• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.2021-2024
• /
• 2003

Information security is becoming a more important factor in distribution of digital contents. Generally, illegal facsimile of high-quality multimedia products such as DVDs, MP3s and AACs is possible without damaging quality. Thus, the illegal distribution of duplicated contents on the Web is causing digital content providers great economic loss. Therefore, a study of security and efficient distribution of digital contents is required. The most important issues in the design of a digital content distribution system are user convenience, execution speed and security. In this study, we designed a digital contents distribution system that uses web caching technology and encryption/decryption techniques in hierarchical structures. We propose a digital content distribution system that improves user convenience, security and execution speed. The superior performance of the proposed system has been proven in the tests. The results of experiment show that the developed system has improved the security of DC without decreasing process speed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.648-651
• /
• 2013

클라우드 시스템에서는 데이터 소유자가 아닌 클라우드 서비스 제공자가 각 개인의 데이터에 대한 저장과 관리를 책임진다. 따라서 클라우드 서버 상의 사용자 데이터에 대한 보안을 보장해 주는 것이 가장 중요한 이슈이다. 데이터 보안 문제는 안전하고 효율적인 접근제어 기술을 통해 해결 할 수 있다. 기존 시스템에서 많이 이용되고 있는 RBAC(Role based access control)은 접근제어의 형태가 주로 수직적이고, 데이터 접근가능 여부를 역할이라는 고정적인 값에 따라 결정하기 때문에 동적인 클라우드 환경에 적합하지 않다. 반면 HASBE(Hierarchical attribute set based encryption) 모델은 ABAC(Attribute based access control)를 통해 유연하고 탄력적인 접근제어를 제공한다. 또한 HASBE 는 인가자(Authority)와 사용자의 관계 모델이 계층적인 구조를 갖고 있기 때문에 큰 조직에서 수많은 사용자들의 데이터 관리와 키 분배를 좀더 효율적으로 할 수 있다. 본 논문에서는 위의 계층적인 모델에서 더 나아가서, 실제 클라우드 환경에서 데이터가 가질 수 있는 복잡한 속성과 인가자의 관계를 고려해 다중 인가자의 개념이 더해진 모델을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.2
• /
• pp.27-42
• /
• 1997

We propose a new authentication and key distribution protocol which is efficient and reliable for password-based systems. Various guessing attacks have been detected in applying conventional protocols to the password-based systems and additional overheads have been made in refined protocols to defeat those attacks. Using a one-time pad and a strong hash function, our proposed protocol promotes reliability and efficiency. Compared with other protocols, our protocol is secure against various protocol attacks including guessing attacks. In addition, this protocol is efficient in reducing communication and computation costs.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1529-1532
• /
• 2008

이동 에이전트는 플랫폼 간을 이주하며 자기 복제를 통한 작업 분배가 가능하다. 이러한 점에 의해 최근 이동 에이전트는 분산 처리 기반 기술로 각광 받고 있다. 그러나 이러한 에이전트의 이주, 복제능력은 악의적인 플랫폼과 이동 에이전트의 공격에 대한 약점이 되고 있다. 그 중 재실행 공격은 에이전트의 반복 수행을 통해 에이전트를 공격하는 기법이다. 이에 대한 방지 기법으로 트립 마커를 이용하여 동적인 수행 결정이 가능한 연구가 있다. 그러나 이 기법은 이동 에이전트가 위치한 플랫폼에 따라 이동 에이전트의 복제가 제한 받는다는 단점이 있다. 본 논문에서는 이동 에이전트의 복제가 가능한 외적 재실행 방지 기법을 제안한다. 본 기법은 트립 마커 생성을 담당하는 트립 마커 서버를 두어 플랫폼에 상관없이 유연한 이동 에이전트의 복제가 가능하다. 또한 비대칭키 기법을 이용한 비밀 통신을 통해 재실행 공격으로부터 이동 에이전트를 방어한다.

• Journal of Broadcast Engineering
• /
• v.20 no.1
• /
• pp.92-109
• /
• 2015

Broadcast encryption is a cryptographic primitive that allows a sender to securely broadcast a message to a set of receivers. The most influential broadcast encryption system was proposed in 2001 by Naor, Naor, Lotspiech, based on a pseudo-random generator and the Subset Difference (SD) method. In this paper, we suggest a new broadcast encryption system that is based on secret sharing and SD methods. On an efficiency aspect, our system achieves O(r) transmission cost, O($log^2n$) storage cost, and O(1) computational cost for the number n of users and the number r of revoked users. Compared to O(log n) computational cost in the previous SD method, our system has the advantage that it needs only constant-sized computational cost for decryption, regardless of the number n or r. On a security aspect, our system can achieve tighter security reduction than the previous SD method and the gap of security loss is about O(n log n). Moreover, our result shows that it is possible to give the effect of the SD method while using an information-theoretically secure key distribution technique as in the Complete Subtree method.

• Journal of the Korea institute for structural maintenance and inspection
• /
• v.18 no.4
• /
• pp.10-21
• /
• 2014

The joint of prefabricated steel grid composite deck is composed of concrete shear key and high-tension bolts. The flexural and shear strength of the joint were experimentally evaluated only by the bending and push-out test of the joint element. In this study the lateral load transfer behavior of the joint in deck structure system is experimentally evaluated. Several decks connected by the joint are prefabricated and loaded centrically and eccentrically. In the case of centrically loaded specimens, the analysis results show that for the same loading step the rotation angle of the joint with 4 high-tension bolts is larger than the case of the joint with 9 high-tension bolts. Consequently, flexural stiffness of deck and lateral load transfer decrease in the case of specimen with 4 high-tension bolts. But, in the case of eccentrically loaded specimens, it is found that there are no significant differences in the load transfer behavior. The further analysis results about the structural behavior of the joint show that lateral load transfer can be restricted by the load bearing capacity of the joint as well as punching shear strength of the slab. Furthermore, considering that high-tension bolts in the joint didn't reach to the yielding condition until the punching shear failure, increase in the number of high-tension bolts from 4 to 9 has a greater effect on the flexural stiffness of the joint and deck system than the strength of them.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.811-815
• /
• 2005

IPSec(Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPSec is providing authentication, integrity and confidentiality security services. The specifications for Internet Key Exchange(IKEv1) were released to the world. Some criticisms of IKEv1 were that it was too complex and endeavored to define too much functionality in one place. Multiple options for multiple scenarios were built into the specification. The problem is that some of the included scenarios are rarely if ever encountered. For IPsec to work, the sending and receiving devices must chare a Public Key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley(ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates. This thesis is a study on the performance improvement of the security transmission using the SSFNet(Scalable Simulation Framework Network Models)

• The Transactions of the Korea Information Processing Society
• /
• v.2 no.6
• /
• pp.891-902
• /
• 1995

To integrate both the OSI network and the TCP/IP internet, the application gateway that have the powerful and flexible paradigms has been used, but due to the micro-managements of the gateway produce the high costs and the long delay of communication in the case of emergency. The mechanism that maps the access control policies between two domains using the different security policies is needed. These problems are caused by integrating both domains with the different standards. In this paper, the application gateway that delegating to an agent the powerful and flexible services of the CMIP as well as the management functions were proposed. A proposed algorithm that delegates he management script to an gateway safely by capitalizing on the Diffie-Hellman's distribution method, and presents the security mechanism mediating the security policies for guaranteeing the secure communication between two domains using the different security policies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.241-259
• /
• 2014

A PUF is a technology for distinguishing a device from other devices like biological information such as humans' iris or fingerprints. Over the past decade, many researchers studied various methods for implementing PUFs and utilizing them in identification, random number generation, key distribution and authentication. However, various attacks on the PUFs are the major reason to inhibiting the proliferation of PUF. For the reasons, various technologies are being studied to enhance safety of PUFs. In this paper, we will see several PUF implementations and various attacks on PUFs, and suggest guidelines for securely implementing PUFs. We expect our guidelines would be the foundation for implementing the secure and reliable PUFs.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.4 s.346
• /
• pp.13-21
• /
• 2006

An mobile ad hoc network(MANET) is a collection of wireless computers (nodes), communicating among themselves over multi-hop paths, without the help of any infrastructure such as base stations or access points. Prior research in MANET has generally studied the routing problem in a non-adversarial setting, assuming a trusted environment. In this paper, we design and evaluate the Secure Zone Routing Protocol(T-ZRP), a secure ad hoc network routing protocol is based on the design of the hash chain. In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and don't use asymmetric cryptographic operations in the protocol. Proposed algorithm can safely send to data through authentication mechanism and integrity about routing establishment.