• Journal of Digital Contents Society
• /
• v.19 no.4
• /
• pp.639-647
• /
• 2018

A common core network is the one of main architectural principles in 3GPP 5G System which has common interfaces with different multiple accesses. 3GPP 5G System Phase 1 (Release 15) supports Untrusted Non-3GPP access as well as 3GPP access with common interfaces. Non-3GPP Interworking Function (N3IWF) has been defined to interface with a UE and a core network for supporting Untrusted Non-3GPP access in 3GPP Release 15. However, interworking with Trusted Non-3GPP access is under study to be completed in 3GPP 5G System Phase 2 (Release 16). Therefore, this paper proposes a Trusted Non-3GPP access network architecture and related signaling procedures, and then the implementation based on the proposal shows how to interwork between Trusted Non-3GPP access and the 5G core network. In our proposal, N3IWF can interwork with either Untrusted or Trusted Non-3GPP access without any architectural modification or addition of 3GPP 5G system Phase 1.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.5
• /
• pp.282-296
• /
• 2013

With the emergence of cloud computing, more and more sensitive user data are outsourced to remote storage servers. The privacy of users' access pattern to the data should be protected to prevent un-trusted storage servers from inferring users' private information or launching stealthy attacks. Meanwhile, the privacy protection schemes should be efficient as cloud users often use thin client devices to access the data. In this paper, we propose a lightweight scheme to protect the privacy of data access pattern. Comparing with existing state-of-the-art solutions, our scheme incurs less communication and computational overhead, requires significantly less storage space at the user side, while consuming similar storage space at the server. Rigorous proofs and extensive evaluations have been conducted to show that the proposed scheme can hide the data access pattern effectively in the long run after a reasonable number of accesses have been made.

• Asian Pacific Journal of Cancer Prevention
• /
• v.15 no.15
• /
• pp.6171-6176
• /
• 2014

Background: In order to design effective educational intervention for cancer survivors, it is necessary to identify most-trusted sources for health-related information and the amount of attention paid to each source. Objective: The objective of our study was to explore the sources of health information used by cancer survivors according to their access to the internet and levels of trust in and attention to those information sources. Materials and Methods: We analyzed sources of health information among cancer survivors using selected questions adapted from the 2012 Health Information National Trends Survey (HINTS). Results: Of 357 participants, 239 (67%) had internet access (online survivors) while 118 (33%) did not (offline survivors). Online survivors were younger (p<0.001), more educated (p<0.001), more non-Hispanic whites (p<0.001), had higher income (p<0.001), had more populated households (p<0.001) and better quality of life (p<0.001) compared to offline survivors. Prevalence of some disabilities was higher among offline survivors including serious difficulties with walking or climbing stairs (p<0.001), being blind or having severe visual impairment (p=0.001), problems with making decisions (p<0.001), doing errands alone (p=0.001) and dressing or bathing (p=0.001). After adjusting for socio-demographic status, cancer survivors who were non-Hispanic whites (OR= 3.49, p<0.01), younger (OR=4.10, p<0.01), more educated (OR= 2.29, p=0.02), with greater income (OR=4.43, p<0.01), and with very good to excellent quality of life (OR=2.60, p=0.01) had higher probability of having access to the internet, while those living in Midwest were less likely to have access (OR= 0.177, p<0.01). Doctors (95.5%) were the most and radio (27.8%) was the least trusted health related information source among all cancer survivors. Online survivors trusted internet much more compared to those without access (p<0.001) while offline cancer survivors trusted health-related information from religious groups and radio more than those with internet access (p<0.001 and p=0.008). Cancer survivors paid the most attention to health information on newsletters (63.8%) and internet (60.2%) and the least to radio (19.6%). More online survivors paid attention to internet than those without access (68.5% vs 39.1%, p<0.001) while more offline survivors paid attention to radio compared to those with access (26.8% vs 16.5%, p=0.03). Conclusions: Our findings emphasize the importance of improving the access and empowering the different sources of information. Considering that the internet and web technologies are continuing to develop, more attention should be paid to improve access to the internet, provide guidance and maintain the quality of accredited health information websites. Those without internet access should continue to receive health-related information via their most trusted sources.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2117-2120
• /
• 2003

Trusted channel provides a means of secure communication and it includes security services such as confidentiality, authentication, and so on. This paper describes the implementation of trusted channel between secure operating systems that integrates access control mechanisms with FreeBSD kernel code[1]. The trusted channel we developed offers confidentiality an4 message authentication for network traffic based on the destination address. It is implemented in the kernel level of IP layer and transparent to users.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2097-2100
• /
• 2003

Many studies have been done on secure operating system using secure kernel that has various access control policies for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policies like DAC(Discretionary Access Control), MAC(Mandatory Access Control), RBAC(Role Based Access Control), and so on. But, even if secure operating system is running under various access control policies, network traffic among these secure operating systems can be captured and exposed easily by network monitoring tools like packet sniffer if there is no protection policy for network traffic among secure operating systems. For this reason, protection for data within network traffic is as important as protection for data within local system. In this paper, we propose a secure operating system trusted channel, SOSTC, as a prototype of a simple secure network protocol that can protect network traffic among secure operating systems and can transfer security information of the subject. It is significant that SOSTC can be used to extend a security range of secure operating system to the network environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.3-12
• /
• 2004

Secure operating system is a special operating system that integrates some security functions(i.e. access control, user authentication, audit-trail and etc.) with normal operating system in order to protect system from various attacks. But it doesn't consider my security of network traffic. To guarantee the security of the whole system, network traffic must be protected by a certain way and IPsec is a representative technology for network security. However, it requires administrator's carefulness in managing security policies and the key management mechanism is very heavy as well as complicated. Moreover, it doesn't have a suitable framework for delivery of security information for access control mechanism. So we propose a simple trusted channel mechanism for secure communication between secure operating systems. It provides confidentiality md authentication for network traffic and ability to deliver security information. It is implemented at the kernellevel of IP layer and the simplicity of the mechanism can minimize the overhead of trusted channel processing.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.2
• /
• pp.7-17
• /
• 2017

In this paper, we propose the TPS (TPM-enhanced Privacy Protection System) which is an automated privacy protection system enhanced with a TPM (Trusted Platform Module). The TPS detects documents including personal information by periodic scanning the disk of clients at regular intervals and encrypts them. Hence, system manages the encrypted documents in the server. In particular, the security of TPS was greatly enhanced by limiting the access of documents including the personal information with regard to the client in an abnormal state through the TPM-based platform verification mechanism of the client system. In addition, we proposed and implemented a VTF (Virtual Trusted File) interface to provide users with the almost identical user interface as general document access even though documents containing personal information are encrypted and stored on the remote server. Consequently, the TPS automates the compliance of the personal information protection acts without additional users' interventions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.9
• /
• pp.2405-2423
• /
• 2012

In a traditional Single Sign-On (SSO) scheme, the user and the Service Providers (SPs) have given their trust to the Identity Provider (IdP) or Authentication Service Provider (ASP) for the authentication and correct assertion. However, we still need a better solution for the local/native true SSO to gain user confidence, whereby the trusted entity must play the role of the ASP between distinct SPs. This technical gap has been filled by Trusted Computing (TC), where the remote attestation approach introduced by the Trusted Computing Group (TCG) is to attest whether the remote platform integrity is indeed trusted or not. In this paper, we demonstrate a Trustworthy Mutual Attestation (TMutualA) protocol as a proof of concept implementation for a local true SSO using the Integrity Measurement Architecture (IMA) with the Trusted Platform Module (TPM). In our proposed protocol, firstly, the user and SP platform integrity are checked (i.e., hardware and software integrity state verification) before allowing access to a protected resource sited at the SP and releasing a user authentication token to the SP. We evaluated the performance of the proposed TMutualA protocol, in particular, the client and server attestation time and the round trip of the mutual attestation time.

• Journal of Computing Science and Engineering
• /
• v.5 no.4
• /
• pp.331-337
• /
• 2011

Recently, Virtual Desktop Infrastructure (VDI) has been widely adopted to ensure secure protection of enterprise data and provide users with a centrally managed execution environment. However, user experiences may be restricted due to the limited functionalities of thin clients in VDI. If thick client devices like laptops are used, then data leakage may be possible due to malicious software installed in thick client mobile devices. In this paper, we present Data Firewall, a security framework to manage and protect security-sensitive data in thick client mobile devices. Data Firewall consists of three components: Virtual Machine (VM) image management, client VM integrity attestation, and key management for Protected Storage. There are two types of execution VMs managed by Data Firewall: Normal VM and Secure VM. In Normal VM, a user can execute any applications installed in the laptop in the same manner as before. A user can access security-sensitive data only in the Secure VM, for which the integrity should be checked prior to access being granted. All the security-sensitive data are stored in the space called Protected Storage for which the access keys are managed by Data Firewall. Key management and exchange between client and server are handled via Trusted Platform Module (TPM) in the framework. We have analyzed the security characteristics and built a prototype to show the performance overhead of the proposed framework.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.302-322
• /
• 2021

In the system of ciphertext policy attribute-based encryption (CP-ABE), only when the attributes of data user meets the access structure established by the encrypter, the data user can perform decryption operation. So CP-ABE has been widely used in personal health record system (PHR). However, the problem of key abuse consists in the CP-ABE system. The semi-trusted authority or the authorized user to access the system may disclose the key because of personal interests, resulting in illegal users accessing the system. Consequently, aiming at two kinds of existing key abuse problems: (1) semi-trusted authority redistributes keys to unauthorized users, (2) authorized users disclose keys to unauthorized users, we put forward a CP-ABE scheme that has authority accountability, user traceability and supports arbitrary monotonous access structures. Specifically, we employ an auditor to make a fair ruling on the malicious behavior of users. Besides, to solve the problem of user leaving from the system, we use an indirect revocation method based on trust tree to implement user revocation. Compared with other existing schemes, we found that our solution achieved user revocation at an acceptable time cost. In addition, our scheme is proved to be fully secure in the standard model.