• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1343-1354
• /
• 2018

OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

• Journal of Korean Society of Occupational and Environmental Hygiene
• /
• v.25 no.4
• /
• pp.433-445
• /
• 2015

Objectives: The major objectives of this study are to review the issues surrounding trade secret claims in the Chemicals Control Act and Amendment on Occupational Safety and Health Act(1917-227) and to propose a way of improving the reliability of chemical information in MSDSs, labels and National Chemical Survey results. Materials: To review the issues on trade secret claims, we made an analysis frame which was divided into three steps: Value and Problem Recognition; New Regulation Design; and Enforcement and Amendment. We then compared Korean issues with issues from the United States' Hazard Communication Standard and Emergency Planning & Community Right-to-Know Act, Canada's Workplace Hazardous Materials Information System and Hazardous Materials Information Review Act and the European Union's Regulation on Classification, Labelling and Packaging of substances and Mixtures. Results: The stage of right-to-know development in Korea has passed the Value and Problem Recognition phase, so efforts are needed to elaborately design new regulation. Conclusions: We recommend two ways to improve right-to-know in Korea. First, strict examination of the quality of documents for trade secret claims is very important. Second, trade secrets should be limited to less-hazardous substances.

• Journal of Communications and Networks
• /
• v.17 no.5
• /
• pp.525-533
• /
• 2015

MS Office suit software is the most widely used electronic documents by a large number of users in the world, which has absolute predominance in office software market. MS Office 2007-2013 documents, which use new office open extensible markup language (OOXML) format, could be illegally used as cover mediums to transmit secret information by offenders, because they do not easily arouse others suspicion. This paper proposes nine forensic methods and an integrated forensic tool for OOXML format documents on the basis of researching the potential information hiding methods. The proposed forensic methods and tool cover three categories; document structure, document content, and document format. The aim is to prevent covert communication and provide security detection technology for electronic documents downloaded by users. The proposed methods can prevent the damage of secret information embedded by offenders. Extensive experiments based on real data set demonstrate the effectiveness of the proposed methods.

• Journal of Broadcast Engineering
• /
• v.22 no.3
• /
• pp.350-365
• /
• 2017

Steganography is a technique for secret data communication, which is not perceived by third person between a receiver and a transmitter. It has been developed for thousands of years for the transmission of military, diplomatic or business information. The development of digital media and communication has led to the development of steganography techniques in modern times. Technic of image steganography include the LSB, which fixes the number of embedded bits into a pixel, and PVD, which exploits the difference value in the neighboring pixel pairs. In the case of PVD image steganography, a large amount of information is embedded fluidly by difference value in neighboring pixel pairs and the designed range table. However, since the secret information in order is embedded, if an error of the number of embedded bits occurs in a certain pixel pair, all subsequent information will be destroyed. In this paper, we proposes the method, which improve the vulnerability of PVD property about external attack or various noise and extract secret information. Experimental process is comparison analysis about stego-image, which embedded various noise. PVD shows that it is not possible to preserve secret information at all about noise, but it was possible to robustly extract secret information for partial noise of stego-image in case of the proposed PVD image steganography with locally-fixed number of embedding bits.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.1
• /
• pp.59-68
• /
• 2017

The flower and woman are beautiful but Euler's theorem and the symmetry are the best. Shannon applied his theorem to information and communication based on Euler's theorem. His theorem is the root of wireless communication and information theory and the principle of today smart phone. Their meeting point is $e^{-SNR}$ of MIMO(multiple input and multiple output) multiple antenna diversity. In this paper, Euler, who discovered the most beautiful formula($e^{{\pi}i}+1=0$) in the world, briefly guided Shannon's formula ($C=Blog_2(1+{\frac{S}{N}})$) to discover the origin of wireless communication and information communication, and these two masters prove a meeting at the Shannon limit, It reveals something what this secret. And we find that it is symmetry and element-wise inverse are the hidden secret in algebraic coding theory and triangular function.

• The Transactions of the Korea Information Processing Society
• /
• v.2 no.4
• /
• pp.611-618
• /
• 1995

In the high information societies, the requirement of encryption security is increasing so as to protect information from the threat of attacks by illegal changes of data, illegal leakage of data, disorder of data sequences and the unauthorized sender and an unauthorized receiver etc. In this paper, multivariable knapsack crytosystem is proposed for security of computer communication. This system is securer and simpler than the conventional knapsack cryptosystems. And, proposed cryptosystem composed what represented each element of superincreasing vector with multivar able polynomial after transforming it of ciphervector. For the deciphering of ciphertext, the plaintext is determined by using the integers of secret and the superincreasing vector of secret key. Thus, the stability of this cryptosystem is based on the difficulty of obtaining the root that ciphervector becomes the superincreasing vector, in substituting the integers of secret for ciphervector to represent with the miltivariable polynomial. The propriety of proposed multivariable knapsack cryptosystem was proved through computer simulation.

• KIISE Transactions on Computing Practices
• /
• v.23 no.4
• /
• pp.232-237
• /
• 2017

The Maritime Cloud is a technology that enables the seamless exchange of information between several communication links in the maritime domain. Although research on The Maritime Cloud security is still at an early stage, furthering this knowledge is vital to securing the marine environment. In this paper, we propose a method for secure data transmission through The Maritime Cloud domain. The proposed technique, based on the "secret sharing" scheme, is delivered through specifically-dedicated geocasting software. Thus, only authorized vessels can restore the original information. The proposed method is safe from so-called "sniffing" and "man-in-the-middle" attacks.

• Journal of information and communication convergence engineering
• /
• v.15 no.2
• /
• pp.91-96
• /
• 2017

PIN-entry interfaces have high risks to leak secret values if the malicious attackers perform shoulder-surfing attacks with advanced monitoring and observation devices. To make the PIN-entry secure, many studies have considered invisible radio channels as a secure medium to deliver private information. However, the methods are also vulnerable if the malicious adversaries find a hint of secret values from user's $na{\ddot{i}}ve$ gestures. In this paper, we revisit the state-of-art radio channel based bimodal PIN-entry method and analyze the information leakage from the previous method by exploiting the sight tracking attacks. The proposed sight tracking attack technique significantly reduces the original password complexities by 93.8% after post-processing. To keep the security level strong, we introduce the advanced bimodal PIN-entry technique. The new technique delivers the secret indicator information through a secure radio channel and the smartphone screen only displays the multiple indicator options without corresponding numbers. Afterwards, the users select the target value by following the circular layout. The method completely hides the password and is secure against the advanced shoulder-surfing attacks.

• The Transactions of the Korea Information Processing Society
• /
• v.3 no.6
• /
• pp.1534-1541
• /
• 1996

Routing security is the confidentiality of route taken by the data transmitted over communication networks. If the route is detected by an adversary, the probability is high that the data lost or the data can be intercepted by the adversary. Therefore, the route must be protected. To accomplish this, we select an intermediate node secretly and transmit the data using this intermediate node, instead of sending the data to a destination node using the shortest direct path. Furthermore, if we use a number of secret routes from a node to a destination node, data security is much stronger since we can transmit partial data rather than entire data along a secret route. Finally, the idea above is implemented on MRNS Network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3322-3347
• /
• 2021

Cloud Storage is the primary component of many businesses on cloud. Majority of the enterprises today are adopting a multicloud strategy to keep away from vendor lock-in and to optimize cost. Auditing schemes are used to ascertain the integrity of cloud data. Of these schemes, only the Provable Data Possession schemes (PDP) are resilient to key-exposure. These PDP schemes are devised using Public Key Infrastructure (PKI-) based cryptography, Identity-based cryptography, etc. PKI-based systems suffer from certificate-related communication/computational complexities. The Identity-based schemes deal with the exposure of only the auditing secret key (audit key). But with the exposure of both the audit key and the secret key used to update the audit key, the auditing process itself becomes a complete failure. So, an Identity-based PDP scheme with Parallel Key-Insulation is proposed for multiple cloud storage. It reduces the risk of exposure of both the audit key and the secret key used to update the audit key. It preserves the data privacy from the Third Party Auditor, secure against malicious Cloud Service Providers and facilitates batch auditing. The resilience to key-exposure is proved using the CDH assumption. Compared to the existing Identity-based multicloud schemes, it is efficient in integrity verification.