• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.45-53
• /
• 2020

Blockchain can control transactions in a decentralized way and is already being considered for manufacturing, finance, banking, logistics, and medical industries due to its advantages such as transparency, security, and flexibility. And it is predicted to have a great economic effect. However, Blockchain has a Trilemma that is difficult to simultaneously improve scalability, decentralization and security characteristics. Among them, the biggest limitation of blockchain is scalability, which is very difficult to cope with the constantly increasing number of transactions and nodes. To make the blockchain scalable, higher performance should be achieved by modifying existing consensus methods or by improving the characteristics and network efficiency that affect many ways of scaling. Therefore, in this paper, we propose a cluster-based scalable PBFT consensus algorithm called CBS-PBFT which reduces the message complexity O(n²) of PBFT to O(n), which is a representative consensus algorithm of blockchain, and the validity is verified through simulation experiments.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.12
• /
• pp.123-132
• /
• 2014

In this paper, we study the verification techniques for OS integrity that can be more fatal than applications in case of security issues. The dissemination of smartphones is rapidly progressing and there are many similarities of smartphones and PCs in terms of security risks. Recently, in mobile network environment, there is a trend of increasing damages and now, there are active researches on a system that can comprehensively respond to this. As a way to prevent these risks, integrity checking method on operation system is being researched. As most integrity checking algorithms are classified by verification from the levels before booting the OS and at the time of passing on the control to the OS, in which, there are minor differences in the definitions of integrity checking or its methods. In this paper, we suggests the integrity verification technique of OS using a boot loader and a physically independent storing device in the mobile device.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.47-54
• /
• 2013

Ad-hoc network is composed of mobile nodes and has a vulnerability of attack like on conventional wire networks. So, many studies have been conducted to apply the traceback mechanism on wire network to Ad-hoc network. In this paper, a new mechanism that can trace back to IP source of spoofing DDoS packet using iTrace message on Ad-hoc network is proposed. The proposed mechanism implements ICMP Traceback message and the traceback path between agents allocated in local network and a server located in management network. Also the proposed mechanism can trace the position of attacker even after an attack is over and has extendability through standardization by using a mechanism that IETF proposed. Result of performance evaluation shows a great improvement in terms of load, integrity, safety, traceback function as compared with conventional mechanisms.

• Journal of Advanced Marine Engineering and Technology
• /
• v.37 no.8
• /
• pp.918-931
• /
• 2013

The conventional object tracking techniques using PTZ camera detects object movements by analyzing acquired image. However, this technique requires expensive hardware devices to perform a complex image processing. And it is occasionally hard to detect object movements, if an acquired image is low quality or image acquisition is impossible. In this paper, we proposes a smart security CCTV system applying to wireless sensor network technique based on IEEE 802.15.4 standard to overcome the problems of conventional object tracking technique, which enables to track suspicious objects by detecting object movements and GPS data in sensor node. This system enables an efficient control of PTZ camera to observe a wide area, decreasing image processing complexity. Also, wireless sensor network is implemented using mesh networks to increase the efficiency of installing sensor node.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.2
• /
• pp.281-292
• /
• 2004

As the logistic environment of digital contents is rapidly changing, the protection of the digital rights for digital content has been recognized as one of critical Issues. Digital Right Management(DRM) has taken much interest Internet Service Provider(ISP), authors and publishers of digital content as an interested approach to create a trusted environment for access and use of digital resources. This paper propose an interested digital rights protection scheme using license agent to address problems facing contemporary DRM approached : static digital rights management, and limited application to on-line environment. We introduce a dynamic mission control technology to realize dynamic digital rights management. And we incorporate license agent to on- and off-line monitoring and tracking. The proposed system prevent illegal access and use by using PKI security method, real time action monitoring for user, data security for itself.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.4
• /
• pp.867-875
• /
• 2014

Rapid development of internet service is enabling internet banking services in anywhere and anytime. However, service access through internet can be exposed to adversary easily. To prevent, current service providers execute authentication process with user's identification and password. However, majority of users use short and simple password and do not periodically change their password. As a result of this, user's password could be exposed to attacker's brute force attack. In this paper, we presented enhanced password system which guarantee higher security even though users do not change their current password. The method uses additional secret information to replace real password periodically without replacement of real password.

• The KIPS Transactions:PartC
• /
• v.9C no.4
• /
• pp.597-604
• /
• 2002

Changing group key is necessary for the remaining members when a new member joins or a member leaves the group in multicast communications. It is required to guarantee perfect forward and backward confidentiality. Unfortunately, in large groups with frequent membership changes, key changes become the primary bottleneck for scalable group. In this paper, we propose a novel approach for providing efficient group key distribution in large and dynamic groups. Unlike existing secure multicast protocols, our protocol is scalable to large groups because both the frequency and computational overhead of re-keying is determined by the size of a subgroup instead of the size of the whole group, and offers mechanism to prevent the subgroup managers with group access control from having any access to the multicast data that are transfered by sender. It also provides security service for preserving privacy in wireless computing environments.

• Journal of KIISE:Software and Applications
• /
• v.35 no.7
• /
• pp.452-461
• /
• 2008

Binary diffing is a method to find differences in similar binary executables such as two different versions of security patches. Previous diffing methods using flow information can detect control flow changes, but they cannot track constant value changes. Biffing methods using assembly instructions can detect constant value changes, but they give false positives which are due to compiling methods such as instruction reordering. We present a binary diffing method and its implementation named SCV which utilizes both structure and value information. SCV summarizes structure and constant value information from disassembled code, and matches the summaries to find differences. By analyzing a Microsoft Windows security patches, we showed that SCV found necessary differences caused by constant value changes which the state-of-the-art binary diffing tool BinDiff failed to find.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.31 no.10
• /
• pp.89-96
• /
• 2003

In this paper, a CCSDS(Consultative Committee for Space Data Systems) telecommand(TC) decryptor for the security of geostationary communications satellite was implemented. For the confidentiality of CCSDS TC datalink security, Option-A which implements the security services below the transfer sublayer was selected. Also CFB(Cipher Feedback) operation mode of DES(Data Encryption Standard) was used for the encryption of 56-bit data bits in 64-bit codeblock. To verify Decryptor function, the DES CFB logic implemented on A54SX32 FPGA(Field Programmable Gate Array) was integrated with interface and control logics in a PCB(Printed Circuit Board). Using a function test PC, the encrypted codeblocks were generated, transferred into the decryptor, decrypted, and the decrypted codeblocks were transmitted to the function test PC, and then compared with the source codeblocks. Through LED(Light Emitting Diode) ON operation by driving the relay related to Op-code decoded and the comparison between the codeblock output waveforms measured and those simulated, the telecommand decryptor function was verified.

• Journal of the Institute of Convergence Signal Processing
• /
• v.8 no.1
• /
• pp.51-57
• /
• 2007

In this paper we introduce the concept of MPLS-based VPN and propose a scheme for providing VPN services in MPLS networks. Furthermore, we design the control components and the operational procedures and evaluated the performance of traditional VPN implementation methods and MPLS-based VPN. In this scheme it is possible to solve several problems that IP-based VPN pertains via the allocation of VPN ID and virtual space without tunneling, thereby providing effective VPN services. In other words, the MPLS-based VPN scheme uses MPLS networking technology together with the PSTN which can achieve a perfect segregation of user traffic on per-customer basis in a physical link and can guarantee high reliability and security levels. Specially, in the perspective of customers, it can save networking facilities installation and maintenance costs considerably. On the contrary, it possesses some shortcomings in that its deployment tends to be restricted within an ISP's network boundary and it is vulnerable to external security break-ins when going through public networks such as the Internet due to its lack of data encryption capability.