• Journal of Information Processing Systems
• /
• v.10 no.3
• /
• pp.483-490
• /
• 2014

In today's world, communication, the sharing of information, and money transactions are all possible to conduct via the Internet, but it is important that it these things are done by the actual person. It is possible via several means that an intruder can access user information. As such, several precautionary measures have to be taken to avoid such instances. The purpose of this paper is to introduce the idea of a one-time password (OTP), which makes unauthorized access difficult for unauthorized users. A OTP can be implemented using smart cards, time-based tokens, and short message service, but hardware based methodologies require maintenance costs and can be misplaced Therefore, the quick response code technique and personal assurance message has been added along with the OTP authentication.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.871-874
• /
• 2011

The fast emerging of network technology and the high demand of computing resources have prompted many organizations to outsource their storage and computing needs. Cloud based storage services such as Microsoft's Azure and Amazon's S3 allow customers to store and retrieve any amount of data, at anytime from anywhere via internet. The scalable and dynamic of the cloud storage services help their customer to reduce IT administration and maintenance costs. No doubt, cloud based storage services brought a lot of benefits to its customer by significantly reducing cost through optimization increased operating and economic efficiencies. However without appropriate security and privacy solution in place, it could become major issues to the organization. As data get produced, transferred and stored at off premise and multi tenant cloud based storage, it becomes vulnerable to unauthorized disclosure and unauthorized modification. An attacker able to change or modify data while data inflight or when data is stored on disk, so it is very important to secure data during its entire life-cycle. The traditional cryptography primitives for the purpose of data security protection cannot be directly adopted due to user's lose control of data under off premises cloud server. Secondly cloud based storage is not just a third party data warehouse, the data stored in cloud are frequently update by the users and lastly cloud computing is running in a simultaneous, cooperated and distributed manner. In our proposed mechanism we protect the integrity, authentication and confidentiality of cloud based data with the encrypt- then-upload concept. We modified and applied proxy re-encryption protocol in our proposed scheme. The whole process does not reveal the clear data to any third party including the cloud provider at any stage, this helps to make sure only the authorized user who own corresponding token able to access the data as well as preventing data from being shared without any permission from data owner. Besides, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data, our scheme also protect the data integrity by using hash function.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.330-334
• /
• 2017

Container-based virtualization reduces performance overhead compared with other virtualization technologies and guarantees an isolation of each virtual execution environment. So, it is being studied to block access to host resources or container resources for sandboxing in restricted system resource like embedded devices. However, because security threats which are caused by security vulnerabilities of the host OS or the security issues of the host environment exist, the needs of the technology to prevent an illegal accesses and unauthorized behaviors by malware has to be increased. In this paper, we define additional access permissions to access a virtual execution environment newly and control them in kernel space to protect attacks from illegal access and unauthorized behaviors by malware and suggest the Container Access Control to control them. Also, we suggest a way to block a loading of unauthenticated kernel driver to disable the Container Access Control running in host OS by malware. We implement and verify proposed technologies on Linux Kernel.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.109-114
• /
• 2012

Information society in recent times, lots of important information have been stored in information systems. In this situation, unauthorized person can obtains important information by piggy-backing and shoulder surfing in specific area of organization. Therefore, in this study, we proposed network group access control system by combining RFID and infrared-ray for blocking information leakage due to unauthorized access by internal threats and enhancing personnel security. So it can provides a more secure internal network environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.302-322
• /
• 2021

In the system of ciphertext policy attribute-based encryption (CP-ABE), only when the attributes of data user meets the access structure established by the encrypter, the data user can perform decryption operation. So CP-ABE has been widely used in personal health record system (PHR). However, the problem of key abuse consists in the CP-ABE system. The semi-trusted authority or the authorized user to access the system may disclose the key because of personal interests, resulting in illegal users accessing the system. Consequently, aiming at two kinds of existing key abuse problems: (1) semi-trusted authority redistributes keys to unauthorized users, (2) authorized users disclose keys to unauthorized users, we put forward a CP-ABE scheme that has authority accountability, user traceability and supports arbitrary monotonous access structures. Specifically, we employ an auditor to make a fair ruling on the malicious behavior of users. Besides, to solve the problem of user leaving from the system, we use an indirect revocation method based on trust tree to implement user revocation. Compared with other existing schemes, we found that our solution achieved user revocation at an acceptable time cost. In addition, our scheme is proved to be fully secure in the standard model.

• Journal of the Korea Society of Computer and Information
• /
• v.5 no.3
• /
• pp.84-90
• /
• 2000

This paper presents a design of an access control mechanism that can resolves the complicated problems of access control requirements in internet environment. In this paper, we proposed an access control mechanism which can satisfy the combined goals of confidentiality integrity and availability of any resource. We defined an access control mechanism from the viewpoints of identity-based, rule-based and role-based policy and implemented 6 access control operations. The Proposed access control mechanism can protect resources from unauthorized accesses based on the multi-level security policies of security label, integrity level, role and ownership.

• Journal of Advanced Information Technology and Convergence
• /
• v.8 no.2
• /
• pp.1-11
• /
• 2018

Multimedia contents have been increasingly available over the Internet as wireless networks systems are continuously growing popular. Unlimited access from various users has led to unauthorized access of third parties or adversaries. This paper deals with the implementation of elliptic curve cryptography (ECC) based user authentication for securing multimedia contents over the Internet. The ECC technique has been incorporated with the advanced encryption standard (AES) algorithm to ensure the complexity of the proposed authentication scheme and to guarantee authenticity of multimedia services.

• Journal of the Korea Society of Computer and Information
• /
• v.6 no.1
• /
• pp.60-66
• /
• 2001

We designed a role-based access control model that can resolve the complicated tasks of control requirements. The designed access control model can control permissions efficiently use of a role-based access control. It guarantees the confidentiality integrity and availa information making use of identity-based and rule-based access controls. It can also centre information flow. Our access control model protects resources from unauthorized accesses b multi-level security policies such as role, security level, integrity level and ownership.

• Convergence Security Journal
• /
• v.1 no.1
• /
• pp.1-7
• /
• 2001

This paper design a role-based access control model that can resolves the complicated problems of access control requirements. In this paper, we designed an access control model which can control a permission making use up role-based access control, can guard the confidentiality, integrity and availability of information and can control illegal information flow. The designed access control model can protect resources from unauthorized accesses based on the role, multi-level security policies of security level, integrity level and ownership.

• Journal of Communications and Networks
• /
• v.15 no.4
• /
• pp.407-410
• /
• 2013

Secret sharing is that a dealer distributes a piece of information (called a share) about a secret to each participant such that authorized subsets of participants can reconstruct the secret but unauthorized subsets of participants cannot determine the secret. In this paper, an access structure can be represented by a label graph G, where a vertex denotes a participant and a complete subgraph of G corresponds to a minimal authorized subset. The vertices of G are labeled into distinct vectors uniquely determined by the maximum prohibited structure. Based on such a label graph, a verifiable secret sharing scheme realizing general access structures is proposed. A major advantage of this scheme is that it applies to any access structure, rather than only structures representable as previous graphs, i.e., the access structures of rank two. Furthermore, verifiability of the proposed scheme can resist possible internal attack performed by malicious participants, who want to obtain additional shares or provide a fake share to other participants.