• Title, Summary, Keyword: 비밀분산

Search Result 114, Processing Time 0.034 seconds

Design and Analysis of Real-time Intrusion Detection Model for Distributed Environment (분산환경을 위한 실시간 침입 탐지 모델의 설계)

  • 이문구;전문석
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.9 no.1
    • /
    • pp.71-84
    • /
    • 1999
  • The most of intrusion detection methods do not detect intrusion when it happens. To solve the problem, we are studying a real-time intrusion detection. Because a previous intrusion detection system(IDS) is running on the host level, it difficult to port and to extend to other system on the network level that distributed environment. Also IDS provides the confidentiality of messages when it sends each other. This paper proposes a model of real-time intrusion detection using agents. It applies to distributed environment using an extensibility and communication mechanism among agents, supports a portability, an extensibility and a confidentiality of IDS.

  • PDF

Research on Steganography in Emulab Testbed (Emulab 테스트베드 환경에서의 분산 스테가노그래피 연구)

  • Jung, Ki-Hyun;Seok, Woo-Jin
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.52 no.11
    • /
    • pp.79-84
    • /
    • 2015
  • Steganography is to conceal the existence of secrete data itself. The Emulab is a framework to provide real systems and network topology that can set up at anytime by researchers. In this paper, we show that steganography techniques can be applied in the Emulab environment. Steganography methods are evaluated on a standalone and sharing environments using the color bitmap images. The cover image is divided into RGB channels and then embedded the secret data at each client. The experimental results demonstrate that execution time is better in client/server environment as cover image size is increasing.

An Enhanced QoP Management and Control Model in CORBA Environments (CORBA 환경에서 개선된 QoP관리 및 제어모델)

  • Lee, Hui-Jong;Lee, Seung-Ryong;Jeon, Tae-Ung
    • Journal of KIISE:Information Networking
    • /
    • v.28 no.1
    • /
    • pp.45-55
    • /
    • 2001
  • CORBA 보안 서비스는 네트워크를 기반으로 하는 분산 환경 하에서 데이터 전송 시 사용자가 요구하는 수준의 비밀성 보장과 무결성 제공을 위해 비보호 무결성, 비밀성, 부결성 및 비밀성과 같은 파라미터를 갖는 QoP 기능을 지원하고 있다 그러나 기존의 QoP 기능은 전자상거래, 재무, 통신 CORBA Med와 같은 광범위한 CORBA의 응용 영역들간에 특정 암호화 알고리즘에 대한 서로 다른 정책을 가질 경우 전송되는 데이터에 대한 무결성과 비밀성을 지원할 수 없는 문제접을 갖고 있다. 이를 해결하기 위하여 본논문에서는 광범위한 CORBA의 응용영역들간에 데이터 전송 시 암호화 알고리즘 관리 및 제어기능을 개선한 QoP 모델을 제안한다. 개선된 QoP 관리 및 제어 모델은 OMG에서 발표한 RFP의 요구사항을 기반으로 설계되었으며 특정 암호화 알고리즘들의 관리와 실행중에 사용되는 암호화 알고리즘의 변경제어와 암/복호화시 비도 설정을 지원하다, 구현 결과 개선된 QoP 관리 및 제어 모델은 CORBA IDL 로 설계하여 개발자로 하여금 응용개발의 용이성을 부여하였으며 광범위한 CORBAdmd용 영역들간에 암호화 알고리즘에 대한 QoP 기능을 지원한다. 또한 ISO/IEC 8824(ASN. 1)에서 정의된 OID를 사용하여 암호화 알고리즘의 호환성을 제공한다.

  • PDF

SE-PKI Key Recovery system with multiple escrow agents (다수의 위탁 기관 참여가 가능한 SE-PKI 키 복구 시스템)

  • 유희종;최희봉;오수현;원동호
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.11 no.1
    • /
    • pp.25-33
    • /
    • 2001
  • In 1998, A. Young and M. Yung introduced the concept of ARC that conjugates functionalities of a typical PKI with the ability to escrow privte keys of the system users. Also in 1999, P. Paillier and M. Yung proposed a new notion - called SE-PKI -which presents other additional advantages beyond ARC. But SE-PKI system uses only one escrow agent. The storage of users secret information at a single agent can make it significant point of attack and arouse controversy about invasion of privacy. This paper presents SE-PKI key recovery system that multiple escrow agents can participate in it. Also, in our system, escrow agents can\`t recover user\`s ciphertext.

  • PDF

The Design of Secret Multi-Paths on MRNS(Mixed Radix Numbers System) Network for Secure Transmission (안전한 전송을 위한 MRNS(Mixed Radix Number System)네트워크에서의 비밀 다중 경로의 설계)

  • Kim, Seong-Yeol;Jeong, Il-Yong
    • The Transactions of the Korea Information Processing Society
    • /
    • v.3 no.6
    • /
    • pp.1534-1541
    • /
    • 1996
  • Routing security is the confidentiality of route taken by the data transmitted over communication networks. If the route is detected by an adversary, the probability is high that the data lost or the data can be intercepted by the adversary. Therefore, the route must be protected. To accomplish this, we select an intermediate node secretly and transmit the data using this intermediate node, instead of sending the data to a destination node using the shortest direct path. Furthermore, if we use a number of secret routes from a node to a destination node, data security is much stronger since we can transmit partial data rather than entire data along a secret route. Finally, the idea above is implemented on MRNS Network.

  • PDF

Distributed Authentication Model using Multi-Level Cluster for Wireless Sensor Networks (무선센서네트워크를 위한 다중계층 클러스터 기반의 분산형 인증모델)

  • Shin, Jong-Whoi;Yoo, Dong-Young;Kim, Seog-Gyu
    • Journal of the Korea Society for Simulation
    • /
    • v.17 no.3
    • /
    • pp.95-105
    • /
    • 2008
  • In this paper, we propose the DAMMC(Distributed Authentication Model using Multi-level Cluster) for wireless sensor networks. The proposed model is that one cluster header in m-layer has a role of CA(Certificate Authority) but it just authenticates sensor nodes in lower layer for providing an efficient authentication without authenticating overhead among clusters. In here, the m-layer for authentication can be properly predefined by user in consideration of various network environments. And also, the DAMMC uses certificates based on the threshold cryptography scheme for more reliable configuration of WSN. Experimental results show that the cost of generation and reconfiguration certification are decreased but the security performance are increased compared to the existing method.

  • PDF

The Design of New Certified E-mail System for Light-Weight Users (Light-Weight 사용자를 위한 새로운 Certified E-mail 시스템 설계)

  • 정지원;서철;이경현
    • Proceedings of the Korea Multimedia Society Conference
    • /
    • /
    • pp.166-169
    • /
    • 2003
  • 본 논문에서는 비밀분산기법과 임계 암호시스템을 사용하여 사용자의 공개키 암호 알고리즘 연산과 공개키 유효성 검증에 대한 연산의 오버헤드를 최소화시킨 새로운 Certified E-mail 시스템을 제안한다. 따라서, 제안 방안은 셀룰러 폰이나 무선 PDA와 같은 컴퓨팅 파워가 취약한 메일 사용자에게 적합하다 또한, 제안 시스템은 신뢰성을 완전히 분산시킨 TTP(Trusted Third Party)를 사용함으로써, TTP의 훼손이나 악의적인 사용자의 공모 공격에 강건하도록 설계되었다.

  • PDF

Improved Security for Fuzzy Fingerprint Vault Using Secret Sharing over a Security Token and a Server (비밀분산 기법을 이용한 보안토큰 기반 지문 퍼지볼트의 보안성 향상 방법)

  • Choi, Han-Na;Lee, Sung-Ju;Moon, Dae-Sung;Choi, Woo-Yong;Chung, Yong-Wha;Pan, Sung-Bum
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.1
    • /
    • pp.63-70
    • /
    • 2009
  • Recently, in the security token based authentication system, there is an increasing trend of using fingerprint for the token holder verification, instead of passwords. However, the security of the fingerprint data is particularly important as the possible compromise of the data will be permanent. In this paper, we propose an approach for secure fingerprint verification by distributing both the secret and the computation based on the fuzzy vault(a cryptographic construct which has been proposed for crypto-biometric systems). That is, a user fingerprint template which is applied to the fuzzy vault is divided into two parts, and each part is stored into a security token and a server, respectively. At distributing the fingerprint template, we consider both the security level and the verification accuracy. Then, the geometric hashing technique is applied to solve the fingerprint alignment problem, and this computation is also distributed over the combination of the security token and the server in the form of the challenge-response. Finally, the polynomial can be reconstructed from the accumulated real points from both the security token and the server. Based on the experimental results, we confirm that our proposed approach can perform the fuzzy vault-based fingerprint verification more securely on a combination of a security token and a server without significant degradation of the verification accuracy.

An Efficient Secure Dissemination of XML data in Peer-to-Peer Networks (Peer-to-Peer 네트워크 상에서 XML 데이터의 효율적이고 안전한 배포 방식에 관한 연구)

  • Ko, Hyuk-Jin;Kang, Woo-Jun
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.8 no.3
    • /
    • pp.528-534
    • /
    • 2007
  • As XML is becoming a standard for representation and exchange of abundant information on the Web, solutions for a secure and selective dissemination of XML data, known as SDI, are strongly demanded. Such trends are more outstanding especially in distributed heterogeneous environment such as Peer-to-Peer. Although many approaches have been proposed to provide secure and efficient SDI mechanisms, almost previous approaches have focused only on filtering with user profile and they adopt center-oriented administration approaches. It is therefore difficult to adapt them directly to the distributed Peer-to-Peer environments characterized by dynamic participation. In this paper, we develop a novel dissemination method, which makesuse of authorization policy and secret sharing scheme. It provides more secure, scalable means for XML dissemination on Peer-to-Peer networks.

  • PDF

Secure Data Management based on Proxy Re-Encryption in Mobile Cloud Environment (모바일 클라우드 환경에서 안전한 프록시 재암호화 기반의 데이터 관리 방식)

  • Song, You-Jin;Do, Jeong-Min
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37 no.4B
    • /
    • pp.288-299
    • /
    • 2012
  • To ensure data confidentiality and fine-grained access control in business environment, system model using KP-ABE(Key Policy-Attribute Based Encryption) and PRE(Proxy Re-Encryption) has been proposed recently. However, in previous study, data confidentiality has been effected by decryption right concentrated on cloud server. Also, Yu's work does not consider a access privilege management, so existing work become dangerous to collusion attack between malicious user and cloud server. To resolve this problem, we propose secure system model against collusion attack through dividing data file into header which is sent to privilege manager group and body which is sent to cloud server and prevent modification attack for proxy re-encryption key using d Secret Sharing, We construct protocol model in medical environment.