• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.5
• /
• pp.1653-1660
• /
• 2010

The user information stored in database have been leaked frequently. To protect information against malevolent manager on the inside or outside aggressor, it is one of the most efficient way to encrypt information and store to database. It is better to destruct information than not to use encrypted information stored in database. The encrypted database search system is developed variously, and used widely in many fields. In this paper, we implemented the scheme that can search encrypted document without exposing user's information to the untrusted server in mobile device. We compared and analyzed the result embodied with DES, AES, and ARIA based on symmetric key by searching time.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.51-57
• /
• 2013

RSA is the most widely used public key algorithms. Payment via the SSL communications, and user authentication using RSA secure shopping mall that can protect the user's valuable information in the process of building. SSL-based electronic signature technology and encryption protocols for this technology are electronic documents are delivered to the other party through a separate encryption process, the information sender to enter information on a web browser (user) and the recipient (the Web server of the site Manager), except you will not be able to decrypt the contents. Therefore, the information is encrypted during the transfer of electronic documents even if hackers trying to Sniffing because its contents can never understand. Of internet shopping mall in the user authentication 'and' Communications' SSL secure shopping mall built with the goal of the methodology are presented.

• Journal of Korea Multimedia Society
• /
• v.25 no.7
• /
• pp.922-931
• /
• 2022

Recently, the need for health information management platforms has been increasing for efficient medical and IT technology research. However, health information is requiring security management by law. When permissioned blockchain technology is used to manage health information, the integrity is provided because only the authenticated users participate in bock generation. However, if the blockchain server is attacked, it is difficult to provide security because user authentication, block generation, and block verification are all performed on the blockchain server. In this paper, therefore, we propose a Health Information Management Server, which uses a permissioned blockchain algorithm and asymmetric cryptography. Health information is managed as a blockchain transaction to maintain the integrity, and the actual data are encrypted with an asymmetric key. Since using a private key kept in the institute local environment, the data confidentiality is maintained, even if the server is attacked. 1,000 transactions were requested, as a result, it was found that the server's average response time was 6,140ms, and the average turnaround time of bock generation was 368ms, which were excellent compared to those of conventional technology. This paper is that a model was proposed to overcome the limitations of permissioned blockchains.

• Journal of KIISE:Databases
• /
• v.36 no.5
• /
• pp.352-365
• /
• 2009

Recently, data access control policies have not been applied for authorized or unauthorized persons properly and information leakage incidents have occurred due to database security vulnerabilities. In the traditional database access control methods, administrators grant permissions for accessing database objects to users. However, these methods couldn't be applied for diverse access control policies to the database. In addition, another database security method which uses data encryption is difficult to utilize data indexing. Thus, this paper proposes an enhanced database access control system via a packet analysis method between client and database server in network to apply diverse security policies. The proposed security system can be applied the applications with access control policies related to specific factors such as date, time, SQL string, the number of result data and etc. And it also assures integrity via a public key certificate and MAC (Message Authentication Code) to prevent modification of user information and query sentences.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.1
• /
• pp.166-174
• /
• 2010

SSDs are one of the best media to support portable and desktop computers' storage devices. Their features include non-volatility, low power consumption, and fast access time for read operations, which are sufficient to present flash memories as major database storage components for desktop and server computers. However, we need to improve traditional index management schemes based on B-Tree due to the relatively slow characteristics of flash memory operations, as compared to RAM memory. In order to achieve this goal, we propose a new index management scheme based on a compressed hot-cold clustering called CHC-Tree. CHC-Tree-based index management improves index operation performance by dividing index nodes into hot or cold segments and compressing pointers and keys in the index nodes and clustering the hot or cold segments. The offset compression techniques using unused free area in cold index node lead to reduce the number of slow erase operations in index node insert/delete processes. Simulation results show that our scheme significantly reduces the write and erase operation overheads, improving the index search performance of B-Tree by up to 26 percent, and the index update performance by up to 23 percent.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.19-31
• /
• 2018

As the ICT technologies advance, the unprecedently large amount of digital data is created, transferred, stored, and utilized in every industry. With the data scale extension and the applying technologies advancement, the new services emerging from the use of large scale data make our living more convenient and useful. But the cybercrimes such as data forgery and/or change of data generation time are also increasing. For the data security against the cybercrimes, the technology for data integrity and the time verification are necessary. Today, public key based signature technology is the most commonly used. But a lot of costly system resources and the additional infra to manage the certificates and keys for using it make it impractical to use in the large-scale data environment. In this research, a new and far less system resources consuming signature technology for large scale data, based on the Hash Function and Merkle tree, is introduced. An improved method for processing the distributed hash trees is also suggested to mitigate the disruptions by server failures. The prototype system was implemented, and its performance was evaluated. The results show that the technology can be effectively used in a variety of areas like cloud computing, IoT, big data, fin-tech, etc., which produce a large-scale data.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.535-542
• /
• 2001

Mobile codes such as Java, Java-Script, ActiveX, and Script code are loaded into a client system first and then run without any notice to the client user. Executing code by this mechanism may cause various security problems such as flowing out system information, deleting or modifying files, and exhausting system resources. In this paper we propose an integrated authentication system to establish the uniform security countermeasure on various mobile codes. The system helps to solve to problems mentioned above. An integrated authentication system allows to load into an interpreter using ACL (Access Control List) which sets up an access authority to the executable contents and communicates with an interpreter using client/server model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.171-181
• /
• 2010

The iCAS specification that download CAS s/w image from the IPTV provider's server to the IPTV devices provides compatibility and service mobility between the IPTV service providers. However, to ensure mobility of the device, a TA(Trust Authority) within an IPTV eco-system that is capable of systematically managing keys or certificates is required. In the Legacy CAS, solution providers for CAS play a critical role of carrying out the TA. However, in order to standardize the device mobility, a TA should be established by implementing iCAS technology that manages the entire IPTV eco-system including iCAS. In this paper, we analysis TA issues related iCAS commercialization, and propose TA establishment strategy for IPTV service in iCAS environment.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.433-440
• /
• 2003

According as the real economic activities are carried out in the cyber world and the identity problem of a trade counterpart emerges, digital signature has been diffused. Due to the weakness for real-time validation using the validation method of digital signature, Certificate Revocation List, On-line Certificate Status Protocol was introduced. In this case, every transaction workload requested to verify digital signature is concentrated of a validation server node. Currently this method has been utilized on domestic financial transactions, but sooner or later the limitation will be revealed. In this paper, the validation method will be introduced which not only it can guarantee real-time validation but also the requesting node of certificate validation can maintain real-time certificate status information. This method makes the revocation management node update the certificate status information in real-time to the validation node while revoking certificate. The characteristic of this method is that the revocation management node should memorize the validation nodes which a certificate holder uses. If a certificate holder connects a validation node for the first time, the validation node should request its certificate status information to the above revocation management node and the revocation management node memorizes the validation node at the time. After that, the revocation management node inform the revocation information in real-time to all the validation node registered when a request of revocation happens. The benefits of this method are the fact that we can reduce the validation time because the certificate validation can be completed at the validation node and that we can avoid the concentration of requesting certificate status information to a revocation node.

• The KIPS Transactions:PartD
• /
• v.12D no.2 s.98
• /
• pp.303-308
• /
• 2005

Generally, the overloaded server problem and the rapidly increased network traffic problem are happened in a center concentrated multimedia digital content service. Recently, a study about the CDN which is a digital content transmission technology to solve these problems are performed actively. In this study, we proposed the SDCDS which improved a process latency time and a security performance on a digital content delivery and management. The goal of the SDCDS is the digital content security and the improvement of the processing time. For that, we have to design the security and the caching method considering the architecture characteristics of the CDN. In the SDCDS, the public key encryption method is designed by considering the architecture characteristics of CDN. And we improved the processing latency time by improved the caching method which uses the grouped caching method on the encrypted DC and the general DC. And in the experiment, we veryfy the performance of the proposed system.