• Journal of Internet of Things and Convergence
• /
• v.9 no.2
• /
• pp.55-60
• /
• 2023

Recently, demand for cloud computing has increased and remote access due to home work and external work has increased. In addition, a new security paradigm is required in the current situation where the need to be vigilant against not only external attacker access but also internal access such as internal employee access to work increases and various attack techniques are sophisticated. As a result, the network security model applying Zero-Trust, which has the core principle of doubting everything and not trusting it, began to attract attention in the security industry. Zero Trust Security monitors all networks, requires authentication in order to be granted access, and increases security by granting minimum access rights to access requesters. In this paper, we explain zero trust and zero trust architecture, and propose a new cloud security system for strengthening access control that overcomes the limitations of existing security systems using zero trust and blockchain and can be used by various companies.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.871-874
• /
• 2011

The fast emerging of network technology and the high demand of computing resources have prompted many organizations to outsource their storage and computing needs. Cloud based storage services such as Microsoft's Azure and Amazon's S3 allow customers to store and retrieve any amount of data, at anytime from anywhere via internet. The scalable and dynamic of the cloud storage services help their customer to reduce IT administration and maintenance costs. No doubt, cloud based storage services brought a lot of benefits to its customer by significantly reducing cost through optimization increased operating and economic efficiencies. However without appropriate security and privacy solution in place, it could become major issues to the organization. As data get produced, transferred and stored at off premise and multi tenant cloud based storage, it becomes vulnerable to unauthorized disclosure and unauthorized modification. An attacker able to change or modify data while data inflight or when data is stored on disk, so it is very important to secure data during its entire life-cycle. The traditional cryptography primitives for the purpose of data security protection cannot be directly adopted due to user's lose control of data under off premises cloud server. Secondly cloud based storage is not just a third party data warehouse, the data stored in cloud are frequently update by the users and lastly cloud computing is running in a simultaneous, cooperated and distributed manner. In our proposed mechanism we protect the integrity, authentication and confidentiality of cloud based data with the encrypt- then-upload concept. We modified and applied proxy re-encryption protocol in our proposed scheme. The whole process does not reveal the clear data to any third party including the cloud provider at any stage, this helps to make sure only the authorized user who own corresponding token able to access the data as well as preventing data from being shared without any permission from data owner. Besides, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data, our scheme also protect the data integrity by using hash function.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.3
• /
• pp.374-380
• /
• 2017

The Internet of Things (IoT) refers to intelligent technologies and services that connect all things to the internet so they can interactively communicate with people, other things, and other systems. The development of the IoT environment accompanies advances in network protocols applicable to more lightweight and intelligent sensors, and lightweight and diverse environments. The development of those elemental technologies is promoting the rapid progress in smart car environments that provide safety features and user convenience. These developments in smart car services will bring a positive effect, but can also lead to a catastrophe for a person's life if security issues with the services are not resolved. Although smart cars have various features with different types of communications functions to control the vehicles under the existing platforms, insecure features and functions may bring various security threats, such as bypassing authentication, malfunctions through illegitimate control of the vehicle via data forgery, and leaking of private information. In this paper, we look at types of smart car services in the IoT, deriving the security threats from smart car services based on various scenarios, suggesting countermeasures against them, and we finally propose a safe smart car application plan.

• Journal of the Institute of Electronics Engineers of Korea SC
• /
• v.48 no.2
• /
• pp.40-46
• /
• 2011

This paper proposes a real-time face detection and tracking system that uses neural oscillators which can be applied to access regulation system or control systems of user authentication as well as a new algorithm. We study a way to track faces using the neural oscillatory network which imitates the artificial neural net of information handing ability of human and animals, and biological movement characteristic of a singular neuron. The system that is suggested in this paper can broadly be broken into two stages of process. The first stage is the process of face extraction, which involves the acquisition of real-time RGB24bit color video delivering with the use of a cheap webcam. LEGION(Locally Excitatory Globally Inhibitory)algorithm is suggested as the face extraction method to be preceded for face tracking. The second stage is a method for face tracking by discovering the leader neuron that has the greatest connection strength amongst neighbor neuron of extracted face area. Along with the suggested method, the necessary element of face track such as stability as well as scale problem can be resolved.

• The KIPS Transactions:PartC
• /
• v.17C no.1
• /
• pp.1-14
• /
• 2010

IEEE 802.15.4[1] has been standardized for the physical layer and MAC layer of LR-PANs(Low Rate-Wireless Personal Area Networks) as a technology for operations with low power on sensor networks. The standardization is applied to the variety of applications in the shortrange wireless communication with limited output and performance, for example wireless sensor or virtual wire, but it includes vulnerabilities for various attacks because of the lack of security researches. In this paper, we analyze the vulnerabilities against the denial of sleep attacks on the MAC layer of IEEE 802.15.4, and propose a detection mechanism against it. In results, we analyzed the possibilities of denial of sleep attacks by the modification of superframe, the modification of CW(Contention Window), the process of channel scan or PAN association, and so on. Moreover, we comprehended that some of these attacks can mount even though the standardized security services such as encryption or authentication are performed. In addition to, we model for denial of sleep attacks by Beacon/Association Request messages, and propose a detection mechanism against them. This detection mechanism utilizes the management table consisting of the interval and node ID of request messages, and signal strength. In simulation results, we can show the effect of attacks, the detection possibility and performance superiorities of proposed mechanism.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.377-386
• /
• 2003

In this paper, we present an application layer protocol to support secure wireless Internet services, called Application Layer Security(ALS). The drawbacks of the two traditional approaches to secure wireless applications motivated the development of ALS. One is that in the conventional application-specific security protocol such as Secure HyperText Transfer Protocol(S-HTTP), security mechanism is included in the application itself. This gives a disadvantage that the security services are available only to that particular application. The other is that a separate protocol layer is inserted between the application and transport layers, as in the Secure Sockets Layer(SSL)/Transport Layer Security(TLS). In this case, all channel data are encrypted regardless of the specific application's requirements, resulting in much waste of network resources. To overcome these problems, ALS is proposed to be implemented on top of HTTP so that it is independent of the various transport layer protocols, and provides a common security interface with security applications so that it greatly improves the portability of security applications. In addition, since ALS takes advantages of well-known TLS mechanism, it eliminates the danger of malicious attack and provides applications with various security services such as authentication, confidentiality integrity and digital signature, and partial encryption. We conclude this paper with an example of applying ALS to the solution of end-to-end security in a present commercial wireless protocol stack, Wireless Application Protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1115-1130
• /
• 2020

Modern vehicles are equipped with a number of ECUs(Electronic Control Units), and ECUs can control vehicles efficiently by communicating each other through CAN(Controller Area Network). However, CAN bus is known to be vulnerable to cyber attacks because of the lack of message authentication and message encryption, and access control. To find these security issues related to vehicle hacking, CAN Fuzzing methods, that analyze the vulnerabilities of ECUs, have been studied. In the existing CAN Fuzzing methods, fuzzing inputs are randomly generated without considering the structure of CAN messages transmitted by ECUs, which results in the non-negligible fuzzing time. In addition, the existing fuzzing solutions have limitations in how to monitor fuzzing results. To deal with the limitations of CAN Fuzzing, in this paper, we propose a Non-Random CAN Fuzzing, which consider the structure of CAN messages and systematically generates fuzzing input values that can cause malfunctions to ECUs. The proposed Non-Random CAN Fuzzing takes less time than the existing CAN Fuzzing solutions, so it can quickly find CAN messages related to malfunctions of ECUs that could be originated from SW implementation errors or CAN DBC(Database CAN) design errors. We evaluated the performance of Non-Random CAN Fuzzing by conducting an experiment in a real vehicle, and proved that the proposed method can find CAN messages related to malfunctions faster than the existing fuzzing solutions.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.573-586
• /
• 2008

The improved performance and miniaturization of computer and the improvement of wireless communication technology have enabled the emergence of many high quality services. Among them multicast services are receiving much attention and their usage is increasing due to the increase of Internet multimedia services such as video conference, multimedia stream, internet TV, etc. Security plays an important role in mobile multicast services. In this paper, we proposed a secure multicast protocol for a hierarchical micro-mobility environment. The proposed secure multicast protocol provides security services such as authentication, access control, confidentiality and integrity using mechanisms including symmetric/asymmetric key crypto-algorithms and capabilities. To provide forward/backward secrecy and scalability, we used sub-group keys based on the hierarchical micro-mobility environment. With this security services, it is possible to guard against all kinds of security attacks performed by illegal mobile nodes. Attacks executed by internal nodes can be thwarted except those attacks which delete packet or cause network resources to be wasted. We used simulator to measure the performance of proposed protocol. As a result, the simulation showed that effect of these security mechanisms on the multicast protocol was not too high.

• Archives of design research
• /
• v.18 no.1 s.59
• /
• pp.135-144
• /
• 2005

Consumers' awareness of product value, and their product preferences, are becoming increasingly influential in product development, particularly in corporations' efforts in manufacturing products with a competitive edge. Corporations conduct surveys on consumers' product satisfaction and preferences and conduct in-depth studies on consumer needs. They then manufacture products in accordance with the results of these surveys and studies. With the necessity and demand for digital door lock products recently growing, this research sought to explore product competitiveness reinforcement factors that could facilitate market penetration, and to formulate corresponding design strategies. In-depth consumer interviews were also conducted to identify consumer lifestyles and needs. Furthermore, consumer preference images, purchase and use-related patterns, and the status of door lock markets were studied. In the past, to design and manufacture consumer-oriented products, corporations primarily resorted to the improvement of the products' technological features. At present, the users' product preferences and the ways that they use these products are the factors that determine product design. Consumers today tend to adjust their lifestyles according to available products, and prefer products that have greater value in terms of lifestyle and culture. Strategic points for reinforcing competitiveness were presented in this study: first, offering different values that will enhance consumer satisfaction, second, positively developing bio-recognizable methods that will boost consumer preference, third, meeting the consumers' expectations that door lock products should not be mere 'entrance and exit control' systems, but network security systems and fourth, adopting convenient authentication methods backed by advanced technologies.

• International Journal of Contents
• /
• v.11 no.1
• /
• pp.41-51
• /
• 2015

Management systems for electronic library have been developed on the basis of Client/Server or ASP framework in domestic market for a long time. Therefore, both service provider and user suffer from their high cost and effort in management, maintenance, and repairing of software as well as hardware. Recently in addition, mobile devices like smartphone and tablet PC are frequently used as terminal devices to access computers through the Internet or other networks, sophisticatedly customized or personalized interface for n-screen service became more important issue these days. In this paper, we propose a new scheme of integrated management system for electronic library based on SaaS and Web Standard. We design and implement the proposed scheme applying Electronic Cabinet Guidelines for Web Standard and Universal Code System. Hosted application management style and software on demand style service models based on SaaS are basically applied to develop the management system. Moreover, a newly improved concept of duplication check algorithm in a hierarchical evaluation process is presented and a personalized interface based on web standard is applied to implement the system. Algorithms of duplication check for journal, volume/number, and paper are hierarchically presented with their logic flows. Total framework of our development obeys the standard feature of Electronic Cabinet Guidelines offered by Korea government so that we can accomplish standard of application software, quality improvement of total software, and reusability extension. Scope of our development includes core services of library automation system such as acquisition, list-up, loan-and-return, and their related services. We focus on interoperation compatibility between elementary sub-systems throughout complex network and structural features. Reanalyzing and standardizing each part of the system under the concept on the cloud of service, we construct an integrated development environment for generating, test, operation, and maintenance. Finally, performance analyses are performed about resource usability of server, memory amount used, and response time of server etc. As a result of measurements fulfilled over 5 times at different test points and using different data, the average response time is about 62.9 seconds for 100 clients, which takes about 0.629 seconds per client on the average. We can expect this result makes it possible to operate the system in real-time level proof. Resource usability and memory occupation are also good and moderate comparing to the conventional systems. As total verification tests, we present a simple proof to obey Electronic Cabinet Guidelines and a record of TTA authentication test for topics about SaaS maturity, performance, and application program features.