• The KIPS Transactions:PartB
• /
• v.9B no.5
• /
• pp.587-598
• /
• 2002

In multicast environment, the main objective of group key management is to provide security services to group communications by sharing a single group key among all the members of the group and subsequently encrypting and decrypting all the communication messages exchanged among the members of the group. Up to now, there has been no effort to develop group key management mechanism that considers the rate of users' join/leave operations. Hence, in this research, we propose group key management mechanisms that consider the rate of user's join/leave operations. We also define a new tree structure called variable tree which is much more flexible than full regular trees and show that variable trees are more efficient than full regular trees for group key management. Especially, we propose an algorithm that minimizes the necessary number of rekey messages according to the rate of join and leave operations. We also shows that if the rate of leave operation is greater than 50%, then the tree structure with degrees 2 or 3 are the optimal structures.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.11S
• /
• pp.3603-3612
• /
• 2000

This paper presents is for the design and implementation of EDI document exchange system based on XML To create a customized document of the users' choice, it designed and created the transaction processor and the template manager, and to make it accessable with the original EDI, a converter function is included, Also, on this system, this protocol stores EDI message structure that needed to exchange as XML format and controls it as DOM API for user can use previous system, And provides interface for user can create template files with converter and transfer necessary elements that can be chosen by user. For this purpose, This system proposes a shows structure information and document converting mechanism solution of EDI documents based on by using XML which does not show proper document conversion mechanism solution in other system so far.

• International Journal of Highway Engineering
• /
• v.11 no.1
• /
• pp.25-36
• /
• 2009

Everyday congestion length (distance) and duration (time) data are collected and recorded in Expressway Traffic Information Center. These records are based on the information that the operators watch CCTV and decide traffic condition in order to present information about congestion on VMS. Using VMS message has some merits like that it doesn't need a great lot of cost to construct hardware such like FTMS because operators can check traffic condition by watching CCTV only. Of cause in the aspect of accuracy, using VMS message has the limitation that it is based on subject decision compared with FTMS. However, it can be said that the value of using VMS message is very large. The object of this study is to use the VMS information record (log file) usefully to provide information of traffic condition on expressway for users (drivers) without keeping the VMS information record in dead storage. To do so, in this research, congestion calculation method able to understand traffic congestion condition on expressway was developed.

• Journal of KIISE:Information Networking
• /
• v.29 no.2
• /
• pp.156-164
• /
• 2002

IPSec is a protocol which provides data encryption, message authentication and data integrity on public and open network transmission. In IPSec, ESP protocol is used when it needs to provide data encryption, authentication and Integrity In real transmission packets. ESP protocol uses DES-CBC encryption mode when sender encrypts packets and receiver decrypts data through this mode IV is used at that time. This value has many tasks of attack during transmission by attacker because it is transferred clean and opened. If IV value is modified, then decryption of ESP data is impossible and higher level information is changed. In this paper we propose a new algorithm that it encrypts IV values using DES-ECB mode for preventing IV attack and checks integrity of whole ESP data using message authentication function. Therefore, we will protect attacks of IV and data, and guarantee core safe transmission on the public network.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.5
• /
• pp.933-939
• /
• 2007

There is a tremendous increase in the growth of Internet making people's life easy. The rapid growth in technology has caused misuse of the Internet like cyber Crime. There are several vulnerabilities in current firewall and Intrusion Detection Systems (IDS) of the Network Computing resources. Automatic real time station chase techniques can track the internet invader and reduce the probability of hacking Due to the recent trends the station chase technique has become inevitable. In this paper, we design and implement Active Security system using ICMP Traceback message. In this design no need to modify the router structure and we can deploy this technique in larger network. Our Implementation shows that ICMP Traceback system is safe to deploy and protect data in Internet from hackers and others.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.8
• /
• pp.1519-1527
• /
• 2007

In order to combat the security threats that sensor networks are exposed to, a cryptography protocol is implemented at sensor nodes for point-to-point encryption between nodes. Given that nodes have limited resources, symmetric cryptography that is proven to be efficient for low power devices is implemented. Data protection is integrated into a sensor's packet by the means of symmetric encryption with the Dragon stream cipher and incorporating the newly designed Dragon-MAC Message Authentication Code. The proposed algorithm was designed to employ some of the data already computed by the underlying Dragon stream cipher for the purpose of minimizing the computational cost of the operations required by the MAC algorithm. In view that Dragon is a word based stream cipher with a fast key stream generation, it is very suitable for a constrained environment. Our protocol regarded the entity authentication and message authentication through the implementation of authenticated encryption scheme in wireless sensor nodes.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.9
• /
• pp.1764-1770
• /
• 2007

The binding update of MIPv6 which basically makes a route optimization lets MN bring about high signaling traffic, packet loss and delay. HMIPv6, which introduces the MAP protocol, makes the signaling traffic low, thereby reducing the packet losses and delay. However, it still has the same problem in MIPv6 in the case of macro mobility. This paper proposes HMIPv6 with the address insurance policy. It makes MAP prepare LCoA and RCoA before the macro handover happens. When it happens, MN is able to use them after the registration is done in the foreign network. The perormance can be improved because MAP is composed to assure the address in advance. In addition the MAP sends the BU message during the handover, thereby making the proposed scheme better. The simulation shows that the proposed scheme is about 33% shorter than HMIPv6 in the handover delay and about 22% less than FMIPv6 in the packet loss.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.12
• /
• pp.2271-2279
• /
• 2007

In this paper, we introduce the notion of certificate-based encryption in multi-receiver environment, which avoids the inherent key escrow problem while preserving the implicit certification in identity-based encryption. We also construct a highly efficient certificate-based encryption scheme for multi-receiver environment, which eliminates pairing computation to encrypt a message for multiple receivers. Moreover, the proposed scheme only needs one pairing computation for decrypting the ciphertext. We compare our scheme with the most efficient identity-based encryption scheme for multi-receiver environment proposed by Baek et.al.[1] in terms of the computational point of view, and show that our scheme provides better efficiency than Baek's scheme. Finally, we discuss how to properly transform our scheme into a new public key broadcast encryption scheme based on subset-cover framework.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2015.05a
• /
• pp.548-548
• /
• 2015

과거 1990년대에 인터넷 이용이 전 세계로 확산되면서 World Wide Web를 이용하여 다양한 웹 서비스 기술의 구현 및 유통은 현재에도 개발되고 있다. 일반적으로 오늘날의 서비스는 XML 및 인터넷을 통하여 웹 서비스로 구현한 응용프로그램간의 연동을 가능하게 하는 기반기술이다. 이는 단순 객체 접근 프로토콜(SOAP), 웹 서비스 기술 언어(WSDL), 전역 비즈니스 레지스트리(UDDI) 등의 표준 기술을 사용하여 네트워크에 연결된 다른 컴퓨터 간의 분산 컴퓨팅을 지원하는 소프트웨어 및 기술이다. 이러한 웹 서비스의 발전으로 웹 서비스의 성능이 웹 서비스 제공자의 성패를 좌우하게 되고, 제공하고 있는 웹 서비스에 대한 검증이 필요하게 되었다. 웹 서비스에 대한 검증은 미국 Bloor NA(Bloor Research-North America)에서 웹 서비스 아키텍처의 단점을 발표하여 서비스의 품질과 신뢰성 및 개선점에 대하여 제시되어 활발한 연구가 진행 중에 있다. 그러나 사용자 관점에서 웹 서비스의 성능을 측정하고, 단순한 서비스 제공자의 서비스 검증 목적만이 아닌 서비스 제공자의 성능을 서비스 사용자에게 제공하는 검증 방법에 관한 연구가 많지 않은 실정이다. 하천공간정보에 대하여 웹 서비스 방식 중 통신 프로토콜인 HTTP 등을 이용한 인터넷상의 메시지 교환을 가능하게 하는 통신 프로토콜인 SOAP 및 WWW와 같은 분산 하이퍼미디어 시스템을 위한 소프트웨어 아키텍처의 한 형식인 REST(Representational State Transfer)를 실행하여 이에 따른 검증 프로세스를 수립하였다. 하천공간정보 웹 서비스에 대한 테스트 시나리오는 응답시간, 임계성능, 이용가능성, 신뢰성 및 접근성에 대하여 검증하며 하나 이상의 웹 서비스들 간의 호환성 표준의 준수 여부와 상호 운용 가능 여부를 테스트 하는 상호운용성 테스트, 신뢰성 메시징 및 분산 환경에서의 트랜잭션 처리 성능을 검증하는 웹 서비스 프로세스 품질 테스트를 실시하는 방안을 도출하고자 한다.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.10
• /
• pp.101-108
• /
• 2021

In this paper, we analyze Shin's proposed dynamic ID-based user authentication scheme for TMIS(Telecare Medicine Information System), and Shin's authentication scheme is vulnerable to smart card loss attacks, allowing attackers to acquire user IDs, which enables user impersonation attack. In 2019, Shin's proposed authentication scheme attempted to generate a strong random number using ECC, claiming that it is safe to lose a smart card because it is impossible to calculate random number r'i due to the difficulty of the ECC algorithm without knowing random number ri. However, after analyzing Shin's authentication scheme in this paper, the use of transmission messages and smart cards makes it easy to calculate random numbers r'i, which also enables attackers to generate session keys. In addition, Shin's authentication scheme were analyzed to have significantly greater overhead than other authentication scheme, including vulnerabilities to safety analysis, the lack of a way to pass the server's ID to users, and the lack of biometric characteristics with slightly different templates.