• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.261-273
• /
• 2019

Recently, with the development of IT technology, there is an increasing interest in cloud services as the number of users using mobile devices such as mobile phones and tablets is increasing. However, there is a need for techniques to control or control various methods of accessing data as the user's service demands increase. In this paper, we propose a dual key based user authentication model that improves the user 's authentication efficiency by using two keys (secret key and access control key) to access the users accessing various services provided in the cloud environment. In the proposed model, the operation process and the function are divided through the sequence diagram of the algorithms (key generation, user authentication, permission class permission, etc.) for controlling the access right of the user with dual keys. In the proposed model, two keys are used for user authentication and service authorization class to solve various security problems in the cloud service. In particular, the proposed model is one of the most important features in that the algorithm responsible for access control of the user determines the service class of the user according to the authority, thereby shortening the management process so that the cloud administrator can manage the service access permission information of the user.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.17-32
• /
• 2003

The information drive of the businesses requires new alternatives in that the promotion of business efficiency through information process technologies ends up conflicting with the protection of information human rights on laborers' side. Nevertheless, apathy on information protection has a tendency to be distorted by the efficiency of the businesses. Should the capital and mass media warn economic red lights, political circles with uneasiness would ignore the significance of information protection on the behalf of business efficiency. Therefore, the importance of information protection is considered a smaller interest than that of business efficiency with the infringements of human rights on laborers' side arising. Informatization of the businesses along with the developments of information process technologies has enabled the management to monitor and control the behaviors of laborers. This new problem needs to establish both information protection mechanism and institutional devices to regulate those labor controls. The security of business activity without human rights infringement warrants both basic rights of the public and spirit of the Constitution. The study suggests the establishment and revision of laws suitable to the period of information human rights. On top of that, the establishment of the basic law for information protection of individuals' with the common principle that integrates the related laws and rules on-off line is needed. This will warrant the active participation of labor unions and create specific alternatives for information protection.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.27 no.4
• /
• pp.483-491
• /
• 2021

The identification of regional collision risks in water areas is significant for the safety of navigation. This paper introduces a new method of collision risk assessment that incorporates a clustering method based on the distance factor - hierarchical clustering - and uses real-time data in case of several surrounding vessels, group methodology and preliminary assessment to classify vessels and evaluate the basis of collision risk evaluation (called HCAAP processing). The vessels are clustered using the hierarchical program to obtain clusters of encounter vessels and are combined with the preliminary assessment to filter relatively safe vessels. Subsequently, the distance at the closest point of approach (DCPA) and time to the closest point of approach (TCPA) between encounter vessels within each cluster are calculated to obtain the relation and comparison with the collision risk index (CRI). The mathematical relationship of CRI for each cluster of encounter vessels with DCPA and TCPA is constructed using a negative exponential function. Operators can easily evaluate the safety of all vessels navigating in the defined area using the calculated CRI. Therefore, this framework can improve the safety and security of vessel traffic transportation and reduce the loss of life and property. To illustrate the effectiveness of the framework proposed, an experimental case study was conducted within the coastal waters of Mokpo, Korea. The results demonstrated that the framework was effective and efficient in detecting and ranking collision risk indexes between encounter vessels within each cluster, which allowed an automatic risk prioritization of encounter vessels for further investigation by operators.

• Journal of Internet Computing and Services
• /
• v.23 no.3
• /
• pp.21-33
• /
• 2022

This paper is to suggest the secure secret sharing system in order to outstandingly reduce the damage caused by the leakage of the corporate secret. This research system is suggested as efficient P2P distributed system kept from the centrally controlled server scheme. Even the bitcoin circulation system is also based on P2P distribution scheme recenly. This research has designed the secure circulation of the secret shares produced by Threshold Shamir Secret Sharing scheme instead of the shares specified in the torrent file using the simple, highly scalable and fast transferring torrent P2P distribution structure and its protocol. In addition, this research has studied to apply both Shamir Threshold Secret Sharing scheme and the securely strong multiple user authentication based on Collaborative Threshold Autentication scheme. The secure transmission of secret data is protected as using the efficient symmetric encryption with the session secret key which is safely exchanged by the public key encryption. Also it is safer against the leakage because the secret key is effectively alive only for short lifetime like a session. Especially the characteristics of this proposed system is effectively to apply the threshold secret sharing scheme into efficient torrent P2P distributed system without modifying its architecture of the torrent system. In addition, this system guaranttes the confidentiality in distributing the secret file using the efficient symmetric encryption scheme, which the session key is securely exchanged using the public key encryption scheme. In this system, the devices to be taken out can be dynamically registered as an user. This scalability allows to apply the confidentiality and the authentication even to dynamically registerred users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.393-401
• /
• 2024

Recently, the Internet of Things (IoT) has been widely used in industries and daily life that directly affect human safety, life, and assets. However, IoT devices, which need to meet low-cost, lightweight, and low-power requirements, face a significant problem of shortened battery lifetime due to battery draining attacks and interference. To solve this problem, the 802.11ba standard for the Wake-up Receiver (WuR) has emerged, this feature is playing a crucial role in minimizing energy consumption. However, the WuR protocol did not consider security mechanisms in order to reduce latency and overhead. Therefore, in this study, anAdaptive Power Saving Mechanism (APSM) is proposed for low-power WuR to counter battery draining attacks. APSM can minimize abnormally occurring power consumption by exponentially increasing power-saving time in environments prone to attacks. According to experimental results, the proposed APSM improved energy consumption efficiency by a minimum of 13.77% compared to the traditional Legacy Power Saving Mechanism (LPSM) when attack traffic ratio is 10% or more of the total traffic.

• Journal of Internet Computing and Services
• /
• v.14 no.5
• /
• pp.1-10
• /
• 2013

RFID(Radio Frequency Identification) system is non-contact identification technology. A basic RFID system consists of a reader, and a set of tags. RFID tags can be divided into active and passive tags. Active tags with power source allows their own operation execution and passive tags are small and low-cost. So passive tags are more suitable for distribution industry than active tags. A reader processes the information receiving from tags. RFID system achieves a fast identification of multiple tags using radio frequency. RFID systems has been applied into a variety of fields such as distribution, logistics, transportation, inventory management, access control, finance and etc. To encourage the introduction of RFID systems, several problems (price, size, power consumption, security) should be resolved. In this paper, we proposed an algorithm to significantly alleviate the collision problem caused by simultaneous responses of multiple tags. In the RFID systems, in anti-collision schemes, there are three methods: probabilistic, deterministic, and hybrid. In this paper, we introduce ALOHA-based protocol as a probabilistic method, and Tree-based protocol as a deterministic one. In Aloha-based protocols, time is divided into multiple slots. Tags randomly select their own IDs and transmit it. But Aloha-based protocol cannot guarantee that all tags are identified because they are probabilistic methods. In contrast, Tree-based protocols guarantee that a reader identifies all tags within the transmission range of the reader. In Tree-based protocols, a reader sends a query, and tags respond it with their own IDs. When a reader sends a query and two or more tags respond, a collision occurs. Then the reader makes and sends a new query. Frequent collisions make the identification performance degrade. Therefore, to identify tags quickly, it is necessary to reduce collisions efficiently. Each RFID tag has an ID of 96bit EPC(Electronic Product Code). The tags in a company or manufacturer have similar tag IDs with the same prefix. Unnecessary collisions occur while identifying multiple tags using Query Tree protocol. It results in growth of query-responses and idle time, which the identification time significantly increases. To solve this problem, Collision Tree protocol and M-ary Query Tree protocol have been proposed. However, in Collision Tree protocol and Query Tree protocol, only one bit is identified during one query-response. And, when similar tag IDs exist, M-ary Query Tree Protocol generates unnecessary query-responses. In this paper, we propose Adaptive M-ary Query Tree protocol that improves the identification performance using m-bit recognition, collision information of tag IDs, and prediction technique. We compare our proposed scheme with other Tree-based protocols under the same conditions. We show that our proposed scheme outperforms others in terms of identification time and identification efficiency.

• Korean Security Journal
• /
• no.48
• /
• pp.259-285
• /
• 2016

As the need for anti-terrorism legislation has been continuously argued, Anti-terrorism act has been enacted and enforced. On the other hand, there still remain a lot of points to be discussed regarding the definition of the concept of terrorism, matters of human rights violations, strengthening authority of the investigation and intelligence agencies, and mobilization military forces for the suppression of terrorism. Also, reviewing Anti-terrorism act and its enforcement ordinance draft, this legislation seems to regulate terrorist groups like IS. If so, in the case of terrorism of North Korea or domestic anti-government organizations, whether this law would be applied could become an issue. In the case of terrorism of North Korea, Ministry of National Defense has a right of commandership in the military operations, however, it is also possible to apply the article 4 of Natural Security Act a crime of performing objective-or a crime of foreign exchange on Criminal law as legal grounds for not military terrorisms but general investigations. Therefore, it is necessary to involve consideration about this matter. Furthermore, in the view of investigation, Anti-terrorism act and its enforcement ordinance draft do not mention Supreme Prosecutors Office and Ministry of Justice that conduct investigations. In the case of terrorism, the police and prosecution should conduct to arrest criminals and determine crimes at the investigation stage, however, any explicit article related to this content in Anti-terrorism act and its enforcement ordinance draft was unable to be found. Although Anti-terrorism act is certainly toward preventive aspects, considering some matters such as prevention, actions on the scene, maneuver after terrorism, arresting terrorists, investigation direction, cooperation, and mutual assistance, it is necessary to reflect these contents in Anti-terrorism act. In other words, immediately after terrorists attacks, it is possible to mobilize the military operations by Integrated Defense act in order to arrest them in the case of military terrorism. Nevertheless, because both military terrorism and general one are included in the investigation stage, it needs to begin an investigation under the direction of the prosecution. Therefore, above all, a device for finding out the truth behind the case at the investigation stage is not reflected in the current Anti-terrorism act and its enforcement ordinance draft. Accordingly, if National Intelligence Service approaches information at the prevention level in this situation, it may be necessary to come up with follow-up measures of the police, the prosecution, and military units.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.3
• /
• pp.9-15
• /
• 2016

We investigated >$50-{\mu}m$ marine planktonic organisms (mainly zooplankton) using a bongo net in Masan Bay and Jangmok Bay in order to harvest 75% of natural communities based on Phase-II approval regulations by the United States Coast Guard (USCG). The concentrated volume (in 1 ton) and abundance of zooplankton were $1.8{\times}10^7ind.ton^{-1}$ and $2.3{\times}10^7ind.ton^{-1}$, and their survival rates were 82.6% and 80.1%, respectively. The community structure in Jangmok Bay was similar to that in Masan Bay, and dominant species were adult and immature groups (stage IV) of genus Acartia. Harvested populations were inoculated in a 500-ton test tank. Although the population abundances were $6.0{\times}10^4ind.ton^{-1}$ for both bay samples, the mortality rates were higher in the Masan Bay population (32%) than the Jangmok Bay population (20%). We considered the reason to be that there were 30% more immature individuals of Acartia from Masan Bay than from Jangmok Bay. The younger population may have been greatly stressed by the moving process and netting gear. After applying a Ballast Water Treatment System (BWTS) using a sample form Jangmok Bay, the mortality rates in the treatment groups were found to be 100% after 0 days and 5 days, implying that the BWTS worked well. During the winter season, the zooplankton concentration method alone did not easily satisfy the approval standards of USCG Phase II (> $10{\times}10^4ind.ton^{-1}$ in the 500 ton tank). Increasing the netting frequency and additional fishing boats may be helpful in meeting the USCG Phase II biological criteria.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.543-559
• /
• 2003

The information drive of the businesses requires new alternatives in that the promotion of business efficiency through information process technologies ends up conflicting with the protection of information human rights on laborers’side. Nevertheless, apathy on information protection has a tendency to be distorted by the efficiency of the businesses. Should the capital and mass media warn economic red lights, political circles with uneasiness would ignore the significance of information protection on the behalf of business efficiency. Therefore, the importance of information protection is considered a smaller interest than that of business efficiency with the infringements of human rights on laborers’side arising. Informatization of the businesses along with the developments of information process technologies has enabled the management to monitor and control the behaviors of laborers. This new problem needs to establish both information protection mechanism and institutional devices to regulate those labor controls. The security of business activity without human rights infringement warrants both basic rights of the public and spirit of the Constitution. The study suggests the establishment and revision of laws suitable to the period of information human rights. On top of that, the establishment of the basic law for information protection of individuals’with the common principle that integrates the related laws and rules on-off line is needed. This will warrant the active participation of labor unions and create specific alternatives for information protection.

• The Journal of Engineering Geology
• /
• v.31 no.3
• /
• pp.433-445
• /
• 2021

Plasma blasting by high voltage arc discharge were performed in laboratory-scale soil samples to investigate the fluid penetration efficiency. A plasma blasting device with a large-capacity capacitor and columnar soil samples with a diameter of 80 cm and a height of 60 cm were prepared. Columnar soil samples consist of seven A-samples mixed with sand and silt by ratio of 7:3 and three B-samples by ratio of 9:1. When fluid was injected into A-sample by pressure without plasma blasting, fluid penetrated into soil only near around the borehole, and penetration area ratio was less than 5%. Fluid was injected by plasma blasting with three different discharge energies of 1 kJ, 4 kJ and 9 kJ. When plasma blasting was performed once in the A-samples, penetration area ratios of the fluid were 16-25%. Penetration area ratios were 30-48% when blastings were executed five times consecutively. The largest penetration area by plasma blasting was 9.6 times larger than that by fluid injection by pressure. This indicates that the higher discharge energy of plasma blasting and the more numbers of blasting are, the larger are fluid penetration areas. When five consecutive plasma blasting were carried out in B-sample, fluid penetration area ratios were 33-59%. Penetration areas into B-samples were 1.1-1.4 times larger than those in A-samples when test conditions were the same, indicating that the higher permeability of soil is, the larger is fluid penetration area. The fluid penetration radius was calculated to figure out fluid penetration volume. When the fluid was injected by pressure, the penetration radius was 9 cm. Whereas, the penetration radius was 27-30 cm when blasting were performed 5 times with energy of 9 kJ. The radius increased up to 333% by plasma blasting. All these results indicate that cleaning agent penetrates further and remediation efficiency of contaminated soil will be improved if plasma blasting technology is applied to in situ cleaning of contaminated soil with low permeability.