• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.63-68
• /
• 2023

In this study, in relation to blockchain protocol and network security, we study the configuration of blockchain and encryption key management methods on smart contracts so that we can have a strong level of response to MITM attacks and DoS/DDoS attacks. It is expected that the use of blockchain technology with enhanced security can be activated through respond to data security threats such as MITM through encryption communication protocols and enhanced authentication, node load balancing and distributed DDoS attack response, secure coding and vulnerability scanning, strengthen smart contract security with secure consensus algorithms, access control and authentication through enhanced user authentication and authorization, strengthen the security of cores and nodes, and monitoring system to update other blockchain protocols and enhance security.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.49 no.9
• /
• pp.215-224
• /
• 2012

Using password on system is easy to build and shorten the access time to authorize user, which is high in use for vary system that requires users' authorization. Many input device are able to perform the password system easily, such as PC, smart-phone, tablet PC, etc. Beside the high usability of password, physical attack occurs when user put their password on the device, known as Shoulder Surfing attack. It used to be formed in numbers, characters or mix of different kinds, but new kind of password arose. Exploiting image or making scenarios are those kinds which are able to reflect users' intentions. Not many estimation exists for new password, so there's need to be standard for those new password for highlighting usability and accessability. In this paper, we propose password system with simple image and switching key-board to test statistical method to estimate usability on the password.

• Journal of the Korea Convergence Society
• /
• v.10 no.12
• /
• pp.93-99
• /
• 2019

Small electric vehicles, such as electric bicycles or electric kickboards, operate with the power charged in a battery mounted in the vehicle, and some of these users use emergency power sockets installed in apartments or public facilities without getting permission. For this reason, the necessity for a simple method to approve the use of power with instant payment system rises for the building managers and small vehicle users as well. In this paper, we propose a technique to charge batteries for small electric vehicles with less than 1 [kW] through a power supply control device installed on the existing 15 [A]. sockets on the common residential properties or public buildings. It also describes the power user authorization algorithm and how to charge fees for the power used. As a result of this research, this paper shows how the user authentication power supply system with the effect of preventing power theft can be realized by creating an environment in which a battery in a small electric vehicle can be easily charged.

• Journal of The Korean Society of Agricultural Engineers
• /
• v.58 no.2
• /
• pp.21-29
• /
• 2016

This study conducted a basic design of system and interface which provide both of spatial and non-spatial data for water hazard information management. This helps to decide directions of the future integrated water hazard information platform and possible technical examinations of the web-based system for the realization of the prototype. For user friendly system, this study did a survey to investigate the data format, service environment, image processing level and visualization type that users prefer. Also, authorization range was set up by type of the user group. In the water hazard information platform, the data and analysis algorithm were classified by the fields. Furthermore, the platform was consisted with six block systems according to the function and the interface and designed to flexibly mount or modify the additional functions. For a basic design of the data exchange method and protocols, a prototype was constructed by using the spatial information web service technology. The portal service system to visualize and provide spatial data was designed by the WMS/WFS type of OGC standard interface and the FTP/HTTP interface type through open source GIS software for server environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.571-574
• /
• 2005

XCAP(XML Configuration Access Protocol) which has been proposed in IETF is based on both XML and HTTP protocol. XCAP server maintains user's configuration information for specific application which is described by XML. This protocol can be applied to many application servers for adapting user's preferences. There can be many way to interwork with other application servers. In this paper, we will talk about the experience of designing and implementation of XCAP server and the way of interwork with application servers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.81-89
• /
• 2003

With the rapid development of information and communication technology, online dissemination increases rapidly. So, It becomes more important to protect information. Recently the authentication system using public key infrastructure (PKI) is being utilized as an information protection infrastructure for electronic business transactions. And the smartcard system makes the most use of such an infrastructure. But because the certification based on the current PKI provides oかy basic user certification information, the use has to be limited in various application services that need the identification and authorization information as well as face-to-face information of the user. In order to protect a system from various kinds backings and related treats, we have proposed angular and private key multiplexing for prevention of smartcard forgery and alteration based on a photopolymer cryptosystem. When smartcard becomes prone to forgery and alteration, we should be able to verify it. Also, our parer proposes a new authentication system using multi authentication based on PKI. The smartcard has an excellent advantage in security and moving.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.5
• /
• pp.87-98
• /
• 2007

AAA protocol is an information protection technology which systematically provides authentication, authorization and accounting function not only in the existing wire network but also in the rapidly developing wireless network, various services and protocol. Nowadays, standardization of the various application services is in progress with the purpose of AAA standardization fer the mobile user in the wireless network. And various researches are being conducted fur using AAA in the roaming service and mobile IPv6 network between heterogeneous networks. In this paper uses OTP and ID-based ticket for user authentication in the mobile device under the ubiquitous environment, and service is seamlessly provided even though the mobile device moves from the home network to the foreign network. In addition, with the ticket renewed from the foreign network, the overhead of the home authentication server can be reduced, and provides anonymity of service through the anonymity ID.

• Journal of Digital Convergence
• /
• v.19 no.4
• /
• pp.133-139
• /
• 2021

Due to the rapid progress in network technology, many research on content security technologies is also being conducted in the mobile digital content sector. In the meantime, content protection has been immersed in preventing illegal copying, certifying, and issuance/management certificates, but still have many vulnerabilities in managing or authenticating confidential information. This study aims to strengthen confidential information about content based on dual management of content download rights through mobile phone numbers or device numbers. It also protect replay-attack by building a secure mobile DRM system where digital content is safely distributed based on a three-stage user authentication process. In addition, blockchain-based content security enhancements were studied during the primary/secondary process for user authentication for the prevention of piracy and copyright protection. In addition, the client authentication process was further improved through three final stages of authorization in the use of illegal content, considering that legitimate users redistributed their content to third-party.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.871-874
• /
• 2011

The fast emerging of network technology and the high demand of computing resources have prompted many organizations to outsource their storage and computing needs. Cloud based storage services such as Microsoft's Azure and Amazon's S3 allow customers to store and retrieve any amount of data, at anytime from anywhere via internet. The scalable and dynamic of the cloud storage services help their customer to reduce IT administration and maintenance costs. No doubt, cloud based storage services brought a lot of benefits to its customer by significantly reducing cost through optimization increased operating and economic efficiencies. However without appropriate security and privacy solution in place, it could become major issues to the organization. As data get produced, transferred and stored at off premise and multi tenant cloud based storage, it becomes vulnerable to unauthorized disclosure and unauthorized modification. An attacker able to change or modify data while data inflight or when data is stored on disk, so it is very important to secure data during its entire life-cycle. The traditional cryptography primitives for the purpose of data security protection cannot be directly adopted due to user's lose control of data under off premises cloud server. Secondly cloud based storage is not just a third party data warehouse, the data stored in cloud are frequently update by the users and lastly cloud computing is running in a simultaneous, cooperated and distributed manner. In our proposed mechanism we protect the integrity, authentication and confidentiality of cloud based data with the encrypt- then-upload concept. We modified and applied proxy re-encryption protocol in our proposed scheme. The whole process does not reveal the clear data to any third party including the cloud provider at any stage, this helps to make sure only the authorized user who own corresponding token able to access the data as well as preventing data from being shared without any permission from data owner. Besides, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data, our scheme also protect the data integrity by using hash function.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.5
• /
• pp.113-124
• /
• 2010

In this study, the hybrid authorization quotation technique is based on the device ID for the integrity of the source region guarantee of user certificate, in order to improve the convenience and security for user in the hybrid PKI certificate Mechanism for authentication. The feature of the model in which it is presented from this paper is 5. First, because the user can select the policy himself in which it matches with each authentication situation and security level, the convenience can be improved. Second, the integrity of the source region of the user certificate can be guaranteed through the comparison of the DLDI Key, that is the hash-value of the device ID. Third, the security can be improved by continuously changing an encoding, and the value of the key in which it decodes through the EOTP Key. Fourth, the index value is added to a certificate, and the storage of a certificate is possible at the Multi-Device. Fifth, since the addi the inan aratus for the integrity of the source region guarantee of a certificate is not needed, the authentication process time can be reduced and the computational load of the certificate server can be reduced also.