• The Journal of the Korea Contents Association
• /
• v.20 no.1
• /
• pp.356-363
• /
• 2020

As a becoming era of Internet-of-Things, various devices are connected via wire or wirless networks. Although every day life is more convenient, security problems are also increasing such as privacy, information leak, denial of services. Since ECC, a kind of public key cryptosystem, has a smaller key size compared to RSA, it is widely used for environmentally constrained devices. The key of ECC in constrained devices can be exposed to power analysis attacks during scalar multiplication operation. In this paper, a key-randomization method is suggested for scalar multiplication on SECG parameters. It is against differential power analysis and has operational efficiency. In order to increase of operational efficiency, the proposed method uses the property 2^lP=∓cP where the constant c is small compared to the order n of SECG parameters and n=2^l±c. The number of operation for the Coron's key-randomization scalar multiplication algorithm is 21, but the number of operation for the proposed method in this paper is (3/2)l. It has efficiency about 25% compared to the Coron's method using full random numbers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.635-643
• /
• 2014

Most of the web-based services are provided by a web browser. A web browser receives a text-based web page from the server and translates the received data for the user to view. There are a myriad of add-ons to web browsers that extend browser features. The browser's add-ons may access web pages and make changes to the data. This makes web-services via web browsers are vulnerable to security threats. A web browser stores web page data in memory in the DOM structure. One method that prevents modifications to web page data applies hash values to certain parts in the DOM structure. However, a certain characteristic of web-pages renders this method ineffective at times. Specifically, the user-input data is not pre-determined, and the hash value cannot be calculated prior to user input. Thus the modification to the data cannot be prevented. This paper proposes a method that both detects and inhibits any attempt to change to user-input data. The proposed method stores user-input from the keyboard and makes a comparison with the data transmitted from the web browser to detect any anomalies.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.278-281
• /
• 2018

The early Web technology was to show text information through a browser. However, as web technology advances, it is possible to show large amounts of multimedia data through browsers. Web technologies are being applied in a variety of fields such as sensor network, hardware control, and data collection and analysis for big data and AI services. As a result, the standard has been prepared for the Internet of Things, which typically controls a sensor via HTTP communication and provides information to users, by installing a web browser on the interface of the Internet of Things. In addition, the recent development of web-assembly enabled 3D objects, virtual/enhancing real-world content that could not be run in web browsers through a native language of C-class. Factors that evaluate the performance of existing Web applications include performance, network resources, and security. However, since there are many areas in which web applications are applied, it is time to revisit and review these factors. In this thesis, we will conduct an analysis of the factors that assess the performance of a web application. We intend to establish an indicator of the development of web-based applications by reviewing the analysis of each element, its main points, and its needs to be supplemented.

• Journal of Digital Convergence
• /
• v.18 no.10
• /
• pp.233-238
• /
• 2020

In the cloud environment, IoT devices using sensors and wearable devices are being applied in various environments, and technologies that accurately determine the information generated by IoT devices are being actively studied. However, due to limitations in the IoT environment such as power and security, information generated by IoT devices is very weak, so financial damage and human casualties are increasing. To accurately collect and analyze IoT information, this paper proposes a topographic information-based key management technique that considers IoT information errors. The proposed technique allows IoT layout errors and groups topographic information into groups of dogs in order to secure connectivity of IoT devices in the event of arbitrary deployment of IoT devices in the cloud environment. In particular, each grouped terrain information is assigned random selected keys from the entire key pool, and the key of the terrain information contained in the IoT information and the probability-high key values are secured with the connectivity of the IoT device. In particular, the proposed technique can reduce information errors about IoT devices because the key of IoT terrain information is extracted by seed using probabilistic deep learning.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.93-103
• /
• 2006

Network solutions for protecting against worm attacks that complement partial end system patch deployment is a pressing problem. In the content-based worm filtering, the challenges focus on the detection accuracy and its performance enhancement problem. We present a worm filter architecture using the bloom filter for deployment at high-speed transit points on the Internet, including firewalls and gateways. Content-based packet filtering at multi-gigabit line rates, in general, is a challenging problem due to the signature explosion problem that curtails performance. We show that for worm malware, in particular, buffer overflow worms which comprise a large segment of recent outbreaks, scalable -- accurate, cut-through, and extensible -- filtering performance is feasible. We demonstrate the efficacy of the design by implementing it on an Intel IXP network processor platform with gigabit interfaces. We benchmark the worm filter network appliance on a suite of current/past worms, showing multi-gigabit line speed filtering prowess with minimal footprint on end-to-end network performance.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.75-81
• /
• 2003

User authentication, including confidentiality, integrity over untrusted networks, is an important part of security for systems that allow remote access. Using human-memorable Password for remote user authentication is not easy due to the low entropy of the password, which constrained by the memory of the user. This paper presents a new password authentication and key agreement protocol suitable for authenticating users and exchanging keys over an insecure channel. The new protocol resists the dictionary attack and offers perfect forward secrecy, which means that revealing the password to an attacher does not help him obtain the session keys of past sessions against future compromises. Additionally user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the server. It does not have to resort to a PKI or trusted third party such as a key server or arbitrator So no keys and certificates stored on the users computer. Further desirable properties are to minimize setup time by keeping the number of flows and the computation time. This is very useful in application which secure password authentication is required such as home banking through web, SSL, SET, IPSEC, telnet, ftp, and user mobile situation.

• The KIPS Transactions:PartC
• /
• v.16C no.2
• /
• pp.165-182
• /
• 2009

Mobile IPv6 spends considerable bandwidth considering that its signal volume is proportional to the mobile and also it should be strengthened to support the binding signal volume, the traffic, and effective mobility. So, the study in NEMO(Network Mobility), an extended version of Mobile IPv6, has been conducted. NEMO provides its mobility by putting several mobiles and more than one portable router into one unit called as mobile network. Because nodes access Internet via the portable router at this time, it receives transparency without any additional work and that much reduces binding signal while solving binding storm. By supporting mobility, NEMO is able to have various mobile structures which realize several networks hierarchically and it is necessary to improve its safety and security by authenticating among the upper networks or the lower ones while moving. Also, it is extremely required to begin a study in the device to improve efficiency accompanied with mobility, which is executed by the fast hand-off as well as the safe authentication. For those reasons, this paper not only classifies various NEMO mobile scenarios into 7 ways, but also provides AAA authentication of each scenario, the authentication through the safety authentication and fast handoff authentication using F+HMIPv6 and the way to reduce both signaling volume and packet delays efficiently during the handoff.

• The KIPS Transactions:PartD
• /
• v.8D no.6
• /
• pp.665-672
• /
• 2001

ITA (Information Technology Architecture) satisfies the requirements of information system, supports the information used in the institution's business to guarantee the interoperability and security, and analyzes the components of information system. ITA consists of EA (Enterprise Architecture), TRM (Technical Reference Manual) and SP (Standard Profile). The SP, one of the major components of ITA, is a set of information technology standards. In this paper, to construct and utilize the ITA, we mention the applications of information technology about the SP system implementation based on the TRM. The SP management system implemented in this paper is the first trial in Korea, and designs the software with object oriented programming languages such as JSP and Java. Moreover the basic and detailed specification based on the UML notation, system design using the component and system design pattern consisting of software architectures enhance the software reusability. And the constructed system in this paper shows less maintenance cost by using the public softwares such as Linux system, Korean DBMS, Apache and Tomcat, etc. Finally, the system includes the SP reference system which is used in the other institutions and cannot be found in other institutions. Also it includes the additional diverse service modules which support the subsequent processing for the establishment and revision of standards via internet.

• Archives of design research
• /
• v.17 no.3
• /
• pp.167-178
• /
• 2004

The purpose of this treatise is to show merits and method of establishing Lotte department store design division Online Documents Communication System through illustration of examples of intranet in which internet environment convenient to use for its openness is applied for establishing Design Online Documents Communication System for fundamentals of organization. In this connection merits and effect attainable from establishing Design Outline Documents Communication System of the enterprise as found were as follows: Firstly, it brought about reduction in workload of staffs through sharing various existing resources. It reduced redundant works and enables speedy handling of works. Secondly, it was possible to exchange viewpoints and share information by pertinent parties. Thirdly, by expediting information exchange and communication among persons in charge it was possible to improve work efficiency. Fourthly, it was possible to build and operate such system at relatively low cost on the basis of web browser. Without using any other significant instrument or equipment but by linking it to business network and using existing computer system operation was possible. Fifthly, by common sharing of work exclusive to design room through on-line it was possible to improve professionalism and convenience in data preservation. Through this treatise and survey and study on process for establishing intranet it was possible to find that there were sharing work, improving work efficiency, reducing workload, saving cost and expediting communication to a significant degree.

• Smart Media Journal
• /
• v.6 no.1
• /
• pp.61-67
• /
• 2017

A large number of people living in modern times prefer remaining unmarried or living alone independently for the reason of their own will or another person's will. This is because they dislike being interfered with by other persons or because there is a financial problem. This behavior has become mainstream in persons working for professional jobs, persons having a strong disposition toward individual activity or college students. In particular, career women pursuing their own comfortable life have the tendency to prefer single life. However, sometimes, they become a target of crime that targets and makes bad use of this point. For these reasons. Consequently, sometimes, they additionally install and use a security system such as door security guard at front door and so on. It is not so difficult to lock the door security guard at the front door. However, it is apt to be forgotten. And when they are on the bedspread before falling asleep, in case they should check whether the door security guard is locked or in case they should lock it, they should get up, go to the entrance, and check and lock the door security guard. They often don't lock the door security guard due to their feeling that it is all right because of annoyance and inconvenience. This paper is intended to work for safety from crime such as illegal housebreaking by more conveniently using the door security guard after designing and implementing a system that can remotely control the door security guard, using a smartphone as a method of resolving this annoyance and keeping life more safe.