• Title/Summary/Keyword: 동적 암호화 관리자

Search Result 11, Processing Time 0.021 seconds

A Study on the Dynamic Encryption Manager for Improved Timeliness in Secure Real-Time Database Systems (보안 실시간 데이터베이스 시스템에서 시간성 향상을 위한 동적 암호화 관리자에 관한 연구)

  • Lee, Soon-Jo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.9 no.1
    • /
    • pp.210-216
    • /
    • 2005
  • In many real-time applications, security is another important requirement, since the secure real time database system maintains sensitive information to be shared by multiple users with different levels of security clearance or to be attacked by hackers with ill will. Encryption policies are necessary for the security of secure real-time database systems in addition to the existing security methods, too. However, there has not been much work for the encryption policies in secure real-time database systems, although sensitive information must be safeguarded in real-time systems as well. In this paper, we propose a encryption manager for the purpose of solving the encryption policies of the secure real-time database systems. What is important in the encryption policies of secure real-time database systems is security and timeliness. A significant feature of the proposed encryption manager is the ability to dynamically adapt a encryption algorithm that consider transaction deadline and security level.

The Design of Administrator System for Extending Secure DNS (Secure DNS의 기능확장을 위한 관리자 시스템의 설계)

  • 심희원;김진성;심영철;임찬순;변옥환
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 1998.10a
    • /
    • pp.530-532
    • /
    • 1998
  • 본 연구에서는 안전한 네이밍 서비스를 제공하는 기존 Secure DNS를 확장시켜 GUI방식의 관리자 인터페이스를 설계하였다. 따라서 시스템 설정에 대한 configuration과 보안관련 도구의 핵심이라 할 수 있는 로그의 관리가 용이해 졌다. 또한 관리자 인터페이스에 의해 각각의 자원 레코드에 대한 자동적인 삽입, 삭제가 가능하며, 암호화 알고리즘의 추가를 interactive하게 처리한다. 그밖에 기존 Secure DNS에서는 새로운 암호와 알고리즘을 추가할 때마다 재 컴파일 해야하는 단점이 있다. 이를 해결하기 위해 'Dynamic link interface'를 설계하였다. 이는 암호화 알고리즘의 입출력 표준을 정하고 이를 단일한 시스템 API로 구성하여 Secure DNS가 초기화 될 때 동적 라이브러리를 사용하여 각각의 암호화 알고리즘을 메모리에 적재하는 방식을 택한다. 그 밖에 Secure DNS를 이용하여 제공할 수 있는 응용방안으로 개인의 공개키 분배서비스와 X.509 체계를 이용한 인증서를 제공하는 서비스를 제안한다. 따라서 본 연구에서는 인터넷의 기본 인프라스트럭쳐인 DNS를 최대한 활용할 수 있는 여러 가지 방안과 그 해결책을 제시한다.

  • PDF

Identity-Based Secure Many-to-Many Multicast in Wireless Mesh Networks (무선 메쉬 네트워크에서의 아이디 기반 프록시 암호화를 이용한 안전한 다대다 멀티캐스트 기법)

  • Hur, Jun-Beom;Yoon, Hyun-Soo
    • Journal of KIISE:Information Networking
    • /
    • v.37 no.1
    • /
    • pp.72-83
    • /
    • 2010
  • Group communication in a wireless mesh network is complicated due to dynamic intermediate mesh points, access control for communications between different administrative domains, and the absence of a centralized network controller. Especially, many-to-many multicasting in a dynamic mesh network can be modeled by a decentralized framework where several subgroup managers control their members independently and coordinate the inter-subgroup communication. In this study, we propose a topology-matching decentralized group key management scheme that allows service providers to update and deliver their group keys to valid members even if the members are located in other network domains. The group keys of multicast services are delivered in a distributed manner using the identity-based encryption scheme. Identity-based encryption facilitates the dynamic changes of the intermediate relaying nodes as well as the group members efficiently. The analysis result indicates that the proposed scheme has the advantages of low rekeying cost and storage overhead for a member and a data relaying node in many-to-many multicast environment. The proposed scheme is best suited to the settings of a large-scale dynamic mesh network where there is no central network controller and lots of service providers control the access to their group communications independently.

Design and Implementation of Dynamic Multicast Group Key Management Protocol for Multicast Information Security (멀티캐스트 정보 보안을 위한 동적 그룹 키 관리 프로토콜 설계 및 구현)

  • 홍종준;김태우
    • Convergence Security Journal
    • /
    • v.2 no.2
    • /
    • pp.19-27
    • /
    • 2002
  • This paper proposes a group key management protocol for a secure of all the multicast user in PIM-SM multicast group communication. Each subgroup manager gives a secure key to it's own transmitter and the transmitter compress the data with it's own secure key from the subgroup manager. Before the transmitter send the data to receiver, the transmitter prepares to encrypt a user's service by sending a encryption key to the receiver though the secure channel, after checking the user's validity through the secure channel. As the transmitter sending a data after then, the architecture is designed that the receiver will decode the received data with the transmitter's group key. Therefore, transmission time is shortened because there is no need to data translation by the group key on data sending and the data transmition is possible without new key distribution at path change to shortest path of the router characteristic.

  • PDF

Efficient Multicast Key Management for Stateless Receivers (스테이트리스 리시버를 위한 효율적인 멀티캐스트 키관리)

  • Ki, Ju-Hee;Kim, Hyun-Jueong;Lee, Dong-Hoon;Park, Chang-Seop
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2002.11b
    • /
    • pp.841-844
    • /
    • 2002
  • 이 논문에서는 동적이고 규모가 큰 그룹에 대해서 한명의 그룹 관리자가 존재하면서, 특별히 새로운 그룹키가 갱신될 때마다 새로운 정보를 받기 힘든 구성원, 즉 스테이트리스 리시버(stateless receiver)에게 적합한 방법을 제안한다. 이 방법은 구성원에게 각각 한 개씩 주어지는 개인키를 전송하는 메시지를 제외한 다른 모든 메시지들에는 암호화 과정이 요구되지 않는다. 즉, 갱신된 그룹키를 공유하기 위해 필요한 계산은 단지 O($log_2$n) 번의 해쉬함수 계산과 배타적 논리합(XOR)을 수행하는 것이며, 그룹키를 갱신하기 위해 필요한 정보는 암호화될 필요없는 멀티캐스트 메시지와 그룹에 추가될 때 그룹 관리자로부터 받은 초기값이다. 또한 제안하는 방법은 새롭게 추가된 사람이 이전의 그룹키에 대한 어떠한 정보도 알 수 없으며(후방보호 : Backward Secrecy), 삭제되는 사람 역시 이후의 새로운 그룹키에 대한 정보를 알 수 없다(전방보호 : Forward Secrecy). 또한 제안된 방법에 게시판이 이용된다면, 각 그룹의 구성원은 어떠한 멀티캐스트 메시지없이 단지 자신의 초기 개인키만으로 필요한 모든 노드키들을 계산할 수 있다.

  • PDF

A Study on Access Control System with Multi-Authority and Hierarchical Attribute-Based Encryption in Cloud Environment (클라우드 환경에서 다중 인가자와 계층적 속성기반 암호화를 활용한 접근제어 시스템에 대한 연구)

  • Lee, Jin-A;Jung, Jun-Kwon;Jung, Sung-Min;Chung, Tai-Myoung
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2013.05a
    • /
    • pp.648-651
    • /
    • 2013
  • 클라우드 시스템에서는 데이터 소유자가 아닌 클라우드 서비스 제공자가 각 개인의 데이터에 대한 저장과 관리를 책임진다. 따라서 클라우드 서버 상의 사용자 데이터에 대한 보안을 보장해 주는 것이 가장 중요한 이슈이다. 데이터 보안 문제는 안전하고 효율적인 접근제어 기술을 통해 해결 할 수 있다. 기존 시스템에서 많이 이용되고 있는 RBAC(Role based access control)은 접근제어의 형태가 주로 수직적이고, 데이터 접근가능 여부를 역할이라는 고정적인 값에 따라 결정하기 때문에 동적인 클라우드 환경에 적합하지 않다. 반면 HASBE(Hierarchical attribute set based encryption) 모델은 ABAC(Attribute based access control)를 통해 유연하고 탄력적인 접근제어를 제공한다. 또한 HASBE 는 인가자(Authority)와 사용자의 관계 모델이 계층적인 구조를 갖고 있기 때문에 큰 조직에서 수많은 사용자들의 데이터 관리와 키 분배를 좀더 효율적으로 할 수 있다. 본 논문에서는 위의 계층적인 모델에서 더 나아가서, 실제 클라우드 환경에서 데이터가 가질 수 있는 복잡한 속성과 인가자의 관계를 고려해 다중 인가자의 개념이 더해진 모델을 제안한다.

Design of E-Document Management System Using Dynamic Group Key based on OOXML (OOXML기반의 동적 그룹키를 이용한 전자문서 관리 시스템의 설계)

  • Lee, Young-Gu;Kim, Hyun-Chul;Jung, Taik-Yeong;Jun, Moon-Seog
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.34 no.12B
    • /
    • pp.1407-1417
    • /
    • 2009
  • We propose a e-document management system that can provide segmented page information on a document according to different levels of authority from access control environment. The proposed system creates hierarchy identifier using a one-way hash chain and therefore does not need to own key information for all users as in existing system. Also by creating group keys by compounding hash chain hierarchy identifier with randomly formed group identifier, the system can flexibly respond to dynamic changes from group member movements while at the same time resolving the problems of key formation and management in document encoding technique using symmetric key for each page. Lastly as a result of comparative analysis through an experiment with existing e-document management systems, the proposed system showed superiority in the efficiency of encoding and decoding document and the speed of encoding and decoding by the pages.

A Robust Multiple Set-Top Box Authentication Scheme for IPTV Against Smart Card Cloning Attack (IPTV 환경에서 스마트카드 복제에 강건한 다중 셋톱박스 인증기법)

  • Lim, Ji-Hwan;Oh, Hee-Kuck;Kim, Sang-Jin
    • The KIPS Transactions:PartC
    • /
    • v.17C no.1
    • /
    • pp.37-46
    • /
    • 2010
  • In an IPTV system, the rights of the content and service provider can be protected by using Conditional Access System (CAS) and Digital Right Management (DRM). In case of the CAS, only the authorized user who has structured authentication keys can decrypt the encrypted content. However, since the CAS establishes a secure channel only between content provider and Smart Card (SC), it cannot protect the system against McCormac Hack attack which eavesdrops on unsecure channel between SC and Set-Top Box (STB) and SC cloning attack. In this paper, we propose a robust multi-STB assisted SC / STB authentication protocol which can protect the IPTV system against not only McCormac Hack attack, but also SC cloning attack. The previous works which bind a STB and a SC during the SC registration phase against the SC cloning attack does not support multi-STB environments. The proposed system which dynamically updates the STB information in subscriber management system using the bi-directional channel characteristic of IPTV system can support the user's multi-STB device effectively.

A Study on IKE v2 Analysis Method for RealTime (NIKEv2 AR : IKE v2 실시간 분석 기술 연구)

  • Park, Junghyung;Ryu, Hyungyul;Ryou, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.4
    • /
    • pp.661-671
    • /
    • 2022
  • Due to the COVID-19 pandemic, remote working, e-learning, e-teaching and online collaboration have widely spread and become popular. Accordingly, the usage of IPsec VPN for security reasons has also dramatically increased. With the spread of VPN, VPN vulunerabilities are becoming an important target of attack for attackers, and many studies have been conducted on this. IKE v2 analysis is an essential process not only for developing and building IPsec VPN systems but also for security analysis. Network packet analysis tools such as Wireshark and Tcpdump are used for IKE v2 analysis. Wireshark is one of the most famous and widely-used network protocol analyzers and supports IKE v2 analysis. However Wireshark has many limitations, such as requiring system administrator privileges for IKE v2 analysis. In this paper, we describe Wireshark's limitations in detatil and propose a new analysis method. The proposed analysis method can analyze all encrypted IKE v2 messages in real time from the session key exchange In addition, the proposed analysis method is expected to be used for dynamic testing such as fuzzing as packet manipulation.

Energy Efficient Distributed Intrusion Detection Architecture using mHEED on Sensor Networks (센서 네트워크에서 mHEED를 이용한 에너지 효율적인 분산 침입탐지 구조)

  • Kim, Mi-Hui;Kim, Ji-Sun;Chae, Ki-Joon
    • The KIPS Transactions:PartC
    • /
    • v.16C no.2
    • /
    • pp.151-164
    • /
    • 2009
  • The importance of sensor networks as a base of ubiquitous computing realization is being highlighted, and espicially the security is recognized as an important research isuue, because of their characteristics.Several efforts are underway to provide security services in sensor networks, but most of them are preventive approaches based on cryptography. However, sensor nodes are extremely vulnerable to capture or key compromise. To ensure the security of the network, it is critical to develop security Intrusion Detection System (IDS) that can survive malicious attacks from "insiders" who have access to keying materials or the full control of some nodes, taking their charateristics into consideration. In this perper, we design a distributed and adaptive IDS architecture on sensor networks, respecting both of energy efficiency and IDS efficiency. Utilizing a modified HEED algorithm, a clustering algorithm, distributed IDS nodes (dIDS) are selected according to node's residual energy and degree. Then the monitoring results of dIDSswith detection codes are transferred to dIDSs in next round, in order to perform consecutive and integrated IDS process and urgent report are sent through high priority messages. With the simulation we show that the superiorities of our architecture in the the efficiency, overhead, and detection capability view, in comparison with a recent existent research, adaptive IDS.