• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.516-519
• /
• 2014

Cloud computing is an up-and-coming paradigm shift transforming computing models from a technology to a utility. However, security concerns related to privacy, confidentiality and trust are among the issues that threaten the wide deployment of cloud computing. With the advancement of ubiquitous mobile-based clients, the ubiquity of the model suggests a higher integration in our day to day life and this leads to a rise in security issues. To strengthen the access control of cloud resources, most organizations are acquiring Identity Management Systems (IDM). This paper presents one of the most popular IDM systems, specifically OAuth, working in the scope of Mobile Cloud Computing which has many weaknesses in its protocol flow. OAuth is a Delegated Authorization protocol, and not an Authentication protocol and this is where the problem lies. This could lead to very poor security decisions around authentication when the basic OAuth flow is adhered to. OAuth provides an access token to a client, so that it can access a protected resource, based on the permission of the resource owner. Many researchers have opted to implement OpenlD alongside OAuth so as to solve this problem. But OpenlD similarly has several security flows. This paper presents scenarios of how insecure implementations of OAuth can be abused maliciously. We incorporate an authentication protocol to verify the identities before authorization is carried out.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.137-144
• /
• 2004

3GPP(3rd Generation Project Partnership)-WLAN(Wireless Local Area Network) interworking refers to the utilization of resources and access to services within the 3GPP system by the WLAN UE(User Equipment) and user respectively. The intent of 3GPP-WLAN Interworking is to extend 3GPP services and functionality to the WALN access environment. We propose an efficient mechanism for the setup of UE-initiated tunnels in 3GPP-WLAN interworking. The proposed mechanism is based on a secret key which is pre-distributed in the process of authentication and key agreement between UE and 3GPP AAA(Authentication, Authorization Accounting) server. Therefore it can avoid modular exponentiation and public key signature which need a large amount of computation in UE. Also the proposed scheme provides mutual authentication and session key establishment between UE and PDGW(Packet Data Gateway).

• International Journal of Internet, Broadcasting and Communication
• /
• v.12 no.2
• /
• pp.1-7
• /
• 2020

The secure access the lighting, Heating, ventilation, and air conditioning (HVAC), fire safety, and security control boxes of building facilities is the primary objective of future smart buildings. This paper proposes an authorized user access to the electrical, lighting, fire safety, and security control boxes in the smart building, by using color grid coded optical camera communication (OCC) with face recognition Technologies. The existing CCTV subsystem can be used as the face recognition security subsystem for the proposed approach. At the same time a smart device attached camera can used as an OCC receiver of color grid code for user access authentication data sent by the control boxes to proceed authorization. This proposed approach allows increasing an authorization control reliability and highly secured authentication on accessing building facility infrastructure. The result of color grid code sequence received by the unauthorized person and his face identification allows getting good results in security and gaining effectiveness of accessing building facility infrastructure. The proposed concept uses the encoded user access authentication information through control box monitor and the smart device application which detect and decode the color grid coded informations combinations and then send user through the smart building network to building management system for authentication verification in combination with the facial features that gives a high protection level. The proposed concept is implemented on testbed model and experiment results verified for the secured user authentication in real-time.

• Genomics & Informatics
• /
• v.14 no.1
• /
• pp.20-28
• /
• 2016

Internet addiction (IA) has become a widespread and problematic phenomenon as smart devices pervade society. Moreover, internet gaming disorder leads to increases in social expenditures for both individuals and nations alike. Although the prevention and treatment of IA are getting more important, the diagnosis of IA remains problematic. Understanding the neurobiological mechanism of behavioral addictions is essential for the development of specific and effective treatments. Although there are many databases related to other addictions, a database for IA has not been developed yet. In addition, bioinformatics databases, especially genetic databases, require a high level of security and should be designed based on medical information standards. In this respect, our study proposes the OAuth standard protocol for database access authorization. The proposed IA Bioinformatics (IABio) database system is based on internet user authentication, which is a guideline for medical information standards, and uses OAuth 2.0 for access control technology. This study designed and developed the system requirements and configuration. The OAuth 2.0 protocol is expected to establish the security of personal medical information and be applied to genomic research on IA.

• Journal of Korea Society of Industrial Information Systems
• /
• v.13 no.3
• /
• pp.110-116
• /
• 2008

In this paper, we proposed an improvement technique of image encryption using binary phase computer generated hologram(BPCGH) and multi exclusive-OR(XOR) operations. For the encryption process, a BPCGH that reconstructs the original image is designed, using an iterative algorithm, and the resulting hologram is regarded as the image to be encrypted. The BPCGH is encrypted through the exclusive-OR operation with the random generated phase key image. Then the encrypted image is divided into several slide images using XOR operations. So, the performance of encryption for the image is improved. For the decryption process, we cascade the encrypted slide images and phase key image and interfere with reference wave. Then decrypted hologram image is transformed into phase information. Finally, the original image is recovered by an inverse Fourier transformation of the phase information. If the slide images are changed, we can get various decrypted BPCGH images. In the proposed security system, without a random generated key image, the original image can not be recovered. And we recover another hologram pattern according to the slide images, so it can be used in the differentiated authorization system.

• Proceedings of the KIEE Conference
• /
• 1987.07b
• /
• pp.1018-1021
• /
• 1987

This describes the standardization plan of data format (track 2) in magnetic stripe card and message format between terminal and host computer. The track 2's data format is composed of PAN and additional data based on ISO 3554. In the present social status of Korea, the VISA B message format is recommended.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1137-1140
• /
• 2004

사용자의 인증 및 자원에 대한 접근 권한을 제어하는 인가는 개별 서버에서 수행되어 왔다. 개별적인 인증과 인가는 서버의 관리 부담을 증가시키며, 서비스의 가입과 반복적인 인증으로 인해 사용자에게 불편을 초래한다. 따라서, 본 논문에서는 중앙집중적으로 인증과 인가를 대행하는 AAS를 제안한다. AAS는 ID 관리 기능 외에 단일인증(Single sign on), 멀티티어(multi-tier)인증, 역할기반 접근통제, 인증서 관리 서비스 등을 제공한다.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2101-2105
• /
• 2003

Recently the number of Internet users has very sharply increased, and the number of intrusions has also increased very much. Consequently, security products are being developed and adapted to prevent systems and networks from being hacked and intruded. Even if security products are adapted, however, hackers can still attack a system and get a special authorization because the security products cannot prevent a system and network from every instance of hacking and intrusion. Therefore, the researchers have focused on an active hacking prevention method, and they have tried to develop a traceback system that can find the real location of an attacker. At present, however, because of the characteristics of Internet - diversity, anonymity - the real-time traceback is very difficult. To over-come this problem the Network-based Real-Time Connection Traceback System (NRCTS) was proposed. But there is a security problem that the victim system can be hacked during the traceback. So, in this paper, we propose modified NRCTS with connection redirection technique. We call this traceback system as Connection Redirected Network-based Real-Time Connection Traceback System (CR-NRCTS).

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.19 no.38
• /
• pp.217-224
• /
• 1996

Recently groupware has been popularly adopted by corperations to gain competitive position. In Korea, one of major function of those systems is the Electronic Authorizing System because korean firms have authorizing system but western firms do not. Thus researches on EAS has never been produced before. The purpose of this research is to build the research framework for productivity measurement of EAS. The research model of EAS has investigated three dimensions including Business process, ease of system use and media richness to meet this end. Based on this model, author conducted case study with mailing questionaires. The result of research shows that the factors of the business process and ease of system use raise the productivity but the factor of electronic media a little decreases it. Also author finds business process affects the productivity in three ways such as changing layout of papers for authorizing, changing business process and removing waiting time for authorization. Finally, based on the result of research, this paper adds some recommendations for EAS builder.

• Korean Management Science Review
• /
• v.12 no.3
• /
• pp.45-60
• /
• 1995

This study examines a normative model of project management systems, PPMS, to provide information for directing R&D activity in order to increase R&D productivity. The PPMS (Project Process Management System) is a disciplined and systematic framework to manage R&D projects effectively and efficiently under the assumption of a strategic decision making and long-range planning. The purpose of PPMS is to provide for the management of research organization at different levels an effective management tool; first, for the planning system which deals with rational selection and authorization of R&D projects, second, for the control system which concerns monitoring and controlling the execution of R&D projects, and finally, for the evaluation system which attains evaluation of the performance results of R&D projects and determination of the necessary follow-up. A view for the future development of project management within the context of a project-performing organization is also elaborated to exhibit the progress and phase description of the project management system.