• Title/Summary/Keyword: Shared Authentication

Search Result 100, Processing Time 0.023 seconds

A Design of AES-based WiBro Security Processor (AES 기반 와이브로 보안 프로세서 설계)

  • Kim, Jong-Hwan;Shin, Kyung-Wook
    • Journal of the Institute of Electronics Engineers of Korea SD
    • /
    • v.44 no.7 s.361
    • /
    • pp.71-80
    • /
    • 2007
  • This paper describes an efficient hardware design of WiBro security processor (WBSec) supporting for the security sub-layer of WiBro wireless internet system. The WBSec processor, which is based on AES (Advanced Encryption Standard) block cipher algorithm, performs data oncryption/decryption, authentication/integrity, and key encryption/decryption for packet data protection of wireless network. It carries out the modes of ECB, CTR, CBC, CCM and key wrap/unwrap with two AES cores working in parallel. In order to achieve an area-efficient implementation, two design techniques are considered; First, round transformation block within AES core is designed using a shared structure for encryption/decryption. Secondly, SubByte/InvSubByte blocks that require the largest hardware in AES core are implemented using field transformation technique. It results that the gate count of WBSec is reduced by about 25% compared with conventional LUT (Look-Up Table)-based design. The WBSec processor designed in Verilog-HDL has about 22,350 gates, and the estimated throughput is about 16-Mbps at key wrap mode and maximum 213-Mbps at CCM mode, thus it can be used for hardware design of WiBro security system.

Design and Implementation of Permission Delegation in Role-Based Access Control Model (권한의 위임을 위한 역할-기반 접근 제어 모델의 설계 및 구현)

  • 나상엽
    • Convergence Security Journal
    • /
    • v.3 no.2
    • /
    • pp.1-10
    • /
    • 2003
  • In the distributed-computing environment, applications or users have to share resources and communicate with each other in order to perform their jobs more efficiently. In this case, it is important to keep resources and information integrity from the unexpected use by the unauthorized user. Therefore, there is a steady increase in need for a reasonable way to authentication and access control of distributed-shared resources. In RBAC, there are role hierarchies in which a higher case role can perform permissions of a lower case role. No vise versa. Actually, however, it is necessary for a lower case role to perform a higher case role's permission, which is not allowed to a lower case role basically. In this paper, we will propose a permission delegation method, which is a permission delegation server, and a permission delegation protocols with the secret key system. As the result of a permission delegation, junior roles can perform senior role's permissions or senior role itself on the exceptional condition in a dedicated interval.

  • PDF

Design and Implementation of Role Assignment Protocol for Active Role Assignment and Passive Role Assignment (능동적 역할 할당과 수동적 역할 할당을 수행하는 역할 할당 프로토콜의 설계 및 구현)

  • 나상엽;김점구
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.111-117
    • /
    • 2004
  • In distributed-computing environments, there is a strong demand for the authentication and the access control of distributed-shared resources. I have presented role-based access control (RBAC) concept that is in the spotlight recently. RBAC model shows the standardized access control of complicated organization's resources. In RBAC, senior role has junior role's permission by virtue of role hierarchy. But, junior role cannot perform the permission, which is granted to the senior or other role groups. Inheritances of permissions in role hierarchies are static. In order to tackle this problem, I propose a dynamic role assignment, which classified into passive role assignment and active role assignment, and design dynamic role assignment protocol and implement role assignment server.

  • PDF

A New Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks (무선 센서 네트워크를 위한 새로운 키 사전 분배 구조)

  • Kim, Tae-Yeon
    • The KIPS Transactions:PartC
    • /
    • v.16C no.2
    • /
    • pp.183-188
    • /
    • 2009
  • Wireless sensor networks will be broadly deployed in the real world and widely utilized for various applications. A prerequisite for secure communication among the sensor nodes is that the nodes should share a session key to bootstrap their trust relationship. The open problems are how to verify the identity of communicating nodes and how to minimize any information about the keys disclosed to the other side during key agreement. At any rate, any one of the existing schemes cannot perfectly solve these problems due to some drawbacks. Accordingly, we propose a new pre-distribution scheme with the following merits. First, it supports authentication services. Second, each node can only find some indices of key spaces that are shared with the other side, without revealing unshared key information. Lastly, it substantially improves resilience of network against node capture. Performance and security analyses have proven that our scheme is suitable for sensor networks in terms of performance and security aspects.

Vehicle black box system with LINK blockchain (LINK 블록체인을 적용한 차량용 블랙박스 시스템)

  • An, Kyuhwang;Won, Taeyeon;Park, Sangmin;Jang, Kyoungbae;Seo, Hwajeong
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.23 no.8
    • /
    • pp.1018-1023
    • /
    • 2019
  • Since 2010, vehicle black boxes have become popular with many people, if there is no record of the vehicle accident scene, or if the offender deliberately deletes the image data, the victim succeeds. The biggest advantage of blockchain is that it is impossible to modify and delete data by data distribution storage. The biggest disadvantage is that sensitive data is also distributed. In this paper, we propose a blockchain method for the black box by using the advantage of shared block data and we intend to solve the problem of personal information leakage which is a disadvantage of blockchain by storing sensitive information stored in a blockchain in a private server by LINK blockchain with a private server. We also attached code(Github) and demonstration video(Youtube) linking LINK blockchain with the private server in this paper.

A Service Protection Scheme based on non-CAS for Mobile IPTV Service (Mobile IPTV 서비스 환경을 위한 non-CAS 기반의 서비스 보호 기법)

  • Roh, Hyo-Sun;Jung, Sou-Hwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.2
    • /
    • pp.27-35
    • /
    • 2011
  • Due to the advancement of IPTV technologies, Mobile IPTV service is needed to be supported for service and content protection. CAS is generally used in the IPTV service to protect service and content. However, the CAS is not efficient in the Mobile IPTV. The CAS needs too much bandwidth for Service Key update to the each subscriber. Moreover, the CAS is increasing computation burden for the service key refreshment in the key management server when the subscriber frequently changes of the IPTV service group. To solve the problems, we used hierarchical key structure based on pre-shared key that is securely stored into smart card or USIM and do not use the EMM for Service Key update. As a result, the proposed scheme decreases computation burden at the key management server and wireless bandwidth burden in the Mobile IPTV service.

Securing Sensitive Data in Cloud Storage (클라우드 스토리지에서의 중요데이터 보호)

  • Lee, Shir-Ly;Lee, Hoon-Jae
    • Annual Conference of KIPS
    • /
    • 2011.04a
    • /
    • pp.871-874
    • /
    • 2011
  • The fast emerging of network technology and the high demand of computing resources have prompted many organizations to outsource their storage and computing needs. Cloud based storage services such as Microsoft's Azure and Amazon's S3 allow customers to store and retrieve any amount of data, at anytime from anywhere via internet. The scalable and dynamic of the cloud storage services help their customer to reduce IT administration and maintenance costs. No doubt, cloud based storage services brought a lot of benefits to its customer by significantly reducing cost through optimization increased operating and economic efficiencies. However without appropriate security and privacy solution in place, it could become major issues to the organization. As data get produced, transferred and stored at off premise and multi tenant cloud based storage, it becomes vulnerable to unauthorized disclosure and unauthorized modification. An attacker able to change or modify data while data inflight or when data is stored on disk, so it is very important to secure data during its entire life-cycle. The traditional cryptography primitives for the purpose of data security protection cannot be directly adopted due to user's lose control of data under off premises cloud server. Secondly cloud based storage is not just a third party data warehouse, the data stored in cloud are frequently update by the users and lastly cloud computing is running in a simultaneous, cooperated and distributed manner. In our proposed mechanism we protect the integrity, authentication and confidentiality of cloud based data with the encrypt- then-upload concept. We modified and applied proxy re-encryption protocol in our proposed scheme. The whole process does not reveal the clear data to any third party including the cloud provider at any stage, this helps to make sure only the authorized user who own corresponding token able to access the data as well as preventing data from being shared without any permission from data owner. Besides, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data, our scheme also protect the data integrity by using hash function.

Development of segmentation-based electric scooter parking/non-parking zone classification technology (Segmentation 기반 전동킥보드 주차/비주차 구역 분류 기술의 개발)

  • Yong-Hyeon Jo;Jin Young Choi
    • Convergence Security Journal
    • /
    • v.23 no.5
    • /
    • pp.125-133
    • /
    • 2023
  • This paper proposes an AI model that determines parking and non-parking zones based on return authentication photos to address parking issues that may arise in shared electric scooter systems. In this study, we used a pre-trained Segformer_b0 model on ADE20K and fine-tuned it on tactile blocks and electric scooters to extract segmentation maps of objects related to parking and non-parking areas. We also presented a method to perform binary classification of parking and non-parking zones using the Swin model. Finally, after labeling a total of 1,689 images and fine-tuning the SegFomer model, it achieved an mAP of 81.26%, recognizing electric scooters and tactile blocks. The classification model, trained on a total of 2,817 images, achieved an accuracy of 92.11% and an F1-Score of 91.50% for classifying parking and non-parking areas.

A Credit Card Sensing System based on Shared Key for Promoting Electronic Commerce (전자상거래 촉진을 위한 공유키 기반 신용카드 조회 시스템)

  • Jang, Si-Woong;Shin, Byoung-Chul;Kim, Yang-Kok
    • The KIPS Transactions:PartD
    • /
    • v.10D no.6
    • /
    • pp.1059-1066
    • /
    • 2003
  • In this paper, the magnetic sensing system is designed and implemented for the safe security in internet commerce system. When the payment is required inthe internet commerce system, the magnetic sensing system will get the information from a credit card without keyboard input and then encrypt and transmit the information to server. The credit card sensing system, which is proposed in this paper, is safe from keyboard hacking because it encrypts card information immediately in its internal chip and sends the information to host system. For the protection of information, the magnetic sensing system is basically based on a synchronous stream cipher cryptosystem which is related to a group of matrices. The size of matrices and the bits of keys for the best performances are determined for various cases. It is shown that for credit card payments. matrices of size 2 have good performance even at most 128bits keys with the consideration of inverse matrices. For authentication of general-purpose data, the magnetic sensing system needs more than 1.5KB data and in this case, the optimum size of matrices is 2 or 3 at more 256bits keys with consideration of inverse matrices.

A Study on DID-based Vehicle Component Data Collection Model for EV Life Cycle Assessment (전기차 전과정평가를 위한 DID 기반 차량부품 데이터수집 모델 연구)

  • Jun-Woo Kwon;Soojin Lee;Jane Kim;Seung-Hyun Seo
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.12 no.10
    • /
    • pp.309-318
    • /
    • 2023
  • Recently, each country has been moving to introduce an LCA (Life Cycle Assessment) to regulate greenhouse gas emissions. The LCA is a mean of measuring and evaluating greenhouse gas emissions generated over the entire life cycle of a vehicle. Reliable data for each electric vehicle component is needed to increase the reliability of the LCA results. To this end, studies on life cycle evaluation models using blockchain technology have been conducted. However, in the existing model, key product information is exposed to other participants. And each time parts data information is updated, it must be recorded in the blockchain ledger in the form of a transaction, which is inefficient. In this paper, we proposed a DID(Decentralized Identity)-based data collection model for LCA to collect vehicle component data and verify its validity effectively. The proposed model increases the reliability of the LCA by ensuring the validity and integrity of the collected data and verifying the source of the data. The proposed model guarantees the validity and integrity of collected data. As only user authentication information is shared on the blockchain ledger, the model prevents indiscriminate exposure of data and efficiently verifies and updates the source of data.