• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.8B
• /
• pp.730-735
• /
• 2006

This paper proposes a media key distribution scheme for lawful interception in secured VoIP systems. A problem of the current US or EU standards for lawful interception is that they do not provide a mechanism for collecting keys used for encrypting media streams between two end points. In the proposed scheme, dual encryption was applied on the media keys using two shared secrets: one between the ISP AAA server and user agent, and the other between the TSP registrar and user agent. Only the lawful agency with court warrant can collect both keys from the service providers. This scheme can still provide a privacy by preventing the misusage of the keys by the service providers.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.293-295
• /
• 2003

본 논문은 EJB 서버의 클러스터링 지원을 위해 구현된, 가변적인 멤버십 관리와 빈 인스턴스 상태 정보 복제 등의 서비스를 제공하는 멀티캐스트 프레임워크에서, 멀티캐스트 통신의 안전성을 보장하기 위한 멤버십 제어, 키 관리, 데이터 보안, 외부 보안 시스템 연동, 보안 정책 관리 등에 대해 논하며 그 구조와 방법을 제시하고자 한다.

• Convergence Security Journal
• /
• v.4 no.3
• /
• pp.19-25
• /
• 2004

This research develops an algorithm using image synthesis for a server to authenticate users and implements it. The server creates cards with random dots for users and distribute them to users. The server also manages information of the cards distributed to users. When there is an authentication request from a user, the server creates a server card based on information of the user' s card in real time and send it to the user. Different server card is generated for each authentication. Thus, the server card plays a role of one-time password challenge. The user overlaps his/her card with the server card and read an image(eg. a number with four digits) made up from them and inputs the image to the system. This is the authentication process. Keeping security level high, this paper proposes a technique to generate the image clearly and implements it.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.321-330
• /
• 2007

This paper proposes a two-phase server login authentication system by XML-Signature schema extension to protect server's information resources opened on network which offer various web contents. A proposed system requests and publishes XML-based certificate through on-line, registers certificate extension information provided by CA(Certification Authority) to XCMS(XML Certificate Management Server), and performs prior authentication using user's certificate password. Then, it requests certificate extension information added by user besides user's certificate password and certificate extension information registered in XCMS by using SOAP message, and performs posterior authentication by comparing these certificate extension information. As a result, a proposed system is a security reinforced system compared with existing systems.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.41 no.9
• /
• pp.9-16
• /
• 2004

This paper proposes a performance analysis model of security servers comprising IPSec accelerators. The proposed model is based on a M/M1 queueing system with traffic load of Poisson distribution. The decoding delay has been defined to cover parameters characterizing hardware of security sorrels. Decoding delay values of a commercial IPSec accelerator are extracted yielding less than 15% differences from measured data. The extracted data are used to simulate the server system with the proposed model. The simulated performance of the cryptographic processor BCM5820 is around 75% of the published claimed level. The performance degradation of 3.125% and 14.28% are observed for 64byte packets and 1024byte packets, respectively.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.359-362
• /
• 2014

With recent growing of application service, servers are required to sustain great amount of data and to handle them quickly: besides, data must be processed securely. The main security algorithm used in security services of server is AES(Advanced Encryption Standard - 2001 published by NIST), which is widely accepted in the world market for superiority of performance. In Korea, NSRI(National Security Research Institute) has developed ARIA(Academy, Research Institute, Agency) algorithm in 2004 and LEA(Lightweight Encryption Algorithm) algorithm in 2012. In this paper, we show advantage of LEA by comparing performance with AES and ARIA in various servers.

• The Journal of Society for e-Business Studies
• /
• v.9 no.1
• /
• pp.285-301
• /
• 2004

Public service provision through internet is one of major parts for e-government implementation. It is essential to link the internal administrative network with internet to provide the services through internet and to support kiosks through internet, which should result in critical issues for security. A relay server, as a front server for the public service processing system and a web server, a control server for kiosks, are placed between the public service processing system and kiosks to solve those security issues. It is the way to solve security issues through protecting direct communication between the public service processing system and a web server and authenticating a relay server and a web server through authentication process. In the implementation of the system this paper provide a design for an architecture model of the public service processing system through internet, which are aiming to develop high level of the quality system effectively, to reduce the risk of initial stage of development, and to reduce the incurring cost due to reworks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1973-1976
• /
• 2003

기존의 WAP 게이트웨이 모델에서의 게이트웨이는 많은 기능을 수행하였다. 이에 따른 게이트웨이 오버헤드가 증가하는 문제를 지니고 있기 때문에 이러한 문제를 해결하기 위해 상대적으로 수행 기능이 적고 각 content 제공자에 따라 나누어있는 Web 서버에 게이트웨이의 일부 기능을 이식하여 설계한 e-WAP 모델을 제시하였다. 하지만 e-WAP 의 보안 모델은 이전 WAP 게이트웨이 모델에서 사용되는 보안 방식을 사용하였기 때문에 종단간 보안 (end-to-end Securir)을 보장하지 못하는 기존 WAP의 보안 문제를 그대로 가지고 있다. 이에 본 논문은 기존의 SSL 과 WTLS 를 이용한 암호화 통신 프로토콜을 이용한 보안 모델에 서버와 무선 단말기 사이에 전송되는 데이터에 대해 암호화 한번 더 수행하여 종단간 보안을 보장하는 새로운 e-WAP 보안 모델을 제안하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.69-79
• /
• 2010

In the current cloud environments, the applications are executed on the remote cloud server, and they also utilize computing resources of the remote cloud server such as physical memory and CPU. Therefore, if remote server is exposed to security threat, every applications in remote server can be victim by several security-attacks. Especially, despite many advantages, both individuals and businesses often have trouble to start the cloud services according to the malicious administrator of the cloud server. We propose a security-enhanced local process executing scheme resolving vulnerability of current cloud computing environments. Since secret data is stored in the local, we can protect secret data from security threats of the cloud server. By utilizing computing resource of local computer instead of remote server, high-secure processes can be set free from vulnerability of remote server.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.5C
• /
• pp.562-567
• /
• 2006

This paper extends Diameter AAA Protocol to provide secure communication channels between Mobile RFID Service Components and distinct service based on user's QoS level authorization. This paper supposes 900MHz, which is the target RF for Mobile RFID Forum and supposes RFID phone, which equitted with RFID reader. By using extended Diameter AAA server, user is authenticated, authorized and provided dynamic security associations between Mobile RFID Service components. The types of security associations are as followings:between RFID tag and RFID reader, between RFID reader(phone) and MobileRFID Service Agent, between phone and OIS, between phone and OTS and between phone and Accounting/Financial server.