• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.181-195
• /
• 2011

There's a controversy about an invasion of privacy which includes a leakage of private information and linking of user's behavior on internet. Although many solutions for this problem are proposed, we think anonymous authentication, authorization, and payment mechanism is the best solution for this problem. In this paper, we propose an effective anonymity-based method that achieves not only authentication but also authorization. Our proposed method uses anonymous qualification certificate and group signature method as an underlying primitive, and combines anonymous authentication and qualification information. An eligible user is legitimately issued a group member key pair through key issuing process and issued some qualification certificates anonymously, and then, he can take the safe and convenience web service which supplies anonymous authentication and authorization. The qualification certificate can be expanded according to application environment and it can be used as payment token.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.786-799
• /
• 2018

Recently, NFV has attracted attention as a next-generation network virtualization technology for hardware -independent and efficient utilization of resources. NFV is a technology that not only virtualize computing, server, storage, network resources based on cloud computing but also connect Multi-Tenant of VNFs, a software network function. Therefore, it is possible to reduce the cost for constructing a physical network and to construct a logical network quickly by using NFV. However, in NFV, when a new VNF is added to a running Tenant, authentication between VNFs is not performed. Because of this problem, it is impossible to identify the presence of Fake-VNF in the tenant. Such a problem can cause an access from malicious attacker to one of VNFs in tenant as well as other VNFs in the tenant, disabling the NFV environment. In this paper, we propose Auto-configurable Security Mechanism in NFV including authentication between tenant-internal VNFs, and enforcement mechanism of security policy for traffic control between VNFs. This proposal not only authenticate identification of VNF when the VNF is registered, but also apply the security policy automatically to prevent malicious behavior in the tenant. Therefore, we can establish an independent communication channel for VNFs and guarantee a secure NFV environment.

• Journal of Information Processing Systems
• /
• v.15 no.4
• /
• pp.717-723
• /
• 2019

Smart systems and services aim to facilitate growing urban populations and their prospects of virtual-real social behaviors, gig economies, factory automation, knowledge-based workforce, integrated societies, modern living, among many more. To satisfy these objectives, smart systems and services must comprises of a complex set of features such as security, ease of use and user friendliness, manageability, scalability, adaptivity, intelligent behavior, and personalization. Recently, artificial intelligence (AI) is realized as a data-driven technology to provide an efficient knowledge representation, semantic modeling, and can support a cognitive behavior aspect of the system. In this paper, an integration of AI with the smart systems and services is presented to mitigate the existing challenges. Several novel researches work in terms of frameworks, architectures, paradigms, and algorithms are discussed to provide possible solutions against the existing challenges in the AI-based smart systems and services. Such novel research works involve efficient shape image retrieval, speech signal processing, dynamic thermal rating, advanced persistent threat tactics, user authentication, and so on.

• International journal of advanced smart convergence
• /
• v.5 no.3
• /
• pp.40-46
• /
• 2016

The internet allows the information to flow at anywhere in anytime easily. Unfortunately, the network also becomes a great tool for the criminals to operate cybercrimes such as identity theft. To prevent the issue, using a very complex password is not a very encouraging method. Alternatively, keystroke dynamics helps the user to solve the problem. Keystroke dynamics is the information of timing details when a user presses a key or releases a key. A machine can learn a user typing behavior from the information integrate with a proper machine learning algorithm. In this paper, we have proposed mini-batch ensemble (MIBE) method which does the preprocessing on the original dataset and then produces multiple mini batches in the end. The mini batches are then trained by a machine learning algorithm. From the experimental result, we have shown the improvement of the performance for each base algorithm.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.5
• /
• pp.127-136
• /
• 2018

In this paper, we propose a PIN entry method that combines with machine learning technique on smartphone. We use not only a PIN but also touch time intervals and locations as factors to identify whether the user is correct or not. In the user registration phase, a remote server was used to train/create a machine learning model using data that collected from end-user device (i.e. smartphone). In the user authentication phase, the pre-trained model and the saved PIN was used to decide the authentication success or failure. We examined that there is no big inconvenience to use this technique (FRR: 0%) and more secure than the previous PIN entry techniques (FAR : 0%), through usability and security experiments, as a result we could confirm that this technique can be used sufficiently. In addition, we examined that a security incident is unlikely to occur (FAR: 5%) even if the PIN is leaked through the shoulder surfing attack experiments.

• The Journal of Korean Association of Computer Education
• /
• v.13 no.6
• /
• pp.91-98
• /
• 2010

NAC(Network Access Control) has been developed as a solution for the security of end-point user, to be a target computer of worm attack which does not use security patch of OS and install Anti-Virus, which spreads the viruses in the Intra-net. Currently the NAC products in market have a sufficient technology of pre-connect, but insufficient one of post-connect which detects the threats after the connect through regular authentication. Therefore NAC users have been suffered from Zero-day attacks and malware infection. In this paper, to solve the problems in the post-connect step we generate the normal behavior profiles using the traffic information of each host, host information through agent, information of open port and network configuration modification through network scanner addition to authentication of host and inspection of policy violation used before. Based on these we propose the system to detect the hosts infected malware.

• Journal of Korea Multimedia Society
• /
• v.21 no.12
• /
• pp.1473-1480
• /
• 2018

The extraction and recognition of human motion characteristics need to combine biometrics to determine and judge human behavior in the movement and distinguish individual identities. The so-called biometric technology, the specific operation is the use of the body's inherent biological characteristics of individual identity authentication, the most noteworthy feature is the invariance and uniqueness. In the past, the behavior recognition technology based on the single characteristic was too restrictive, in this paper, we proposed a mixed feature which combined global silhouette feature and local optical flow feature, and this combined representation was used for human action recognition. And we will use the KTH database to train and test the recognition system. Experiments have been very desirable results.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.10
• /
• pp.512-519
• /
• 2005

E-BLP security model considers the reliability of the processes that are real subjects in systems. This paper deals with the implementation of the E-BLP model for secure embedded systems. Implemented EBSM(E-BLP Based Security Module) consists of three components: identification and authentication, access control and BRC(Dynamic Reliability Check) that checks the process behavior dynamically. Access Control of EBSM ensures unreliable processes not to access the sensitive objects and the DRC detects the buffer overflow attack by normal user. Besides, the performance overhead of the embedded system applying the EBSM is introduced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.181-192
• /
• 2013

There have been various techniques to detect and control document leakage; however, most techniques concentrate on document leakage by outsiders. There are rare techniques to detect and monitor document leakage by insiders. In this study, we observe user's document reading behavior to detect and control document leakage by insiders. We make each user's document reading patterns from attributes gathered by a logger program running on Microsoft Word, and then we apply the proposed system to help determine whether a current user who is reading a document matches the true user. We expect that our system based on document reading behavior can effectively prevent document leakage.

• The KIPS Transactions:PartD
• /
• v.11D no.5
• /
• pp.1095-1104
• /
• 2004

An electronic services which are based on Internet/Intranet business transactions are available to e-market places and get the broader business concepts. Component-based e-commerce technology is a recent trend towards resolving the e-commerce chanange at both system and ap-plication levels. The basic capabilities of component based systems should include the plug and play features at various granularities, interoper-ability across networks and mobility in various networking environments. E-business application developers are attempting to more towards web-service as a mechanism for developing component-based web-applications. Traditional process and development models are inadequately architectured to meet the rapidly evolving needs for the future of scalable web services. In this thesis, we focus specifically on the issues of e-business system architecture based on web service for establishing e-business system. We specifies and identifies design pattern for applying e-business domain in the context of multiple entities. We investigate prototype and frameworks to develope components for e-business application based suggested process. We present a worked example to demonstrate the behavior of Customer Authentication System(CAS) development with component and recommend process. Final]Y, we indicate and view on future directions in component-based development in the context of electronic business.