• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.33-38
• /
• 2013

Security between mobile nodes and efficient communication is one of the most important parts of the MANET. In particular, the wireless network is significantly higher for the attack threats because of collaborative structure for open communication media and communication. However, application of existing security mechanisms and intrusion detection system is not easy due to the characteristics of MANET. It is because collection and integration of adult data by the dynamic topology due to the mobility of nodes and many network sensors is difficult. In this study, we propose cooperative security system technique that can improve the reliability based on authentication assessing confidence about the whole nodes which joins to network and detect effectively this when intrusion occurs. Cluster head which manages the cluster performs CA role for the certificate issue and the gateway node performs role of intrusion detection system. Intrusion detection is performed by cooperating with neighboring nodes when attack is not detected in one intrusion detection node. The performance of the proposed method was confirmed through experiments comparing with the SRP technique.

• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.43-50
• /
• 2005

POS system that become that is supply net administration and computerization fetters of customer management that become point in istribution network constructed database and use XML-Encryption that is certificate techniques of PKI and standard of security for security that is XML's shortcoming and design distributed processing POS system using XML for data integration by introduction of Ubiquitous concept. This POS system has four advantages. First, Because there is no server, need not to attempt authentication and data transmission every time. Second, can integrate data base by XML and improve portability of program itself. Third, XML data in data transmission because transmit data after encryption data safe .Fourth, After encode whenever process data for data breakup anger of POS system client program and elevation of the processing speed, transmit at because gathering data at data transmission.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.10a
• /
• pp.701-704
• /
• 2007

Recently, More and more consumer enjoy the finance service such as settling, account transferring, stocks investment, and so via mobile device. In the mobile environment, data transferring between the devices is formatted as XML. However, the common XML file is exposed to the attack such as hacking and malignity code, to satisfy security of mobile environment is very difficult. The problem is more seriously at the open platform such as WIPI that is developed by our country. So there is enough reason to propose one system to protect the import data. In this paper, we development the system to digital signature and signature the XML document in order to protect data, and the system is observing the recommendation of the XML Signature Syntax and Processing by W3C. When designing and composition the system, we use the digital signature algorithm RSA, DSA, KCDSA, and HMAC, etc. we test the system at the open WIPI platform.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.13-31
• /
• 2023

Korean Government-PKI (GPKI) is a public-key infrastructure which provides authentication and security functions for information system used by central government, local governments, and public institutions of the Republic of Korea to provide their own administrative and public services. The current cryptosystem of GPKI was established in the early 2000s, and more than ten years have passed since the last improvement in 2010. Over the past decade or so, the information security, including cryptography, has undergone many changes and will continue to face many changes. Therefore, for the sustainable security of GPKI, it is necessary to review the security of the cryptosystem at this point. In this paper, we analyze the current status and the security of technologies and standards used in the system. We identify cryptographic algorithms with degraded security, international standards which are obsoleted or updated, and cryptographic parameters that should be revised for the high security level. And based on this, we make several suggestions on the reorganization of cryptographic algorithms and related technologies for the security enhancement of GPKI.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.781-793
• /
• 2014

A Public Key Infrastructure (PKI) is security standards to manage and use public key cryptosystem. A PKI is used to provide digital signature, authentication, public key encryption functionality on insecure channel, such as E-banking and E-commerce on Internet. A soft-token private key in PKI is leaked easily because it is stored in a file at standardized location. Also it is vulnerable to a brute-force password attack as is protected by password-based encryption. In this paper, we proposed a new method that detects private key compromise and is probabilistically secure against a brute-force password attack though soft-token private key is leaked. The main idea of the proposed method is to use a genuine signature key pair and (n-1) fake signature key pairs to make an attacker difficult to generate a valid signature with probability 1/n even if the attacker found the correct password. The proposed method provides detection and notification functionality when an attacker make an attempt at authentication, and enhances the security of soft-token private key without the additional cost of construction of infrastructure thereby extending the function of the existing PKI and SSL/TLS.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.205-214
• /
• 2013

The study of the compatibility of EPUB DRM, granted by the Korea Copyright Commission, as a CT R & D project (Project Title: Development of standard reference software technology for the International Standard EPUB-based eBook DRM) developed standards such as profile standards for encryption, digital signature and authentication certificates and standards for technical terms of rights information. In 2012, these four standards have been established as the Korean Industrial Standards under the names of 'Encryption specification for EPUB DRM', 'the Digital signature specification for EPUB DRM', 'the Certificate specification for EPUB DRM', and 'Definitions of Right Terms for EPUB DRM' through the ODPF(Open Digital Standardization Forum) and the TTA(Telecommunications Technology Association). In spite of the establishment of the eBook DRM standards, however, the absence of the standard technology which supports the compatibility for issues and changes of licenses makes it unable to use eBooks served by different eBook distributors. This study tries to investigate technological approaches to methods of license issues supporting eBook DRM compatibility on the basis of the above-mentioned four EPUB DRM standards and to provide an industrially accepted technological model.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.127-136
• /
• 2013

The study of the compatibility of EPUB DRM, granted by the Korea Copyright Commission, as a CT R & D project (Project Title: The Development of the standard reference software technology for International Standard EPUB-based eBook DRM) developed standards such as profile standards for encryption digital signature and authentication certificates and standards for technical terms of rights information. In 2012, these four standards have been established as the Korean Industrial Standards under the names of 'Encryption specification for EPUB DRM,' 'the Digital signature specification for EPUB DRM,' 'the Certificate specification for EPUB DRM,' and 'Definitions of Right Terms for EPUB DRM' through the ODPF(Open Digital Standardization Forum) and the TTA(Telecommunications Technology Association). The research project also proposed standards of ebook DRM license protocols in order for the four standards to practically apply to ebook DRM compatibility. It is necessary for technology standards to require a compatibility standard test process for testing whether implementations which were developed on the basis of the standard specification, comply with standards. This study suggests an automated compatible standard test method and a test model under the ebook DRM standard technical specification.