• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.2
• /
• pp.15-26
• /
• 2021

Recently, as the introduction of cloud, mobile, and IoT has become active, there is a growing need for technology development that can supplement the limitations of traditional security solutions based on fixed perimeters such as firewalls and Network Access Control (NAC). In response to this, SDP (Software Defined Perimeter) has recently emerged as a new base technology. Unlike existing security technologies, SDP can sets security boundaries (install Gateway S/W) regardless of the location of the protected resources (servers, IoT gateways, etc.) and neutralize most of the network-based hacking attacks that are becoming increasingly sofiscated. In particular, SDP is regarded as a security technology suitable for the cloud and IoT fields. In this study, a new access control system was proposed by combining SDP and hash tree-based large-scale data high-speed signature technology. Through the process authentication function using large-scale data high-speed signature technology, it prevents the threat of unknown malware intruding into the endpoint in advance, and implements a kernel-level security technology that makes it impossible for user-level attacks during the backup and recovery of major data. As a result, endpoint security, which is a weak part of SDP, has been strengthened. The proposed system was developed as a prototype, and the performance test was completed through a test of an authorized testing agency (TTA V&V Test). The SDP-based access control solution is a technology with high potential that can be used in smart car security.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.12C
• /
• pp.1258-1267
• /
• 2003

As the need for stable and high speed wireless Internet service Brows, the wireless LAN service provider hurries to preempt wireless LAN service market. IAPP(InterAccess Point protocol) is defined to be able to provide a secure handoff mechanism of wireless LAN terminal information between AP(Access Point)s, and the related IEEE standard is IEEE 802.11f. For the secure handoff of wireless LAN terminal, it is necessary to transfer terminal's authentication & accounting information securely from old AP to new AP IEEE 802.11f recommends RADIUS server as IAPP server which authenticates AP and provides information for secure channel between APs. This paper proposes IAPP server using Diameter protocol to overcome the limit of RADIUS sewer, and describes about the interaction between server components and integration method with the current IAPP client system.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.565-574
• /
• 2003

This paper implements an intrusion detection message exchange protocol library (IDMEPL) for SDMS-RTIR, which Korea Information Security Agency (KISA) has developed to hierarchically detect and respond to network vulnerability scan attacks. The IDMEPL, based on the IDMEF and the IAP of the IDWG, enables SDMS-RTIR to interact with other intrusion detection systems (IDS) in realtime, and supports the TLS protocol to prevent security threats in exchanging messages between its server and its agents. Especially, with the protocol selection stage, the IDMEPL can support various protocols such as the IDXP besides the IAP. Furthermore, it can allow for agents to choose an appropriate security protocol for their own network, achieving security stronger than mutual authentication. With the IDMEPL, SDMS-RTIR can receive massive intrusion detection messages from heterogeneous IDSes in large-scale networks and analyze them.

• Journal of Digital Contents Society
• /
• v.12 no.2
• /
• pp.165-176
• /
• 2011

Recently, digital rights management (DRM) related researches are widely spreading with prosperity of IT industries. The DRM technology protects proprietor of copyright by preventing mischanneling and illegal copy. In this paper, we propose a new DRM model that has an enhanced and efficient protocol based on certificate using smart card. The proposed model overcomes weaknesses of WCDRM model and has following additional advantages: first, copy protection is enhanced by hiding user's specific information from attacker by storing the information within smart card; second, server load for contents encryption is reduced by making clear protocols among author, distributer, certificate authority, and users; third, offline user authentication is guaranteed by combining partial secret values in media players and smart card. Exposure of core information also is minimized by storing them in smart card. In addition, we show that the proposed system is more secure than WCDRM model by comparing various factors of anonymous attackers.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.467-477
• /
• 2013

The cloud computing has propagated rapidly and thus there is growing interest on the introduction of cloud services in the public institution. Accordingly, domestic public institution are adoption of cloud computing impose and devise a plan. In addition, more specifically, is building a cloud computing system in the public institution. However, solutions to various security threats(e.g., availability invasion of storage, access by unauthorized attacker, data downloaded from uncertain identifier, decrease the reliability of cloud data centers and so on) is required. For the introduction and revitalize of cloud services in the public institution. Therefore, in this paper, we propose a public key based secure data management scheme for the cloud data centers in public institution. Thus, the use of cloud computing in the public institutions, the only authorized users have access to the data center. And setting for importance and level of difficulty of public data management enables by systematic, secure, and efficient. Thus, cloud services for public institution to improve the overall security and convenience.

• 한국디지털정책학회:학술대회논문집
• /
• 2005.06a
• /
• pp.107-143
• /
• 2005

Mobile service that geography, position by development of space Information Technology and technology of communications, space are various to us now becoming limelight as point contents and infra information that customers do demand based on radio superhigh speed authentication net on highly information society by offer infringement problem about individual's privacy or information by political and scientific interest be injured. Purpose of this study grasps use factor of LBS application Mobile service, and it is that analyze actual proof through questionnaire to grasp whether some relation is with value and action determination that is felt of LBS application Mobile service. Distributed all question of 190 copies but disk floret inclination did valid data 171 that clear question and omission remove a lot of questions by type of study among questionnaire of collected 182 wealths. Analyzed factor analysis and authoritativeness to search validity and confidence of questionnaire and used single regression analysis and multiple regression analysis for hypothetical verification. According to verification result, Mobile service that apply position base service usefulness and system quality, adaptedness of Mobile service that apply position base service by leading person affecting in use, acted for connection healthy and felt value is important factor immediately. Usability and social effect, felt expense, privacy did not appear by leading person that keep in mind in this study. Is been related with step that Mobile service that apply position base service is placed. That is, as present childhood, a person who have experience that use service to look for friend is few and usability fairly in last in wide application boundary and this very important person was removed finally in model. This study has sense in terms of study systematically about LBS application service use leading person that is getting into the spotlight worldwide among Mobile service that is injured newly.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.53 no.8
• /
• pp.28-36
• /
• 2016

ID federation provides users various benefits such as employing multiple services with only single authentication and mitigating management burden of service providers that individually preserve account information of users. To keep up with this international trend, efforts for making the domestic ID federation is ongoing to provide users in the domestic research and education community seamless network connectivity and to support tetherless extension of research environment. In this paper, we analyze the foreign ID federation policies and compare them as a underlying work for making the domestic ID federation. Besides, we suggest some contents that should be included in the domestic ID federation policy. To activate the coming domestic ID federation, we need to first have a well-made federation policy. Then, we need to aggressively promote the domestic ID federation, develop various and fascinating services, and build a convenient support system for technology and service.

• Journal of Plant Biotechnology
• /
• v.44 no.2
• /
• pp.135-141
• /
• 2017

Cudrania tricuspidata Bureau is a widely used medicinal perennial woody plant. For conservation and germplasm utilization of the plant, it is imperative to obtaining information regarding the genetic diversity of the plant populations. Although C. tricuspidata is an important medicinal plant registered in South Korea, no molecular markers are currently available to distinguish Korean-specific ecotypes from other ecotypes of different countries. In this study, we developed single nucleotide polymorphism (SNP) markers derived from chloroplast genomic sequences to identify distinct Korean-specific ecotypes of C. tricuspidata via the amplification refractory mutation system (ARMS)-PCR analyses. Molecular authentication of twelve C. tricuspidata ecotypes from different regions was performed, using DNA sequences in the trnL-F chloroplast intergenic region. The SNP markers developed in this study are useful for rapidly identifying specific C. tricuspidata ecotypes from different regions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.857-869
• /
• 2016

It is a well-known fact that password based authentication system has been threatened for crucial data leakage through monitoring key log. Recently, to prevent this type of attack using keystroke logging, virtual onscreen keyboards are widely used as one of the solutions. The virtual keyboards, however, also have some crucial vulnerabilities and the major weak point is that important information, such as password, can be exposed by tracking the trajectory of the mouse cursor. Thus, in this paper, we discuss the vulnerabilities of the onscreen keyboard, and present hypothetical attack scenario and a method to crack passwords. Finally to evaluate the performance of the proposed scheme, we demonstrate an example experiment which includes attacking and cracking by utilizing password dictionary and analyze the result.

• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.1-10
• /
• 2003

In the distributed-computing environment, applications or users have to share resources and communicate with each other in order to perform their jobs more efficiently. In this case, it is important to keep resources and information integrity from the unexpected use by the unauthorized user. Therefore, there is a steady increase in need for a reasonable way to authentication and access control of distributed-shared resources. In RBAC, there are role hierarchies in which a higher case role can perform permissions of a lower case role. No vise versa. Actually, however, it is necessary for a lower case role to perform a higher case role's permission, which is not allowed to a lower case role basically. In this paper, we will propose a permission delegation method, which is a permission delegation server, and a permission delegation protocols with the secret key system. As the result of a permission delegation, junior roles can perform senior role's permissions or senior role itself on the exceptional condition in a dedicated interval.