• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.5
• /
• pp.59-71
• /
• 2005

A RFID (Radio Frequency Identification) system receives attention as the technology which can realize the ubiquitous computing environment. However, the feature of the RFID tags may bring about new threats to the security and privacy of individuals. Recently, Juels proposed the minimalist cryptography for very low-cost RFID tags, which is secure. but only under the impractical assumption such that an adversary is allowed to eavesdrop only the pre-defined number of sessions. In this paper, we propose a scheme to protect privacy for very low-cost RFID systems. The proposed protocol uses only bit-wise operations without my costly cryptographic function such as hashing, encryption which is secure which is secure against an adversary who is allowed to eavesdrop transmitted message in every session any impractical assumption. The proposed scheme also is more efficient since our scheme requires less datas as well as few number of computations than Juels's scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.25-35
• /
• 2006

Radio Frequency identification (RFID) will become an important technology in remotely object identification systems. However, the use of RFID tags may create new threats to the sniな and Privacy of individuals holding RFID tags. These threats bring several problems which are information leakage of a tag, location trace of individuals and impersonation of a tag. Low-cost RFID systems have much restrictions such as the limited computing power, passive power mechanism and low storage space. Therefore, the cost of tag's computation should be considered as an important factor in low-cost RFID systems. We propose an authentication protocol, OHLCAP which requires only one one-way hash function operation and hence is very efficient. Furthermore, our protocol is suitable to distribution database environment. Hence our scheme can be applied to ubiquitous computing environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.3-12
• /
• 2006

RFID (Radio Frequency Identification) system is expected to play a critical role providing widespread services in the ubiquitous period. However, widespread use of RFID tags may create new threats to the privacy of individuals such as information leakage and traceability. It is difficult to solve the privacy problems because a tag has the limited computing power that is not the adequate resource to support the general encryption. Although the scheme of [2] protects the consumer privacy using an external agent, a tag should compute exponential operation needed high cost. We propose Self Re-Encryption Protocol (SREP) which provides song privacy without assisting of any external agent. Our SREP is well suitable to low-cost RFID system since it only needs multiplication and exclusive-or operation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.3182-3203
• /
• 2023

With the growing adoption of cloud-based technologies, maintaining the privacy and security of cloud data has become a pressing issue. Privacy-preserving encryption schemes are a promising approach for achieving cloud data security, but they require careful design and implementation to be effective. The integrated approach to cloud data security that we suggest in this work uses CogniGate: the orchestrated permissions protocol, index trees, blockchain key management, and unique Opacus encryption. Opacus encryption is a novel homomorphic encryption scheme that enables computation on encrypted data, making it a powerful tool for cloud data security. CogniGate Protocol enables more flexibility and control over access to cloud data by allowing for fine-grained limitations on access depending on user parameters. Index trees provide an efficient data structure for storing and retrieving encrypted data, while blockchain key management ensures the secure and decentralized storage of encryption keys. Performance evaluation focuses on key aspects, including computation cost for the data owner, computation cost for data sharers, the average time cost of index construction, query consumption for data providers, and time cost in key generation. The results highlight that the integrated approach safeguards cloud data while preserving privacy, maintaining usability, and demonstrating high performance. In addition, we explore the role of differential privacy in our integrated approach, showing how it can be used to further enhance privacy protection without compromising performance. We also discuss the key management challenges associated with our approach and propose a novel blockchain-based key management system that leverages smart contracts and consensus mechanisms to ensure the secure and decentralized storage of encryption keys.

• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.17-22
• /
• 2024

Software cost and schedule estimation is usually based on the estimated size of the software. Advanced estimation techniques also make use of the diverse factors viz, nature of the project, staff skills available, time constraints, performance constraints, technology required and so on. Usually, estimation is based on an estimation model prepared with the help of experienced project managers. Estimation of software cost is predominantly a crucial activity as it incurs huge economic and strategic investment. However accurate estimation still remains a challenge as the algorithmic models used for Software Project planning and Estimation doesn't address the true dynamic nature of Software Development. This paper presents an efficient approach using the contemporary Constructive Cost Model (COCOMO) augmented with the desirable feature of fuzzy logic to address the uncertainty and flexibility associated with the cost drivers (Effort Multiplier Factor). The approach has been validated and interpreted by project experts and shows convincing results as compared to simple algorithmic models.

• The Journal of Korean Institute of Information Technology
• /
• v.17 no.7
• /
• pp.123-131
• /
• 2019

In this paper, related studies were investigated by dividing them into cost-benefit analysis, security continuity services, and SW-centric calculations. The case analysis was conducted on A institutions in the United States, Japan and South Korea. Based on this, an improvement model was prepared through comparison with the current system. The SCS(Security Continuity Service) performance evaluation system-based information protection service cost calculation model is proposed. This method applies a service level agreement(SLA) and NIST Cybersecurity framework that are highly effective through cost-effectiveness analysis and calculates consideration based on characteristics, performance criteria, and weights by information protection service. This model can be used as a tool to objectively calculate the cost of information protection services at public institutions. It is also expected that this system can be established by strengthening the current recommended statutory level to the enforceability level, improving the evaluation system of state agencies and public institutions, introducing a verification system of information protection services by national certification bodies, and expanding its scope to all systems.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.3
• /
• pp.579-588
• /
• 2009

Enterprises and governments currently utilize COTS (Commercial off-the-Shelf) based information systems which are a kind of component based systems. Especially, COTS are widely utilized as components of information security systems and information systems. This paper suggests an appropriate adaptation level and a cost effective priority to replace security functional components in security environment. To make a cost effective decision on adapting security functional components, this paper develops a hierarchical model of information security technologies and analyzes findings through multiple decision-making criteria.

• Information Systems Review
• /
• v.4 no.2
• /
• pp.293-307
• /
• 2002

In this study, industry-specific application systems operation cost estmation models are suggested. We reviewed operation cost models of previous researches, and developed a strong need for industry-specific operation outsourcing cost models. Security industry operation cost model and medical care industry outsourcing cost model are proposed, and tested with empirical data. We showed the validity of industry-specific application systems outsourcing cost models. Future research will be needed to develop outsourcing cost models for other industries and to refine cost models developed in this study.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.12
• /
• pp.109-116
• /
• 2017

Short-lived pseudonym certificates as vehicle identities could satisfy both security and privacy requirements. However, to remove revoked certificates especially in vehicle communications, pseudonym certificate revocation list (CRL) should be distributed resource-efficiently from a practical deployment point of view and in a timely manner. In this paper, we propose a novel CRL distribution scheme capable of CRL multicast to only activated vehicles registered to the CRL multicast group using the group communication system enabler, namely, the GCSE which is being standardized. The scheme is resource efficient by using CRL distribution paths instead of paging processes to find out multicast vehicle(s) within a certain region. The analyzed results show that the proposed scheme outperforms in terms of paging cost, packets transmission cost, and the processing cost at the respective entities compared to the existing four schemes in the literature.

• Korean Security Journal
• /
• no.6
• /
• pp.167-193
• /
• 2003

Korean social structure is changing by leaps and bounds caused by industrialization, urbanization and information. Because of this, the sense of value, and moral consciousness of Korean people have been edteriorating and all kinds of social evils have been increasing also. However, the police who ought to be in charge of public well-being, security, social order are not playing their role on account of bad working conditions, and lack of budget. For this reason, individuals are desirous of preserving their security and lives at their cost. Private security has emerged at this background.