• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.9_10
• /
• pp.441-451
• /
• 2008

Currently, the X.509 proxy certificate is widely used to delegate an entity's right to another entity in the computational grid environment. However it has two drawbacks: the potential security threat caused by intraceability of a delegation chain and the inefficiency caused by an interactive communication between the right grantor and the right grantee on the delegation protocol. To address these problems for computational grids, we propose a new delegation protocol without additional cost. We use an ID-based key generation technique to generate a proxy private key which is a means to exercise the delegated signing right. By applying the ID-based key generation technique, the proposed protocol has the delegation traceability and the non-interactive delegation property. Since the right delegation occurs massively in the computational grid environment, our protocol can contribute the security enhancement by providing the delegation traceability and the efficiency enhancement by reducing the inter-domain communication cost.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.115-125
• /
• 2001

Authentication and access control are essential requirements for the information security of distributed environment. Delegation is process whereby an initiator principal in a distributed environment authorizes another principal to carry out some functions on behalf of the former. Delegation of access rights also increases the availability of services offer safety in distributed environments. A delegation easily provides principal to grant privileges in the single domain with Role-Based Access Control(RBAC). But in the multi-domain, initiators who request delegation may require to limit the access right of their delegates with restrictions that are called delegate restriction to protect the abuse of privilege. In this paper, we propose the delegation view as function of delegation restrictions. Proposed delegation view model not only prevent over-exposure of documents from granting multiple step delegation to document sharing in multi-domain with RBAC infrastructure but also reduce overload of security administrator and communication.

• Journal of Korea Multimedia Society
• /
• v.9 no.3
• /
• pp.342-352
• /
• 2006

Nowadays, Computing environment is changing to ubiquitous. In such ubiquitous computing environments, entities expect to access resources and services at any time from anywhere. Therefore, tile wily how to establish trust relationship among previously unknown devices or resources is needed under such environments. In this paper, we firstly review a model to delegate the trust to communicating entities in ubiquitous environment and its security problems(e.g., malicious right-delegation and revocation of right-delegation). Then, we design a new model for secure delegation over communication entities which is based on two-party signature scheme, and implement it.

• 한국사회정책
• /
• v.20 no.3
• /
• pp.9-46
• /
• 2013

The degree of delegation related to the social security acts is involved in the candidate selection methods and the standing committee system. The social security acts with a small amount of delegation have an affinity with the bottom-up selection methods and the standing committee to guarantee long term in office. In Germany, the bottom-up selection method which guarantees the right of party members to nominate candidates and the standing committee to guarantee long term in office have an affinity with the Social Acts with less delegation. But the social security acts with a large number of delegation have an affinity with the top-down selection methods and the standing committee not to guarantee long term in office. In Korea, the top-down selection method in which the central headquarter of the party dominates the selection process, and the standing committee whose members are to be selected every two years have an affinity with the Social Security Acts with the excessive delegation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.2
• /
• pp.361-365
• /
• 2005

Proxy signature schemes which allows original signer to delegate proxy signer to sign message on its behalf have a considerable amount of interest from researchers since Mambo[1] and have found many practical applications such as distributed network, Grid computing and electronic commerce. Araki[6] extended them to multi-level proxy signature. But it could not satisfy some security requirement. In this paper we propose a protocol to delegate signing right to another entity for multi-level proxy signature. Our protocol do not require secure channel and guarantee that nobody is able to repudiate delegation or acceptance of signing right, it is impossible for anyone to generate signature except designed and original signer can withdraw the delegation before expiration if it is necessary.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.135-142
• /
• 2011

Recently, the strategy for N-screen service is in the spotlight along with the consumer's need to use contents regardless of time and place due to the rapid development of communication technology, which is meshing with the desire of service providers seeking a new business model. N-screen, as a screen-extension-concept service which enables consumers to continuously share and use contents in various equipments such as TV, computer and portable terminals, is an advanced type of 3-screen service strategy initially proposed by AT&T, an American telecommunication company. In the N-screen service for pay-contents, in order to support continuous screen changes to and from various equipments, temporary watching right should be given to the equipment intended for screen change. However, it is impossible to give the temporary watching right in the present broadcasting environment, adopting an access-control system. In this paper, the access-control technology being used for pay-contents in the present broadcasting environment and the reason for not being able to give temporary watching right, will be examined. After the examination, the solution for delegation of watching right by using an additional key on the basis of currently used access-control technology, will be proposed.

• The KIPS Transactions:PartC
• /
• v.19C no.1
• /
• pp.63-70
• /
• 2012

To ensure privacy of individual information in remote healthcare service, health data should be protected through a secure technology such as encryption scheme. Only user who delegated decryption right can access to sensitive health data and delegator needs capability for revocating access privilege. Recently, in ubiquitous environment, CP-ABTD(Ciphertext-Policy Attribute-Based Threshold Decryption with Flexible Delegation and Revocation of User Attributes) which extends CP-ABE(Ciphertext-Policy Attribute-Based Encryption) has been proposed for these requirements. In this paper, we construct remote healthcare monitoring system with delegation and revocation capability for attribute in CP-ABTD. Finally, we analyze collusion attack between users in our system.

• Strategy21
• /
• s.44
• /
• pp.291-322
• /
• 2018

This research aims to cast light upon security characteristics of the Peace Line, which have been underestimated. To understand maritime order and maritime security policy of the Republic of Korea between 1950 and 1970, it is necessary to analyze the Peace Line as line of defence and to investigate its character This research begins with analyzation of historical facts and investigation on security characteristics of the Peace Line. It goes further to examination of legal justification of the Peace Line, which was one of international legal issues of the period, principally regarding its security characteristics. As results of the study, it could be said that the security characteristics of the Peace Line was the line of defensive waters, which set its goal mainly to prevent infiltration of communist spies. The Peace Line had practical effect as it functioned as a base line of the ROK Navy to take anti-spy operation. At the early phase of the Korea-Japan Negotiation, the Korea delegation interpreted significance of the Peace Line passively. After abrogation of Clark Line, the delegation, however, became positive to maintain the Peace Line and its security characteristics. Security characteristics of the Peace Line was recognized again, as it became the base line of special maritime zone which was made in 1972. Through analysis on international law, it is concluded that the Peace Line was fair as a part of the right of self-defense against indirect aggression. North Korea attempted indirect aggression mainly from sea way, and these might undermine peace and cause urgent and unjust damage on the ROK. Thus the ROK's action of anti-spy operation through the Peace Line can be justifiable as considering the right of self-defence. Also the Peace Line accorded with principles of necessity, immediacy and proportionality. As it was argued on the above, the Peace Line as line of defence was one of the most significant factor in the ROK's maritime security history from the Hot war against communist forces to Cold war period after Korean War and must not be underestimated.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.287-294
• /
• 2003

Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.

• Korean Journal of Social Welfare
• /
• v.59 no.4
• /
• pp.137-162
• /
• 2007

In democracy basic rights such as political equality and participation through elections have been respected, opportunities of corporation and opposition have been guaranteed, and ability of self-learning and self-correction have been developed. These positive factors give preconditions for the welfare development in the democratic state. Because in this state adults get the suffrage and the open competition for official positions induces political parties use social policies as means to win the election. That is to say, political parties have an incentive to use various social policies to win the election. Democracy, therefore, has affinity with social policy. The affinity between democracy and social policy can be found also in Korea which was democratized in 1987. But, in Korea, the positive relationship between democracy and social policy is very weak due to the problem of constitutional structures. Korean Parliament usually enacts abstract social act and delegates the right to fill concrete contents of the social acts to the executive. Delegation itself has no problem, but excessive delegation is a problem since the executive can overuse its discretion as sacrificing the social rights of the citizen. In addition social consensus could not be achieved in this constitutional structures, which are a obstacle to establishing a political process in the Parliament to promote the welfare development through party competition. Excessive delegation should be reduced, and the Parliament should fill concrete contents of the social acts as exercising its legislative power more. Then a mechanism of welfare development can be launched in Korea.