• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권5호
• /
• pp.967-979
• /
• 2013

Now a day, Wireless Sensor Networks (WSNs) are being widely used in different areas one of which is healthcare services. A wireless medical sensor network senses patient's vital physiological signs through medical sensor-nodes deployed on patient's body area; and transmits these signals to devices of registered medical professionals. These sensor-nodes have low computational power and limited storage capacity. Moreover, the wireless nature of technology attracts malicious minds. Thus, proper user authentication is a prime concern before granting access to patient's sensitive and private data. Recently, P. Kumar et al. claimed to propose a strong authentication protocol for healthcare using Wireless Medical Sensor Networks (WMSN). However, we find that P. Kumar et al.'s scheme is flawed with a number of security pitfalls. Information stored inside smart card, if extracted, is enough to deceive a valid user. Adversary can not only access patient's physiological data on behalf of a valid user without knowing actual password, can also send fake/irrelevant information about patient by playing role of medical sensor-node. Besides, adversary can guess a user's password and is able to compute the session key shared between user and medical sensor-nodes. Thus, the scheme looses message confidentiality. Additionally, the scheme fails to resist insider attack and lacks user anonymity.

• 한국중재학회지:중재연구
• /
• 제30권3호
• /
• pp.137-167
• /
• 2020

As arbitration is widely used as an alternative dispute resolution mechanism, third-party funding, which is a person or entity with no prior interest in the legal dispute providing non-recourse financing for one of the parties, has become more prevalent with increasing costs of international arbitration. In particular, Hong Kong and Singapore are the first jurisdictions to adopt and implement legislations to specifically permit third-party funding of international arbitration. Thus, in this article, relevant issues with respect to third-party funding of arbitration, such as, conflicts of interest, disclosure, privilege and confidentiality of information, cost allocation, security for costs, and control over arbitral proceedings by the third-party funder are examined with pertinent provisions of the recent legislations. While the respective legislations of Hong Kong and Singapore may not directly address every issue raised by third-party funding of arbitration, as they make it clear that such is no longer prohibited by the old common law doctrines of champerty and maintenance, they have clarified conflicting case law as well as proactively promoted themselves as leading seats of international arbitration.

• 정보보호학회논문지
• /
• 제27권4호
• /
• pp.971-980
• /
• 2017

클라우드 환경에서 대량으로 발생하는 데이터들에 대해 효율적인 저장 공간을 제공하는 기법으로 단일의 데이터만을 저장하여 중복을 제거하는 중복제거 기법을 활용할 수 있다. 위탁 데이터에 대한 기밀성에 민감한 사용자들은 안전한 암호 알고리즘을 이용 가능하지만 중복제거 기법의 효율성을 떨어뜨린다는 단점을 가지고 있다. 사용자의 데이터 프라이버시를 보장하면서 저장 공간의 효율성을 올리기 위해 2015년에 PAKE(Password Authenticated Key Exchange) 프로토콜을 활용한 서버 측면의 사용자간 중복제거 기법이 제안되었다. 본 논문에서는 부채널을 통하여 제안된 기법이 CoF(Confirmation-of-File) 또는 중복 확인 공격(ducplicate identification attack)에 대해 안전하지 않음을 증명한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권2호
• /
• pp.811-829
• /
• 2015

One-way authenticated key agreement protocols, aiming at solving the problems to establish secure communications over public insecure networks, can achieve one-way authentication of communicating entities for giving a specific user strong anonymity and confidentiality of transmitted data. Public Key Infrastructure can design one-way authenticated key agreement protocols, but it will consume a large amount of computation. Because one-way authenticated key agreement protocols mainly concern on authentication and key agreement, we adopt multi-server architecture to realize these goals. About multi-server architecture, which allow the user to register at the registration center (RC) once and can access all the permitted services provided by the eligible servers. The combination of above-mentioned ideas can lead to a high-practical scheme in the universal client/server architecture. Based on these motivations, the paper firstly proposed a new one-way authenticated key agreement scheme based on multi-server architecture. Compared with the related literatures recently, our proposed scheme can not only own high efficiency and unique functionality, but is also robust to various attacks and achieves perfect forward secrecy. Finally, we give the security proof and the efficiency analysis of our proposed scheme.

• 디지털콘텐츠학회 논문지
• /
• 제1권1호
• /
• pp.23-37
• /
• 2000

EDI는 은행업무, 무역, 의학, 출판 등의 다양한 활동이나 사업에 관련된 메시지를 컴퓨터들간에 상호 교환한다는 개념이다. 그러므로, 보안성, 신뢰성 및 특수 기능성이 EDI 시스템의 절대적 요구사항이다. 이러한 요구사항 중 보안성에 대한 요구사항을 만족시키기 위한 접근제어 모델을 설계하고자 한다. 정보시스템에 있어서의 접근제어는 실체에 대한 모든 접근은 보안정책에 의해서 정해진 접근모드나 규칙에 따라 발생한다는 것을 보장하기 위한 것이다. 본 논문에서는, 접근제어 모델을 위한 보안정책을 신분기반 정책, 규칙기반 정책, 직무기반 정책 측면에서 제시한다. 정의한 보안정책을 수행하기 위해서 유도된 접근제어 규칙과 오퍼레이션에 기초한 안전한 EDI 서비스를 제공하기 위한 접근제어 모델을 설계한다. 제안한 접근제어 모델은 EDI 메시지에 대한 무결성, 비밀성 및 흐름제어를 제공한다.

• 벤처창업연구
• /
• 제3권4호
• /
• pp.43-57
• /
• 2008

본 연구는 기업의 윤리경영을 실천하기 위해서는 무엇보다도 회계정보가 투명하여야 하며, 이를 위해서는 회계담당자와 내부감사인력의 윤리수준을 정확히 조사 분석하고, 이들의 윤리수준을 향상시키는 방안을 모색한 내용이다. 본 연구는 방위산업체의 회계담당자인 회계실무자의 회계윤리수준을 조사 분석하고, 이것이 회계투명성과 분식회계에 미치는 영향을 조사하여 기업의 윤리경영에 도움을 주고자 하는데 그 목적이 있다. 본 연구는 윤리판단연구와 이문화간 윤리연구의 2가지 분야를 연구하였다. 윤리판단연구는 회계영역의 고유하고 다양한 윤리적 상황에서 발생할 수 있는 행동에 초점을 맞추고 있다. 이문화간 윤리연구에서는 일반적으로 문화의 차이에 따라 공인회계사의 윤리적사고의 개발수준이 다르다는 것을 발견하였다.

• 한국의류학회지
• /
• 제36권10호
• /
• pp.1125-1136
• /
• 2012

This study examines the influence of attitudes toward cosmetic surgery, body value inclination, and sociocultural attitudes towards appearance on clothing behavior. The subjects of this study were 315 female college students in Gyeongsang province. The data obtained were analyzed by a reliability analysis, factor analysis, correlation analysis, stepwise multiple regression analysis, and t-test. The major results of this study were as follows: First, three factors of attitudes toward cosmetic surgery were identified: the desire/motive for cosmetic surgery, risk taking for cosmetic surgery, and confidentiality about cosmetic surgery. Second, two factors of body value inclination were identified: getting an attractive physical appearance and maintaining an attractive physical appearance. Third, a significant positive correlation was found for attitudes toward cosmetic surgery, body value inclination, and sociocultural attitudes towards appearance with clothing behavior. Fourth, the most important variable that affected the imitation of celebrity clothing and preference for luxury goods was the desire/motive for cosmetic surgery. In addition, the sexual attractiveness of clothing was influenced by risk taking for cosmetic surgery and sociocultural attitudes towards appearance.

• 디지털산업정보학회논문지
• /
• 제13권1호
• /
• pp.87-101
• /
• 2017

As people increasingly rely on mobile networks in modern society, mobile communication security is becoming more and more important. In the Long Term Evolution/System Architecture Evolution (LTE/SAE) architecture, the 3rd Generation Partnership (3GPP) team has also developed the improved Evolved Packet System Authentication and Key Agreement (EPS AKA) protocol based on the 3rd Generation Authentication and Key Agreement (3G AKA) protocol in order to provide mutual authentication and secure communication between the user and the network. Unfortunately, the EPS AKA also has several vulnerabilities such as sending the International Mobile Subscriber Identity (IMSI) in plain text (which leads to disclosure of user identity and further causes location and tracing of the user, Mobility Management Entity (MME) attack), man-in-middle attack, etc. Hence, in this paper, we analyze the EPS AKA protocol and point out its deficiencies and then propose an Efficient and Security Enhanced Authentication and Key agreement (ESE-EPS AKA) protocol based on hybrid of Dynamic Pseudonym Mechanism (DPM) and Public Key Infrastructure (PKI) retaining the original framework and the infrastructure of the LTE network. Then, our evaluation proves that the proposed new ESE-EPS AKA protocol is relatively more efficient, secure and satisfies some of the security requirements such as confidentiality, integrity and authentication.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권9호
• /
• pp.4508-4528
• /
• 2016

Widespread use of wireless networks has drawn attention to ascertain confidential communication and proper authentication of an entity before granting access to services over insecure channels. Recently, Truong et al. proposed a modified dynamic ID-based authentication scheme which they claimed to resist smart-card-theft attack. Nevertheless, we find that their scheme is prone to smart-card-theft attack contrary to the author's claim. Besides, anyone can impersonate the user as well as service provider server and can breach the confidentiality of communication by merely eavesdropping the login request and server's reply message from the network. We also notice that the scheme does not impart user anonymity and forward secrecy. Therefore, we present another authentication scheme keeping apart the threats encountered in the design of Truong et al.'s scheme. We also prove the security of the proposed scheme with the help of widespread BAN (Burrows, Abadi and Needham) Logic.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권1호
• /
• pp.344-365
• /
• 2020

Providing security has been always on priority in all areas of computing and communication, and for the systems that are low on computing power, implementing appropriate and efficient security mechanism has been a continuous challenge for the researchers. Radio Frequency Identification (RFID) system is such an environment, which requires the design and implementation of efficient security mechanism. Earlier, the security protocols for RFID based on hash functions and symmetric key cryptography have been proposed. But, due to high strength and requirement of less key size in elliptic curve cryptography, the focus of researchers has been on designing efficient security protocol for RFID based on elliptic curves. In this paper, an efficient elliptic curve signcryption based security protocol for RFID has been proposed, which provides mutual authentication, confidentiality, non-repudiation, integrity, availability, forward security, anonymity, and scalability. Moreover, the proposed protocol successfully provides resistance from replay attack, impersonation attack, location tracking attack, de-synchronization attack, denial of service attack, man-in-the-middle attack, cloning attack, and key-compromise attack. Results have revealed that the proposed protocol is efficient than the other related protocols as it takes less computational time and storage cost, especially for the tag, making it ideal to be used for RFID systems.