• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.3-17
• /
• 2007

Receiver access control scheme is proposed to protect multicast distribution tree from DoS(Denial-of Service) attack induced by unauthorized use of IGMP(Internet group management protocol), by extending the security-related functionality of IGMP. Based on a specific network and business model adopted for commercial deployment of IP multicast applications, key management scheme is also presented for bootstrapping the proposed access control as well as accounting and billing for CP(Content Provider), NSP(Network Service Provider), and group members.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.341-351
• /
• 2021

Recently, user-driven privacy control technology, such as distributed ID management, has been gaining attention. However, the existing blockchain-based access control studies have not provided a sufficient level of privacy control method to users. This paper proposes a method that combines permissioned blockchain technology and a recent privacy control standard. To allow users to participate in privacy control, a token-based user access control service that conforms to the UMA2 standard was applied to the blockchain dApp. By combining the blockchain and UMA2, the proposed method provides a user-centered privacy control function that the existing blockchain could not provide. In addition, we solved the problem of privacy, security, and availability of entities, which are the disadvantages of UMA2.

• Journal of Korea Multimedia Society
• /
• v.25 no.10
• /
• pp.1416-1432
• /
• 2022

The access control system is a system that allows users to selectively enter the building by granting an access key to the user for security. Access keys with weak security are easily exposed to attackers and cannot properly perform the role that authenticates users. Access code keys should be protected from forgery or spoofing. For this reason, access key verification service models is important in security. However, most models manage all access keys on one central server. This method not only interrupts all services due to server errors, but also risks forgery and spoofing in the process of transmitting access keys. Therefore, blockchain algorithms are used to reduce this risk. This paper proposes a blockchain-based access key verification service model that used distributed stored blockchain gateways on storing access keys and authenticates the user's identity based on them. To evaluate the performance of this model, an experiment was conducted to confirm the performance of the access key forgery recovery rate and the blockchain network performance. As a result, the proposed method is 100% forgery recovery rate, and the registration and verification process is evaluated at 387.58 TPS and 136.66 TPS.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.73-80
• /
• 2023

In this paper, a technology to protect important information from access in order to revitalize the cloud service market. A technology is proposed to solve the risk of leakage of important confidential and personal information stored in cloud systems, which is one of the various obstacles to the cloud service market. To protect important information, access control rights to cloud resources are granted to cloud service providers and general users. The system administrator has superuser authority to maintain and manage the system. Client computing services are managed by an external cloud service provider, and information is also stored in an external system. To protect important in-house information within the company, all users, it was designed to provide access authority with users including cloud service providers, only after they are authenticated. It is expected that the confidentiality of cloud computing resources and service reliability achieved through the proposed access control technology will contribute to revitalizing the cloud service market.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.147-155
• /
• 2003

The diffusion of internet infrastructure and a fast increase of Population to use it is becoming a base of the service that can use various information, data and digital contents which were provided through off-line physically and used. Recently, the. techniques for copy deterrence and copyright protection have been important in e-commerce because various contents in digital form can be duplicated easily. The Access Control(AC) technique that only a user having the qualifications can access and use contents normally has been studied. The Conditional Access System(CAS) used in a satellite broadcasting md Digital Right Management System(DRMS) used for contents service are representative models of current commercialized access control. The CAS and DRM can be considered as an access control technique based on the payment based type(PBT). This paper describe the access control method of payment free type(PFT) suggested in ［5］ which are independent on the payment structure. And then we suggest a new access control method of payment free type which is more efficient than the previous one.

• Journal of Institute of Control, Robotics and Systems
• /
• v.12 no.4
• /
• pp.405-410
• /
• 2006

This paper presents the design of a USB home controller and a home control system that specially is focused on controlling home appliances as a part of home network systems, the implementation of the USB device access class in an OSGi service platform and a home security system as an application. Designed USB home controllers are able to control various home appliances. They can be used not only to control big home appliances like a boiler but also to control small home appliances like a toaster because they are low-cost solutions. The USB home controller supports real time control using the interrupt transfer of the USB specification. And It is easy to use by homemakers who have no technical knowledge of the system because they just plug and unplug it in a home server then it automatically joins and leaves a home control system. This technique is based on hot-plug and the USB Device Access class in an OSGi Service Platform. The USB Device Access class supports the coordination of automatic detection and attachment of the USB home controller on an OSGi Service Platform, and it downloads and installs device drivers on demand. For an application, we implemented and tested a home security system using two USB home controllers and a CDMA module.

• Journal of the Korea Society for Simulation
• /
• v.14 no.2
• /
• pp.83-92
• /
• 2005

Access networks connected in B3G networks provide its property network service. Hence, though mobile users may utilize only a network service from an access network, they can also use variety of network services from several access networks for their service satisfaction. To support heterogeneous changeable network service in access networks, the mobile terminal must implement heterogeneous system techniques so that it is able to change the network service by ISHO (Inter-System Handover) In this paper, we present the ISHO condition by the policy-based framework in B3G networks. Also, we propose an ISHO scheme to control network resources for the QoS management of a mobile session between UMTS and WLAN access networks. To support the QoS management, the proposed scheme is that it will be implemented before the resource exhaustion occurs to effect network performances.

• Journal of Communications and Networks
• /
• v.14 no.6
• /
• pp.597-605
• /
• 2012

With the smart grid coming near, wide-area supervisory control and data acquisition (SCADA) becomes more and more important. However, traditional SCADA systems are not suitable for the openness and distribution requirements of smart grid. Distributed SCADA services should be openly composable and secure. Event-driven methodology makes service collaborations more real-time and flexible because of the space, time and control decoupling of event producer and consumer, which gives us an appropriate foundation. Our SCADA services are constructed and integrated based on distributed events in this paper. Unfortunately, an event-driven SCADA service does not know who consumes its events, and consumers do not know who produces the events either. In this environment, a SCADA service cannot directly control access because of anonymous and multicast interactions. In this paper, a distributed security framework is proposed to protect not only service operations but also data contents in smart grid environments. Finally, a security implementation scheme is given for SCADA services.

• Journal of KIISE:Information Networking
• /
• v.34 no.5
• /
• pp.405-422
• /
• 2007

Recently, according to the network environment, there are many researches for home network. Nowadays, in home network, the method that access control policy is managed for each home device by using ACL is popular, and EAM (Extranet access management) is applied as a solution. In addition, the research about secure OS is ongoing based on open operating system and the research of user authentication mechanisms for home network using home server is also in progress. However, these researches have some problems as follows; First, the transmission scope of expected access technology in home network is wide, so unauthenticated outside terminal can access the home network. Second, user is inconvenient because user need to set the necessary information for each device. Third, user privacy and convenience are not considered. OSGi provides a service platform for heterogeneous technologies in home network environment. Here, user access control is one of the core parts which should have no problems such as above items, but there are no concrete researches yet. Thus in this paper, we propose an access control policy management framework and access control operation based on RBAC for user access control in home network environment in which OSGi service platform is operated. First, we list the consideration which is not clearly mentioned in OSGi standard, and then we solve these above problems through new framework. In addition, we propose the effective and economical operation method which reduces the policy change frequency for user access control by using RBAC concept though limited resource of home gateway. Besides, in this paper, these proposed policies are defined separately as user-role assignment policy and permission-role assignment policy, and user decide their own policies. In conclusion, we provide the scheme to enhance the user convenience and to solve the privacy problem.

• Journal of Communications and Networks
• /
• v.15 no.6
• /
• pp.606-613
• /
• 2013

This paper proposes a complete solution of a contention-based medium access control in wireless local networks to provide station level quality of service guarantees in both downstream and upstream directions. The solution, based on the mature distributed coordination function protocol, includes a new fixed contention window backoff scheme, a tuning procedure to derive the optimal parameters, a super mode to mitigate the downstream bottleneck at the access point, and a simple admission control algorithm. The proposed system guarantees that the probability of the delay bound violation is below a predefined threshold. In addition, high channel utilization can be achieved at the same time. The numerical results show that the system has advantages over the traditional binary exponential backoff scheme, including efficiency and easy configuration.