• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.49-57
• /
• 2020

It is no exaggeration to say that we live with cyber threats every day. Nevertheless, it is difficult for us to obtain objective information about cyber threats and attacks because it is difficult to clearly identify the attacker, the purpose of attack, and the range of damage, and rely on information from a single source. In the preceding research of this study, we proposed the new approach for establishing Database (DB) for cyber attacks using Open Source Intelligence(OSINT). In this research, we present the evaluation factors for cyber threats among cyber attack DB and analyze the priority of those factors in oder to quantify cyber threats. We select the purpose of attack, attack category, target, ease of attack, attack persistence, frequency of OSINT DB, and factors of the lower layer for each factor as the evaluation factors for cyber threats. After selection, the priority of each factor is analyzed using the Analytic Hierarchy Process(AHP).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.27-35
• /
• 2011

Due to the advancement of IPTV technologies, Mobile IPTV service is needed to be supported for service and content protection. CAS is generally used in the IPTV service to protect service and content. However, the CAS is not efficient in the Mobile IPTV. The CAS needs too much bandwidth for Service Key update to the each subscriber. Moreover, the CAS is increasing computation burden for the service key refreshment in the key management server when the subscriber frequently changes of the IPTV service group. To solve the problems, we used hierarchical key structure based on pre-shared key that is securely stored into smart card or USIM and do not use the EMM for Service Key update. As a result, the proposed scheme decreases computation burden at the key management server and wireless bandwidth burden in the Mobile IPTV service.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.8
• /
• pp.1161-1170
• /
• 2013

Currently in 2013, a law that was drawn as a result of social agreement for personal information protection was enacted, and through several amendments, definite policy of written law and guideline were presented for definitive information protection in various fields of social business including IT field. Based on a series of social issues about the importance of personal information, a new access paradigm to personal information appeared. And from macroscopic access method called information protection, the necessity of technical access method came to the fore. Of course, it seems somewhat irrational to restrict all data in the form of personal information to a certain category of information until now. But in the deluge of information based on IT field, it is true that the part of checking the flow of personal information and selecting as security target has been standardized. But still there are cases in which it is difficult to routinely apply the five standardized flows of personal information Life-Cycle-collect, process, provide, store, and destroy-to information that all companies and organizations have. Therefore, the researcher proposes the standardized methodology by proposing the access control methodology for dualised hierarchical personal information Life-Cycle. The results of this research aim to provide practical data which makes optimal access control to personal information Life-Cycle possible.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.519-526
• /
• 2004

This paper presents an efficient interoperation scheme of a VPN(Virtual Private Network) and Mobile IP using a hierarchical structure of a FA(Foreign Agent). In the proposed scheme, the GFA(Gateway Foreign Agent) plays a role of VPN gateway on behalf of the MN(Mobile Node). When the MN moves in the same GFA domain, because the GFA has already an IPsec security association with a VPN gateway in the home network of the MN, the MN does not need an IPsec re-negotiaion. In this way, our mechanism reduces a message overhead and a delay resulted from an IPsec negotiation. And a MN can send a data to a correspondent node without a packet leakage. We show a performance of our scheme by using a discrete analytical model. Analytical results demonstrated that the total processing cost calculated by a registration update cost and a packet delivery cost is significantly reduced through our proposed scheme.

• Journal of Internet Computing and Services
• /
• v.11 no.1
• /
• pp.153-165
• /
• 2010

In this paper, we proposed a Proactive Application Service Engine (PASE) supporting tailor-made distributed application services based on the Distributed Object Group Framework (DOGF) efficiently managing distributed objects, in the viewpoint of distributed application, composed application on network. The PASE consists of 3 layers which are the physical layer, the middleware layer, and the application layer. With the supporting services of the PASE, the grouping service manages the data gathered from H/W devices and the object's properties for application by user's request as a group. And the security service manages the access of gathered data and the object according to user's right. The data filtering service executes the filtering function to provide application with gathered data. The statistics service analysis past data. The diagnostic service diagnoses a present condition by using the gathered data. And the prediction service predicts a future's status based on the statistics service and the diagnostic service. For verifying the executability of the PASE's services, we applied to a greenhouse automatic control application in ubiquitous agriculture field.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.1-11
• /
• 2020

As an important basic building block of the smart grid environment, smart meter provides real-time electricity consumption information to the utility. However, ensuring information security and privacy in the smart meter data aggregation process is a non-trivial task. Even though the secure data aggregation for the smart meter has been a lot of attention from both academic and industry researchers in recent years, most of these studies are not secure against internal attackers or cannot provide data integrity. Besides, their computation costs are not satisfactory because the bilinear pairing operation or the hash-to-point operation is performed at the smart meter system. Recently, blockchains or distributed ledgers are an emerging technology that has drawn considerable interest from energy supply firms, startups, technology developers, financial institutions, national governments and the academic community. In particular, blockchains are identified as having the potential to bring significant benefits and innovation for the electricity consumption network. This study suggests a distributed, privacy-preserving, and simple secure smart meter data aggregation system, backed up by Blockchain technology. Smart meter data are aggregated and verified by a hierarchical Merkle tree, in which the consensus protocol is supported by the practical Byzantine fault tolerance algorithm.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.7
• /
• pp.1801-1812
• /
• 1998

기존의 접근 제어 메커니즘인 강제적 접근 제어와 임의적 접근 제어는 무결성을 요구하는 상용 환경의 정보 보안에는 부족하여 이의 대안으로 직무 기반 접근 제어 (RBAC:Role Based Access Control)가 주목 받고 있으며, 직무를 수행하는 사용자의 의무 분리(Separation of Duty)에 대한 연구가 최근 이루어지고 있다. RBAC에서 사용자는 직무에 배정된 접근권한(Privilege) 만을 수행하여야 하는데 상호 배타적(Mutual exclusive)특성을 갖는 직무는 표현 및 접근 권한의 직무 배정과 수행에 있어서 어려움이 있다. 본 논문에서는 RBAC의 기본 특성을 분석하여 직무에 접근권한을 부여하고 사용자를 직무에 배정하는데 따른 안전한 접근 제어를 위하여 반순서 관계를 갖는 직무의 승계 속성에 따라 직무의 계층 형태를 분류하고, 직무에 배정되는 접근권한의 표현과 관리를 용이하게 하기 위하여 객체에 부여된 객체 접근권한을 분석하여 방향성 그래프를 이용하여 기본 접근권한으로 모델링한다. 접근권한 그래프(Privilege Graph)로 표현된 기본 접근권한에 직무를 배정하면 상호 배타적 직무의 접근권한과 의무 분리의 표현 및 관리를 용이하게 할 수 있다. 이를 기반으로 의무 분리를 포함한 RBAC의 안정성 특성과 접근권한 그래프를 이용한 직무의 의무 분리를 위한 직무 관리 알고리즘을 제시한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 1999.10c
• /
• pp.99-101
• /
• 1999

분산 컴퓨팅 환경에서 기업이나 조직내의 사용자들은 다른 사용자와 자원을 공유하며 상호작용을 통하여 보다 효율적으로 작업을 수행하게 된다. 이 경우에는 자원이나 정보의 불법적인 사용을 막고 데이터의 무결성을 유지하기 위하여 인증과정이 필요하며, 또한 사용자의 작업에 대한 접근 제어(Access Control)의 필요성이 더욱 중요시되고 있다. 현재 널리 알려진 임의의 접근 제어(DAC)는 객체의 소유자에게 모든 위임의 권한이 주어지고 강제적 접근제어(MAC)의 경우에는 주체와 객체단위의 정책 적용이 어려운 단점이 있다. 최근에는 역할-기반 접근 제어를 이용하여 조직의 보안 정책을 보다 효율적이고 일관성 있게 관리하고자 하는 시도가 있다. 하지만 역할-기반 접근 제어의 경우 각 역할의 계층에 의하여 권한의 상속이 결정되는 문제가 발생한다. 따라서 본 논문에서는 역할-기반 접근 제어에서 역할이 가지는 역할의 위임을 위한 위임 서버와 역할 위임 프로토콜을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.1
• /
• pp.65-75
• /
• 2000

역할 기반 접근 제어(RBAC: Role Based Access Control)는 각 시스템 자원의 안전성을 보장하기 위한 접근 제어 기술이다. 거대한 네트워크에서 보안 관리의 복잡성과 비용을 줄여주는 기능 때문에, 특히 상업적인 분야에서 더욱 큰 관심을 끌고 있다. 본 논문에서는 RBAC 역할 계층 구조 개념만을 사용할 경우의 취약점을 해결하기 위해 두 가지 연산을 제시하였다. 그리고 이를 통하여 사용자와 권한(pemission)을 간접적으로 연관시킴으로써, RBAC 관리자가 사용자마다 연산을 추가하거나 삭제할 수 있도록 하였고 직관적인 관리자 인터페이스를 제공하여 관리자가 쉽게 사용자 역할, 그리고 연산 사이의 관계를 파악할 수 있도록 하였다. 그리고 이를 기반으로 RBAC 시스템을 설계하고 대학의 종합정보 시스템을 모델로 구현하였다.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.9-17
• /
• 2014

With the rapid development of the Internet and information technology, a company that deals with personal information does not have proper action to protect personal privacy and not take measures for the safe handling and management of personal information. It generates the case to abuse of personal information occurring frequently. In order to focus the effort to reduce damage and protect the privacy of personal information entity and enhance privacy laws based on the connection method and the processing of personal information, Korea encourages a company to follow regulation by providing certain criteria. However, in the case of items of measures standard of safety of personal information such as priority applicable criteria in accordance with the importance of itemized characteristics and the company of each individual information processing is not taken into account, and there are some difficulties to execute. Therefore, we derive criteria by law and reviewing existing literature related, the details of the measures standard of safety of personal information in this study and generate a hierarchical structure by using the KJ method for layering and quantification of the evaluation in integration of the reference item similar and the grouping. Accordingly, the weights calculated experts subject using the AHP method hierarchical structures generated in this manner, it is an object of the proposed priority for privacy and efficient more rational enterprise.