• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.109-113
• /
• 2007

With increasing the mont of processed information over the network, the importance of database system increases rapidly. There are two types of security system for database, access control and data encryption. However, it is hard to evaluate security of database systems using the Common Criteria(CC) as there is no protection profile(PP) for these systems. In this paper, we propose a protection profile for secure database systems which can be used in formal evaluation using the Common Criteria. The proposed protection profile can be used by both developer and consumer to evaluate security of database systems.

• Review of KIISC
• /
• v.19 no.5
• /
• pp.95-104
• /
• 2009

최근 대용량 데이터의 급속한 생성, 유통으로 인해 데이터 서비스 사용자가 증가하고 있다. 이때, 대용량 데이터를 분산 데이터베이스 시스템에 저장 관리하는 경우, 데이터에 대한 위협문제가 발생된다. 본 논문에서는 대용량 데이터를 암호화 하여 관리할 때 복호권한을 위임함으로써 보다 안전하게 데이터를 관리하는 Proxy Re-encryption 기법에 대해 검토한다.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.46-55
• /
• 2009

We study the problem of searching documents containing each of several keywords (conjunctive keyword search) over encrypted documents. A conjunctive keyword search protocol consists of three entities: a data supplier, a storage system such as database, and a user of storage system. A data supplier uploads encrypted documents on a storage system, and then a user of the storage system searches documents containing each of several keywords. Recently, many schemes on conjunctive keyword search have been suggested in various settings. However, the schemes require high computation cost for the data supplier or user storage. Moreover, up to now, their securities have been proved in the random oracle model. In this paper, we propose efficient conjunctive keyword search schemes over encrypted documents, for which security is proved without using random oracles. The storage of a user and the computational and communication costs of a data supplier in the proposed schemes are constant. The security of the scheme relies only on the hardness of the Decisional Bilinear Diffie-Hellman (DBDH) problem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.41-51
• /
• 2018

Format preserving encryption(FPE) performs encryption with preserving the size and format of plain-text. Therefore, it is possible to minimize the structural change of the database before and after the encryption. For example, when encrypting data such as credit card number or social security number, it is possible to maintain the existing database structure because FPE outputs the same form of cipher-text as plain-text. Currently, the National Institute of Standards and Technology (NIST) recommends FF1 and FF3 as standards for FPE. Recently, in Korea, FEA, which is a very efficient FPE algorithm, has been adopted as the standard of FPE. In this paper, we analyze FEA and measure the performance of FEA by optimizing it in various environments.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.13-20
• /
• 2023

This study conducted a digital forensic analysis of Signal and Telegram, two secure messengers widely used in the Android environment. As mobile messengers currently play an important role in daily life, data management and security within these apps have become very important issues. Signal and Telegram, among others, are secure messengers that are highly reliable among users, and they safely protect users' personal information based on encryption technology. However, much research is still needed on how to analyze these encrypted data. In order to solve these problems, in this study, an in-depth analysis was conducted on the message encryption of Signal and Telegram and the database structure and encryption method in Android devices. In the case of Signal, we were able to successfully decrypt encrypted messages that are difficult to access from the outside due to complex algorithms and confirm the contents. In addition, the database structure of the two messenger apps was analyzed in detail and the information was organized into a folder structure and file format that could be used at any time. It is expected that more accurate and detailed digital forensic analysis will be possible in the future by applying more advanced technology and methodology based on the analyzed information. It is expected that this research will help increase understanding of secure messengers such as Signal and Telegram, which will open up possibilities for use in various aspects such as personal information protection and crime prevention.

• The Journal of the Korea Contents Association
• /
• v.11 no.2
• /
• pp.61-68
• /
• 2011

Due to the rapid development of the Internet, many companies in a variety of applications to users open an unspecified number of the current business environment, security of personal information about recent issues are often mentioned in terms of its importance may be the company's top priority. The government recently on personal information strengthening measures on information communications network law enacted into law which is applicable to various industries. Companies to protect the personal information of various measures to comply with these regulations, and arrange your personal information for internal management to enhance security fast security solution has been introduced. The number of used data is stored in the DBMS in terms of compliance with these regulations at the same time effectively to ensure data security and encryption measures, access control, audit, each separated by an implementation of the solution and how it compares with the best Database security plan allows you to explore as a this paper's security checklist.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1305-1317
• /
• 2019

Although encryption for data protection is essential in the big data platform environment of public institutions and corporations, much performance verification studies on encryption algorithms considering actual big data workloads have not been conducted. In this paper, we analyzed the performance change of AES, ARIA, and 3DES for each of six workloads of big data by adding data and nodes in MongoDB environment. This enables us to identify the optimal block-based cryptographic algorithm for each workload in the big data platform environment, and test the performance of MongoDB by testing various workloads in data and node configurations using the NoSQL Database Benchmark (YCSB). We propose an optimized architecture that takes into account.

• Journal of KIISE:Databases
• /
• v.36 no.5
• /
• pp.352-365
• /
• 2009

Recently, data access control policies have not been applied for authorized or unauthorized persons properly and information leakage incidents have occurred due to database security vulnerabilities. In the traditional database access control methods, administrators grant permissions for accessing database objects to users. However, these methods couldn't be applied for diverse access control policies to the database. In addition, another database security method which uses data encryption is difficult to utilize data indexing. Thus, this paper proposes an enhanced database access control system via a packet analysis method between client and database server in network to apply diverse security policies. The proposed security system can be applied the applications with access control policies related to specific factors such as date, time, SQL string, the number of result data and etc. And it also assures integrity via a public key certificate and MAC (Message Authentication Code) to prevent modification of user information and query sentences.

• Proceedings of the Korean Information Science Society Conference
• /
• 1999.10c
• /
• pp.336-338
• /
• 1999

전자상거래에 대한 요구가 급증하고 있는 오늘날, 상대방의 신뢰성을 보증해 주는 인증서 사용이 빈번해지고 있다. 기존에는 인증기관이 발급한 인증서를 사용자가 보관하다가, 전자상거래를 할 경우 이를 전자서명과 함께 상대방에게 제시하여 서로의 신뢰성을 확인하였지만, 이 방법은 사용자가 인증서와 비밀키를 자신의 하드웨어 디스크에 보관하거나, 스마트 카드 또는 플로피디스켓에 휴대하고 다녀야 하는 번거로움이 있었다. 사용자의 이동이 많아지고, 사용자가 자신의 위치나 하드웨어 플렛폼에 상관없이 전자상거래를 하고자 하는 요구가 증대됨에 따라서, 인증서와 비밀키를 휴대해야 하는 불편함은 커다란 제약점이라고 할 수 있다. 본 논문에서는 이러한 문제를 극복하고, 사용자가 어느 곳에서든지 웹브라우져를 사용하여 쉽게 인증서와 비밀키를 사용할 수 있도록 하는 웹기반 인증성 및 키과리 시스템의 설계와 구현방법을 제안한다. 제안된 시스템은 사용자가 복잡한 패스워드를 기억하지 못한다는 점과 패스워드가 쉽게 노출될 수 있다는 점을 고려하여 SPEKE에서 제시한 방법을 활용하여 로그인하였고, 시스템에 외부인이 침입할 경우에 대비하여 데이터베이스 안의 중요한 정보들은 암호화하여 저장하도록 하였으며, SSL이 설정되지 않았을 경우에도 안전하게 인증서를 위탁할 수 있도록 사용자와 인증서 관리 시스템은 정보를 암호화하여 통신하도록 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.422-424
• /
• 2003

최근 전자서명방식의 사용이 급증하고 있으나, 인터넷의 해킹과 데이터의 피해는 날로 심각해져가고 있다 특히, 정보의 특성에 따라 데이터의 접근을 허용하지 않아야 하는 경우는 보안에 대한 중요성이 더욱 강조된다. 따라서, 본 논문은 시스템의 안전성을 위하여 암호화와 공개키기반구조를 이용하고 있으며, 중요 데이터의 안전성을 높이기 위하여 데이터베이스 접근시에도 전자서명 및 암호화롤 통한 보안 커널시스템을 제안하고 설계한다. 본 논문은 교육망이라는 특정 목적을 가진 네트웍망을 실험환경으로 하여 전자서명방식을 통한 인증 뿐만아니라, 데이터의 공개 및 위.변조를 막기 위한 방법인 보안 커널시스템을 제공하기 위한 방법을 제안하고 설계한다.