• Proceedings of the Korea Contents Association Conference
• /
• 2019.05a
• /
• pp.311-312
• /
• 2019

최근 기업의 클라우드 도입 확산으로 인해 정보자산이 분산됨에 따라 보호해야 하는 접점이 점차 증가 되고 있다. 또한, 모바일의 업무 활용 증가, 망 분리 및 내부 사설 클라우드의 도입 등 기업 내 변화된 IT 환경으로 인해 네트워크 구성이 더욱 더 복잡해지고 있으며, 이로 인해 보안 수준 유지가 어려워지고 있다. 특히, 클라우드 컴퓨팅에서는 보호해야 하는 자원이 기업 외부에 분산되어 있어 기존처럼 경계를 구축하는 것은 어려운 일이다. 본 논문에서는 CSA가 주도하는 SDP 표준화 동향 및 SDP의 구성요소와 동작 원리에 대한 연구를 진행하고, 핵심 기술인 SPA 및 Dynamic Firewall 기술을 활용하여 기존 접근통제 방식의 문제점을 개선하기 위한 방안을 제시하고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.910-913
• /
• 2013

현재 스마트 혁명으로 인하여 많은 사용자들이 사용하는 스마트 기기를 기업에서 업무에 활용할 수 있는 환경을 제공하고 있다. 그러나 PC 환경의 문서 보안 솔루션은 사용되고 있는 반면 스마트 기기에 대한 문서 보안 솔루션은 제공되고 있지 않은 상태이다. PC 환경에서 발생하던 내부 문서 유출이 스마트 혁명으로 인해 모바일 환경에서도 발생하게 되었고, 이를 방지하기 위한 보안 솔루션이 필요하게 되었다. 본 논문에서는 안드로이드 환경에서 사용자의 권한에 따라 문서별 접근을 제어하고 사용자의 필요에 따라 프린터서버에 등록되어있는 프린터로 출력을 할 수 있는 모바일 프린팅 보안 솔루션을 구현하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.9
• /
• pp.2529-2549
• /
• 2023

For effectively lowering down the risk of cyber threating, the zero-trust architecture (ZTA) has been gradually deployed to the fields of smart city, Internet of Things, and cloud computing. The main concept of ZTA is to maintain a distrustful attitude towards all devices, identities, and communication requests, which only offering the minimum access and validity. Unfortunately, adopting the most secure and complex multifactor authentication has brought enterprise and employee a troublesome and unfriendly burden. Thus, authors aim to incorporate machine learning technology to build an employee behavior analysis ZTA. The new framework is characterized by the ability of adjusting the difficulty of identity verification through the user behavioral patterns and the risk degree of the resource. In particular, three key factors, including one-time password, face feature, and authorization code, have been applied to design the adaptive multifactor continuous authentication system. Simulations have demonstrated that the new work can eliminate the necessity of maintaining a heavy authentication and ensure an employee-friendly experience.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1206-1209
• /
• 2007

IP-TV 서비스는 통신/방송 융합서비스로서 데이터 스트림이 송출되는 Server로부터 QoS가 보장되는 IP망을 통해 디지털 영상 방송이나 양방향 서비스를 가입자 단말까지 제공하는 서비스이다. IP-TV 서비스는 보안을 위해 CAS(Conditional Access System)를 사용하고, 또한 효율적인 콘텐츠의 전송을 위해 IP Multicast를 사용하게 된다. 보안 기능이 제공되지 않는 IP Multicast는 익명성을 허용하게 하여 eavesdropping, denial of service(DoS) Attack등이 가능하고, 또한 AAA(Authentication, Accounting, Authorization) 기능이 제공되지 않는다. IP-TV에서는 보안을 제공하기위해 Application 계층에서 CAS를 운용하게 되는데, 이는 Network계층에서 보안문제를 해결하는 것 보다 비효율적이다. 본 논문에서는 기존의 IGMP프로토콜을 확장, 개선하여 상호인증을 통해 CAS Server와 연계하여 IP-TV에 적합하게 만든 프로토콜을 제시함으로서, 이와 같은 문제점들을 해결하였다.

• Journal of KIISE:Databases
• /
• v.32 no.5
• /
• pp.473-486
• /
• 2005

The Hippocratic database model recently proposed by Agrawal et at. incorporates privacy protection capabilities into relational databases. The authors have subsequenty proposed the Hippocratic XML daかabase model[4], an extension of the Hippocratic database model for XML databases. In this paper, we propose a new concept that we cail the dynamic predicate(DP) for effective access control in the Hippocratic XML database model. A DP is a novel concept that represents a dynamically constructed rendition that tan be adapted for determining the accessibility of elements during query execution. DPs allow us to effectively integrate authorization checking into the query plan so that unauthorized elements are excluded in the process of query execution. Using synthetic and real data, we have performed extensive experiments comparing query processing time with those of existing access control mechanisms. The results show that the proposed access control mechanism improves the wall clock time by up to 219 times over the top-down access control strategy and by up to 499 times over the bottom-up access control strategy. The major contribution of our, paper is enabling effective integration of access control mechanisms with the query plan using the DP under the Hippocratic XML database model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.377-391
• /
• 2019

Recently, system studies using tokens and block chains for authentication, access control, etc in IoT environment have been going on at home and abroad. However, existing token-based systems are not suitable for IoT environments in terms of security, reliability, and scalability because they have centralized characteristics. In addition, the system using the block chain has to overload the IoT device because it has to repeatedly perform the calculation of the hash et to hold the block chain and store all the blocks. In this paper, we intend to manage the access rights through tokens for proper access control in the IoT. In addition, we apply the Tangle to configure the P2P distributed ledger network environment to solve the problem of the centralized structure and to manage the token. The authentication process and the access right grant process are performed to issue a token and share a transaction for issuing the token so that all the nodes can verify the validity of the token. And we intent to reduce the access control process by reducing the repeated authentication process and the access authorization process by reusing the already issued token.

• Journal of Digital Convergence
• /
• v.14 no.2
• /
• pp.191-196
• /
• 2016

The organizations and companies establish personal information protection policy under the law and guidelines. They carry out access control without consideration for distinctiveness of the information although the damage degree varies when the information is leaked. Considering the distinctiveness, a policy needs to be made for individuals to protect his personal information. However, he is not able to write the policy because of lack of understanding the system. To write his own policy efficiently, the system that authorizes ones according to service list provided by organizations is necessary. This paper suggests the model and method that write personal policy for his information protection based on the service list provided by organizations. Through this model, fine-grained authorization and policy change are easily made and ultimately the access control customized according to one's own information is possible.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.871-874
• /
• 2011

The fast emerging of network technology and the high demand of computing resources have prompted many organizations to outsource their storage and computing needs. Cloud based storage services such as Microsoft's Azure and Amazon's S3 allow customers to store and retrieve any amount of data, at anytime from anywhere via internet. The scalable and dynamic of the cloud storage services help their customer to reduce IT administration and maintenance costs. No doubt, cloud based storage services brought a lot of benefits to its customer by significantly reducing cost through optimization increased operating and economic efficiencies. However without appropriate security and privacy solution in place, it could become major issues to the organization. As data get produced, transferred and stored at off premise and multi tenant cloud based storage, it becomes vulnerable to unauthorized disclosure and unauthorized modification. An attacker able to change or modify data while data inflight or when data is stored on disk, so it is very important to secure data during its entire life-cycle. The traditional cryptography primitives for the purpose of data security protection cannot be directly adopted due to user's lose control of data under off premises cloud server. Secondly cloud based storage is not just a third party data warehouse, the data stored in cloud are frequently update by the users and lastly cloud computing is running in a simultaneous, cooperated and distributed manner. In our proposed mechanism we protect the integrity, authentication and confidentiality of cloud based data with the encrypt- then-upload concept. We modified and applied proxy re-encryption protocol in our proposed scheme. The whole process does not reveal the clear data to any third party including the cloud provider at any stage, this helps to make sure only the authorized user who own corresponding token able to access the data as well as preventing data from being shared without any permission from data owner. Besides, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data, our scheme also protect the data integrity by using hash function.

• Journal of Internet Computing and Services
• /
• v.22 no.1
• /
• pp.99-107
• /
• 2021

With the recent establishment of a ubiquitous-based medical and healthcare environment, the medical information system for obtaining situation information from various sensors is increasing. In the medical information system environment based on context-awareness, the patient situation can be determined as normal or emergency using situational information. In addition, medical staff can easily access patient information after simple user authentication using ID and Password through applications on smart devices. However, these services of authentication and patient information access are staff-oriented systems and do not fully consider the ubiquitous-based healthcare information system environment. In this paper, we present a authentication service model based context-awareness system for providing situational information-driven authentication services to users who access medical information, and implemented proposed system. The authentication service model based context-awareness system is a service that recognizes patient situations through sensors and the authentication and authorization of medical staff proceed differently according to patient situations. It was implemented using wearables, biometric data measurement modules, camera sensors, etc. to configure various situational information measurement environments. If the patient situation was emergency situation, the medical information server sent an emergency message to the smart device of the medical staff, and the medical staff that received the emergency message tried to authenticate using the application of the smart device to access the patient information. Once all authentication was completed, medical staff will be given access to high-level medical information and can even checked patient medical information that could not be seen under normal situation. The authentication service model based context-awareness system not only fully considered the ubiquitous medical information system environment, but also enhanced patient-centered systematic security and access transparency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.261-273
• /
• 2019

Recently, with the development of IT technology, there is an increasing interest in cloud services as the number of users using mobile devices such as mobile phones and tablets is increasing. However, there is a need for techniques to control or control various methods of accessing data as the user's service demands increase. In this paper, we propose a dual key based user authentication model that improves the user 's authentication efficiency by using two keys (secret key and access control key) to access the users accessing various services provided in the cloud environment. In the proposed model, the operation process and the function are divided through the sequence diagram of the algorithms (key generation, user authentication, permission class permission, etc.) for controlling the access right of the user with dual keys. In the proposed model, two keys are used for user authentication and service authorization class to solve various security problems in the cloud service. In particular, the proposed model is one of the most important features in that the algorithm responsible for access control of the user determines the service class of the user according to the authority, thereby shortening the management process so that the cloud administrator can manage the service access permission information of the user.