• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.7
• /
• pp.2667-2682
• /
• 2015

Due to the wide application of face recognition (FR) in information security, surveillance, access control and others, it has received significantly increased attention from both the academic and industrial communities during the past several decades. However, partial face occlusion is one of the most challenging problems in face recognition issue. In this paper, a novel method based on linear regression-based classification (LRC) algorithm is proposed to address this problem. After all images are downsampled and divided into several blocks, we exploit the evaluator of each block to determine the clear blocks of the test face image by using linear regression technique. Then, the remained uncontaminated blocks are utilized to partial occluded face recognition issue. Furthermore, an improved Distance-based Evidence Fusion approach is proposed to decide in favor of the class with average value of corresponding minimum distance. Since this occlusion removing process uses a simple linear regression approach, the completely computational cost approximately equals to LRC and much lower than sparse representation-based classification (SRC) and extended-SRC (eSRC). Based on the experimental results on both AR face database and extended Yale B face database, it demonstrates the effectiveness of the proposed method on issue of partial occluded face recognition and the performance is satisfactory. Through the comparison with the conventional methods (eigenface+NN, fisherfaces+NN) and the state-of-the-art methods (LRC, SRC and eSRC), the proposed method shows better performance and robustness.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.112-114
• /
• 2005

센서 네트워크는 많은 수의 센서 노드들로 구성된 네트워크로 센서를 통해 주변 정보를 감지하고 감지된 정보를 수집하고 처리한다. 센서 네트워크는 그 적용 분야가 광범위하여, 그에 따른 보안요구사항 또한 다양하다. 교량 감시에 사용되는 센서들의 특징은 교량에 일정한 간격으로 고정되어 위치하여 센서이동이 거의 없는 고정된 센서 네트워크를 형성하게 된다. 따라서, 이러한 특징을 고려한 보안프로토콜의 개발이 필요하다. 본 논문에서는 교량 감시에 사용되는 센서 네트워크와 같이 고정된 센서들로 이루어진 네트워크상에서의 보안 요구사항을 분석하고 이를 만족시킬 수 있는 보안 프로토콜을 제시한다.

• Journal of Communications and Networks
• /
• v.12 no.6
• /
• pp.592-599
• /
• 2010

In recent years, significant improvements have been made to the techniques used for analyzing satellite communication and attacking satellite systems. In 2003, a research team at Los Alamos National Laboratory, USA, demonstrated the ease with which civilian global positioning system (GPS) spoofing attacks can be implemented. They fed fake signals to the GPS receiver so that it operates as though it were located at a position different from its actual location. Moreover, Galileo in-orbit validation element A and Compass-M1 civilian codes in all available frequency bands were decoded in 2007 and 2009. These events indicate that cryptography should be used in addition to the coding technique for secure and authenticated satellite communication. In this study, we address this issue by using an authenticated key-exchange protocol to build a secure and authenticated communication channel for satellite communication. Our protocol uses identity-based cryptography. We also prove the security of our protocol in the extended Canetti-Krawczyk model, which is the strongest security model for authenticated key-exchange protocols, under the random oracle assumption and computational Diffie-Hellman assumption. In addition, our protocol helps achieve high efficiency in both communication and computation and thus improve security in satellite communication.

• Proceedings of the KAIS Fall Conference
• /
• 2011.12b
• /
• pp.558-561
• /
• 2011

본 논문은 임베디드 타겟 보드의 시스템을 활용하여 웹서버를 운용하고, 웹페이지를 통해 임베디드타겟 보드 내의 신호를 제어할 수 있도록 제작한 신호 감지 시스템을 통해 제어 신호를 받아 실제 작동여부를 확인할 수 있는 조형물을 구성하였다. 또한, Linux 커널을 컴파일하여 포팅한 임베디스 시스템과 Linux OS기반의 인증 서버를 구축하여 안전한 홈 시스템의 보안접근 제어가 가능하도록 하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.4
• /
• pp.24-36
• /
• 1997

본 논문에서는 기밀 통신 시스템에서의 지연 분석을 위해 대기 이론ㅇ르 이용하여 시큐리티와 성능사이의 tradeoff를 정량화하고, 시큐리티 메커니즘과 프로토콜에 의해 야기된 지연을 줄이기 위한 최적화기법으로 전처리, 메시지의 분할과 압축, 압축과 암호의 통합, 사용자 인증과 접근 제어의 통합을 고려한다. 그리고, 시큐리티 서비스를 제공하기 위한 시큐리티 메커니즘으로 DES를 이용한 경우, RAS 의 디지털 서명, IDEA와 RSA의 결합을 고려하고, 각각에 대해 대개 이론의 M/M/1모델, M/E/1모델, M/H/1 모델을 적용하여 컴퓨터 시뮬레이션을 통해 평균 지연을 분석한다.

• The Journal of Information Systems
• /
• v.14 no.3
• /
• pp.1-8
• /
• 2005

This paper formally defines a role-driven security and access control model of a business process in order eventually to provide a theoretical basis for realizing the secured business process management systems. That is, we propose a graphical representation and formal description of the mechanism that generates a set of role-driven security and access control models from a business process modeled by the information control net(ICN) modeling methodology that is a typical business process modeling approach for defining and specifying business processes. Based upon the mechanism, we are able to design and accomplish a secured business process management system that provides an unified resource access control mechanism of the business process management engine domain's and the application domain's. Finally, we strongly believe that the secured access control policies from the role-driven security and access control model can be easily transformed into the RBAC(Role-based Access Control) model that is a standardized security technology for computer and communications systems of commercial and civilian government organizations.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.615-625
• /
• 2009

Worldwide inter-operability for microwave access (WiMAX) is a promising technology that provides high data throughput with low delays for various user types and modes of operation. While much research had been conducted on physical and MAC layers, little attention has been paid to a comprehensive and efficient security solution for WiMAX. We propose a hybrid security solution combining identity-based cryptography (IBC) and certificate based approaches. We provide detailed message exchange steps in order to achieve a complete security that addresses the various kind of threats identified in previous research. While attaining this goal, efficient fusion of both techniques resulted in a 53% bandwidth improvement compared to the standard's approach, PKMv2. Also, in this hybrid approach, we have clarified the key revocation procedures and key lifetimes. Consequently, to the best of knowledge our approach is the first work that unites the advantages of both techniques for improved security while maintaining the low overhead forWiMAX.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.2
• /
• pp.751-765
• /
• 2012

Key establishment protocols are fundamental for establishing secure communication channels over public insecure networks. Security must be given the topmost priority in the design of a key establishment protocol. In this work, we provide a security analysis on two recent key establishment protocols: Harn and Lin's group key transfer protocol and Dutta and Barua's group key agreement protocol. Our analysis shows that both the Harn-Lin protocol and the Dutta-Barua protocol have a flaw in their design and can be easily attacked. The attack we mount on the Harn-Lin protocol is a replay attack whereby a malicious user can obtain the long-term secrets of any other users. The Dutta-Barua protocol is vulnerable to an unknown key-share attack. For each of the two protocols, we present how to eliminate their security vulnerabilities. We also improve Dutta and Barua's proof of security to make it valid against unknown key share attacks.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.8
• /
• pp.67-76
• /
• 2019

Along with the diversification of digital content services using wired/wireless networks, the market for the construction of base systems is growing rapidly. Cloud computing services are recognized for a reasonable cost of service and superior system operations. Cloud computing is convenient as far as system construction and maintenance are concerned; however, owing to the security risks associated with the system construction of actual cloud computing service, the ICT(Information and Communications Technologies) market is lacking regardless of its many advantages. In this paper, we conducted an experiment on a cloud computing security enhancement model to strengthen the security aspect of cloud computing and provide convenient services to the users. The objective of this study is to provide secure services for system operation and management while providing convenient services to the users. For secure and convenient cloud computing, a single sign-on (SSO) technique and a system access control technique are proposed. For user authentication using SSO, a security level is established for each user to facilitate the access to the system, thereby designing the system in such a manner that the rights to access resources of the accessed system are not abused. Furthermore, using a user authentication ticket, various systems can be accessed without a reauthorization process. Applying the security technique to protect the entire process of requesting, issuing, and using a ticket against external security threats, the proposed technique facilitates secure cloud computing service.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.11a
• /
• pp.873-876
• /
• 2005

무선 센서 네트워크 (Wireless Sensor Network)에서 기존에 존재하는 대부분의 보안 프로토콜들은 대칭적인 공유키(symmetric pairwise key) 설정에 기반하고 있다. 그러나 이러한 프로토콜들은 노드 전복 (node compromising), 그리고 과중한 트래픽의 문제점을 안고 있다. 더욱이, 대칭키 방법을 이용한 브로드캐스트 메시지 인증은 자원이 제약된 센서네트워크에서 적용하기에는 너무 복잡하다. 본 논문은 공개키를 이용한 공유키(Pairwise Key) 설정에 기반한 보안 프로토콜들을 제안한다. 특히 경량성을 위하여 타원 곡선 암호 (Ellptic Curve Cryptography)를 채택하였다. 제안 프로토콜은 공유키 설정과 브로드캐스트 메시지 인증을 위하여 각각 Elliptic Curve Diffie-Hellman (ECDH)과 Elliptic Curve Digital Signature Algorithm (ECDSA)를 이용한다. 더욱이, 분산된 rekeying 메커니즘 (decentralized rekeying mechanism)을 도입함으로써 TinySec 의 성능을 향상시킨다.