Engineering, Yangon Technological university, Gyogone, Insein PO, 11011, Yangon,
Republic of the Union of Myanmar
ARTICLE INFO ABSTRACT
Article history
Received: 15 December 2020
Accepted: 29 December 2020
Published Online: 31 January 2021
The paper mainly focuses on the network planning and optimization
problem in the 5G telecommunication system based on the numerical
investigation. There have been two portions of this work, such as network
planning for efficient network models and optimization of power allocation
in the 5G network. The radio network planning process has been completed
based on a specific area. The data rate requirement can be solved by
allowing the densification of the system by deploying small cells. The
radio network planning scheme is the indispensable platform in arranging a
wireless network that encounters convinced coverage method, capacity, and
Quality of Service necessities. In this study, the eighty micro base stations
and two-hundred mobile stations are deployed in the -15km×15km wide
selected area in the Yangon downtown area. The optimization processes
were also analyzed based on the source and destination nodes in the 5G
network. The base stations’ location is minimized and optimized in a
selected geographical area with the linear programming technique and
analyzed in this study.
Keywords:
Network planning design
Mathematical optimization
5G telecommunication system
Numerical analysis
Power allocation problem
1. Introduction
IN recent times, the demands of 5G wireless telecom-
munications for a substantial increase in throughput of
transmission and receiving and the adequate coverage
area for a network to preserve an all-embracing range
of emerging applications, such as mobile phones, mul-
timedia communication, social network connection, in-
ternet gaming, video conferencing, e-learning platforms,
e-healthcare system and so on. The 5G systems promise
to transfer the improvements of million-fold scheme
capacity over present networks while preserving inno-
vative requests with an enormous quantity of low-power
devices, identical coverage methods, high dependability,
and low-slung latency [1-2]
.
Network Planning is the interconnection of assorted
*Corresponding Author:
Hla Myo Tun,
Department of Electronic Engineering, Yangon Technological university, Gyogone, Insein PO, 11011, Yangon, Republic of the Union
of Myanmar;
Email: hlamyotun@ytu.edu.mm
This work was fully supported by U Nyi Hla Nge Foundation at Yangon Technological University,Gyogone, Insein PO, 11011,
Yangon, Myanmar.).
Hla Myo Tun is with the Department of Electronic Engineering of Yangon Technological University, Myanmar (e-mail: hlamyotun@
ytu.edu.mm ).

2
pieces of equipment to allocate resources among abundant
users. Radio Network Planning (RNP) plays a noteworthy
protagonist in the development of cellular design model-
ing. It is indispensable for operators to organize wireless
cellular networks in a low-cost method. It depends on sev-
eral inputs such as the environmental zone, the predictable
quantity of users, the primary base stations’ arrangements,
path loss replicas, and the frequency reclaim pattern.
Effective radio access network planning is replicated in
satisfied subscribers and own infrastructure cost. The
main consequence of the Radio Network Planning (RNP)
is the location and configuration of base stations, which
are desirable to convoke the network coverage model ob-
taining the concentrated coverage, which means that the
mobile is associated with an assumed cell at a maximum
conceivable distance at minimum cost. The base stations,
the competence of cooperating with the mobile station
contained by a convinced coverage area and upholding
call superiority standards of radio network planning de-
velopment, have a radio association through the mobile
devices. The Radio Network Planning processes shall
have to be painstaking based on the propagation atmo-
spheres, site appearances, essential capacity and coverage,
and the antenna conformation at all base stations. The
key refurbishment anticipated in the 5G advancement of
mobile network standards indicates the foremost issues
to the radio network planning practice by comparing with
the accessible wireless networks. The 5G system encir-
clements an innovative core network up to endure obtain-
able technologies of 3G and 4G, in addition to a new air
interface called new radio (N.R.) that compromises con-
siderable data rates and capacity in higher condition by
exhausting novel high-frequency bands (millimeter wave
mmW). Consequently, 5G is the condensed base station
arrangement in a heterogeneous network system that is
unruffled of macrocells and dissimilar types of small cells,
i.e., microcells, picocells, and femtocells. Small cells are
called low-powered radio access nodes, which activate in
the licensed and unlicensed spectrum containing a range
of 10 meters to a few kilometers and can be utilized in in-
door or outdoor public space to expand data capacity and
optimize the coverage, reduced latency. Formulation of
the base stations nearer to the user with a small cell could
moderate the return excursion delay and could intensifica-
tion numerous obtainable resources for active users in this
scheme. The active and sleep modes could be completed
to reduce interference and power consumption over and
above the enhancement of cellular networks’ energy effi-
ciency.
5G millimeter-wave frequencies (mmW) could be
utilized for short-range wireless communication, which
permits high digital data rates and is beneficial in densely
packet networks. The 5G operating bands are divided into
two frequency ranges, such as 450-6000MHz for FR1 and
24.25-52.6 GHz for FR2. Most operators continuously
custom higher frequency cellular bands (FR2) to afford
more capacity to areas with plentiful customers. 5G sys-
tem yearnings spectrum within the three key frequencies
ranges: sub-1GHz, 1-6GHz, and over 6GHz, to deliver
prevalent coverage and sustenance to all users. Over the
values of 6GHz is needed to bump into the ultra-high
broadband speeds intended for 5G, which could not dis-
tribute the fastest data speeds without these bands. In this
study, the 26GHz and 28GHz bands have the best interna-
tional band in this range for analyses with numerical stud-
ies. The spectrum at 28GHz has irrelevant atmospheric
attenuation compared to supplementary GHz frequencies.
Besides, the rain attenuation and oxygen could not inhibit
intensification suggestively at 28GHz frequency.
The Optimization procedure for Network planning
could be appraised of recent research activities in academ-
ic societies. The dynamic programming (D.P.) was used to
enhance the network nodules’ assignment [3]
. The conven-
tion of clustering and ant-colony algorithms in network
planning was reported in [4]
. The prosperous application
of genetic algorithms to network scheme and planning
were articulated in [5]
. An optimization technique based
on the linear programming whose objective function is
the minimization of the complete Wireless Mesh Network
fixing cost whereas taking into consideration the coverage
of the termination users, the wireless connectivity in the
wireless dissemination system and the supervision of the
traffic network flows has been enunciated in [6]
. A stag-
nant emulator for the WCDMA network to examine four
investigative algorithms to acquire optimized network
conformations was described in [7]
. In [8]
, the theoretical
general idea of 3G network planning was given. A genetic
category algorithm accustomed enhances the number and
positions of base stations in place of the cellular network
recommended in[9]
.
This works’ objectives are to diminish and optimize the
location of base stations in the geographical area, reduce
energy disbursement, reduce cell overlap, and improve the
Quality of Service (QoS).
The remaining portion of the paper is schematized as
follows. Section II presents the proposed network plan-
ning model. Section III gives the Analysis of the Power
Allocation Problem. Section IV mentions the simulation
results and discussion on numerical analysis. Section V
concludes the proposed system.

3
2. Recommended Network Planning Model
Heterogeneous network planning solutions help from
the small base station to boost capacity and coverage
under various consequences. The wireless radio network
is called a cellular network or mobile network, which is
commonly cellular naturally, where coverage is separated
keen on innumerable terrestrial coverage areas baptized
cells. A Base station (BS) is positioned in each cell, main-
taining one or extra cells and reliant on the creators’ appa-
ratus. The B.S.s arrange for the radio connection for U.E.s
inside the cell to facilitate mobile phones and smartphones
to interconnect with the operator’s linkage. However,
U.E.s are affecting from end to end deferent cells in the
course of transmission determinations. Every UE uses a
radio connection to converse with the base station using a
couple of radio channels, one channel for Downlink (DL),
and the other for Uplink (U.L.). The cells (sites) posi-
tioned inside the geographical area can be categorized as
outdoor and indoor cells. The outdoor cells can be catego-
rized as cellular for macro, cellular for micro, or cellular
for pico. The indoor or outdoor small cells can eliminate
“bad” users with poor radio circumstances from macrocell
conditions.
2.1 Macro-cells
The base station antennas are positioned exceeding the
roof-top position; the cell is recognized as a macro. As
the antenna’s height exceeds the roof-top position’s me-
diocre level, the area that can be concealed is extensive.
A macro-cell range might differ from a pair of kilometers
to 35 km, the space reliant upon the environment’s cate-
gory and the propagation circumstances. Henceforth, this
conception is mostly utilized for residential or countryside
milieus.
2.2 Micro-cells
The antennas at the base station are further down the
roof-top position’s mediocre level, and then the cell is rec-
ognized as a micro-cell. The region that can be concealed
is minor, so this conception is realistic in metropolitan and
residential areas. The assortment of micro-cells is com-
mencing a small number of hundred meters to a twosome
of kilometers.
2.3 Pico-cells
Pico-cells are demarcated as the unchanged cover
as micro-cells and are customarily utilized for interior
coverage. In this study, the recommended system model
comprises a prearranged set of contestant base stations
B.S.s B which is fashioned Bmicro. Bmicro represents the set
of contestant micro B.S.s with the fixed locations. In this
planning practice, 80 micro base stations are deployed
in the 625 km2
of the Yangon Downtown range. In this
analysis, orthogonal frequency division multiple access
is a retrieving pattern. The retrieving pattern for the 5G
network is not demarcated yet, and the usage of OFDMA
is appropriate for enactment estimation and assessment
with 4G complexes. The user dissemination ideal in this
problem is an approach based on the snapshot. A snapshot
epitomizes a pair of users utilizing the physical network
at a specified instantaneous time. For a specified snapshot
that epitomizes the existing vigorous users, we target to
catch the minutest amount of base stations on/off switch-
ing approach that quiet promise coverage and capability
desires. The downlink signal to interference and noise ra-
tio (DSINR) above a subcarrier N consigned to the user A
can be exhibited as follows:
, ( )
2
A B A
k
A
P
DSINR
TNP I
=
+
(1)
where Pa,b(k) as the received power on subcarrier N
consigned for the user A by its serving BS B(A). TNP2
is
the noise power due to thermal , and IA is the inter-cell
interference from neighboring BSS. PBSmicro is the transmit
power of the micro base station. The received power at the
mobile station MS and base station bs can be expressed as:
, 10 ,
( ) 10log BS
MS bs MS bs
BS
TP
P dB L
MS
= −
 
 
 
(2)
where TPBS is the downlink transmit power of BS and
MSBS is the number of mobile stations, LMS,bs(dB) is the
path loss between Mobile Station MS and Base Station bs
can be modeled as:
( )
, 10 , 10
( ) 92.4 20log 20log ( )
MS bs MS bs
L dB d f
=
+ + +
( )
, , ,
( )
MS bs MS bs MS bs
d d h
α γ ρ
+ + + (3)
where f is the carrier signal frequency in GHz
In this study, the frequency is fixed to 28 GHz. α is
the attenuation value in the atmospheric condition is just
about negligible at 28 GHz frequency (0.06 dB/km). hMS,bs
is a random variable on behalf of the channel gain be-
tween Base station and Mobile Station. γ is the rain atten-
uation, and ρ is the foliage losses.
The path loss is based on the ECC-33 ideal established
by Electronic Communication Committee (ECC). It is
inferred from Okumura’s original quantities and improved
its expectations to further meticulously characterize an
immovable wireless access system. ECC-33 model to
govern the optimal ideal for radio coverage approximation
and interference viability could be analyzed during radio

4
Distributed under creative commons license 4.0
network planning based on a multi-transmitter system in
the very high-frequency bands (VHF).
( ) FS BM BS RA
PL dB Att PL GF GF
= + + + (4)
AttFS is the attenuation value in free space, PLBM is the
path loss for the basic median, GFBS is the gain factor for
base station height, and GFRA is the gain factor for re-
ceived antenna height.
10 10
92.4 20log ( ) 20log ( )
FS
Att d f
=
+ + (5)
10 10
20.41 9.83log ( ) 7.89log ( )
BM
PL d f
=
+ +
[ ]2
10
9.56 log ( )
f
+ + (6)
( )
( )2
log 13.98 5.8 log
200
b
BS
h
GF d
= +
  
  
 
(7)
For the median city,
( )
[ ] ( )
[ ]
42.57 13.7 log log 0.585
RA m
GF f h
=
+ − (8)
For a large city,
( )
0.759 1.862
RA m
GF h
= − (9)
3. Parameters Affecting the Tower Sites
3.1 Rain Attenuation Affecting on the Tower Sites
Rain attenuation is ascribed to the concentration and
smattering of electromagnetic waves by rain spots. Rain-
fall attenuation is a manifestation qualified to the rate of
rainfall and frequency, which significances in accumula-
tive path loss, off-putting the coverage region, and accord-
ingly unbecoming the system enactment. At frequencies
for high-level value, rain attenuation shall have an out-
sized effect on the network contingent on the dimension,
dissemination, and reduction velocity of the rain spots.
When rain falls, phone signals have grinned between tow-
ers, which are initiated by lowered signal strength. This
occurrence is known as signal attenuation.
At a frequency of above 10 GHz, rainfall and sleet can
impact the attenuation enormously; the consequence of
attenuation in the atmospheric between source and target
over a wireless connection is of main concern, and an ap-
propriate site appointment and appropriate technique are
obligatory to govern the level of attenuation. The endorse-
ment of the ITU-R P.838-3 (ITU-R, 2005) establishes
the practice of explicit attenuation from the intensity of
rain. The explicit attenuation γ (dB/km) is achieved from
the rate of rain R(mm/h) surpassed at per hundred of the
time, expending the power regulation rapport as [10]
. Pre-
cipitation can include origin ordinary interference above
transmitted signals in microwave links [11]
. The explicit
attenuation R (dB/km) is acquired from the rate of rain R
(mm/h) using the power regulation connection is shown in
(10).
( )
2 50 /
R
kR R mm hr
α
γ
= < < (10)
The values of the coefficients for k and α are consid-
ered as the frequency function. f(GHz) is the assortment
from 1 to 1000GHz.
Table 1. The different frequencies changes of the coeffi-
cients k and values (recommended by itu_r p.838-3)
3.2 Foliage Losses Effect on the Tower Sites
The attenuation of radio signals affected by trees bar-
ricading the radio connection is labeled as loss of foliage
[12]
. The loss of foliage is a very convoluted problem
that has various constraints and deviations. At millime-
ter wavelengths, the approximation of foliage initiated
attenuation is tremendously momentous for a radio con-
nection arrangement. The dimensions of the shrubberies,
brushwood, stems, the concentration and dissemination
of shrubberies, and the tree’s height compared with the
antenna heights that influence the propagation over and
done with vegetation. The manifestation of foliage in the
broadcast network can central to unembellished signal at-
tenuation. The tree stem, haphazardly disseminated shrub-
beries, annexes, and brushwood are diverse distributes
which origin the attenuation, sprinkling, and deflection
on the exuded signal. The foliage argument on wireless
connection can be classified as three expressions (a bush,
wooded area, and appearances of plants).
Foliage losses ρ for millimeter-wave frequencies are
substantial and can mark the enactment of the network.
Those losses should be engaged while exhibiting 5G sys-
tems at extraordinary frequencies and can be transcribed
as follows:
ITU-R model is
( )( ) ( )
0.3 0.6
( ) 0.2
dB f R
ρ = (11)
where f is the frequency in MHz, R is the bush of the
depth in the meter. (R<400m)
Cost 235 model is
( ) ( )
0.2 0.5
( ) 26.6
COST
L dB f d
= (12)
DOI: https://doi.org/10.30564/jcsr.v3i1.2701

5
3.3 Euclidean Expanse Calculation for Base Sta-
tions
The Euclidean expanse is the straightforward link ex-
panse between two points in Euclidean space in reality. To
calculate the Euclidean distance of nodes in a heteroge-
neous network system, two types of nodes with different
ranges are positioned in the Yangon Downtown area with
MATLAB. After deploying these two types of nodes,
Type I and Type II nodes’ positions, matrixes become
visible. Type I nodes’ positions are defined as (xi , yi) are
the coordinates of BSi in Cartesian expressions where
i=1,2,3,...,N and Type II nodes’ positions are defined as
(uk , vk) are the coordinates of MSk in Cartesian expres-
sions, where k=1,2,3,...,N. If the first Type I base stations
B.S.s nodes are located on the point (xi , yi), and the sec-
ond Type II mobile station nodes are positioned on point
(uk , vk), the Euclidean distance equation between mobile
station k and base station i is expressed in (13).
( ) ( )
2 2
,
k i i k i k
d x u y v
= − + − (13)
The interference term depends merely on the inter-cell
interfering signals; subsequently, the subcarriers are a cell
in orthogonally in an OFDMA-based systems (presumptu-
ous perfect orthogonally condition). For a mobile station
to be obliged, it DSINR needs to outstrip the minutest
threshold rate DSINRthr . The signal to interference plus
noise ratio is expressed in (14).
, ( )
,
1, ( )
B
A B A
th N
i A i thr
i i B A
P
DSINR
CPP SINR
= ≠
=
≥
∑
(14)
where CPi indicates where BSi is used or not. The term
,
1, ( )
B
N
i A i
i i B A
CPP
= ≠
∑ represents the interference power received
from neighboring BSi at MSk .
4. Analysis and Implementation
Network planning was completed using 28 GHz mil-
limeter wave carrier frequencies that compromise greater
transmission capacity due to larger bandwidth associated
with the existing frequency ensembles. In this research
work, the quantity of overlap base stations is minimized to
save energy expenditure, reduce the cell overlap, and re-
duce cost. Several base stations are switched OFF condi-
tion, and the residual active base stations were served the
coverage and capacity requirements. The two main parts
are considered the base station planning development
in this study. The first fragment of base station planning
development is considered in the free space path loss con-
dition (attenuation in rainfall condition and foliage losses
are zero). The second fragment of planning development
is considered in the loss condition.
4.1 Design Parameters for Planning Development
Several eight base stations and nine mobile stations are
deployed in the geographical area’s fixed locations in this
section. Before using the MATLAB tools, this step could
be studied and deliberated for the radio network planning
development.
Table 2. Test parameters of fixed eight base stations and
nine mobile stations
Parameter Values
Base Station BBS 8
Mobile Station KBS 9
Transmit Power PBS 2 Watt
Atmospheric attenuation α 0.06 dB/km
Rain attenuation λ 0 dB/km
Foliage losses ρ 0 dB/km
The discussions on the results of this fragment are de-
scribed in the following table. Table 2 shows that the test
Parameters of fixed eight base stations and nine mobile
stations. Table 3 and Table 4 give the x and y coordinates
values for fixed eight base stations and x and y coordi-
nates for fixed nine mobile stations.
Table 3. X and y coordinates values for fixed eight base
stations
For Base Station BSi x coordinate of BSi y coordinate of BSi
1 25 25
2 -25 25
3 -25 -25
4 25 -25
5 -25 0
6 25 0
7 0 25
8 0 -25

6
4.2 Distance Calculation Results
Among the quantity of eight base stations to nine mo-
bile stations, the distance calculation results are described
for the quantity of eight base stations to the mobile station
four.
Table 4. X and y coordinates values for fixed nine mobile
stations
For Mobile Stations MSk
u is the coordinate of
MSk
v is the coordinate of MSk
1 30 5
2 20 30
3 -15 40
4 -30 -15
5 -30 -15
6 -15 -10
7 -15 -40
8 15 -15
9 30 -40
1 30 5
The Euclidean expanse between Base Station BSi and
Mobile Station MSk is evaluated using (13) with k is 1 to 9
and i is 1 to 8. Table 5 shows that the distance calculation
results between the mobile station k and the base station i.
Table 5. Distance calculation results between base station
i and mobile station k
Mobile Station MSk Base station BSi Euclidean distance dki (km)
4 1 55.9×10-3
4 2 11.18×10-3
4 3 40.3113×10-3
4 4 68×10-3
4 5 15.8114×10-3
4 6 57×10-3
4 7 31.62277×10-3
4 8 50×10-3
4.3 Calculation Outcomes of Path Loss
To calculate the values of path loss between Mobile
Station 4 and 8 Base Stations using (3). The evaluated
Euclidean distance between mobile stations 4 and 8 base
stations results is replaced in this path loss equation. The
calculations results of path loss between mobile station k
and base station i is listed in Table 6.
Table 6. Calculation results of path loss between mobile
station k and base station i
Mobile Station MSk Base station BSi Path loss Lk,i (dB)
4 1 96.99
4 2 82.523
4 3 93.61
4 4 98.525
4 5 85.866
4 6 96.974
4 7 91.859
4 8 95.6374
The value of f is the GHz values for millimeter-wave
frequency. The very high frequency (HF) and ultra-high
frequency (UHF) are required to implement the 5G milli-
meter wave path loss model. In this study, the frequency is
established to 28 GHz. α is the attenuation in atmospheric
(0.06 dB/km), which is negligible at 28 GHz frequency.
hk,i is the random variable signifying the channel gain
between base station i and mobile station k. In free space
loss condition, attenuation values in rain condition γ and
foliage loss ρ are zero.
4.4 Calculation Outcomes of Received Power
To calculate the received power between mobile station
4 and the number of 8 base stations using (2).
The evaluated path loss between mobile station 4 and
the number of 8 base stations results are replaced in this
received power equation. The intention consequences of
the received power between mobile station k and base sta-
tion i are listed in Table 7.

7
Table 7. Calculation results of received power between
mobile station k and base station i
Mobile Station MSk Base station BSi Received Power Pk,i Watt
4 1 4.443×10-11
4 2 1.2431×10-11
4 3 9.67832×10-11
4 4 3.121×10-11
4 5 5.757×10-11
4 6 4.46066×10-11
4 7 1.4484×10-11
4 8 6.0681×10-11
4.5 Calculation Outcomes for SINR
Finally, calculate the SINR between mobile station 4
and 8 base stations using (14). These SINR values need to
exceed the threshold value of SINR. The threshold value
of SINR is -9dB. It is used to detect the data easily. CPi
represents Base station i is used or not. The evaluated val-
ues of received power between mobile station 4 and the
number of 8 base stations are replaced in this equation.
The calculation results of SINR (dB) between mobile sta-
tion k and base station i are listed in Table 8.
Table 8. Calculation results of sinr (db) between mobile
station k and base station i
Mobile Station MSk Base station BSi SINRk(dB)
4 1 -16.944
4 2 0.9527
4 3 -13.468
4 4 -18.5
4 5 -4.614
4 6 -16.92
4 7 -11.6
4 8 -15.67
Among the number of 8 base stations and a quantity
of 9 mobile stations, the calculation results are expressed
for the quantity of 8 base stations to 4 mobile stations.
According to the calculation results, the greater than or
equal SINR threshold (dB) are the active base stations and
otherwise are the dead base stations.
5. Numerical Results
The numerical results are analyzed established on var-
ious conditions for the real-world situation in a specific
capacity.
5. 1 Numerical Results with Fixed Base Stations
and Random Mobile Stations
In this section, the fixed number of 9 base stations and
random 20 mobile stations are deployed in -4km×4km
area, defined in Figure 1.
The first iteration outcome is designated in Figure 2. In
this result, the number of five life nodes covered the twen-
ty mobile stations within the -4km×4km range of geo-
graphical area. The second iteration result is revealed in
Figure 3. The quantity of active five base stations covered
the twenty mobile stations within -4km×4km area.
The tenth iteration result is described in Figure 4. The
numbers of five nodes are switched on among the 9 micro
base stations in the -4km×4km coverage area in these re-
sults.
Table 9. Test parameters of a fixed number of eight base
stations and a random number of twenty mobile stations
Parameter Values
Base Stations BBS 9
SINRth -9 dB
Rain attenuation γ &Foliage losses ρ 0
-4 -3 -2 -1 0 1 2 3 4
x coordinate of BSs -4kmx4km
-4
-3
-2
-1
0
1
2
3
4
y
coordinate
of
BSs
-4kmx4km
User distributed 9 base stations are deployed in -4km-4km
Planned nodes
Figure 1. User Distributed 9 Nodes are deployed in -4km
× 4km area

8
-4 -3 -2 -1 0 1 2 3 4
x coordinate of BSs in -4kmx4km
-4
-3
-2
-1
0
1
2
3
4
y
coordinate
of
BSs
in
-4kmx4km five life nodes are covered 20 MSs in -4kmx4km
life node
Figure 2. Five Life Nodes covered 20 Mobile Stations in
-4km×4km area
-4 -3 -2 -1 0 1 2 3 4
x coordinate of BSs in -4km x4m
-4
-3
-2
-1
0
1
2
3
4
y
coordinate
of
BSs
in
-4kmx4km
five life nodes are covered 20 MSs in -4kmx4km
Figure 3. Five Life Nodes are covered 20 Mobile Stations
in -4km×4km area
-4 -3 -2 -1 0 1 2 3 4
-4
-3
-2
-1
0
1
2
3
4
y
coordinate
of
BSs
in
-4kmx4km
5 life nodes are covered 20 MSs in -4kmx4km
Figure 4. Five Life Nodes are covered 20 Mobile Stations
in -4km×4km area
The results from several iterations indicate that there
is a minimum number of the base station, which has five
from this simulation with limited SINR greater than -9dB.
Table 9 shows the test parameters of a fixed number of
eight base stations and a random number of twenty mobile
stations in the -4km×4km range.
5.2 Numerical Results with Random Base Stations
and Random Mobile Stations
In this section, the number of 9 base stations and 20
mobile stations are randomly deployed in -4km × 4km
range of geographical area, shown in Figure 5. The first
iteration result for the minimum number of base stations
is shown in Figure 6. The numbers of 4 base stations
are switched on, and the numbers of 5 base stations are
switched off among the 9 micro base stations. In the sec-
ond time iteration process, the locations of base stations
and mobile stations are changed within the geographical
area shown in Figure 7 through Figure 8.
-3 -2 -1 0 1 2 3 4
-4
-3
-2
-1
0
1
2
3
y
coordinate
of
BSs
in
-4km
x4km
Nine Micro Base Stations are randomly deployed in -4kmx4km
Planned nodes
Figure 5. Nine micro base Stations and 20 Mobile Sta-
tions are randomly deployed in -4km × 4km area.
-2 -1.5 -1 -0.5 0 0.5 1 1.5 2
x coordinate of Base Stations
-1
-0.5
0
0.5
1
1.5
2
2.5
3
y
coordinate
of
Base
stations
4 life nodes are covered 20 mobile stations in -4kmx4km
Life node
Figure 6. Four Life Nodes are covered the 20 Mobile
Stations -4km × 4km area.

9
In the second iteration result, the numbers of three
base stations are switched on, and the numbers of six base
stations are switched off among the 9 micro base sta-
tions, which result is shown in Figure 8. The numbers of
four nodes are switched on in the tenth iteration, and five
nodes are switched off among the nine micro base stations
in -4km × 4km area. Several iterations show a minimum
number of the base station, which has three from this sim-
ulation with limited SINR greater than -9dB.
-3 -2 -1 0 1 2 3 4
x coordinate of 9 micro base stations in -4km x4km
-4
-3
-2
-1
0
1
2
3
4
y
coordinate
of
9
micro
base
stations
in
-4kmx4km
9 micro base stations are randomly deployed in -4kmx4km
Planned node
Figure 7. Nine Micro Base Stations and 200 Mobile Sta-
tions are randomly deployed in -4km × 4km area.
-2 -1.5 -1 -0.5 0 0.5 1 1.5 2 2.5 3
x coordinate of 9 micro base staions in -4kmx4km
-3
-2
-1
0
1
2
3
4
y
coordinate
of
9
micro
base
stations
in
-4km-4km
3 life nodes are covered the 20 MSs in -4kmx4km
life node
Figure 8. Three Life Nodes are covered the 20 Mobile
Stations -4km ×4km area.
-4 -3 -2 -1 0 1 2 3 4
x coodinate of BSs in -4km x4km
-4
-3
-2
-1
0
1
2
3
4
y
coordinate
of
BSs
in
-4kmx4km
Nine Micro Base Stations are randomly deployed in -4kmx4km
Planned node
Figure 9. Nine Micro Base Stations are randomly de-
ployed in -4km × 4km area.
-4 -3.5 -3 -2.5 -2 -1.5 -1 -0.5 0 0.5 1
x coordinate of BSs in -4km x4km
-4
-3.5
-3
-2.5
-2
-1.5
-1
-0.5
0
0.5
1
y
coordinate
of
BSs
in
-4km
x4km
four life nodes are covered 20 MSs in -4kmx4km
Life node
Figure 10. Four life nodes covered the 20 mobile Stations
-4km × 4km area.
5.3 Numerical Results with Fixed Base Stations
Planning for Yangon Downtown Region
In this section, the fixed number of 80 base stations in
micro condition and 200 mobile stations are randomly
deployed in the -15km × 15km of Yangon Downtown dis-
trict, and these results are shown in Figure 11.
Table 10. Test parameters of fixed number of 80 base
stations in micro condition and random number of 200
mobile stations
Parameter Values
Base Stations BBS 9
SINRth -9 dB
Rain attenuation γ & Foliage losses ρ 0
This planning process is considered only free space
path loss. The first iteration result is shown in Figure
12. In this result, 51 base stations in micro condition are
switched on, and 29 base stations in micro condition are
switched OFF among the 80 micro base stations in the
-15km × 15km of Yangon Downtown district.

10
Table 11. X and y coordinates of fixed number of eighty
base stations in micro condition
Number of Base Stations x coordinate y coordinate
1 -12500 0
2 -12500 3125
3 -12500 6250
4 -12500 9375
5 -12500 12500
6 -12500 -3125
7 -12500 -6250
8 -12500 -9375
9 -12500 -12500
10 -9375 0
11 -9375 3125
12 -9375 6250
13 -9375 9375
14 -9375 12500
15 -9375 -3125
16 -9375 -6250
17 -9375 -9375
18 -9375 -12500
19 -6250 0
20 -6250 3125
21 -6250 6250
22 -6250 9375
23 -6250 12500
24 -6250 -3125
25 -6250 -6250
26 -6250 -9375
27 -6250 -12500
28 -3125 0
29 -3125 3125
30 -3125 6250
31 -3125 9375
32 -3125 12500
33 -3125 -3125
34 -3125 -6250
35 -3125 -9375
36 -3125 -12500
37 0 0
38 0 3125
39 0 6250
Number of Base Stations x coordinate y coordinate
40 0 9375
41 0 12500
42 0 -3125
43 0 -6250
44 0 -9375
45 0 -12500
46 0 0
47 3125 3125
48 3125 6250
49 3125 9375
50 3125 12500
51 3125 -3125
52 3125 -6250
53 3125 -9375
54 6250 0
55 6250 3125
56 6250 6250
57 6250 9375
58 6250 12500
59 6250 -3125
60 6250 -6250
61 6250 -9375
62 6250 -12500
63 9375 0
64 9375 3125
65 9375 6250
66 9375 9375
67 9375 12500
68 9375 -3125
69 9375 -6250
70 9375 -9375
71 9375 -12500
72 12500 0
73 12500 3125
74 12500 6250
75 12500 9375
76 12500 12500
77 12500 -3125
78 12500 -6250
79 12500 -9375
80 12500 -12500

11
-1.5 -1 -0.5 0 0.5 1 1.5
x coordinate of BSs in -15kmx15km 10 4
-1.5
-1
-0.5
0
0.5
1
1.5
y
coordinate
of
BSs
in
-15kmx15km
10 4 User distributed 80 micro base stations
Planned node
Figure 11. User Distributed Number of 80 Micro Base
Stations and 200 random mobile stations are deployed in
-15km × 15km
In the second iteration result, the numbers of 54 base
stations in micro condition are switched ON, and 26 base
stations in micro condition are switched off among the 80
base stations in the micro condition, shown in Figure 13.
The tenth iteration result is presented in Figure 14. In
these results, the numbers of active nodes are 55 among
the 80 micro base stations in the -15 km × 15 km coverage
area of the Yangon Downtown region.
-1.5 -1 -0.5 0 0.5 1 1.5
x coordinate of Base Stations 10 4
-1.5
-1
-0.5
0
0.5
1
1.5
y
coordinate
of
Base
stations
10 4
51 life nodes are covered the 200 mobile stations
in -15kmx15km area
life node
Figure 12. 51 Life Nodes are covered 200 Mobile Sta-
tions in -15km × 15km area
-1.5 -1 -0.5 0 0.5 1 1.5
x coordinate of Base Station in -15kmx15km 10 4
-1.5
-1
-0.5
0
0.5
1
1.5
y
coordinate
of
Base
Station
in
-15km
x15km
10 4 54 life nodes are covered 200 MSs in -15kmx15km
life node
Figure 13. 54 Life Nodes are Covered 200 Mobile Sta-
tions in the -15km × 15km
-1.5 -1 -0.5 0 0.5 1 1.5
x coordinate of BSs in -15kmx15km 10 4
-1.5
-1
-0.5
0
0.5
1
1.5
y
coordinate
of
BSs
in
-15kmx15km
life node
Figure 14. 55 Life Nodes are covered 200 Mobile Sta-
tions in -15km × 15km area
Several iterations show a minimum number of the base
station, which has fifty-one from this simulation with
limited SINR greater than -9dB. Test parameters of a fixed
number of 80 micro base stations and a random number of
200 mobile stations are shown in Table 10. The locations
of x and y coordinates for fixed eighty micro base stations
are listed in Table 11.
5.4 Numerical Results of Random Base Station
Planning in Yangon Downtown Area
In this section, the number of 80 micro base stations
and 200 mobile stations is randomly deployed in the
-15 km ×15 km range of the Yangon Downtown region,
shown in Figure 15.

12
-1.5 -1 -0.5 0 0.5 1 1.5
x coordinate of 80 micro base stations in -1.5kmx1.5km 10 4
-1.5
-1
-0.5
0
0.5
1
1.5
y
coordinate
of
80
micro
BSsin
-1.5kmx1.5km
10 4 80 random nodes are deployed in -1.5kmx1.5km
number of planned nodes
Figure 15. Random Number of 80 nodes and 200 mobile
Stations are deployed in -1.5km × 1.5km
After running the simulation, the numbers of 51 nodes
are active base stations, and 29 nodes are dead base sta-
tions among the 80 micro base stations, shown in Figure
16. In the second iteration, the number of fifty-three life
nodes is covered the 200 mobile stations in the -15 km ×
15 km area is shown in Figure 18.
-1.5 -1 -0.5 0 0.5 1 1.5
x coordinate of Base Stations in -15kmx15km 10 4
-1.5
-1
-0.5
0
0.5
1
1.5
y
coordinate
of
Base
Stations
in
-15kmx15km
life node
Figure 16. Fifty-one life nodes are covered 200 mobile
stations in -15km × 15km area
-1.5 -1 -0.5 0 0.5 1 1.5
-1.5
-1
-0.5
0
0.5
1
1.5
y
coordinate
of
Base
Stations
in
-15kmx15km
10 4
8o micro base stations are randomly deployed
in -15kmx15km area
Planned node
Figure 17. Random Number of 80 nodes and 200 mobile
Stations are deployed in -1.5km × 1.5km
-1.5 -1 -0.5 0 0.5 1 1.5
-1.5
-1
-0.5
0
0.5
1
1.5
y
coordinate
of
Base
stations
in
-15kmx15km
10 4
53 life nodes are covered 200 mobile stations
in -15kmx15km area
life node
Figure 18. Fifty-three life nodes covered 200 mobile
stations in -15km ×15km area
In the tenth iteration, fifty-five life nodes are covered; the
200 mobile stations in the -15 km × 15 km area is shown in
Figure 20. Several iterations show that a minimum number
of the base station is around fifty-one from this simulation
with a limited number SINR is less than -9dB.
-1.5 -1 -0.5 0 0.5 1 1.5
-1.5
-1
-0.5
0
0.5
1
1.5
y
coordinate
of
Base
Stations
in
-15km
x15km
10 4
80 micro Base Stations are randomly deployed
in -15kmx15km
Planned node
Figure 19. A random number of 80 nodes and 200 mobile
Stations are deployed in -1.5km ×1.5km
-1.5 -1 -0.5 0 0.5 1 1.5
-1.5
-1
-0.5
0
0.5
1
1.5
y
coordinate
of
Base
Stations
in
-15kmx15km
life node
Figure 20. Fifty-five life nodes covered 200 mobile sta-
tions in -15km ×15km area

13
5.5 Numerical Results of Attenuation in Rain Fall
Condition and Losses in Foliage Condition
In this section, the attenuation in rainfall conditions for
three different intensity levels for rain is shown in Figure
21. For these analyses, the value of γ is diverged between
0.5 (dB/km) for light rain (2.5mm/hr) up to 9 (dB/km) for
heavy shower rain (50 mm/hr) at the selected 28 GHz fre-
quency.
0 1 2 3 4 5 6 7 8 9
Rain Attenuation (dB/km)
0
5
10
15
20
25
30
35
40
45
50
Rain
intensity
mm/h)
Rain attenuation variation depends on the rain intensity
Heavy rain
Light rain
Downpour
rain
Figure 21. Attenuation in Rain Fall Condition Variation
Hang on the Rain Intensity
These figures demonstrate that this supplementary
attenuation at high frequencies affects the network’s per-
formance, prominent to a noteworthy surge in the linkage
outage. Subsequently, this aspect is significant in the
Radio Network Planning progression as encountering net-
work necessities concerning the outage threshold, which
hangs on the environmental circumstances in the designat-
ed zone of concentration. When the rain intensity increas-
es, rain attenuation also increases.
Table 12. Foliage losses (db) variation depends on the
depth of the foliage (meter)
R(depth of the foliage in meter) ρ(foliage losses dB)
1 4.3170
2 6.5433
3 8.3455
4 9.9178
5 11.3386
4 5 6 7 8 9 10 11 12
depth of the foliage (meter)
1
1.5
2
2.5
3
3.5
4
4.5
5
foliage
losses
(dB)
foliage losses(dB) varying depends on the deph of the folage(m)
Figure 22. Foliage Losses (dB) variation Depends on the
Depth of the Foliage in Meter
Figure 22 shows that the foliage losses (dB) for the
different foliage depth (meter). In this study, losses in
foliage conditions are realized to the pretend network by
changing the parameter ρ. The foliage depth value R was
increased from 1m to 5m to create diverse foliage depths
prominent to a deviation in the rate of ρ from 4.31 dB to
11.33 dB. If the depth of the foliage increases, the foliage
losses will increase. Table 12 shows that the foliage losses
(dB) variation depends on the foliage depth.
5.6 Numerical Results of Rain Attenuation and
Foliage Losses Affecting on Base Station
In this section, the results of foliage losses and rain at-
tenuation affecting the base stations are discussed in Fig-
ure 23 through 26.
1 1.5 2 2.5 3 3.5 4 4.5 5
depth of the foliage meter
51
51.5
52
52.5
53
53.5
54
54.5
55
55.5
56
Power
on
Base
Station
Power on Base Station
r=0.5 dB/km(Rain Attenuation for Light Rain)
Figure 23. Active Base Stations for Depth of the Foliage
(1∼5) Meter and Light Rain

14
1 1.5 2 2.5 3 3.5 4 4.5 5
57
57.5
58
58.5
59
59.5
60
60.5
61
61.5
62
Power
on
Base
Station
r=4.6 dB/km(Rain Attenuation for heavy Rain)
Figure 24. Active Base Stations for Depth of the Foliage
(1∼5) Meter and Heavy Rain
1 1.5 2 2.5 3 3.5 4 4.5 5
63
63.5
64
64.5
65
65.5
66
66.5
67
67.5
68
Power
on
Base
Station
r=9 dB/km(Rain Attenuation for downpour Rain)
Figure 25. Active Base Stations for Depth of the foliage
(1∼5) Meter and Downpour Rain
According to light rain conditions, fifty-one base sta-
tions are switched on in one-meter foliage depth, and
fifty-six base stations are switched on in five-meter foli-
age depth. This result is shown in Figure 23. According
to heavy rain conditions, fifty-seven base stations are
switched on in one-meter foliage depth, and sixty-two
base stations are switched on in five-meter foliage depth.
1 1.5 2 2.5 3 3.5 4 4.5 5
Foilage depth meter
50
52
54
56
58
60
62
64
66
68
Power
on
Base
Station
light rain
heavy rain
downpour rain
Figure 26. Comparison Results of Active Base Stations
for Light Rain, Heavy Rain, and Downpour Rain
The result on Active Base Stations for Depth of the
Foliage (1~5) Meter and Heavy Rain is shown in Figure
24. According to downpour rain conditions, sixty-eight
base stations are switched on in one-meter foliage depth,
and sixty-eight base stations are switched on in five-meter
foliage depth. This result is shown in Figure 25. The com-
parison result of active base stations for light rain, heavy
rain, and downpour rain is shown in Figure 26.
6. Discussions And Conclusion
This study’s main contribution is to enhance the quan-
tity and base station locations for a geographical region.
The base station cannot be switched off if the received
SINR ratio is less than the SINR threshold value and if
not, these nodes are said to be active base stations. First-
ly, the base station planning process is tested in the free
space path loss condition. In the -4km × 4km coverage
area, the numbers of 9 micro base stations are fixed loca-
tions, and the numbers of 20 mobile stations are deployed
the random locations. The first iteration result is the five
life nodes covering the 20 mobile stations after running
the simulation. The second iteration result is the five life
nodes that covered the 20 mobile stations. The tenth it-
eration result is the five life nodes which covered the 20
mobile stations. The simulation tests the same coverage
area; the number of 9 micro base stations and 20 mobile
stations are randomly deployed in that coverage area. Af-
ter running the simulation, the first iteration result is the
four active base stations covering the 20 mobile stations.
The second iteration result is the three base stations that
covered the 20 mobile stations. The tenth iteration result
is the four life nodes which covered the 20 mobile sta-
tions. In -15km × 15km coverage area, the numbers of 80
micro base stations are fixed locations, and the numbers
of 200 mobile stations are deployed the random locations.
Minimum fifty -one micro base stations can support to
200 mobile stations in this coverage area. Secondly, the
base station planning process is tested in the shadowing
effect, rain attenuation, and foliage losses condition stage.
Attenuation in rain conditions depends on the rain inten-
sity. If the rate of rain intensity increases, the rain atten-
uation will increase. And then, the foliage losses depend
on the depth of the foliage. The number of fifty-six base
stations covered the 200 mobile stations in -15km × 15km
in light rain. In downpour rain, the numbers of sixty-eight
base stations covered the 200 mobile stations within the
geographical area. Radio network planning was accom-
plished in the impending 5G mobile networks framework
to enhance base stations’ quantity and positions within
the geographical area. Planning was done using the mil-
limeter-wave carrier frequencies that compromise higher

15
transmission capability because of the great bandwidth
associated with the contemporary frequency bands. In the
first part of the base station planning process, the mini-
mum number of base stations is considered in free space
loss conditions. In the second part base station planning
process, the minimum number of base stations is consid-
ered in loss condition (rain attenuation and foliage losses).
According to the loss condition, the numbers of base sta-
tions are more switched on to cover the subscribers within
the downpour rain network than the light rain condition.
The numbers of base stations in free space loss condition
make more planning process optimized and minimized
than the loss condition. Minimizing the base stations on/
off switching can reduce the energy expenditure, reduce
cell overlap, and reduce cost.
Acknowledgments
The author thanks Prof. Dr. Nandana Rajatheva of Cen-
tre for Wireless Communication at the University of Oulu
in Finland, Prof. Dr. Madhusanka Liyanage of University
College Dublin in Ireland, and Prof. Dr. Pradeep Chathu-
ranga Weeraddana of the University of Moratuwa in Sri
Lanka for giving the research idea to complete this work.
This work is the original outcome of the NOKIA Technol-
ogy Center under the Department of Electronic Engineer-
ing of Yangon Technological University.
References
[1] E. Hossain, M. Rasti, H. Tabassum, and A. Ab-
delnasser. Evolution toward 5G multi-tier cellular
wireless networks: An interference management
perspective. IEEE Wireless Commun, 2014, 21(3):
118-127[Online].
[2] C.-X. Wang et al. Cellular architecture and key tech-
nologies for 5G wireless communication networks.
IEEE Commun. Mag, 2014, 52(2): 122-130[Online].
[3] T. Carpenter, M. Eiger, D, Shallcross, P. Seymour.
Node Placement and Sizing for Copper Broadband
Access Networks. Annals of Operations Research,
2001, 106(1-4): 199-228[Online] .
[4] L.F.I brahim. Using Clustering and Ant-Colony Al-
gorithms CWSP-PAM-ANT in Network Planning.
International Conference on Digital Telecommunica-
tions. ICDT06, 2006: 63-67[Online].
[5] K. F. Poon, A. Conway, G. Wardrop, J. Mellis. Suc-
cessful Application of Genetic Algorithms to Net-
work Design and Planning. B.T. Technology Journal,
2000, 18(4): 32-41[Online].
[6] E. Amaldi, A Capone, M. Cesana, F. Malucelli. Opti-
mization Models for the Radio Planning of Wireless
Mesh Networks. LNCS 4479, 2007: 287-298[On-
line].
[7] J. Zhang, J. Yang, M. E. Aydin, J. Y. Wu. Mathemat-
ical Modelling and Comparisons of Four Heuristic
Optimization algorithms for WCDMA Radio Net-
work Planning. International Conference on Trans-
parent Optical Networks, 2006, 3: 253-257[Online].
[8] J. Liu, K. P. Worrall. Theory and practice in 3G net-
work planning. Third International Conference on
(Conf. Publ. No.489) 3G Mobile Communication
Technologies, 2002: 74-80. [Online].
[9] A. M. Kurien, B. J. Van Wyk, L. W. Snyman. An
environment-based network planning tool. 12th
Inter-
national Symposium on Electron Devices for Micro-
wave and Optoelectronic Applications. EDMO 2004:
96-101[Online].
[10] Sujan Shrestha, Dong-You Choi. Rain attenuation
statistics over millimeter-wave bands in South Korea.
Journal of Atmospheric and Solar-Terrestrial Physics,
2017, 152-153: 1-10.
[11] Sebin Sabu, Abhiram D. Effect of rainfall on cellular
signal strength: A study on the variation of RSSI at
the user end of the smartphone during rainfall. 2017
IEEE Region 10 Symposium (TENSYMP), Technol-
ogies for Smart Cities, Kochi, 2017.
[12] Sunil Joshi, Sandeep Sancheti. Foliage Loss Mea-
surements of Tropical Trees at 35GHz, International
Conference on Microwave-08, 2008.

16
ARTICLE
Secure Remote Access IPSEC Virtual Private Network to University
Network System
Gajendra Sharma*
Department of Computer Science & Engineering, Kathmandu University, Dhulikhel, Kavre
Article history
Accepted: 19 January 2021
With the popularity of the Internet and improvement of information
technology, digital information sharing increasingly becomes the trend.
More and More universities pay attention to the digital campus, and the
construction of digital library has become the focus of digital campus. A set
of manageable, authenticated and secure solutions are needed for remote
access to make the campus network be a transit point for the outside users.
Remote Access IPSEC Virtual Private Network gives the solution of remote
access to e-library resources, networks resources and so on very safely
through a public network. It establishes a safe and stable tunnel which
encrypts the data passing through it with robust secured algorithms. It is to
establish a virtual private network in Internet, so that the two long-distance
network users can transmit data to each other in a dedicated network
channel. Using this technology, multi-network campus can communicate
securely in the unreliable public internet.
Keywords:
IPSEC
VPN
Network
Communication
Data
Encryption
Integrity authentication
Remote access
University
Security
Server
Client
Peer
1. Introduction
With the wide availability of public connection like
Internet, most universities are willing to provide their stu-
dents and staff member access to centrally located servers
and database remotely. In more specific cases, instructors
are willing to perform and guide lab activities remotely.
However, the use of internet increases network security
threats and challenges. Due to these reasons, campus and
departments under the universities implement a mecha-
nism that uses encryption and tunneling protocols to make
the communication between the central site (university)
and remote clients (students or staff members) secure.
This secure mechanism in general, is termed as Virtual
Private Network or in short VPN. A VPN is an IP based
model that makes use of encryption algorithms and tun-
Gajendra Sharma,
Department of Computer Science & Engineering, Kathmandu University, Dhulikhel, Kavre;
Email: gajendra.sharma@ku.edu.np

17
neling protocols and the entire connection can be a viewed
as a secure pipe carrying encapsulated data over public
network like internet [1]
.
The first and the easiest decision for every organization
is to implement VPN for remote communication, however,
there are several queries that needs to be addressed before
its deployment. It needs to be understood on how many
ways VPNs can be implemented and which one should be
chosen depending on the requirements. An IPSEC provides
permanent and always-on VPN access requirement [2]
. It
provides full access to all network devices, servers and
other resources located on central site.
Internet Protocol Security provides secured commu-
nication between network-network, host-host, and net-
work-host by authenticating and encrypting each IP pack-
et of a communication session [3]
. It uses the cryptographic
keys to negotiate and protect communications over IP net-
works. It supports authentication, data integrity, data con-
fidentiality [4]
. People are still unaware of internet threats
due to lack of sufficient knowledge in this technology of
secured protocol IPSEC VPN.
Mainly, there are two types of IPSEC VPNs; Site-to-
Site IPSEC VPN and Remote access IPSEC VPN. These
two types of VPN can be utilized on the basis of require-
ments. The name of Site-to-Site VPN itself indicates the
implementation of VPN between one site to another site.
It is mostly used in those companies which have different
branches situated in different location. An example of it
can be a real life implementation of banking networks be-
tween head office to its branch offices. Similarly, Remote
access IPSEC Virtual Private network is another VPN
type which can be used when company resources need to
be accessed anywhere and anytime.
1.1 Research Objective
The following are the main objectives of this study:
(1) Implementing RAIVPN by creating LAB environ-
ment in Packet Tracer or GNS3
(2) Provide remote access to only authorized personnel
to various Networking devices located within the periph-
ery of University
(3) Mitigating the overhead of sharing files and confi-
dential data using the internet from both sides by provid-
ing remote access to remote users
1.2 Research Questions
Based on literature review and the present scenario of
secured connection deployment in an organization to ac-
cess the resources remotely and securely in Nepal and the
current requirement to enhance the system.
(1) What will be the cost and benefits in the deploy-
ment of this technology in comparison to older system?
(2) Will this system deliver robust secured connectivity
to remote users?
(3) What type of security algorithms will this system
use for the encryption of entire IP Packets?
2. Literature Review
2.1 Evolution of Private Networks
Before the emergence and popularity, virtual private
networks have gained as a secure and cheaper medium
for sensitive information to be accessed and transmitted
between two or more corporate network over a public net-
work such as the internet, other network technologies have
been innovated and used to connect within business sites
and across to other sites that are miles away from each
other [5]
. The analog phone lines were permanently wired
to the sites and were specially selected lines (called con-
ditional lines) that were specifically built for full time use
by companies; these lines are different from regular phone
lines. This technology ensured full bandwidth and privacy
but this came at a great cost, i.e. payment is expected for
the full bandwidth even if the line was used or not. It is a
Virtual Connection (VC) form of WAN packet switching
which logically separates data streams. With this function,
the service provider is able to send as many point-to-point
VCs across a switch network infrastructure, depending
each endpoints have a device that facilitates communica-
tion in the site. The components for setting up this kind
of technologies involved the use of customer IP routers
(customer premise equipment, or CPE) interconnected in
a partial or full mesh of frame relay or ATM VCs to other
CPE devices, in other words less equipment are needed
for its set up.
With the advent of the internet and its wide use in ev-
eryday transaction, businesses have adopted the technolo-
gy for transmitting and accessing data across various sites
by implementing a VPN connection, which is relatively
cheap, flexible and scalable, between both sites in order
to secure the data that are sent across the insecure internet
from being tampered by unauthorized persons.
The use of public telecommunication infrastructure to
provide secure communication between members of cer-
tain groups (like company headquarters and its branches),
maintaining privacy by the use of tunneling protocols and
security procedures instead of dedicated physical con-
nection, is known as Virtual Private Network or in short,
VPN [1]
.
A VPN gateway which can be a router, VPN Concentra-
tor or other Security Appliance is used to encapsulate and

18
encrypt all outbound traffic over the VPN tunnel through
the internet to the VPN gateway at the remote target site.
Once the remote VPN gateway receives the TCP/IP traf-
fic, it strips the header, decrypts the packets and relays it to
the destined hosts in its network [6]
. Before the introduc-
tion of IPSEC, there were widespread problems with IP
address spoofing and data integrity, authenticating and
guaranteeing confidentiality of information. IPSEC is
generally considered a “means by which to ensure the
authenticity, integrity, and confidentiality of data at the
network layer of the Open System Interconnection (OSI)
model. In other words the IPSEC protocol was developed
to ensure that users could communicate more securely over
the internet [7]
.
2.2 Authentication, Authorization, and Account-
ing (AAA)
Limitations with passwords remain the simplest form
of authentication. Cisco devices can be limited using a
login name and password on console, vty and aux ports.
However, these are considered as least secure means of
security. Password only logins are considered even more
vulnerable to brute-force attacks, an attack which involves
the entry of all possible combination of password in order
to find the correct one [6]
.
2.3 Internet Protocol Security (IPSEC)
IPSEC is the framework of open standards for a set of
Internet Protocols (IP) responsible for secure communi-
cation. It relies on existing algorithms to implement the
encryption, authentication and key exchange [8]
. Cisco has
been the leader in proposing and implementing IPSEC as
a standard (or set of standards and technologies) for Re-
mote Access VPNs [9]
.
Authentication Header (AH)
AH is also known as IP protocol 51 and is implemented
when confidentiality is not required or permitted. It pro-
vides authentication for as much of the IP header as pos-
sible, as well as for upper level protocol data. But some
IP header fields may change in the transit and the value
of these fields may not be predictable by the sender. Such
values of the fields cannot be protected by AH. Thus, the
protection provided by AH is only partial in many cases.
AH can be implemented alone or in combination with En-
capsulating Security Payload (ESP) [9]
.
2.4 The IPSEC Framework
IPSEC works at the Network layer, and is responsible
for protecting and authenticating the IP packets between
participating IPSEC devices (peers). Earlier, security mea-
sures were implemented on Layer 7 of the communication
model. IPSEC can protect virtually all application traffic
because protection can be implemented from Layer 4
through Layer 7. IPSEC is especially used to implement
Virtual Private Networks and for remote user access. One
of the big advantages of IPSEC is that, security arrange-
ment can be handled without the requirements of much
hardware and software in remote user PCs.
(1) Confidentiality
Confidentiality is achieved using different encryption
algorithms. The degree of security depends upon the
length of the key of the encryption algorithm used. The
following are some encryption algorithms and key lengths
that VPNs use [10]
.
(2) Asymmetric Encryption
It is used when private keys are used to decrypt data,
while public keys are used to encrypt data. First public
keys, which are mathematically similar to the private
keys, are exchanged. These public keys are used to encrypt
data which is sent to the individual. The individual may
then use their private key to decrypt the data. This form of
encryption is considered more secure [7]
.
(3) Security Key Exchange
Any method in cryptography, by which cryptographic
keys are exchanged between users allowing the use of
cryptographic algorithm, is known as Secure Key Ex-
change method. The Diffie-Hellman (DH) algorithms is
one of the cryptographic algorithms used to provide public
key exchange method for two peers to establish a shared
secret key that only they know even if they are commu-
nicating over an insecure channel (Microsoft TechNet,
n.d.). To put simply, DH is typically not used to encrypt
data, but in VPN implementations, they are used to share
keying information securely, such as DES, 3DES, AES,
SHA, MD5 and other symmetric keys as described above
in this section, across an insecure public network, like the
internet. Figure 2.5-1 describes how DH algorithm works.
It uses six distinct steps to share symmetric keys across an
insecure network [11]
.
2.5 Internet Security Association and Key Man-
agement Protocol (ISAKMP)
Internet Security Association and Key Management
Protocol (ISAKMP), protocol defines the procedures for
authenticating a communicating peer, creation and man-
agement of Security Associations (SAs), key generation

19
techniques, and threats mitigations [12]
. It defines proce-
dures and packet formats to establish, negotiate, modify
and delete security association. It also defines payloads
for exchanging key generation and authentication data.
These formats provide a consistent framework for trans-
ferring key and authentication data which is independent
of the key generation technique, encryption algorithm and
authentication mechanism. ISAKMP typically utilizes
Internet Key exchange (IKE) for key exchange [13]
. Se-
curity Association and Internet Key exchange are briefly
described in the following sub-section.
2.6 Transform Sets
A combination of individual IPSEC transforms de-
signed to enact a specific policy for traffic is known as
transform set. The peers of VPN use particular transform
set for protecting a particular data flow during the ISAK-
MP IPSEC SA negotiation that occur in IKE process.
Transform set consists of combination of AH transform,
an ESP transform and the IPSEC mode (either transport or
tunnel). The IPSEC SA negotiation uses the transform set
that is defined in the crypto map entry to protect the data
flows that are specified by Access lists of that crypto map
entry. The command that invokes crypto-transform con-
figuration mode is [6]
:
Standard Access Lists
Standard Access Lists range from 1 to 99. They allow
or deny traffic from specific IP addresses (i.e. based on
source). These are used to filter traffic based solely on lay-
er 3 source of information [6]
.
2.7 Firewall
A system or a group of systems that enforces an access
control policy between networks is known as a Firewall.
A Firewall can be implemented in different ways but all
firewalls have some common properties. For example:
(1) A firewall must provide resistance to attacks
(2) It must be the only transit point between the net-
works i.e. all traffic must flow through the firewall
(3) A firewall should enforce the access control policy
Split tunneling also has a major disadvantage if im-
plemented, the VPN will be vulnerable to attacks as it be
accessible over public network i.e. (Internet) through the
same endpoint device [14]
.
Dhall et al. [15]
have proposed a working principle
implementation of IPSEC in various network devices
(hosts and routers). Their research was focused on AH
implemented and ESP implemented data packets. When
comparing the time difference with AH implemented and
without AH implemented data packet for variable number
of nodes, compared to a lower number of total nodes (3-
11) versus higher number of nodes (11-15), time difference
when delivering the packets differs considerably; but for
the extra time, all users in the network can get authentica-
tion service for all data packets in ad-hoc network. When
comparing the time difference with ESP implemented and
without ESP implemented data packets, the time differ-
ence varies slightly. Their findings showed compared to
AH, ESP has more timing overhead and the time difference
between ESP implemented packets is higher than AH im-
plemented packets. However, the service provided with
ESP implemented packets is more than AH implemented
packets.
Qu et al. [16]
have presented the results of the sub-proj-
ect within the Secure Active VPN Environment (SAVE)
project conducted at Dalhousie University. The principal
objective of the paper is to avail the design and imple-
mentation of a secure wireless LAN based on the IPSEC
VPN tunneling protocol and explore its performance to
render inherently vulnerable wireless communication
more secure, VPN technology was used in this project. An
IPSEC-compliant VPN was constructed and the traffic
between the wireless node and the IPSEC gateway was
protected in the IPSEC tunnel. PGP certification, an in-
stance of the PKI referral method, was used to provide a
strong binding between the public key and its attributes so
the receiver could verify that the sender was as claimed to
be without asking the sender. For the completeness of this
solution, the relationship of a packet filter firewall and an
IPSEC gateway was deployed on the basis of FreeSiWAN
and IPCHAINS on the Linux operating system with ker-
nel 2.2.x. The whole system made the wireless communi-
cation effectively secure.
Sun [17]
deliberated the comparison analysis between
IPSEC & SSL VPN from the aspects of benefits, working
layers, security, access control and deployment. Analysis
has indicated some pros of SSL VPN in security, flexibil-
ity, and cost reduction which have become the reasons
of selection of it as the remote access way in HengShui
University. On the other hand, the differences between ac-
cess-control, working layers and encryption from client’s
web browser to the web server behind the VPN server, no
need of VPN client software, and deployment of IPSEC
and SSL VPN has been shown the best approach with re-
spect to SSL VPN.
Apart from positive aspects of IPSEC VPN, this paper
has concluded in the favor of easy working process by
SSL VPN for remote access. It has been shown that SSL
VPN has become better option for remote access while
IPSEC VPN has become well suited for site-to- site VPN.

20
Lee et al. [18]
have stated the secured connectivity to
corporate networks for IPV6 mobile users remotely and
securely through the means of IPSEC VPN under the con-
sideration of near future. They have proposed the efficient
communication procedure by considering two cases for
mobile user’s VPN access. One case is for the internal
home agent that exists in VPN domain and the other is the
case for external home agent which is away from VPN do-
main.
The paper approached that the communication packets
within the private network doesn’t need to be protected as
VPN tunnel cares for it and the communication packets
which is not in the private network needs to be protected
by establishing IPSEC tunnel. Finally, it has made the
conclusion on efficient communication with mobile nodes
and VPN gateway by the use of IKEv2 initial exchange
and IKEv2 informational exchange.
Kim et al. [19]
have addressed the problem of disruptions
to applications due to IPSEC tunnel re-establishment
during the mobility of MobileIP and so made some gener-
al modifications in an IPsec implementation without com-
promising its security parameters.
They have experimentally shown by removing the
dependence of identifying a Security Association on the
outerheader destination address so that the same security
parameters can be used even in the new network. Two new
private messages are added to ISAKMP to enable the re-
quired signaling to update new tunnel endpoint addresses.
Routing Table of new mobile host has been updated for
existing IPsec tunnels which need to be sent through a
new network.
Removing the dependency of tunnel destination ad-
dress for locating SA without affecting the normal IPsec
operations, and adding two messages to ISAKMP to com-
municate the address changes of mobile hosts, prompting
proper updates to Security Associations Database (SAD)
have been presented to mitigate the issues of interruptions
in network applications for MobileIP.
Lakbabi et al. [20]
presented the differences between
protocols strengths and weaknesses from a security and
management perspective of IPSEC and SSL VPN technol-
ogies. They have briefed the general overview of all the
layer 2 VPN technologies which have got no encryption
mechanism, and so, IPSEC and SSL VPN has been the
topic of discussion in this paper. Some weakness and
issues of IPSEC that has been mentioned are dynamic ad-
dressing,
NAT/PAT, opened ports of 50(ESP), 51(AH), and
500(ISAKMP) for IPSEC needed to be allowed in com-
parison to only 443(HTTPS) for SSL, tunnel establishment
of N(N-1)/2 tunnels with N sites, flexible and granular
access control to network resources.
SSL VPN is strong security protocol from the aspects
of security, mobility, and management in comparison to
IPSEC VPN presented in this paper has made the decision
to go ahead for SSL VPN in future.
It has been revealed that IPSEC VPN even though the
greater solution for security has become resource intensive
and cost prohibitive such as requirement of client-side
software, public key infrastructure deployment, technical
complexity, and more infrastructure overhead when de-
ployed across large enterprise.
It has been indicated that even though IPSEC has got
several issues in comparison to SSL VPN, it is a solution
to large problems as it can be deployed incrementally,
ability of dictating the requirement of current antivirus and
firewall software and to ensure the operating systems are
patched virtually eliminating the risk of malicious intent,
and the requirements of VPN client software reducing the
risk of security breach.
3. Methodology
3.1 System Overview
Since there is a lack of system in place which is capa-
ble of providing access to the resources for students, pro-
Figure 1. Remote Access IPSEC VPN

21
fessors, and staffs from universities to its affiliated colleges
of Nepal, a system design has been proposed regarding the
design and implementation of remote access IPSEC VPN
through the public network to access the resources secure-
ly and remotely.
This section is about the lab implementation of Remote
Access IPSEC VPN Server performed in Graphical Net-
work Simulator (GNS3) emulator emulated along with
the internet for the universities/colleges. This system has
been designed and built in GNS3 software connected with
Internet. The main scope of this research is to demonstrate
the access to the enterprise resources remotely and secure-
ly. Since it is needless to have physical lab setup for the
implementation of this system, it has utilized the GNS3
tool and Virtual Box.
This study mainly describes about providing network
access to Universities’ resources from outside network i.e.
internet securely. All the traffic before entering to inside
network is encrypted and encapsulated first at client side.
There after it is sent to VPN Server over the internet and
upon receipt, it decrypts the content and relays the packet
toward the target host inside its private network only when
the security parameters matches between VPN Server and
VPN Client. The main purpose of this demonstration is to
provide the access to universities stuff located inside the
server to only rightful personnel remotely and securely.
This Network System has been designed based on Lo-
cal Area Network (LAN) and Wide Area Network (WAN)
which means inside and outside network of a campus re-
spectively. In this system, Figure demonstrates Router R1
is playing a role of VPN Server which performs its job of
securing the access to inside network from undesirable
network traffic coming from outside network. It is also
acting as a DHCP Server which provide IP addresses to
VLAN_B dynamically.
R1 consists of 3 Fast Ethernet interfaces fa0/0, fa1/0,
fa2/0 in which one of its interface fa2/0 is further divid-
ed into two sub interfaces fa2/0.5 and fa2/0.10 which are
connected as two local area networks VLAN_A for the
campus servers and VLAN_B for other representatives
of a campus respectively whereas other two remaining
interface fa0/0 and fa1/0 are connected to internet and one
remote user respectively. In order to access the inside net-
work of a campus for users, they need to cooperate with
VPN Server first with correct security parameters. If it
corresponds to the configured parameters at R1 then only
authorized users and devices will get access to the private
networks.
3.2 System Specification
Deployment of this system needs the hardware and
software on the basis of minimum requirement of enter-
prise networks. VPN Routers and Switches can be taken
from other vendors too which is capable of supporting
RAIVPN. In order to make user friendly and ease of this
system installation and deployment, following network
devices and applications have been used for the configura-
tion of RAIVPN.
(1) VPN Server is a 7200 router (VXR) that runs Cisco
IOS Software Release 7200 Software (C7200-ADVIP-
SERVICESK9-M), Version 15.2(4)S5, RELEASE SOFT-
Figure 2. Remote Access IPSEC VPN System

22
WARE (fc1). Cisco Routers 800, 1700, 1800, 2800, 3600,
etc. are also supported by VPN Server with IOS release of
12.2 (9) T or later.
(2) Cisco Layer 2/3 Switch for configuring LAN net-
works
(3) Cisco Configuration Professional (CCP) v 2.6
It is Graphical User interface based application to login
and configure the routers. Command Line Interface (CLI)
can also be used to access the routers through:
(1) Putty (for both console and telnet)
(2) Secure CRT (for both console and telnet)
(3) Hyperterminal (forconsole)
To run Cisco CP, a router configuration must meet the
requirements shown in Table 1.
(1) Cisco VPN Client Software
(2) Web Browser, Java Runtime Environment (JRE),
and Flash Player
(3) Several Web browsers are supported by CCP
Internet Explorer 6.0 and later versions
(4) The following JRE is supported by CCP
Java version “1.6.0_11”
JRE Settings for Cisco CP
It is a network emulation software which is used to
design and build the networks without the requirement of
hardware. It runs the operating system (OS) of network-
ing hardware from multiple vendors which supports in
emulating the real behavior of real network and is free
as well. It can be connected with real network too which
means the networking devices configured on the GNS3
can connect with Internet. The version of this tool is 1.3.11.
Following
are some minimum requirements to install this software
in PC.
Table 2. PC Requirements to Install GNS3
OS
Windows 7 (32/64 bit) and later, Mavericks (10.9)
and later, Any Linux Distro - Debian/Ubuntu
Processor Core 2 Duo and later release
Memory 2 GB RAM
Storage
1 GB available space for installation and store
networking hardware’s OS
(5) PC System Requirements
Table lists the system requirements for a PC running
Table 1. Prerequisite Commands to Configure VPN
Feature Requirement Configuration Example
Secure access SSH and HTTPS
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Router(config)# line vty 0 15
Router(config)# login local
Router(config-line)# transport input ssh
Router(config-line)# transport output ssh
Non- Secure access Telnet and HTTP
Router(config)# ip http server
Router(config)# ip http authentication local
Router(config)# line vty 0 15
Router(config)# login local
Router(config-line)# transport input telnet
Router(config-line)# transport output telnet
User privilege level 15 Router(config)# username admin privilege 15 secret 0 admin

23
Cisco CP
3.3 IPAddressing
In this network topology, Internet Protocol (IP) Ad-
dressing has been distributed statically and dynamically
to LAN and WAN networks. Table shows the IPAddresses
assigned to router, host PCs, and Internet Cloud.
Table 4. IP Address assignment to Router R1
IP DISTRIBUTION_R1
LAN Interface (Inside) WAN Interface (Outside)
Fa 2/0.5 Fa 2/0.10 Fa 0/0 Fa 1/0
192.168.1.254
/24
192.168.2.254
/24
192.168.100.254
/24
10.10.10.254
/24
Table 5. IP Address assignment to host PCs
IP DISTRIBUTION_
LANs
LAN_A
(SW 1)
PC 1 192.168.1.5/24
PC 2 192.168.1.10/24
PC 3 192.168.1.15/24
LAN_B
(SW 2)
PC 4 DHCP
PC 5 DHCP
Table 6. IP Address assignment to LAN and VBOX PC
IP
DISTRIBUTION_WANs
WAN_A (LAN
192.168.100.11/24
(DHCP)
Adapter) GW: 192.168.100.1
10.10.10.1/24
WAN_B (VirtualBox_
(DHCP)
192.168.56.1)
GW: 10.0.2.1
Dynamic NAT with overload for single public IP ad-
dress has been implemented on the VPN router in order
to minimize the cost by utilizing only single public IP ad-
dress Internet connection to the LAN hosts. The following
table shows the NAT configuration done in VPN Server
R1.
The following table illustrates the IP address transla-
tions after a host 192.168.2.1 reaches www.google.com.
If we observe the Internet Control Message Pro-
tocol (ICMP) from the table above, the inside global
address of the host that just issue a ping command, is
192.168.100.254. This is the IP address to which the out-
side network is addressing the particular inside host, even
though its exact IP address is the inside local 192.168.2.1.
Table 3. PC requirements for Cisco CP
System Component Requirement
Processor 2 GHz processor or faster
Random Access
Memory
1 GB DRAM minimum; 2 GB recommended
Hard disk available
memory
400 MB
Operating System
Any of the following:
(1) Microsoft Windows 7-32 and 64 bit
(2) Microsoft Windows Vista Business Edition
(3) Microsoft Windows Vista Ultimate Edition
(4) Microsoft Windows XP with Service Pack 3-32 bit
(5) Mac OSX 10.5.6 running Windows XP using VMWare 2.0
Screen Resolution 1024 X 768

24
All the hosts are in this way provided access to the internet
using one public IP address 192.168.100.254.
3.4 System Verification
This section presents the verification of different prop-
erties of IPSEC VPN Server for the proposed system. It
has been further divided into two sub categories to verify
the secured network connectivity established from the
clients to the VPN server through VPN tunnel. The ver-
ification of this system has been done from two sides of
this system which are server and client side. The demon-
stration of this system verification has been presented
after one of the client has been able to connect to the VPN
Server and sending and receiving the network packets
through VPN Tunnel successfully.
3.5 VPN Server
In the above figure, the responsibility of VPN server is
playing by Cisco router named asVPN server. It is con-
nected to one switch which has been distributed to two
LANs. One is at the network of 192.168.1.0/24 whereas
other is at 192.168.2.0/24. Since the servers of enterprises
have to be secured, they have been separated from other
networks. It is connected to the Internet through Fa0/0
interface. All the PCs in inside networks has access to the
Internet even servers too. The main scope of this section
is to show the secured connection established by remote
users through VPN tunnel.
Following figure represents the VPN connection be-
tween VPN server and Remote client.
Figure 4. VPN Tunnel Connectivity between VPN Server
and Remote Client
3.5.1 IPSEC UserAuthentication,Accounting, and
Authorization (AAA)
Before going to look after IPSEC VPN establishment,
it needs to define authentication credentialsfor the remote
users who are associated with the company. It has defined
two users who are Ram as a student and John as a profes-
sor who has been associated with two group student and
professor respectively. Below table depicts the authentica-
tion credentials configured for remote user Ram and John
on VPN server.
Table 7. Output of NAT Translations
SERVER#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 192.168.100.254:4501 192.168.2.1:14503 192.168.100.1:53 192.168.100.1:53
icmp 192.168.100.254:1024 192.168.2.1:17169 202.166.193.159:17169 202.166.193.159:1024
icmp 192.168.100.254:1025 192.168.2.1:17425 202.166.193.159:17425 202.166.193.159:1025
icmp 192.168.100.254:1026 192.168.2.1:17937 202.166.193.159:17937 202.166.193.159:1026
icmp 192.168.100.254:1027 192.168.2.1:18193 202.166.193.159:18193 202.166.193.159:1027
icmp 192.168.100.254:1028 192.168.2.1:18449 202.166.193.159:18449 202.166.193.159:1028

25
Table 8. Username and Password Configuration in CLI
mode
EZVPN_SERVER#sh run | s username
username ram@student privilege 15 secret
5 $1$aHpU$lcOW3C6ITBIYDEmhsaJhg/
username john@professor privilege 15 secret 5
$1$pfMe$nOk54rtQq35iGDk5j4rJt1
To hide the password, the password set for users has
been encrypted.
3.5.2 Peer Establishment Verification
It is to show that remote user has established VPN con-
nectivity by negotiating the security associations with
VPN server. The two figures mentioned below illustrates
that the remote peer 10.10.10.1 has successfully connected
to VPN server through VPN tunnel and the two commands
verify the currently established VPN tunnel from a remote
peer.
Show crypto isakmp sa
It shows the current Internet Security Association Key
Management Protocol (ISAKMP) Security Associations
(SAs) built between peers. In this figure, the output simply
tells that an IPSEC tunnel has been successfully created
between 192.168.100.254 as the source tunnel point and
destination 10.10.10.1 as tunnel end point. The state QM_
IDLE states that the tunnel is up and the IKE SA key ex-
change is successful and is now actively ready to transfer
the data through the tunnel.
4. Discussion
In this section, the discussions has been carried out in
the analysis of secure remote access IPSEC VPN during
the implementation of it in GNS3 emulator. It also argues
on the problems and limitations in the designed system.
This network system has been designed in one laptop
machine where an emulator GNS3, CCP has been in-
stalled. This system has been designed based on the real
time network in enterprises analogy. Here, the enterprise
networks has been designed in GNS3 which works with
LAN adapter connected to the Internet through the laptop
machine. Two remote users have been assigned to connect
to the VPN server one from virtual PC where it has its
operating system in Virtual Box and other is from another
laptop which is connected to the same Internet.
4.1 Summary of Results/Findings
A secured system has been developed on the basis of
deploying secured network system to the existing network
infrastructure of the Universities/Colleges and Enterprises.
This system has been realized in GNS3 emulator for the
instance with three servers in one private network and
others in another private network for professors, students,
and IT admins. It is built with additional security to the
existing trends of network system in Institutional Organi-
zation. The developed system is analogous to the current
network system of Universities. Considering GNS3 sys-
tem as the network system of Universities, the edge router
is the VPN server which is directly connected to the Inter-
net and two remote users, professor and student are con-
nected to the same Internet. It means that, with no VPN
connection, any user whether the users from within the
University or outside only has access to visit the website
of University. Access to the file server and email server
is restricted to anyone, except the IT admin for the pur-
pose of security. For remote users to access the file server
through the Internet, they must have VPN user credentials
which should be matched with VPN server to establish
VPN tunnel. Following results have been carried out after
the establishment of IPSEC tunnel successfully:
(1) Remote User “Professor” has access to the file serv-
er only and at the same time they have been provided ac-
cess to the Internet as well. All the traffic except the Inter-
net that is destined for file server will be traversed through
the VPN tunnel.
(2) Remote User “Student” doesn’t have access to the
Internet and other servers except to the file server during
the data traffic flow via VPN tunnel because of various se-
curity risks in order to secure the system from Trojans and
other viruses.
(3) The Network throughput is slightly lower for tun-
neled traffic in comparison to non-tunneled traffic due to
the overheads of encryption but not much variations was
faced in the speed of data flow.
(4) Three virtual PCs have been deliberated as real serv-
ers for the system and access verification has been realized
through ICMP reachability, which performed successfully
after the VPN connection.
(5) Finally, it has been concluded that user professor
who has access to the Internet, and student that doesn’t
have Internet connection during the VPN connection are
able to connect to the VPN server and File server remote-
ly and securely successfully which is the main goal of this
research work.
4.2 Contributions
The main scope of this system development is to con-
tribute the secured remote access operations to enterprise
network system from anywhere/anytime for only the

26
associated members of that organizations. Following con-
tributions have been deliberated on the deployment of this
secured system:
(1) Everyone can access the organizational network
devices and server remotely and securely from anywhere/
anytime depending on whom the authority has been pro-
vided in comparison to the current unsecured network
system of Universities and Colleges
(2) It is extremely strong in security for which no one
has to hesitate in deploying this system
(3) System Administrators can manage the internal sys-
tem from anywhere/anytime
(4) Professors can assign the class activities, upload the
assignments, evaluate the performance of students from
home Internet
(5) Students who will be unable to show their presence
in the class due to the personal problems can study, re-
motely access to the assignments and lab activities of that
day from anywhere/anytime securely
(6) It offers no such vulnerabilities and risk factors
from the outside attacks like man-in-the-middle attack,
DoS attack if configured properly with correct security
attributes
4.3 Limitations
(1) It is required to have Cisco IOS software release
12.3 (11) T or later
(2) It needs VPN client software at remote users PC to
authenticate and pass the security attributes to them
(3) Cisco Easy VPN IPSEC server works only for
Cisco IOS Router, ASA, and PIX. It doesn’t work for the
devices from other vendors
(4) The issues with IPSEC VPN are implementation
issues, packet overhead, and processing overhead
(5) The encryption and decryption services on the hun-
dreds of megabytes of data flowing through the equip-
ment requires quite a bit of processing power and which
leads to higher processing loads
(6) It is time consuming for the system administrators
to configure individual and group access rules
(7) If it is lightly configured, meaning if no valid certifi-
cates are used, then it poses a huge security risk
5. Conclusion and Future Work
Remote Access IPSEC VPN allows remote users in
different locations to establish secure connections with
universities network. These users can access the secure
resources on that network as if they were directly plugged
into the network’s servers. In the University, students can
easily access the e-library resources, class notes, assign-
ments and so on very securely from their home. It miti-
gates the risk factors of sharing confidential information
between professors and students publically. It solves the
technical problem of knowledge sharing and resource
sharing, and really plays the library role in the sharing and
popularity of knowledge and resources in the whole soci-
ety.
Cisco Systems have provided customers with easy
to use software tools that assist system administrators.
Firewalls and VPN server configuration using Cisco CCP
tool is smooth and simple. Most essentially, remote client
configurations and setup is not much technical, so it can
be easily configured by general user once the required au-
thentication information is provided.
References
[1] Kajal, R., Saini, D., Grewal, K. Virtual Private Net-
work. International Journal of Advanced Research in
Computer Science and Software Engineering. 2012,
2(10), Retrieved from:
http://www.ijarcsse.com/docs/papers/10_Oc-
tober2012/Volume_2_issue_10_October2012/
V2I900209.pdf
[2] Sastry, A. IPSec VPN vs. SSL VPN: Comparing re-
spective VPN security risks. 2011. Retrieved from
TechTarget:
http://searchsecurity.techtarget.com/tip/IPSec-VPN-
vs-SSL-VPN-Comparing-respective-VPN-security-
risks
[3] Clayton, N., Pandya, H. M. VPN Over IPSEC. In
FreeBSD Handbook, 2016: 742. Retrieved from:
https://www.freebsd.org/doc/handbook/ipsec.html
[4] Kang, B., Balitanas, M. O. Vulnerabilities of VPN
using IPSec and Defensive Measures. International
Journal of Advanced Science and Technology, 2009,
8: 9-18.
[5] Ssycxz. Overview of VPN - Evolution of Private
Networks, 2016. Retrieved from:
http://ssycxz.kinja.com/overview-of-vpn-evolution-
of-private-networks-1763248734
[6] Cisco Systems. CCNA Security Course Booklet Ver-
sion 1.0. Indianapolis: Cisco Press, 2009.
[7] Powell, J. M. The Impact of Virtual Private Network
(VPN) on Acompany’s Network, 2010. Retrieved
from:
http://digitalcommons.usu.edu/cgi/viewcontent.
cgi?article=1056&context=honors
[8] Singh, Y., Chaba, Y., Rani, P. Integrating - VPN and
IDS - An approach to Networks Security. Internation-
al Journal of Computer Science and Security, 2007,
1(3): 1-13. Retrieved from:

27
http://www.cscjournals.org/
[9] Rouse, M. IPsec (Internet Protocol Security), 2010.
Retrieved from TechTarget:
http://searchmidmarketsecurity.techtarget.com/defi-
nition/IPsec
[10] Rehman, M. H. Design and Implementation of Mo-
bility for Virtual Private Network Users. Global Jour-
nal of Computer Science and Technology Network,
Web & Security, 2013, 13(9): 34-39. Retrieved from:
https://globaljournals.org
[11] Deal, R. Key Exchange. Retrieved from The Com-
plete Cisco VPN Configuration Guide, 2005:
h t t p : / / w w w. f e n g n e t . c o m / b o o k / v p n c o n f /
ch02lev1sec4.html
[12] VelMurugan. What is ISAKMP, 2008. Retrieved
from:
h t t p : / / d i s c u s s . i t a c u m e n s . c o m / i n d e x .
php?topic=32692.0
[13] Maughan, D. Internet Security Association and Key
Management Protocol (ISAKMP), 1998. Retrieved
from:
https://tools.ietf.org/html/rfc2408
[14] Oliver, P. G. Making Sense of Split Tunneling. Re-
trieved from Infosec ISLAND, 2013:
http://www.infosecisland.com/blogview/22859-Mak-
ing-Sense-of-Split- Tunneling-.html
[15] Dhall, Batra, Rani, a. Implementation of ipsec pro-
tocol. 2012 Second International Conference on Ad-
vanced Computing & Communication Technologies,
2012: 176-181.
Rohtak: IEEE. DOI: 10.1109/ACCT.2012.64
[16] Qu, W., Srinivas, S. IPSec-based secure wireless vir-
tual private network. MILCOM 2002. Proceedings,
2002, 2, 1107-1112.
DOI: 10.1109/MILCOM.2002.1179632
[17] Sun, S. H. The Advantages and the Implementation
of SSL VPN. 2011 IEEE 2nd International Confer-
ence on Software Engineering and Service Science.
Beijing: IEEE, 2011: 548- 551.
DOI: 10.1109/ICSESS.2011.5982375
[18] Lee, H., Nah, J., Jung, K. The Remote Access to IP-
sec-VPN Gateway over. The 7th International Con-
ference on Advanced Communication Technology,
2005: 567- 569. Taejeon: IEEE.
DOI: 10.1109/ICACT.2005.245934
[19] Kim, B.-J., Srinivasan, S. Simple Mobility Support
for IPsec Tunnel Mode. 2003, 3: 1999-2003.
DOI: 10.1109/VETECF.2003.1285375
[20] Lakbabi, A., Orhanou, G., Hajji, S. E. VPN IPSEC
& SSL Technology. 2012 Next Generation Networks
and Services NGNS. Agdal: IEEE, 2012: 202-208 .
DOI: 10.1109/NGNS.2012.6656108

28
ARTICLE
A Dynamic Steganography Method for Web Images with Average Run-
Length-Coding
Jin Liu*
Yiwen Zhang
College of Computer Science and Technology, National Huaqiao University, Xiamen, 361000, China
Article history
Accepted: 28 January 2021
Web page has many redundancies, especially the dynamic html multimedia
object. This paper proposes a novel method to employ the commonly used
image elements on web pages. Due to the various types of image format
and complexity of image contents and their position information, secret
message bits could be coded to embed in these complex redundancies.
Together with a specific covering code called average run-length-coding,
the embedding efficiency could be reduced to a low level and the resulting
capacity outperforms traditional content-based image steganography, which
modifies the image data itself and causes a real image quality degradation.
Our experiment result demonstrates that the proposed method has limited
processing latency and high embedding capacity. What’s more, this method
has a low algorithm complexity and less image quality distortion compared
with existing steganography methods.
Keywords:
Steganography
Web image
Covering codes
Run length coding
1. Introduction
Nowadays, flows through world wide web has domi-
nated the vast majority of the Internet bandwidth. Thus
new information redundancy could be explored from
various types of web widgets (e.g., dynamic images) and
complex code frames. Different from existing informa-
tion hiding methods, which can be roughly divided into
two categories. The first one mainly studies the tradition-
al overt carrying covers, always commonly used static
multimedia covers, such as static image [1]
, audio [2]
and
videos [3]
. While the other category employed the Internet
streaming media among which are voice over IP(VoIP),
video streaming and even various instant messages.
Among those traditional cover media for information
hiding, image is the mostly used and investigated, that’s
largely due to the variety and practicability feature of
the carrier. The existing steganography methods based
on image can be classified into two categories. The first
type takes advantages of the visual imperceptibility of
human vision, such as variant least significant bit (LSB)
methods [4]
. The LSB of image pixels are modified
according to specific embedding method for steganog-
raphy, which inevitably change the statistic features of
them. Differing from the first type which falls into a
space domain methods, the other type of image stegan-
ography mainly use the transform domain characteris-
tics, which transform the image data into a certain math-
ematic transformation [5]
. After that, some acceptable
feature parameters are selected to embed secret bits, then
the recovered images to be shown has a well-proportioned
modification on pixels, which conforms to human visual
Jin Liu,
College of Computer Science and Technology, National Huaqiao University, Xiamen, 361000, China;
Email: geneleo@hqu.edu.cn

Journal of Computer Science Research | Vol.3, Iss.1 January 2021

Journal of Computer Science Research | Vol.3, Iss.1 January 2021

Recommended

Recommended

More Related Content

Similar to Journal of Computer Science Research | Vol.3, Iss.1 January 2021

Similar to Journal of Computer Science Research | Vol.3, Iss.1 January 2021 (20)

More from Bilingual Publishing Group

More from Bilingual Publishing Group (20)

Recently uploaded

Recently uploaded (20)

Journal of Computer Science Research | Vol.3, Iss.1 January 2021