• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.131-138
• /
• 2003

With the Internet winning a huge popularity, there rise urgent problems which are related to Network Security Managements such as Protecting Network and Communication from un-authorized user. Accordingly, Using Security equipments have been common lately such as Intrusion Detection Systems, Firewalls and VPNs. Those systems. however, operate in individual system which are independent to me another. Their usage are so limited according to their vendors that they can not provide a corporate Security Solution. In this paper, we present a Hierarchical Security Management Model which can be applicable to a Network Security Policies consistently. We also propose a Policy Negotiation Mechanism and a Prototype which help us to manage Security Policies and Negotiations easier. The results of this research also can be one of the useful guides to developing a Security Policy Server or Security Techniques which can be useful in different environments. This study also shows that it is also possible to improve a Security Characteristics as a whole network and also to support Policy Associations among hosts using our mechanisms.

• Journal of Digital Convergence
• /
• v.10 no.11
• /
• pp.419-425
• /
• 2012

In these days, the trends of home networking system is implementation of easily configured system with home security of emergency alarm and visitor verification services. In this paper, we implemented push server system based on Arduino of open source physical computation platform to verify visitors for the homes without home networking services. In the suggested system, visitor verification is performed in and out of home, and home access security of the system could be constructed with low-cost price by use of windows push server system and smart devices with alarm operation in corresponding to not allowed access trying.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.455-468
• /
• 2008

In this paper, we propose FAS model for establishing trust based on digital certificates in Grid security framework. The existing RBAC(Role Based Access Control) model is extended to provide permissions depending on the users‘ roles. The FAS model is designed for a system independent integrated Grid security by detailing and extending the fundamental architecture of user, role, and permission. FAS decides each user’s role, allocates access right, and publishes attribute certificate. FAS is composed of three modules: RDM, PCM, and CCM. The RDM decides roles of the user during trust negotiation process and improves the existing low level Grid security in which every single user maps a single shared local name. Both PCM and CCM confirm the capability of the user based on various policies that can restrict priority of the different user groups and roles. We have analyzed the FAS strategy with the complexity of the policy graph-based strategy. In particular, we focused on the algorithm for constructing the policy graph. As a result, the total running time was significantly reduced.

• International Journal of Contents
• /
• v.8 no.3
• /
• pp.79-82
• /
• 2012

In digital contents distribution environments, a user authentication is an important security primitive to allow only authenticated user to use right services by checking the validity of membership. For example, in Internet Protocol Television (IPTV) environments, it is required to provide an access control according to the policy of content provider. Remote user authentication and key agreement scheme is used to validate the contents accessibility of a user. We propose a novel user authentication scheme using smart cards providing a secure access to multimedia contents service. Each user is authenticated using a subset of attributes which are issued in the registration phase without revealing individual's identity. Our scheme provides the anonymous authentication and the various permissions according to the combination of attributes which are assigned to each user. In spite of more functionality, the result of performance analysis shows that the computation and communication cost is very low. Using this scheme, the security of contents distribution environments in the client-server model can be significantly improved.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.786-799
• /
• 2018

Recently, NFV has attracted attention as a next-generation network virtualization technology for hardware -independent and efficient utilization of resources. NFV is a technology that not only virtualize computing, server, storage, network resources based on cloud computing but also connect Multi-Tenant of VNFs, a software network function. Therefore, it is possible to reduce the cost for constructing a physical network and to construct a logical network quickly by using NFV. However, in NFV, when a new VNF is added to a running Tenant, authentication between VNFs is not performed. Because of this problem, it is impossible to identify the presence of Fake-VNF in the tenant. Such a problem can cause an access from malicious attacker to one of VNFs in tenant as well as other VNFs in the tenant, disabling the NFV environment. In this paper, we propose Auto-configurable Security Mechanism in NFV including authentication between tenant-internal VNFs, and enforcement mechanism of security policy for traffic control between VNFs. This proposal not only authenticate identification of VNF when the VNF is registered, but also apply the security policy automatically to prevent malicious behavior in the tenant. Therefore, we can establish an independent communication channel for VNFs and guarantee a secure NFV environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.1055-1057
• /
• 2013

Routers currently used in homes and institutions have a function of multiple computers to connect to the Internet with a single IP address. It is possible only through setting or establishing a separate operation in a used PC or server to function as a web/printer server, web hard, and P2P. In this paper, by utilizing the OpenWRT Linux-based through the construction of the Web server through a router OpenWRT of (Open Wireless Router) base, to build a server simple compact, low power consumption, low cost, to operate by reliability to provide Internet telephony and multimedia services high securely over the server security, which is based on the setting of policy and various firewall at the same time the configuration of the network utilizing OpenWRT router that can be enhanced, to construct a Web server through a router multi functional can receive the provision of services using the program PC and mobile APP.

• Journal of the Korea Convergence Society
• /
• v.7 no.1
• /
• pp.1-8
• /
• 2016

Cloud computing technology offers function that share each other computer resource, software and infra structure based on network. Virtualization is a very useful technology for operation efficiency of enterprise's server and reducing cost, but it can be target of new security threat when it is used without considering security. This paper proposes access control mechanism based on MAC(Mandatory Access Control) for cloud convergence that solve various problem that can occur in cloud environment. This mechanism is composed of set of state rules, security characteristics and algorithm. Also, we prove that the machine system with access control mechanism and an initial secure state is a secure system. This policy module of mechanism is expected to not only provide the maintenance but also provide secure resource sharing between virtual machines.

• The KIPS Transactions:PartD
• /
• v.10D no.7
• /
• pp.1155-1160
• /
• 2003

This paper applies RBAC policy for solving on the security problems when it will be operated several business on the distributed environments and designed Extended RBAC (ERBAC) model that it is possible to manage security systems on the distributed environments. The designed ERBAC model is based on RBAC96 model due to Sandu et al and added role delegations. Therefor, the designed ERBAC model have the advantage of the following . it can be processed of business without interrupts and implemented server system without modifying its source code, high migration, easy and simple of secure managing.

• Journal of Digital Convergence
• /
• v.16 no.12
• /
• pp.343-349
• /
• 2018

Electroencephalograph(EEG) information, which is an important data of brain science, reflects various levels of information from the molecular level to the behavior and cognitive stages, and the explosively amplified information is provided at each stage. Therefore, EEG information is an intrinsic privacy area of an individual, which is important information to be protected. In this paper, we apply spring security to web based system of spring MVC (Model, View, Control) framework to build independent and lightweight server system with powerful security system. Through the proposal of the platform type EEG analysis system which enhances the security function, the web service security of the EEG information is enhanced and the privacy of the EEG information can be protected.

• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.187-193
• /
• 2017

Objects Internet-based healthcare services provide healthcare and healthcare services, including measurement of user's vital signs, diagnosis and prevention of diseases, through a variety of object internet devices. However, there is a problem that new security vulnerability can occur when inter-working with the security weakness of each element technology because the internet service based on the object Internet provides a service by integrating various element technologies. In this paper, we propose a user privacy protection model that can securely process user's healthcare information from a third party when delivering healthcare information of users using wearable equipment based on IoT in a mobile environment to a server. The proposed model provides attribute values for each healthcare sensor information so that the user can safely handle, store, and store the healthcare information, thereby managing the privacy of the user in a hierarchical manner. As a result of the performance evaluation, the throughput of IoT device is improved by 10.5% on average and the server overhead is 9.9% lower than that of the existing model.