• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.405-412
• /
• 2003

As the XML is approved standard language by the UN, the progress which complemented the XML security has being processed rapidly. In this paper, we design and implement the "XML-Signcryption" as a security mechanism to protect the XML document that can operate between other platforms. The signature and encryption which is the standard specification in W3C needs to be able to proceed them separately. Generally the signature and encryption require four times modular exponential operation, however the signcryption only needed three times modular exponential operation. This will benefit overall system effectiveness in terms of cost. And this scheme offers to convenient the user, because the signature and encryption implement as a single XML format. This tool can save the parsing time as a number of tags is few within a document. And also, in this paper, based on a research of Web Services security, we can apply XML-Signcryption to the SOAP message to provide the security services. Based on the XML-Signcryption scheme which provides confidentiality, integrity, authentication and non-repudiation to the XML document and Web Service security simultaneously.

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.623-632
• /
• 2005

In ad-hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. The security of ad-hoc network is more vulnerable than traditional networks because of the basic characteristics of ad-hoc network, and current muting protocols for ad-hoc networks allow many different types of attacks by malicious nodes. Malicious nodes can disrupt the correct functioning of a routing protocol by modifying routing information, by fabricating false routing information and by impersonating other nodes. We propose a routing suity mechanism based on one-time digital signature. In our proposal, we use one-time digital signatures based on one-way hash functions in order to limit or prevent attacks of malicious nodes. For the purpose of generating and keeping a large number of public key sets, we derive multiple sets of the keys from hash chains by repeated hashing of the public key elements in the first set. After that, each node publishes its own public keys, broadcasts routing message including one-time digital signature during route discovery and route setup. This mechanism provides authentication and message integrity and prevents attacks from malicious nodes. Simulation results indicate that our mechanism increases the routing overhead in a highly mobile environment, but provides great security in the route discovery process and increases the network efficiency.

• Journal of Advanced Navigation Technology
• /
• v.20 no.1
• /
• pp.8-14
• /
• 2016

High-level conceptual design analysis results of satellite communication system for Korea augmentation satellite system (KASS) satellite communication system, which is a part of KASS and consisted of KASS uplink Stations and two leased GEO is presented in this paper. We present major functions such as receiving correction and integrity message from central processing system, taking forward error correction for the message, modulating and up converting signal and conceptual design analysis for concepts for design process, GEO precise orbit determination for GEO ranging that is additional function, and clock steering for synchronization of clocks between GEO and GPS satellites. In addition to these, KASS requires 2.2 MHz for SBAS Augmentation service and 18.5 MHz for Geo-ranging service as minimum bandwidths as a results of service performance analysis of GEO ranging with respect to navigation payload(transponder) RF bandwidth is presented. These analysis results will be fed into KASS communication system design by carrying out final analysis after determining two GEOs and sites of KASS uplink stations.

• The KIPS Transactions:PartC
• /
• v.11C no.1
• /
• pp.47-54
• /
• 2004

The growth of computer resource and network speed has increased requests for the use of remotely located computer systems by connecting through computer networks. This phenomenon has hoisted research activities for application service provision that uses server-based remote computing paradigm. The server-based remote computing paradigm has been developed as the ASP (Application Service Provision) model, which provides remote users through application sharing protocol to application programs. Security requirement such as confidentiality, availability, integrity should be satisfied to provide ASP service using centralized computing system. Existing Telnet or FTP service for a remote computing systems have satisfied security requirement by a simple access control to files and/or data. But windows-based centralized computing system is vulnerable to confidentiality, availability, integrity where many users use the same application program installed in the same computer. In other words, the computing system needs detailed security level for each user different from others, such that only authorized user or group of users can run some specific functional commands for the program. In this paper, we propose windows based centralized computing system that sets security policies for each user for the use of instructions of the application programs, and performs access control to the instructions based on the security policies. The system monitors all user messages which are executed through graphical user interface by the users connecting to the system. Ail Instructions, i.e. messages, for the application program are now passed to authorization process that decides if an Instruction is delivered to the application program based on the pre-defined security polices. This system can be used as security clearance for each user for the shared computing resource as well as shared application programs.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.595-598
• /
• 2008

The Large amounts of data were available to transfer on mobile environment in the development of mobile telecommunications technology. And WIPI(Wireless Internet Protocol for Interoperability) platform is being mounted obligations to develope mobile application services. The applications developed on WIPI platform is possible to interoperability on mobile mounted WIPI platform, so there are not demand on mobile device. Currently e-commerce service is actively on mobile environment. This service is offerd based on XML Signature(eXtensible Markup Language) which provide integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere. In this paper, we designed and implemented XML Signature service module which possible interoperability on mobile mounted WIPI platform.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.1
• /
• pp.149-157
• /
• 2003

Recently, the Internet enhanced by development of IT makes the processing and exchanging of information, As the Internet is sending and receiving digitized documents over the Internet e-mail system. The security of document information is being threated when exchanging digitized documents over an open network such as the Internet. The degree of threat is even higher when sensitive documents are involved Therefore, in this paper, the secure e-mail system on a client is designed and implemented in order to make secure exchanging of digitized documents. By using the public key infrastructure in which encrypted mail transmission, proof of delivery and integrity of the message are garanted, unauthorized manipulation, illegal acquisition and mutual authentication problem can be prevented in order to secure the document information which is crucial and sensible when exchanging the digitized document over the Internet. Futhenmore, by using the SET protocol based on public key cryptography, the secure mail system is designed and implemented in order for the users not having any professional knowledge to deal with the system easily and friendly in GUI environment.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.161-164
• /
• 2005

As the power of influence of the Internet grows steadily, attacks against the Internet can cause enormous monetary damages nowadays. A worm can not only replicate itself like a virus but also propagate itself across the Internet. So it infects vulnerable hosts in the Internet and then downgrades the overall performance of the Internet or makes the Internet not to work. To response this, worm detection and prevention technologies are developed. The worm detection technologies are classified into two categories, host based detection and network based detection. Host based detection methods are a method which checks the files that worms make, a method which checks the integrity of the file systems and so on. Network based detection methods are a misuse detection method which compares traffic payloads with worm signatures and anomaly detection methods which check inbound/outbound scan rates, ICMP host/port unreachable message rates, and TCP RST packet rates. However, single detection methods like the aforementioned can't response worms' attacks effectively because worms attack the Internet in the distributed fashion. In this paper, we propose a design of distributed worm detection system to overcome the inefficiency. Existing distributed network intrusion detection systems cooperate with each other only with their own information. Unlike this, in our proposed system, a worm detection system on a network in which worms select targets and a worm detection system on a network in which worms propagate themselves cooperate with each other with the direction-aware information in terms of worm's lifecycle. The direction-aware information includes the moving direction of worms and the service port attacked by worms. In this way, we can not only reduce false positive rate of the system but also prevent worms from propagating themselves across the Internet through dispersing the confirmed worm signature.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.9
• /
• pp.1955-1964
• /
• 2011

With fast deployment of high-speed networks and various online services, the demand for massive content distribution is also growing fast. An approach that is increasingly visible in communication research community and in industry domain is peer-to-peer (P2P) networks. The P2P swarming technique enables a content distribution system to achieve higher throughput, avoid server or network overload, and be more resilient to failure and traffic fluctuation. Moreover, as a P2P-based architecture pushed the computing and bandwidth cost toward the network edge, it allows scalability to support a large number of subscribers on a global scale, while imposing little demand for equipment on the content providers. However, the P2P swarming burdens message exchange overheads on the system. In this paper, we propose a new protocol which provides confidentiality, authentication, integrity, and access control to P2P swarming. We implemented a prototype of our protocol on Android smart phone platform. We believe our approach can be straightforwardly adapted to existing commercial P2P content distribution systems with modest modifications to current implementations.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2012.06a
• /
• pp.78-79
• /
• 2012

To improve moving vehicles' accuracy, one-way Network RTK which guarantees high accuracy and integrity regardless the distance from rovers to Reference Station(RS) is being considered. Correction of one-way Network RTK can be generated only after constructing RS network surrounding the rover, therefore a correction discontinuity is inevitably occurred when the RS set has been changed. The discontinuity is not eliminated by the DD(Double Difference) method, and our simulation shows that it causes 13cm(horizontal) and 48cm(vertical) position error. We suggest three solutions to reduce this discontinuity, which are identification of master RS with neighbor networks, duplication of communication module to receive corrections from other network, and ambiguity levelling between neighbor networks.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.16
• /
• pp.183-203
• /
• 2001

To accomplish international electronic commerce via the Internet, the most serious dilemma is the international payment system. The BBL is a secure and effective electronic commerce framework for the replacement of traditional paper documents by electronic messages via the Internet providing significant benefits in terms of cost savings, improved logistics and reduced errors in documentation. The most important legal obstacles in the BBL are how to secure authenticity, non-repudiation and message integrity as well as the status of negotiability equivalent to paper B/L. These kinds of functions may be carried out through the electronic title registry of the Bolero International Limited. The technical structure is supported contractually by the Bolero Rulebook. And other documents except B/L can be made out without any legal or technical problems. What are the handicaps of the BBL in its practical use at this time? I can summarize the current and expected problems as follows: First, the fee to join Bolero Association Limited is burdensome to sellers, buyers and trade related organizations all over the world. Second, the liability in errors or defaults in operating central data registry of Bolero International Limited is limited to U.S.$100,000. The amount is not sufficient to the many bulk cargo owners to cover the damages. Third, businessmen are used to traditional paper documents; therefore it takes much time for them to change their customs and practices. So the BBL and traditional papers would be used simultaneously for the time being. Finally, it is very important to incorporate the Rulebook, a multilateral contract binding on all users signed, in each domestic law, which will accomplish the uniform law basis.