• Title/Summary/Keyword: information security system

Search Result 6,599, Processing Time 0.033 seconds

Peer to Peer Anonymous Protocol Based Random Walk (랜덤 워크 기반의 P2P 익명 프로토콜)

  • Cho, Jun-Ha;Rhee, Hyun-Sook;Park, Hyun-A;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.6
    • /
    • pp.65-76
    • /
    • 2007
  • The P2P file sharing system sends the results to users by searching the files in the shared folders. In the process of it, the problem is that the transferred information includes the pathname and file information and it can be revealed who searches which files. In related to this problem, anonymous file sharing P2P protocol has been an active research area where a number of works have been produced. However, the previous studies still have a few of weakness. Therefore, We propose two anonymous P2P file sharing protocols based on the decentralized and unstructured Random Walk. The first scheme uses the dynamic onion routing where the requester can receive the wanted file without knowing other peers' IDs. The second scheme uses the IP multicast method which lowers the computational overhead. Both of them are more suited for the dynamic P2P system.

Design of a Secure Web-mail System based on End-to-End (End-to-End 기반의 안전한 웹 메일 시스템 설계)

  • 전철우;이종후;이상호
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.2
    • /
    • pp.13-29
    • /
    • 2003
  • Web-mail system is worthy of note as a next generation e-mail system for its mobility and easiness. But many web-mail system does not have any kind of security mechanism. Even if web-mail system provides security services, its degree of strength is too low. Using these web-mail systems, the e-mail is tabbed, modified or forged by attacker easily. To solve these problems, we design and implement secure web-mail system based on the international e-mail security standard S/MIME in this thesis. This secure web-mail system is composed of server system and client system The server system performs basic mail functions - sending/receiving the mails, storing the mails, and management of user information, etc. And the client system performs cryptographic functions - encryption/decryption of the mails, digital signing and validation, etc. Because client system performs cryptographic functions this secure web-mail system gives its reliability and safety, and provides end-to-end security between mail users. Also, this secure web-mail system increase system efficiency by minimize server load.

Design and Implementation of Web Security System Using RF Card (RF 카드 기반 웹보안 시스템 설계 및 구현)

  • 이권일;이종후
    • Proceedings of the IEEK Conference
    • /
    • 2002.06c
    • /
    • pp.165-168
    • /
    • 2002
  • This paper has been designed and implemented of web security system using RF card A security mechanism that was proposed in this paper provides web services on card reader reads RF card of user only. In this paper, user authentication and server authentication was provided by challenge/response mechanism. Also, this system was provides confidentiality of communication messages.

  • PDF

A Recommender System Using Factorization Machine (Factorization Machine을 이용한 추천 시스템 설계)

  • Jeong, Seung-Yoon;Kim, Hyoung Joong
    • Journal of Digital Contents Society
    • /
    • v.18 no.4
    • /
    • pp.707-712
    • /
    • 2017
  • As the amount of data increases exponentially, the recommender system is attracting interest in various industries such as movies, books, and music, and is being studied. The recommendation system aims to propose an appropriate item to the user based on the user's past preference and click stream. Typical examples include Netflix's movie recommendation system and Amazon's book recommendation system. Previous studies can be categorized into three types: collaborative filtering, content-based recommendation, and hybrid recommendation. However, existing recommendation systems have disadvantages such as sparsity, cold start, and scalability problems. To improve these shortcomings and to develop a more accurate recommendation system, we have designed a recommendation system as a factorization machine using actual online product purchase data.

The Performance Analysis on Remote Access VPN (원격접속 VPN에 대한 성능분석)

  • Kim, Ji-Hong
    • The Journal of Information Technology
    • /
    • v.7 no.4
    • /
    • pp.21-30
    • /
    • 2004
  • A VPN(Virtual Private Network) is constructed using public wires to connect nodes. It can be used like the dedicated line and maintain the security of the data on the VPN. And It uses encryption and other security mechanisms to ensure that only authorized users can access the network. In this paper we summarize IPsec and VPN technology and construct pilot VPN system for analyzing the performance of remote access VPN. Then we analyze the performance of remote VPN system using VPN concentrator in case of single user and in case of multi users.

  • PDF

A Secure Credit Card Transaction Method Based on Kerberos

  • Kim, Jung-Eun;Kim, Yoo-Hwan
    • Journal of Computing Science and Engineering
    • /
    • v.5 no.1
    • /
    • pp.51-70
    • /
    • 2011
  • This paper introduces a new credit card payment scheme called No Number Credit Card that can significantly reduce the possibility of credit card fraud. The proposed payment system is loosely based on Kerberos, a cryptographic framework that has stood the test of time. In No Number Credit Card, instead of card numbers, only payment tokens are exchanged between the customers and merchants. The tokens are generated based on the payment amount, payment type, client information, and merchant information. However, it does not contain the credit card number, so the merchant or a database hacker cannot acquire and illegally use any credit card numbers. The No Number Credit Card system is ideal for online e-commerce transactions and can be used with any credit card that users possess. It can be used with minor modifications to the current card payment system. We provide the principles of its operation through scenario analysis, a sample implementation, and a security analysis

Enhancing Privacy Protection in Steppy Applications through Pseudonymization

  • Nugroho, Heri Arum;Prihatmanto, Ary Setijadi;Rhee, Kyung Hyune
    • Annual Conference of KIPS
    • /
    • 2015.10a
    • /
    • pp.763-766
    • /
    • 2015
  • Smart Healthcare System as an Open Platform (Shesop) is an integrated healthcare system and have several features, one of them is Steppy Application. Steppy does count your step and display on Shesop website. In this system security issues are not properly addressed, while Personal Health Record (PHR) patient stored in the cloud platform could be at risk. In fact, the huge electronic information available online, people needs reliable and effective technique for privacy preserving. In order to improve the security of data which are displayed on the Shesop website, so that anyone who access could not tamper without permission. Recently Xu et al. showed a pseudonym scheme using smart card as a solution in e-health systems which uses discrete logarithm problem with cyclic group. In this paper, we adopt their scheme and use it application into smartphone using Near Field Communication (NFC) to construct security in Steppy apps.

Privacy Inferences and Performance Analysis of Open Source IPS/IDS to Secure IoT-Based WBAN

  • Amjad, Ali;Maruf, Pasha;Rabbiah, Zaheer;Faiz, Jillani;Urooj, Pasha
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.12
    • /
    • pp.1-12
    • /
    • 2022
  • Besides unexpected growth perceived by IoT's, the variety and volume of threats have increased tremendously, making it a necessity to introduce intrusion detections systems for prevention and detection of such threats. But Intrusion Detection and Prevention System (IDPS) inside the IoT network yet introduces some unique challenges due to their unique characteristics, such as privacy inference, performance, and detection rate and their frequency in the dynamic networks. Our research is focused on the privacy inferences of existing intrusion prevention and detection system approaches. We also tackle the problem of providing unified a solution to implement the open-source IDPS in the IoT architecture for assessing the performance of IDS by calculating; usage consumption and detection rate. The proposed scheme is considered to help implement the human health monitoring system in IoT networks

A Study on The Preference Analysis of Personal Information Security Certification Systems: Focused on SMEs and SBs (개인정보보호 인증제도 선호도 분석에 관한 연구: 중소기업 및 소상공인을 중심으로)

  • Park, Kyeong-Tae;Kim, Sehun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.5
    • /
    • pp.911-918
    • /
    • 2014
  • Over the past few years, security breaches have been consistently reported around the world. Especially, people's personal information are at risk of being breached as the firms gather and utilize the information for their marketing purposes. As an effort to revamp their data infrastructures, companies have rebuilt their system that almost every data, including the personal information, are stored within the digital database. However, this migration provides easier access to the database but it has also increased the system vulnerability. As the data can be easily exposed to the unauthorized personnel both intentionally and unintentionally, it is necessary for companies to establish a set of security protocol and operate the personal information protection system. There are two major certified security system in South Korea; PIMS from KISA and PIPL from NIA. This paper analyzes the preferences of SMEs and small business using conjoint attributes of PIMS and PIPL. The study shows that the business owners take post certification rewards as the most important factor. It also shows that the attributes that have the highest utility rates are the following; 1) KISA certification, 2) 79 points of protection counter measurements, 3) 28 items of life cycle, 3) 50 percent discount on certification fee, and 4) Reduced amount of fine for personal information leakage incident.

A Security Vulnerability in IPv6 Native Network and Mixed IPv4/IPv6 Network (IPv6 순수망과 IPv4/IPv6 혼재망의 보안 취약점)

  • Yi Young-Soo;Park Nam-Youl;Kim Yong-Min;Noh Bong-Nam
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2006.06a
    • /
    • pp.340-343
    • /
    • 2006
  • IPv6는 차세대 네트워크를 구축하기 위한 가장 핵심적인 기술로써, 풍부한 주소공간과 이동성 지원, 보안기능 강화 등 IPv4에 비해 많은 이점을 지니고 있다. 또한 IPv4의 주소 고갈 문제를 해결하기 위해 IPv6로의 전환이 당연시 되고 있으나 IPv4/IPv6 혼재망이 과도기적인 입장에서 대안이 될 수 있다. 그러나 IPv4/IPv6 혼재망과 IPv6망은 IPv4에서와 마찬가지로 프로토콜 기능상의 많은 문제점을 안고 있다. 본 논문에서는 IPv6망 및 IPv4/IPv6 혼재 네트워크상에서의 보안 취약점과 실험 결과를 기술하였다.

  • PDF