• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.85-90
• /
• 2011

JPMP SID Tag is the security senor tag to provides physical information protective function using sensor module, has impossible feature to copy and fake the data which is stored in the tag. So data which is stored in the JPMP SID Tag has authenticity, integrity, originality. Therefore JPMP SID Tag could be applied in the place where the security of data is demanded. This paper propose the system using the JPMP SID Tag to acquire and protect digital evidence where cause investigation of accident is necessary. Also, proposed systems is complement of software security with composition secondary control logic for JPMP SID tag access control.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.2
• /
• pp.65-73
• /
• 2014

An overall responding security-centered framework is necessary required for infringement accidents, failures, and cyber threats. On the other hand, the correspondence structures of existing administrative, technical, physical security have weakness in a system responding to complex attacks because each step is performed independently. This study will recognize all internal and external users as a potentially threatening element. To perform connectivity analysis regarding an action, an intelligent convergence security framework and road map is suggested. A suggested convergence security framework was constructed to be independent of an automatic framework, such as the conventional single solution for the priority defense system of APT of the latest attack type, which makes continuous reputational attacks to achieve its goals. This study suggested the next generation convergence security framework to have preemptive responses, possibly against an APT attack, consisting of the following five hierarchical layers: domain security, domain connection, action visibility, action control, and convergence correspondence. In the domain, the connection layer suggests a security instruction and direction in the domains of administrative, physical and technical security. The domain security layer has consistency of status information among the security domain. A visibility layer of an intelligent attack action consists of data gathering, comparison and decision cycle. The action control layer is a layer that controls the visibility action. Finally, the convergence corresponding layer suggests a corresponding system of before and after an APT attack. The administrative security domain had a security design based on organization, rule, process, and paper information. The physical security domain is designed to separate into a control layer and facility according to the threats of the control impossible and control possible. Each domain action executes visible and control steps, and is designed to have flexibility regarding security environmental changes. In this study, the framework to address an APT attack and load map will be used as an infrastructure corresponding to the next generation security.

• The KIPS Transactions:PartD
• /
• v.10D no.7
• /
• pp.1149-1154
• /
• 2003

Due to various requirements for the user access control to large databases in the hospitals and the banks, database security has been emphasized. There are many security models for database systems using wide variety of policy-based access control methods. However, they are not functionally enough to meet the requirements for the complicated and various types of access control. In this paper, we propose a database security system that can individually control user access to data groups of various sites and is suitable for the situation where the user's access privilege to arbitrary data is changed frequently. Data group(s) in different sixes d is defined by the table name(s), attribute(s) and/or record key(s), and the access privilege is defined by security levels, roles and polices. The proposed system operates in two phases. The first phase is composed of a modified MAC (Mandatory Access Control) model and RBAC (Role-Based Access Control) model. A user can access any data that has lower or equal security levels, and that is accessible by the roles to which the user is assigned. All types of access mode are controlled in this phase. In the second phase, a modified DAC(Discretionary Access Control) model is applied to re-control the 'read' mode by filtering out the non-accessible data from the result obtained at the first phase. For this purpose, we also defined the user group s that can be characterized by security levels, roles or any partition of users. The policies represented in the form of Block(s, d, r) were also defined and used to control access to any data or data group(s) that is not permitted in 'read ' mode. With this proposed security system, more complicated 'read' access to various data sizes for individual users can be flexibly controlled, while other access mode can be controlled as usual. An implementation example for a database system that manages specimen and clinical information is presented.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.4
• /
• pp.53-60
• /
• 2022

Recently, as the amount of data collected by drones has rapidly increased, it is necessary to support cloud computing technology that can securely and efficiently store and process data. However, various security threats such as stealing, leaking, or tampering with data communicated by drones can occur due to attackers. Therefore, there is a need for security technology to provide secure communication of data collected from drones. Among various security technologies, the KP-ABE scheme, which is attribute-based encryption, is a security technology that satisfies two characteristics: data encryption and user access control. This paper researched the KP-ABE scheme and proposed a secure data access control scheme to the drone environment. This proposed scheme provides confidentiality and integrity of data communicated in a drone environment and secure access control and availability. In addition, it provides a fast ciphertext search and constant size ciphertext among the requirements to be provided in the KP-ABE scheme.

• Journal of Institute of Control, Robotics and Systems
• /
• v.22 no.9
• /
• pp.766-772
• /
• 2016

Recent advances in networking and computers, especially internet of things (IoT) technologies, have improved the quality of home life and industrial sites. However, the security vulnerability of IoT technologies causes life-threatening issues and information leakage concerns. Studies regarding security algorithms are being conducted. In this paper, we proposed SEED algorithms based on one time passwords (OTPs). The specified server sent time data to the client every 10 seconds. The client changed the security key using time data and generated a ciphertext by combining the changed security key and the matrix. We applied the SEED algorithms with enhanced security to Linux-based embedded boards and android smart phones, then conducted a door lock control experiment (door lock & unlock). In this process, the power consumed for decryption was measured. The power consumption of the OTP-based algorithm was measured as 0.405-0.465W. The OTP-based algorithm didn't show any difference from the existing SEED algorithms, but showed a better performance than the existing algorithms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.175-185
• /
• 2019

The security control is to protect IT system from cyber infringement by deriving valid result values in the process of gathering and analyzing various information. Currently, security control is very effective by using SIEM equipment which enables analysis of systematic and comprehensive viewpoint based on a lot of data, away from analyzing cyber threat information with only fragmentary information. However, It can also be said that cyber attacks are analyzed and coped with the manual work of security personnel. This means that even if there is excellent security equipment, the results will vary depending on the user using. In case of operating a characteristic web service including information provision, This study suggests the basic point of security control through characteristics information analysis, and proposes a model for intensive security control through the type discovery and application which enable a step-wise analysis and an effective filtering. Using this model would effectively detect, analyze and block attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.505-514
• /
• 2012

Because people usually establish their online social network based on their offline relationship, the social networks (i.e., the graph of friendship relationships) are often used to share contents. Mobile devices let it easier in these days, but it also increases the privacy risk such as access control of shared data and relationship exposure to untrusted server. To control the access on encrypted data and protect relationship from the server, M. Atallah et al. proposed a hop-based scheme in 2009. Their scheme assumed a distributed environment such as p2p, and each user in it shares encrypted data on their social network. On the other hand, it is very inefficient to keep their relationship private, so we propose an improved scheme. In this paper, among encrypted contents and relationships, some authenticated users can only access the data in distributed way. For this, we adopt 'circular-secure symmetric encryption' first. Proposed scheme guarantees the improved security and efficiency compared to the previous work.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.23 no.11
• /
• pp.34-43
• /
• 2009

SCADA (Supervisory Control and Data Acquisition) system has been used for remote measurement and control on the critical infrastructures as well as modem industrial facilities. As cyber attacks increase on communication networks, SCADA network has been also exposed to cyber security problems. Especially, SCADA systems of energy industry such as electric power, gas and oil are vulnerable to targeted cyber attack and terrorism Recently, many research efforts to solve the problems have made progress on SCADA network security. In this paper, flexible key distribution concept is proposed for improving the security of SCADA network using Multiagent System (MAS).

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.3182-3203
• /
• 2023

With the growing adoption of cloud-based technologies, maintaining the privacy and security of cloud data has become a pressing issue. Privacy-preserving encryption schemes are a promising approach for achieving cloud data security, but they require careful design and implementation to be effective. The integrated approach to cloud data security that we suggest in this work uses CogniGate: the orchestrated permissions protocol, index trees, blockchain key management, and unique Opacus encryption. Opacus encryption is a novel homomorphic encryption scheme that enables computation on encrypted data, making it a powerful tool for cloud data security. CogniGate Protocol enables more flexibility and control over access to cloud data by allowing for fine-grained limitations on access depending on user parameters. Index trees provide an efficient data structure for storing and retrieving encrypted data, while blockchain key management ensures the secure and decentralized storage of encryption keys. Performance evaluation focuses on key aspects, including computation cost for the data owner, computation cost for data sharers, the average time cost of index construction, query consumption for data providers, and time cost in key generation. The results highlight that the integrated approach safeguards cloud data while preserving privacy, maintaining usability, and demonstrating high performance. In addition, we explore the role of differential privacy in our integrated approach, showing how it can be used to further enhance privacy protection without compromising performance. We also discuss the key management challenges associated with our approach and propose a novel blockchain-based key management system that leverages smart contracts and consensus mechanisms to ensure the secure and decentralized storage of encryption keys.

• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.53-59
• /
• 2015

With radical development of information and communication Technology, Internet of Things(IoT) era - all the th ings around us are connected through internet so that it enables objects to exchange data with connected devices a nd is expected to offer new advanced services that goes beyond the value where each existing objects could have o ffered respectively - has come. Concerns regarding security threat are being raised in adopting IoT as the number of internet-connected appliances are rapidly increasing. So, we need to consider how to protect and control countles s objects. This paper covers the role and procedures of existing security control. Futhermore, it provides information about the direction of security control when it comes to IoT.