• The Transactions of the Korea Information Processing Society
• /
• v.2 no.6
• /
• pp.891-902
• /
• 1995

To integrate both the OSI network and the TCP/IP internet, the application gateway that have the powerful and flexible paradigms has been used, but due to the micro-managements of the gateway produce the high costs and the long delay of communication in the case of emergency. The mechanism that maps the access control policies between two domains using the different security policies is needed. These problems are caused by integrating both domains with the different standards. In this paper, the application gateway that delegating to an agent the powerful and flexible services of the CMIP as well as the management functions were proposed. A proposed algorithm that delegates he management script to an gateway safely by capitalizing on the Diffie-Hellman's distribution method, and presents the security mechanism mediating the security policies for guaranteeing the secure communication between two domains using the different security policies.

• Journal of the Korea Convergence Society
• /
• v.7 no.1
• /
• pp.49-55
• /
• 2016

In a delegate authentication, a user can lend his/her own authentication data to the third parties to let them be authenticated instead of himself/herself. The user authentication schemes based on the memory of unique data such as password, are vulnerable to this type of attack. Biometric authentication could minimize the risk of delegate authentication since it uses the biometric data unique by each person. Group authentication scheme is used to prove that each group member belongs to the corresponding group. For applications such as an electronic voting or a mobile meeting where the number of group members is changing dynamically, a new group authentication method is needed to reflect the status of group in real time. In this paper, we propose biometric authentication based dynamic group signature scheme. The proposed scheme is composed of biometric key generation, group public key creation, group signature generation, group signature verification and member update protocols. The proposed member update protocol is secure against colluding attacks of existing members and could reflect group status in real time.

• Journal of Advanced Navigation Technology
• /
• v.12 no.5
• /
• pp.470-482
• /
• 2008

This paper propose role base access control model that use context information for ubiquitous environment. Concept of access control that use context information assigns permission that can approach in some information or object in part. And do so that can assigned user in part to it and acquire permission. So it can approach in information or object. Therefore, user approaches in information or object in assigned role, and the role that is allocated ro own is having. So, do so that can secure information or utilization of object safety. Proposa1 model investigated lacking restriction item in GEO-RBAC model. So, it considered that present new restriction condition and role conflict in various case. Also, to GEO-RBAC model proposed suitable model, analyzed old model's advantage, shortcoming. And it presented proposal model to GEO-RBAC because improving this.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.91-96
• /
• 2004

Proxy signature scheme based on delegation of warrant is studied in these days. Proxy signature is a signature scheme that the original signer delegates his signing warrant to the proxy signer, and the proxy signer creates a signature on behalf of the original signer. For using this scheme, the security for protecting from the forgeability or misuse is necessary, There are several security requirements for using the proxy signature schemes. In this paper we suggest the proxy-register protocol scheme that original signer registers to the verifier about the proxy related information. In our scheme, verifier verifies the signature that original signer creates about the proxy information and sets the warrant of proxy signer, validity period for proxy signature and some limitation. Finally, we will show the advantages of our suggestion by comparing with the previous proxy signature schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.439-448
• /
• 2015

IoT (Internet of Things) propels current networked communities into a advanced hyper-connected society/world where uniquely identifiable embedded computing devices are associated with the existing internet infrastructure. Therefore, the IoT services go beyond mere M2M (Machine-to-Machine communications) and should be able to empower users with more flexible communication capabilities over protocols, domains, and applications. In addition, The access control in IoT need a differentiated methods from the traditional access control to increase a security and dependability. In this paper, we describe implementation and design of the capability token based system for secure access control in IoT environments. In the proposed system, Authorities are symbolized into concepts of the capability tokens, and the access control systems manage the tokens, creation, (re)delegation and revocation. The proposed system is expected to decrease the process time of access control by using capability tokens.

• The Journal of the Korea Contents Association
• /
• v.11 no.1
• /
• pp.42-49
• /
• 2011

Proxy signature schemes are configured as proxy signers on behalf of their original signers can be allowed to sign messages. Basic security requirements of proxy signature schemes include the strong unforgeability and the verifiability of delegation. So far, a variety of proxy signature schemes that proved on individual basic security terms but not proved on compounded security terms are proposed. Especially the proposed proxy signature schemes based on RSA problem are proved vulnerable to an attacker with his own private key in terms of the impersonating attack. A unauthorized attacker can generate the proxy signature without the appointee's consent or authorization. In this paper, we propose a proxy signature scheme based on RSA problems and warrants that can be proved the security against the impersonating attack. The proposed proxy signature scheme is analyzed on the safety and compared in terms of efficiency with other proxy signature schemes.

• Journal of Broadcast Engineering
• /
• v.13 no.1
• /
• pp.53-61
• /
• 2008

Public Key Broadcast Encryption (PKBE) allows a sender to distribute a message to a changing set of users over an insecure channel. PKBE schemes should be able to dynamically exclude (i.e., revoke) a certain subset of users from decrypting a ciphertext, so that only remaining users can decrypt the ciphertext. Another important requirement is for the scheme to be forward-secrecy. A forward-secure PKBE (fs-PKBE) enables each user to update his private key periodically. This updated private key prevents an adversary from obtain the private key for certain past period, which property is particularly needed for pay-TV systems. In this paper, we present a fs-PKBE scheme where both ciphertexts and private keys are of $O(\sqrt{n})$ size. Our PKBE construction is based on Boneh-Boyen-Goh's hierarchical identity-based encryption scheme. To provide the forward-secrecy with our PKBE scheme, we again use the delegation mechanism for lower level identities, introduced in the BBG scheme. We prove chosen ciphertext security of the proposed scheme under the Bilinear Diffie-Hellman Exponent assumption without random oracles.

• Journal of Broadcast Engineering
• /
• v.18 no.5
• /
• pp.758-770
• /
• 2013

In a Broadcast Encryption System, a sender sends an encrypted message to a large set of receivers at once over an insecure channel and it enables only users in a target set to decrypt the message with their private keys. In 2005, Boneh et al. proposed a fully collusion-resistant public key broadcast encryption in which the ciphertext and the privatekey sizes are constant. In general, pairing-based broadcast encryption system is efficient in bandwidth and storing aspects than non-pairing based broadcast encryption system, however, it requires many computational costs that resource-constrained devices is not suit to be applied. In this paper, we propose a Broadcast Encryption scheme(called BEWD) that user can decrypt a ciphertext more efficiently. The scheme is based on Boneh et al.scheme. More precisely, it reduces receiver's computational costs by delegating pairing computation to a proxy server which computation is required to receiver in Boneh et al.scheme. Furthermore, the scheme enables a user to check if the proxy server compute correctly. We show that our scheme is secure against selective IND-RCCA adversaries under l-BDHE assumption.

• Journal of the Korean Institute of Landscape Architecture
• /
• v.51 no.1
• /
• pp.13-28
• /
• 2023

This study examines the process of project promotion in Busan, which introduced the private participation-type consultative body for the first time in the country in the promotion stage of the private-initiated park development project, and introduced flexible application of the system and differentiated policy elements in the implementation process, and examines the operational characteristics and we tried to analyze performance, etc. As a result of the analysis, first, the preferred bidder was selected by introducing a mixed method in the project method, which is an independent project method that cannot be seen in other local governments. Second, by specifying guidelines considering the characteristics of each park and detailed guidelines such as the location, area, and maximum height of non-park facilities, criteria for establishing a rational development plan utilizing regional identity and the basis of evaluation standards were laid. Third, in the project process, transparency was secured through the delegation-type roundtable, in which the private sector performs the functions and roles of key actors, thereby preventing disputes such as suspicion of preferential treatment. Fourth, in order to improve the quality of park facilities to be donated and to secure design adequacy, after approval of the implementation plan, a general planner was introduced and construction project management (design stage) services were performed to promote efficient implementation and specialization of luxury parks in the region. As a result, the city of Busan carried out the project efficiently by conserving 5 parks from sunset, a park area of 2.25km², and reducing land compensation and park construction costs by KRW 740 billion. Reinforcement of the public nature of the private-initiated park development project was suggested. However, due to the application of these systems and verification procedures, the project period is prolonged, and park services are delayed along with the financial burden on private operators.