• Journal of KIISE:Databases
• /
• v.31 no.6
• /
• pp.567-584
• /
• 2004

As XML becomes popular as the way of presenting information on the web, how to secure XML data becomes an important issue. So far study on XML security has focused on security of data communications by using digital sign or encryption technology. But, it now requires not just to communicate secure XML data on communication but also to manage query process to access XML data since XML data becomes more complicated and bigger. We can manage XML data queries by access control technique. Right now current XML data access control only deals with read operation. This approach has no option to process update XML queries. In this paper, we present XML access control model and technique that can support both read and update operations. In this paper, we will propose the operation for XML document update. Also, We will define action type as a new concept to manage authorization information and process update queries. It results in both minimizing access control steps and reducing memory cost. In addition, we can filter queries that have no access rights at the XML data, which it can reduce unnecessary tasks for processing unauthorized query. As a result of the performance evaluation, we show our access control model is proved to be better than other access control model in update query. But it has a little overhead to decide action type in select query.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.901-909
• /
• 2021

Since mobile devices have limited computational resources, it tends to use the cloud to compute or store data. As real-time becomes more important due to 5G, many studies have been conducted on edge clouds that computes at locations closer to users than central clouds. The farther the user's physical distance from the edge cloud connected to base station is, the slower the network transmits. So applications should be migrated and re-run to nearby edge cloud for smooth service use. We run applications in docker containers, which is independent of the host operating system and has a relatively light images size compared to the virtual machine. Existing migration studies have been experimented by using network simulators. It uses fixed values, so it is different from the results in the real-world environment. In addition, the method of migrating images through shared storage was used, which poses a risk of packet content exposure. In this paper, Containers are migrated with Secure CoPy(SCP) method, a data encryption transmission, by establishing an edge computing environment in a real-world environment. It compares migration time with Network File System, one of the shared storage methods, and analyzes network packets to verify safety.

• Journal of IKEEE
• /
• v.23 no.2
• /
• pp.438-447
• /
• 2019

As the IoT-based hyper-connected society grows, public-key cryptosystem such as RSA is frequently used for encryption, authentication, and digital signature. Public-key cryptosystem use very large (safe) prime numbers to ensure security against malicious attacks. Even though the performance of the device has greatly improved, the generation of a large (safe)prime is time-consuming or memory-intensive. In this paper, we propose ET-MR and ET-MR-MR using Euler sieve so it runs faster while using less memory. We present a running time prediction model by probabilistic analysis and compare time and memory of our method with conventional methods. Experimental results show that the difference between the expected running time and the measured running time is less than 4%. In addition, the fastest running time of ET-MR is 36% faster than that of TD-MR, 8.5% faster than that of DT-MR and the fastest running time of ET-MR-MR is 65.3% faster than that of TD-MR-MR and similar to that of DT-MR-MR. When k=12,381, the memory usage of ET-MR is 2.7 times more than that of DT-MR but 98.5% less than that of TD-MR and when k=65,536, the memory usage of ET-MR-MR is 98.48% less than that of TD-MR-MR and 92.8% less than that of DT-MR-MR.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1115-1130
• /
• 2020

Modern vehicles are equipped with a number of ECUs(Electronic Control Units), and ECUs can control vehicles efficiently by communicating each other through CAN(Controller Area Network). However, CAN bus is known to be vulnerable to cyber attacks because of the lack of message authentication and message encryption, and access control. To find these security issues related to vehicle hacking, CAN Fuzzing methods, that analyze the vulnerabilities of ECUs, have been studied. In the existing CAN Fuzzing methods, fuzzing inputs are randomly generated without considering the structure of CAN messages transmitted by ECUs, which results in the non-negligible fuzzing time. In addition, the existing fuzzing solutions have limitations in how to monitor fuzzing results. To deal with the limitations of CAN Fuzzing, in this paper, we propose a Non-Random CAN Fuzzing, which consider the structure of CAN messages and systematically generates fuzzing input values that can cause malfunctions to ECUs. The proposed Non-Random CAN Fuzzing takes less time than the existing CAN Fuzzing solutions, so it can quickly find CAN messages related to malfunctions of ECUs that could be originated from SW implementation errors or CAN DBC(Database CAN) design errors. We evaluated the performance of Non-Random CAN Fuzzing by conducting an experiment in a real vehicle, and proved that the proposed method can find CAN messages related to malfunctions faster than the existing fuzzing solutions.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.12
• /
• pp.453-460
• /
• 2022

As high-performance quantum computers are expected to be developed, studies are being actively conducted to build a post-quantum security system that is safe from potential quantum computer attacks. When the Grover's algorithm, a representative quantum algorithm, is used to search for a secret key in a symmetric key cryptography, there may be a safety problem in that the security strength of the cipher is reduced to the square root. NIST presents the post-quantum security strength estimated based on the cost of the Grover's algorithm required for an attack of the cryptographic algorithm as a post-quantum security requirement for symmetric key cryptography. The estimated cost of Grover's algorithm for the attack of symmetric key cryptography is determined by the quantum circuit complexity of the corresponding encryption algorithm. In this paper, the quantum circuit of the SCHWAEMM algorithm, AEAD family of SPARKLE, which was a finalist in NIST's lightweight cryptography competition, is efficiently implemented, and the quantum cost to apply the Grover's algorithm is analyzed. At this time, the cost according to the CDKM ripple-carry adder and the unbounded Fan-Out adder is compared together. Finally, we evaluate the post-quantum security strength of the lightweight cryptography SPARKLE SCHWAEMM algorithm based on the analyzed cost and NIST's post-quantum security requirements. A quantum programming tool, ProjectQ, is used to implement the quantum circuit and analyze its cost.

• Journal of Software Assessment and Valuation
• /
• v.15 no.2
• /
• pp.111-119
• /
• 2019

The existing smart grid device authentication system is concentrated on DCU, meter reading FEP and MDMS, and the authentication system for smart meters is not established. Although some cryptographic chips have been developed at present, it is difficult to complete the PKI authentication scheme because it is at the low level of simple encryption. Unlike existing power grids, smart grids are based on open two-way communication, increasing the risk of accidents as information security vulnerabilities increase. However, PKI is difficult to apply to smart meters, and there is a possibility of accidents such as system shutdown by sending manipulated packets and sending false information to the operating system. Issuing an existing PKI certificate to smart meters with high hardware constraints makes authentication and certificate renewal difficult, so an ultra-lightweight password authentication protocol that can operate even on the poor performance of smart meters (such as non-IP networks, processors, memory, and storage space) was designed and implemented. As a result of the experiment, lightweight cryptographic authentication protocol was able to be executed quickly in the Cortex-M3 environment, and it is expected that it will help to prepare a more secure authentication system in the smart grid industry.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.113-123
• /
• 2023

This paper introduces the Cherry system, a user-independent blockchain donation system. This is a procedure that is delivered to the beneficiary's bank account through a virtual account when a donor makes a donation, so there is no difference from the existing donation delivery method from the user's point of view However, within the blockchain, Cherry Points, a virtual currency based on the user ID, are issued and delivered to the beneficiary, while all transactions and the beneficiary's usage history are managed on the blockchain. By adopting this method, there was an improvement in blockchain performance, with transaction processing exceeding 1,000 TPS in typical transaction condition and service completion within 21.3 seconds. By applying the automatic influence control algorithm to this system, the influence according to stake, which is an individual donation, is greatly reduced to 0.3 after 2 months, thereby concentrating influence could be controlled automatically. In addition, it was designed to enable micro tracking by adding a tracking function by timestamp to the donation ledger for each individual ID, which greatly improved the transparency in the use of donations. From a service perspective, existing blockchain donation systems were handled as limited donation delivery methods. Since it is a direct service in a user-independent method, convenience has been greatly improved by delivering donations in various forms.

• Journal of Intelligence and Information Systems
• /
• v.17 no.2
• /
• pp.97-107
• /
• 2011

Nowadays there are a lot of issues about copyright infringement in the Internet world because the digital content on the network can be copied and delivered easily. Indeed the copied version has same quality with the original one. So, copyright owners and content provider want a powerful solution to protect their content. The popular one of the solutions was DRM (digital rights management) that is based on encryption technology and rights control. However, DRM-free service was launched after Steve Jobs who is CEO of Apple proposed a new music service paradigm without DRM, and the DRM is disappeared at the online music market. Even though the online music service decided to not equip the DRM solution, copyright owners and content providers are still searching a solution to protect their content. A solution to replace the DRM technology is digital audio watermarking technology which can embed copyright information into the music. In this paper, the author proposed a new audio watermarking algorithm with two approaches. First, the watermark information is generated by two dimensional barcode which has error correction code. So, the information can be recovered by itself if the errors fall into the range of the error tolerance. The other one is to use chirp sequence of CDMA (code division multiple access). These make the algorithm robust to the several malicious attacks. There are many 2D barcodes. Especially, QR code which is one of the matrix barcodes can express the information and the expression is freer than that of the other matrix barcodes. QR code has the square patterns with double at the three corners and these indicate the boundary of the symbol. This feature of the QR code is proper to express the watermark information. That is, because the QR code is 2D barcodes, nonlinear code and matrix code, it can be modulated to the spread spectrum and can be used for the watermarking algorithm. The proposed algorithm assigns the different spread spectrum sequences to the individual users respectively. In the case that the assigned code sequences are orthogonal, we can identify the watermark information of the individual user from an audio content. The algorithm used the Walsh code as an orthogonal code. The watermark information is rearranged to the 1D sequence from 2D barcode and modulated by the Walsh code. The modulated watermark information is embedded into the DCT (discrete cosine transform) domain of the original audio content. For the performance evaluation, I used 3 audio samples, "Amazing Grace", "Oh! Carol" and "Take me home country roads", The attacks for the robustness test were MP3 compression, echo attack, and sub woofer boost. The MP3 compression was performed by a tool of Cool Edit Pro 2.0. The specification of MP3 was CBR(Constant Bit Rate) 128kbps, 44,100Hz, and stereo. The echo attack had the echo with initial volume 70%, decay 75%, and delay 100msec. The sub woofer boost attack was a modification attack of low frequency part in the Fourier coefficients. The test results showed the proposed algorithm is robust to the attacks. In the MP3 attack, the strength of the watermark information is not affected, and then the watermark can be detected from all of the sample audios. In the sub woofer boost attack, the watermark was detected when the strength is 0.3. Also, in the case of echo attack, the watermark can be identified if the strength is greater and equal than 0.5.