• The Transactions of the Korea Information Processing Society
• /
• v.5 no.4
• /
• pp.975-983
• /
• 1998

In these days, information communication systems are based on both open distributed computing technologies and object-oriented techniques like inheritance, encapsulation and object reuse to support various system configuration and application. As information systems are interconnected through unsecure networks, the need for the secure information exchange is more critical than before. In this paper, we have designed and implemented a transparent CORBA-basce Security infrastructure with authentication, security context association, access control and security information management to support a secure applications in distributed object environment. SESAME Ver. 4 was adopted as an external security service to manage user privilege attributes and to distribute keys for data encryption, decryption and integrity. Using filter and transformer with an interface to Object Request Broker, it provides a transparent security service to applications. The filter objects are special classes that allow additional parameters to be inserted into messages before they are sent and removed just after they are received. The transformer objects are special classes that allow direct access to the byte stream of every messages for encryption and decryption before it is sent and just after it is received. This study is to implement the access control interceptor(ACI) and the secure invocation interceptor(SII) of secure ORB defined in CORBA using filter and transformer.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.394-400
• /
• 2013

WoT (Web of Things) was proposed to realize intelligent thing to thing communications using WEB standard technology. It is difficult to adapt security protocols suited for existing Internet communications into WoT directly because WoT includes LLN(Low-power, Lossy Network) and resource constrained sensor devices. Recently, IETF standard group propose to use DTLS protocol for supporting security services in WoT environments. However, DTLS protocol is not an efficient solution for supporting end to end security in WoT since it introduces complex handshaking procedures and high communication overheads. We, therefore, divide WoT environment into two areas- one is DTLS enabled area and the other is an area using lightweight security scheme in order to improve them. Then we propose a mutual authentication scheme and a session key distribution scheme for the second area. The proposed system utilizes a smart device as a mobile gateway and WoT proxy. In the proposed authentication scheme, we modify the ISO 9798 standard to reduce both communication overhead and computing time of cryptographic primitives. In addition, our scheme is able to defend against replay attacks, spoofing attacks, select plaintext/ciphertext attacks, and DoS attacks, etc.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.43-55
• /
• 2010

${\mu}TESLA$ broadcast authentication protocol have been developed by many researchers for providing authenticated broadcasting message between receiver and sender in sensor networks. Those cause authentication delay Tree-based ${\mu}TESLA$[3] solves the problem of authentication delay. But, it has new problems from Merkel hash tree certificate structure. Such as an increase in quantity of data transmission and computation according to the number of sender or parameter of ${\mu}TESLA$ chain. ${\mu}TPCT$-based ${\mu}TESLA$[4] has an advantages, such as a fixed computation cost by altered Low-level Merkel has tree to hash chain. However, it only use the sequential values of Hash chain to authenticate ${\mu}TESLA$ parameters. So, It can't ensure the success of authentication in lossy sensor network. This paper is to propose the improved method for Tree-based ${\mu}TESLA$ by using XOR-based chain. The proposed scheme provide advantages such as a fixed computation cost with ${\mu}$TPCT-based ${\mu}TESLA$ and a message loss-tolerant with Tree-based ${\mu}TESLA$.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.5_6
• /
• pp.324-329
• /
• 2003

The public-key cryptosystems such as Diffie-Hellman Key Distribution and Elliptical Curve Cryptosystems are built on the basis of the operations defined in GF(2$^{m}$ ):addition, subtraction, multiplication and multiplicative inversion. It is important that these operations should be computed at high speed in order to implement these cryptosystems efficiently. Among those operations, as being the most time-consuming, multiplicative inversion has become the object of lots of investigation Formant's theorem says $\beta$$^{-1}$ =$\beta$$^{2}$sup m/-2/, where $\beta$$^{-1}$ is the multiplicative inverse of $\beta$$\in$GF(2$^{m}$ ). Therefore, to compute the multiplicative inverse of arbitrary elements of GF(2$^{m}$ ), it is most important to reduce the number of times of multiplication by decomposing 2$^{m}$ -2 efficiently. Among many algorithms relevant to the subject, the algorithm proposed by Itoh and Tsujii[2] has reduced the required number of times of multiplication to O(log m) by using normal basis. Furthermore, a few papers have presented algorithms improving the Itoh and Tsujii's. However they have some demerits such as complicated decomposition processes[3,5]. In this paper, in the case of 2$^{m}$ -2, which is mainly used in practical applications, an efficient algorithm is proposed for computing the multiplicative inverse at high speed by using both the factorization formula x$^3$-y$^3$=(x-y)(x$^2$＋xy＋y$^2$) and normal basis. The number of times of multiplication of the algorithm is smaller than that of the algorithm proposed by Itoh and Tsujii. Also the algorithm decomposes 2$^{m}$ -2 more simply than other proposed algorithms.

• Publications of The Korean Astronomical Society
• /
• v.34 no.3
• /
• pp.31-40
• /
• 2019

We study the internal structure under the artificial mountain of Heumkyeonggak-nu, a Korean water-powered clock in the early Joseon dynasty. All the puppets on the artificial mountain are driven by the rotational force generated by the water wheel at their designated time. We design a model that work with three parts of the artificial mountain. At the upper part of the artificial mountain to the east, west, north and south, there are four puppets called the Four Mystical Animal Divinity and four ladies called the Jade Lady respectively. The former rotates a quarter every double hour and the latter rings the bell every hour. In the middle part of this mountain is the timekeeping platform with four puppets; the Timekeeping Official (Hour Jack), the Bell-, Drum-, and Gong-Warriors. The Hour Jack controls time with three warriors each hitting his own bell, drum, and gong, respectively. In the plain there are 12 Jade Lady puppets (the lower ladies) combined with 12 Oriental Animal Deity puppets. In his own time a lady doll pops out of the hole and her animal doll gets up. Two hours later, the animal deity lies down and his lady hides in the artificial plain. These puppets are regularly moved by the signal such as iron balls, bumps, levers, and so on. We can use balls and bumps to explain the concept of the Jujeon system. Iron balls were used to manipulate puppets of the timekeeping mechanism in Borugak-nu, another Korean water-powered clock in Joseon dynasty, which was developed earlier than Heumgyeonggak-nu. According to the North Korea's previous study (Choi, 1974), it is obvious that bumps were used in the internal structure of Heumgyeonggak-nu. In 1669, The armillary clock made by Song, I-young was also utilized bumps. Finally we presented mock-ups of three timekeeping systems.

• Journal of Internet Computing and Services
• /
• v.14 no.6
• /
• pp.71-84
• /
• 2013

Log data, which record the multitude of information created when operating computer systems, are utilized in many processes, from carrying out computer system inspection and process optimization to providing customized user optimization. In this paper, we propose a MongoDB-based unstructured log processing system in a cloud environment for processing the massive amount of log data of banks. Most of the log data generated during banking operations come from handling a client's business. Therefore, in order to gather, store, categorize, and analyze the log data generated while processing the client's business, a separate log data processing system needs to be established. However, the realization of flexible storage expansion functions for processing a massive amount of unstructured log data and executing a considerable number of functions to categorize and analyze the stored unstructured log data is difficult in existing computer environments. Thus, in this study, we use cloud computing technology to realize a cloud-based log data processing system for processing unstructured log data that are difficult to process using the existing computing infrastructure's analysis tools and management system. The proposed system uses the IaaS (Infrastructure as a Service) cloud environment to provide a flexible expansion of computing resources and includes the ability to flexibly expand resources such as storage space and memory under conditions such as extended storage or rapid increase in log data. Moreover, to overcome the processing limits of the existing analysis tool when a real-time analysis of the aggregated unstructured log data is required, the proposed system includes a Hadoop-based analysis module for quick and reliable parallel-distributed processing of the massive amount of log data. Furthermore, because the HDFS (Hadoop Distributed File System) stores data by generating copies of the block units of the aggregated log data, the proposed system offers automatic restore functions for the system to continually operate after it recovers from a malfunction. Finally, by establishing a distributed database using the NoSQL-based Mongo DB, the proposed system provides methods of effectively processing unstructured log data. Relational databases such as the MySQL databases have complex schemas that are inappropriate for processing unstructured log data. Further, strict schemas like those of relational databases cannot expand nodes in the case wherein the stored data are distributed to various nodes when the amount of data rapidly increases. NoSQL does not provide the complex computations that relational databases may provide but can easily expand the database through node dispersion when the amount of data increases rapidly; it is a non-relational database with an appropriate structure for processing unstructured data. The data models of the NoSQL are usually classified as Key-Value, column-oriented, and document-oriented types. Of these, the representative document-oriented data model, MongoDB, which has a free schema structure, is used in the proposed system. MongoDB is introduced to the proposed system because it makes it easy to process unstructured log data through a flexible schema structure, facilitates flexible node expansion when the amount of data is rapidly increasing, and provides an Auto-Sharding function that automatically expands storage. The proposed system is composed of a log collector module, a log graph generator module, a MongoDB module, a Hadoop-based analysis module, and a MySQL module. When the log data generated over the entire client business process of each bank are sent to the cloud server, the log collector module collects and classifies data according to the type of log data and distributes it to the MongoDB module and the MySQL module. The log graph generator module generates the results of the log analysis of the MongoDB module, Hadoop-based analysis module, and the MySQL module per analysis time and type of the aggregated log data, and provides them to the user through a web interface. Log data that require a real-time log data analysis are stored in the MySQL module and provided real-time by the log graph generator module. The aggregated log data per unit time are stored in the MongoDB module and plotted in a graph according to the user's various analysis conditions. The aggregated log data in the MongoDB module are parallel-distributed and processed by the Hadoop-based analysis module. A comparative evaluation is carried out against a log data processing system that uses only MySQL for inserting log data and estimating query performance; this evaluation proves the proposed system's superiority. Moreover, an optimal chunk size is confirmed through the log data insert performance evaluation of MongoDB for various chunk sizes.