• The KIPS Transactions:PartA
• /
• v.14A no.6
• /
• pp.333-340
• /
• 2007

In multi agent systems, various inter agent communication models have been proposed, and, especially, there are several group communication schemes proposed so far, where some schemes guarantees transparent communication among the agents. However, in mobile agent environments, we require new group communication schemes that consider topology changes caused by mobile agent migrations. Also, these group communication schemes should be secure in order for them to be practical. In this paper, we propose a secure group communication scheme using the hierarchical overlay ring structure of mobile agents. The proposed scheme uses the ring channel in order to cope adaptively with the change of ring topology. The ring channel has basic information for construction of the ring and is managed only by the mobile agent platforms. Therefore, each mobile agent need not directly handle the ring channel and it can perform group communication without any consideration on the change of the ring topology.

• Journal of Computing Science and Engineering
• /
• v.5 no.3
• /
• pp.223-235
• /
• 2011

Performing approximate data matching has always been an intriguing problem for both industry and academia. This task becomes even more challenging when the requirement of data privacy rises. In this paper, we propose a novel technique to address the problem of efficient privacy-preserving approximate record linkage. The secure framework we propose consists of two basic components. First, we utilize a secure blocking component based on phonetic algorithms statistically enhanced to improve security. Second, we use a secure matching component where actual approximate matching is performed using a novel private approach of the Levenshtein Distance algorithm. Our goal is to combine the speed of private blocking with the increased accuracy of approximate secure matching.

• The Journal of Society for e-Business Studies
• /
• v.2 no.1
• /
• pp.79-94
• /
• 1997

Commerce activities which are free form space and time constraint using a communication network are called Electronic Commerce(EC). Because of sending a commercial information using open network such as Internet in EC, they need the security of commerce information (payment information and purchase information), checking the integrity of transferring data and certifying all parts participated in commerce for a secure commerce. Recently Visa and MasterCard Co. released the Secure Electronic Transaction (SET) Protocol for secure payment card transaction on Internet. This paper proposes a Secure Electronic Commerce Transaction Model(SECTM) using SET in order to support the secure commerce on Internet. The proposed transaction model prevents merchant from abusing the cardholder's payment information (credit-card number etc.) and enables cardholder to shop securely in Electronic Shopping Mall.

• Journal of Information Processing Systems
• /
• v.6 no.1
• /
• pp.91-106
• /
• 2010

The rapid growth of communication and globalization has changed the software engineering process. Security has become a crucial component of any software system. However, software developers often lack the knowledge and skills needed to develop secure software. Clearly, the creation of secure software requires more than simply mandating the use of a secure software development lifecycle; the components produced by each stage of the lifecycle must be correctly implemented for the resulting system to achieve its intended goals. This study demonstrates that a more effective approach to the development of secure software can result from the integration of carefully selected security patterns into appropriate stages of the software development lifecycle to ensure that security designs are correctly implemented. The goal of this study is to provide developers with an Integrated Security Development Framework (ISDF) that can assist them in building more secure software.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1832-1853
• /
• 2018

The personal health record (PHR) system is a promising application that provides precise information and customized services for health care. To flexibly protect sensitive data, attribute-based encryption has been widely applied for PHR access control. However, escrow, exposure and abuse of private keys still hinder its practical application in the PHR system. In this paper, we propose a coordinated ciphertext policy attribute-based access control with user accountability (CCP-ABAC-UA) for the PHR system. Its coordinated mechanism not only effectively prevents the escrow and exposure of private keys but also accurately detects whether key abuse is taking place and identifies the traitor. We claim that CCP-ABAC-UA is a user-side lightweight scheme. Especially for PHR receivers, no bilinear pairing computation is needed to access health records, so the practical mobile PHR system can be realized. By introducing a novel provably secure construction, we prove that it is secure against selectively chosen plaintext attacks. The analysis indicates that CCP-ABAC-UA achieves better performance in terms of security and user-side computational efficiency for a PHR system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.3
• /
• pp.69-77
• /
• 2010

Authentication and key establishment are fundamental procedures to establish secure communications over public insecure network. A password-based scheme is common method to provide authentication. In 2008, Khan proposed an efficient password-based authentication scheme using smart cards to solve the problems inherent in Wu-Chieu's authentication scheme. As for security, Khan claimed that his scheme is secure and provides mutual authentication between legal users and a remote server. In this paper, we demonstrate Khan's scheme to be vulnerable to various attacks, i. e., password guessing attack, insider attack, reflection attack and forgery attack. Our study shows that Khan's scheme does not provide mutual authentication and is insecure for practical applications. This paper proposes an improved scheme to overcome these problems and to preserve user anonymity that is an issue in e-commerce applications.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.7
• /
• pp.1064-1068
• /
• 2002

In this paper, we introduce a hyper-chaos synchronization method using State-Controlled Cellular Neural Network(SC-CNN). We make a hyper-chaos circuit using SC-CNN with the n-double scroll. A hyper-chaos circuit is created by applying identical n-double scrolls with weak coupled method, to each cell. Hyper-chaos synchronization was achieved using drive response synchronization between the transmitter and receiver about each state in the SC-CNN. From the result of the recovery signal through the demodulation method in the receiver, We shown that recovery quality of state variable $$\chi$_3$ is superior to that of ${$\chi$_2}, {$\chi$_1}$ in secure communication.

• ETRI Journal
• /
• v.33 no.5
• /
• pp.791-801
• /
• 2011

Security in wireless sensor networks (WSNs) is an upcoming research field which is quite different from traditional network security mechanisms. Many applications are dependent on the secure operation of a WSN, and have serious effects if the network is disrupted. Therefore, it is necessary to protect communication between sensor nodes. Key management plays an essential role in achieving security in WSNs. To achieve security, various key predistribution schemes have been proposed in the literature. A secure key management technique in WSN is a real challenging task. In this paper, a novel approach to the above problem by making use of elliptic curve cryptography (ECC) is presented. In the proposed scheme, a seed key, which is a distinct point in an elliptic curve, is assigned to each sensor node prior to its deployment. The private key ring for each sensor node is generated using the point doubling mathematical operation over the seed key. When two nodes share a common private key, then a link is established between these two nodes. By suitably choosing the value of the prime field and key ring size, the probability of two nodes sharing the same private key could be increased. The performance is evaluated in terms of connectivity and resilience against node capture. The results show that the performance is better for the proposed scheme with ECC compared to the other basic schemes.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.11
• /
• pp.2381-2390
• /
• 2011

This paper presents the effective and detailed secure monitoring method being used based on Secure OS. For this, the detailed secure log of process, object, user's command and database query in task server are collected by 3 kinds of log collecting module. The log collecting modules are developed by ourselves and contained as constituents of security system. Secure OS module collects process and system secure log of objective unit, Backtracker module collects user's command session log, SQLtracker module collects database query in details. When a system auditor monitors and traces the behaviour of specified user or individual user, the mutual connection method between the secure logs can support detailed auditing and monitering effectively.

• Proceedings of the IEEK Conference
• /
• 1998.06a
• /
• pp.66-69
• /
• 1998

The synchronous stream cipher has the advantage that one bit error in the ciphertext only affects the corresponding bit in the plaintext, but it requires the perfect synchronization between encryptor and decryptor. For synchronization, a periodic resynchronization has been used in many applications. In this paper, we propose the periodic resynchronization scheme for radio secure communication and evaluate the performances according to the period of sync pattern and session key under radio channel environment having 10-2~ 10-6 BER.