• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.303-306
• /
• 2011

System solutions for access control to the user's personal when you want to authenticate to the system is used. The valid user is really just a part of authorized users, the suitability of a valid user has been authenticated are not sure whether the problem is the fact. For example, one developer in the Unix operating system can be valid, but do not have permission to access the system should be limited for. In this paper, a single account for multiple users to use the system operational issues to improve the fine-grained delegation of authority, the session audit, the administrator account's policy-based management, with full rights the administrator account of distribution management and auditing the system overall is the study of access control measures.

• The Journal of the Korea Contents Association
• /
• v.5 no.3
• /
• pp.237-242
• /
• 2005

In this paper, a fast handoff algorithm between PDSNs in 3GPPx network for a mobile node, is proposed. It introduces a method by which handoff can be performed without reestablishing PPP connection that may occur in the process of performing handoff between PDSNs. When the PDSN recognizes the mobile node moving into its coverage area, it can quickly establish a communication channel with the mobile node based on the already received subscriber information. As a result, handoff is performed without reestablishing PPP. Accordingly, handoff between PDSNs can be performed faster, removing time needed for establishing a PPP session with a terminal and for terminating a previously set up PPP session.

• Journal of Internet Computing and Services
• /
• v.19 no.5
• /
• pp.55-66
• /
• 2018

Since existing server-based authentications use vulnerable password-based authentication, illegal leak of personal data occurs frequently. Since this can cause illegal ID compromise, alternative authentications have been studied. Recently token-based authentications like OAuth 2.0 or JWT have been used in web sites, however, they have a weakness that if a hacker steals JWT token in the middle, they can obtain plain authentication data from the token, So we suggest a new authentication method using the verification token of authentic code to encrypt authentication data with effective time. The verification is to compare an authentication code from decryption of the verification-token with its own code. Its crypto-method is based on do XOR with ECDH session key, which is so fast and efficient without overhead of key agreement. Our method is outstanding in preventing the personal data leakage.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.76-79
• /
• 2016

Remote Authentication Dial-In User Service (RADIUS)은 원격지의 사용자들을 인증하기 위한 대표적인 프로토콜이다. 기존의 RADIUS인증은 인증 서버가 클라이언트 IP, URI정보와 같은 데이터 통신의 기본사항만을 확인한 후 세션을 설정한다. 하지만, 악의적인 공격자가 IP 혹은 URI정보를 위/변조해서 인증을 요청하거나 반복적인 인증요청을 통한 DOS(Denial Of Service)공격을 수행할 경우 부적절한 인증, 사용자의 인증시간 지연 및 실패와 같은 심각한 문제가 발생할 수 있다. 본 논문에서는 클라이언트와 서버가 공유하는 데이터의 Hash값을 검증한 후, Packet Signing 방식을 활용해서 유효한 사용자에게만 서버접근을 허용하는 방안을 제안한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.412-414
• /
• 2004

수십 대의 PC들로 구성된 학교 PC 실 또는 교육 목적 PC 실에서는 컴퓨터들이 분산 구조로 되어 있어서 각 컴퓨터별로 셋업. 유지보수, 업그레이드가 각각 따로따로 수행된다. 이러한 분산 구조에 대한 대안으로 씬 클라이언트 컴퓨팅 환경을 고려해 볼 수 있다. 씬 클라이언트 컴퓨팅 환경에서, 클라이언트 쪽 장치는 사용자에게 친숙한 GUI 와 멀티미디어 지원과 함께 주로 IO 기능들을 제공하는 반면에 터미널 서버라 불리는 원격 서버들은 컴퓨팅 파워를 제공한다. 이 환경에서는 많은 클라이언트를 지원하기 위해서 터미널 서버들을 클러스터로 구성할 수 있다. 그러나 이러한 구조에서는 터미널 세션의 유지와 사용자의 다양한 컴퓨팅 사용 패턴 요인으로 부하 분산이 어렵고 결과적으로 터미널 서버 자원의 활용도가 낮아지는 단점을 가진다. 이러한 단점을 보완하기 일해 본 논문에서는 적응적 터미널 클러스터를 제안한다. 이 구조에서는 부하가 적은 그룹에 속한 터미널 서버가 부하가 큰 그룹으로 실시간에 동적으로 재 할당될 수 있다. 제안된 적응적 터미널 클러스터를 일반적인 터미널 클러스터와 그룹 기반 비적응적 터미널 클러스터와 비교하고 실험을 통해 제안된 방법의 유효성을 검증하였다.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.05a
• /
• pp.507-513
• /
• 2005

This paper proposes a fast handoff scheme between PDSNs in 3GPPs network for a mobile node. It introduces a method by which handoff can be performed without reestablishing PPP connection that may occur in the process of performing handoff between PDSNs. The method for handoff between PDSNs which provide packet services to a mobile node, requires that the PDSNs should receive subscribers information about mobile nodes from their neighbor PDSNs forming a communication network. When the PDSN recognizes the mobile node moving into its coverage area, it can quickly establish a communication channel with the mobile node based on the already received subscriber information. As a result, handoff is performed without reestablishing PPP. Accordingly, handoff between PDSNs can be performed faster, removing time needed for establishing a PPP session with a terminal and for terminating a previously set up PPP session.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.5
• /
• pp.115-124
• /
• 2005

We propose a new binding update(BU) protocol between mobile node(CN) and correspondent node(CN) for the purpose of preventing redirect attacks and DoS attacks observed from the existing BU protocols and enhancing the efficiency of the BU protocol. Home agent plays a role of both authentication server validating BU message and session key distribution center for MN and CN. Also propose the stateless Diffie-Hellman key agreement based on cryptographically generated address (CGA). Suity of our proposed Protocol is analyzed and compared with other protocols. The proposed protocol is more efficient than previous schemes in terms of the number of message flows and computation overhead and is secure against both redirect and DoS attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.663-664
• /
• 2009

OWASP에서 발표한 2007년 웹 애플리케이션 취약점 중 하나인 XSS 공격이 사용자 브라우저에서 스크립트를 실행하게 함으로써 사용자의 세션을 가로채거나 웜을 업로드하여 악성코드를 삽입하는 공격이다[2]. 하지만 많은 XSS 방어 기법에서는 단순 스크립트 우회기법과 강제적인 스크립트 차단 방법을 채택하고 있다. 또한 강제적인 XSS 필터 적용으로 과탐지로 인한 정상적인 웹 페이지가 출력 되지 않는 사례가 나타나고 있다. 따라서 본 연구는 효율적인 정규식을 이용하여 XSS 공격 특징을 분석하여 특징점들을 추출하고 이 특징점들을 기반으로 특정한 규칙을 가진 문자열들을 모든 문자가 유효한지 확인할 수 있는 정규식 표현 방법을 이용하여 다양한 응용프로그램에 적용할 수 있는 기술을 연구하고자 한다. 또한 이를 기반으로 포털 사이트와 브라우저에서 제공하는 XSS 필터들과 비교하여 과탐지율 및 오탐지율 서로 비교하여 본 연구가 효율성 면에서 효과가 있는지 우위를 둘 것이며, 브라우저 벤더, 포털 사이트, 개인 PC 등 충분한 시험 평가와 수정을 통해서 응용할 수 있는 계기를 마련할 것이다

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.2 no.2 s.3
• /
• pp.43-54
• /
• 2003

As the demand for ubiquitous mobile wireless Internet grows, vehicles are receiving a lot of attention as new networking platforms. The demand for 4G all-IP networks encourages vehicle networks to be connected using IPv6. By means of network mobility (NEMO) support, we can connect sensors, controllers, local ,servers as well as passengers' devices of a vehicle to the Internet through a mobile router. The mobile router provides the connectivity to the Internet and mobility transparency for the rest of the mobile nodes of an in-vehicle nv6 network. So, it is .important for the mobile router to assure reliable connection and a sufficient data rate for the group of nodes behind it. To provide reliability, this paper proposes an adaptive multihoming architecture of multiple mobile routers. Proposed architecture makes use of different mobility characteristics of different vehicles. Simulation results with different configurations show that the proposed architecture increases session preservation thus increases reliability and reduces packet loss. We also show that the proposed architecture is adaptive to heterogeneous access environment which provide different access coverage areas and data rates. The result shows that our architecture achieves sufficient data rates as well as session preservation.

• Journal of Internet Computing and Services
• /
• v.23 no.3
• /
• pp.21-33
• /
• 2022

This paper is to suggest the secure secret sharing system in order to outstandingly reduce the damage caused by the leakage of the corporate secret. This research system is suggested as efficient P2P distributed system kept from the centrally controlled server scheme. Even the bitcoin circulation system is also based on P2P distribution scheme recenly. This research has designed the secure circulation of the secret shares produced by Threshold Shamir Secret Sharing scheme instead of the shares specified in the torrent file using the simple, highly scalable and fast transferring torrent P2P distribution structure and its protocol. In addition, this research has studied to apply both Shamir Threshold Secret Sharing scheme and the securely strong multiple user authentication based on Collaborative Threshold Autentication scheme. The secure transmission of secret data is protected as using the efficient symmetric encryption with the session secret key which is safely exchanged by the public key encryption. Also it is safer against the leakage because the secret key is effectively alive only for short lifetime like a session. Especially the characteristics of this proposed system is effectively to apply the threshold secret sharing scheme into efficient torrent P2P distributed system without modifying its architecture of the torrent system. In addition, this system guaranttes the confidentiality in distributing the secret file using the efficient symmetric encryption scheme, which the session key is securely exchanged using the public key encryption scheme. In this system, the devices to be taken out can be dynamically registered as an user. This scalability allows to apply the confidentiality and the authentication even to dynamically registerred users.