• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.387-396
• /
• 2003

Many studies have been done on secure kernel and encryption filesystem for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policy like ACL, MAC, RBAC and so on, but cannot protect user or system data from stealing backup media or disk itself. In addition to access control policy, there are many studies on encryption filesystem that encrypt file data within system level. However few studies have been done on combining access control policy and encryption filesystem. In this paper we proposed a new encryption filesystem that provides a transparency to the user by integrating encryption service into virtual filesystem layer within secure kernel that has various access control policies. Proposed encryption filesystem can provide a simple encryption key management architecture by using encryption keys based on classes of MAC policy and overcome a limit of physical data security of access control policy for stealing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1247-1260
• /
• 2021

For more efficient energy management of nodes in wireless sensor networks, research has been conducted on mobile sink nodes that deliver data from sensor nodes to server recently. UAV (Unmanned Aerial vehicle) is used as a representative mobile sink node. Also, most studies on UAV propose algorithms for calculating optimal paths and have produced rapid advances in the IoD (Internet of Drones) environment. At the same time, some papers proposed mutual authentication and secure key exchange considering nature of the IoD, which requires efficient creation of multiple nodes and session keys in security perspective. However, most papers that proposed secure communication in mobile sink nodes did not protect end-to-end data privacy. Therefore, in this paper, we propose integrated security model that authentication between mobile sink nodes and sensor nodes to securely relay sensor data to base stations. Also, we show informal security analysis that our scheme is secure from various known attacks. Finally, we compare communication overhead with other key exchange schemes previously proposed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.6
• /
• pp.1600-1619
• /
• 2023

Organizations and other institutions have recently started using cloud service providers to store and share information in light of the Internet of Things (IoT). The major issues with this storage are preventing unauthorized access and data theft from outside parties. The Block chain based Security Sharing scheme with Data Access Control (BSSDAC) was implemented to improve access control and secure data transaction operations. The goal of this research is to strengthen Data Access Control (DAC) and security in IoT applications. To improve the security of personal data, cypher text-Policy Attribute-Based Encryption (CP-ABE) can be developed. The Aquila Optimization Algorithm (AOA) generates keys in the CP-ABE. DAC based on a block chain can be created to maintain the owner's security. The block chain based CP-ABE was developed to maintain secures data storage to sharing. With block chain technology, the data owner is enhancing data security and access management. Finally, a block chain-based solution can be used to secure data and restrict who has access to it. Performance of the suggested method is evaluated after it has been implemented in MATLAB. To compare the proposed method with current practices, Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) are both used.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.4
• /
• pp.51-58
• /
• 2016

In the area of hotel and tourism sector, various research are analyzed using big data. Big data is being generated by any digital devices around us all the times. All the digital process and social media exchange produces the big data. In this paper, we analyzed the de-identification method of big data to use the personal information of hotel guests. Through the analysis of these big data, hotel can provide differentiated and diverse services to hotel guests and can improve the service and support the marketing of hotels. If the hotel wants to use the information of the guest, the private data should be de-identified. There are several de-identification methods of personal information such as pseudonymisation, aggregation, data reduction, data suppression and data masking. Using the comparison of these methods, the pseudonymisation is discriminated to the suitable methods for the analysis of information for the hotel guest. Also, among the pseudonymisation methods, the t-closeness was analyzed to the secure and efficient method for the de-identification of personal information in hotel.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.2
• /
• pp.123-131
• /
• 2009

Process Control Systems (PCSs) or Supervisory Control and Data Acquisition (SCADA) systems have recently been added to the already wide collection of wireless sensor networks applications. The PCS/SCADA environment is somewhat more amenable to the use of heavy cryptographic mechanisms such as public key cryptography than other sensor application environments. The sensor nodes in the environment, however, are still open to devastating attacks such as node capture, which makes designing a secure key management challenging. Recently, Nilsson et al. proposed a key management scheme for PCS/SCADA, which was claimed to provide forward and backward secrecies. In this paper, we define four different types of adversaries or attackers in wireless sensor network environments in order to facilitate the evaluation of protocol strength. We then analyze Nilsson et al. 's protocol and show that it does not provide forward and backward secrecies against any type of adversary model.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.107-118
• /
• 2019

Based on the Internet of Things technology, one of the core technologies of the fourth industrial revolution, our Ministry of Defense is also pushing to establish M-IoT in defense area to improve management efficiency, innovate military culture and strengthen military power. However, devices connected to the Military Internet of Things can be easily exposed to various of cyber threats as most of them are developed and with a focus on improving sensing and communication skills that collect and transmit data. And it is not easy to uniquely identify the numerous heterogeneous devices, and to establish a secure communication channel between devices or between devices and management servers. In this paper, based on PUF technology, we propose a novel key management scheme that can uniquely identify the various devices, and generate the secret keys needed for the establishment of a secure communication channel using non-replicable information generated by the PUF. We also analyze the efficiency of our proposed scheme through comparison with existing key management scheme and verify the logic and security using BAN Logic.

• Journal of Korea Multimedia Society
• /
• v.19 no.2
• /
• pp.291-299
• /
• 2016

To enhance network efficiency, named-data networking (NDN) implements data caching functionality on intermediate network nodes, and then the nodes directly respond to request messages for cached data. Through the processing of request messages in intermediate node, NDN can efficiently reduce the amount of network traffic, also solve network congestion problems near data sources. Also, NDN provides a data authenticate mechanism so as to prevent various Internet accidents caused from the absence of an authentication mechanism. Hence, through applying NDN to various smart IT convergence services, it is expected to efficiently control the explosive growth of network traffic as well as to provide more secure services. Basically, it is important factors of NDN which data is cached and where nodes caching data is located in a network topology. This paper first analyzes previous works caching content based on the popularity of the content. Then ii investigates the hitting rate of caches in each node of a network topology, and then propose an improved caching scheme based on the result of the analyzation. Finally, it evaluates the performance of the proposal.

• International journal of advanced smart convergence
• /
• v.5 no.4
• /
• pp.26-31
• /
• 2016

In a cloud computing environment, a cryptographic service allows an information owner to encrypt the information and send it to a cloud server as well as to receive and decode encrypted data from the server which guarantees the confidentiality of shared information. However, if an attacker gains a coded data and has access to an encryption key via cloud server, then the server will be unable to prevent data leaks by a cloud service provider. In this paper, we proposed a key management server which does not allow an attacker to access to a coded key of the owners and prevents data leaks by a cloud service provider. A key management server provides a service where a server receives a coded public key of an information user from an owner and delivers a coded key to a user. Using a key management server proposed in this paper, we validated that the server can secure the confidentiality of an encryption key of data owners and efficiently distribute keys to data users.

• Proceedings of the KSR Conference
• /
• 2005.11a
• /
• pp.605-611
• /
• 2005

System safety management to secure complicated system safety such as railway and nuclear includes various factors. Those are prevention of accidents, faults management, human factor, men-machine relation, organization factor, safety culture, quality/quantity safety performance goal, and safety regulations. To manage them, it is required that database which is based on most analysis is established. Therefore system safety could be controlled. This research defines data required to safety management, and that is aimed at deriving plans in order to establish them as database. To accomplish that, safety information management of other systems such as aviation and marine is reviewed. Also, the present conditions of available data in the filed of domestic railway are analysed, and then it provides plans for. establishing database to build up advanced railway system safety information management systems.

• The Transactions of the Korea Information Processing Society
• /
• v.2 no.4
• /
• pp.581-591
• /
• 1995

An MIB is the heart of a network management system and it stores all information that is necessary for network management. To operate networks safely, it is essential to control accesses to managed objects. This paper provides three-level architecture of managers so as to perform network management more efficiently in large networks. Moreover, mandatory access control(MAC) policy and role-based access control policy are adopted to ensure the secure access to the MIB. These policies are modeled by using the active object-oriented data model, which makes easy to map these access control models into the active object-oriented database.