• Annual Conference of KIPS
• /
• 2009.04a
• /
• pp.1511-1514
• /
• 2009

이기종(異機種) 시스템환경에서 발생하는 수많은 로그 데이터는 중요도에 따라 실시간 로그 분석이 필요하고 대용량의 로그 데이터의 경우 특정 시간내에 로그 분석 처리를 종료해야만 한다. 보안에 관련된 로그 정보의 경우 실시간 분석과 빠른 통계 처리를 요구할 것이며, 대용량의 비실시간성 로그 분석의 경우 로그 분석 및 통계처리를 주어진 특정 시간 내에 하여야 한다. 본 논문에서는 로그 데이터의 중요도에 따른 실시간 로그 분석 처리와 비실시간 대용량 통계 로그의 로그 분석 처리 마감 시간을 충족하는 로그 분석 스케줄링 정책을 제안한다.

• Journal of KIISE:Databases
• /
• v.35 no.2
• /
• pp.155-168
• /
• 2008

This paper proposes a relational security model-based RDF Web ontology access control model. The Semantic Web is recognized as a next generation Web and RDF is a Web ontology description language to realize the Semantic Web. Much effort has been on the RDF and most research has been focused on the editor, storage, and inference engine. However, little attention has been given to the security issue, which is one of the most important requirements for information systems. Even though several researches on the RDF ontology security have been proposed, they have overhead to load all relevant data to memory and neglect the situation that most ontology storages are being developed based on relational database. This paper proposes a novel RDF Web ontology security model based on relational database to resolve the issues. The proposed security model provides high practicality and usability, and also we can easily make it stable owing to the stability of the relational database security model.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.3
• /
• pp.259-272
• /
• 2004

This paper suggests a new security architecture for facilitating secure OSGi service platform environment. The security architecture includes 1) user authentication mechanism, 2) bundle authentication mechanism, 3) key sharing mechanism, and 4) authorization mechanism. The user authentication mechanism supplies SSO(single sign-on) functions which are useful for safe and easy user authentications. The bundle authentication mechanism utilizes both PKI-based and MAC-based digital signatures for efficiently authenticating service bundles. The key sharing mechanism, which is performed during bootstrapping phase of a service gateway, supplies a safe way for sharing secret keys that are required for authentication mechanisms. Finally, the authorization mechanism suggests distributed authorization among service providers and an operator by establishing their own security policies. The main contributions of the parer are twofold. First, we examine several security requirements of current OSGi specification when its security functions can be applied in real OSGi environments. Second, we describe the ways to resolve the problems by means of designing and implementing concrete security mechanisms.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.12 no.4
• /
• pp.671-678
• /
• 2017

Recent advances in Internet of Things (IoT) encourage us to use IoT devices in daily living areas. However, as IoT devices are being ubiquitously used, concerns onsecurity and privacy of IoT devices are getting grown. Key management is an important and fundamental task to provide security services. For better security, we should restrict reusing a same key in sequential authentication sessions, but it is difficult to manually update and memorize keys. In this paper, we propose a hardware security module(HSM) for automated key management in IoT devices. Our HSM is attached to an IoT device and communicates with the device. It provides an automated, secure key update process without any user intervention. The secure keys provided by our HSM can be used in the user and device authentications for any internet services.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.6
• /
• pp.1447-1452
• /
• 2010

Ubiquitous society to build basic infrastructure in the power supply and power equipment safety is important. u-City in order to prevent the disaster of u-IT Power Equipment Performance Module and the security for the safety of the u-City is necessary. In this paper, the power unit of u-IT module, temperature sensor, humidity sensor, equipped with sensors arranged throughout the fire, and home distribution boards, Home Network Wall-Pad, Blocker, MPNP black boxes, arc detection, arc safety equipment, outlet of the modular performance evaluation methods and security methods will be studied. u-IT power devices and sensors to analyze the information conveyed by proactive risk and ensure safety, access control, authentication, security safeguards, such as u-IT integrated management system for electrical safety and strengthen the security, safety and security with a u-City will contribute to the construction and operation.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.6B
• /
• pp.551-560
• /
• 2006

Security in WPAN is one of the most fundamental issues to overcome the barrier of wireless environment. Although piconet security mechanisms have been defined in the WPAN standards, many remains open and are left for implementation. Koinonia is a high-rate Wireless Personal Area Network (WPAN) technology, and is developed for multimedia traffic transmission in personal area. In Koinonia WPAN, a piconet consists of one master and more than one slave, and piconet security mechanisms is not defined at all. Therefore, we propose a robust piconet security mechanism for secure communications between slaves in a piconet. Based on security requirements analysis, our proposed protocols are shown to meet the security needs for Koinonia high-rate WPAN.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.4
• /
• pp.81-86
• /
• 2003

Computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of the use of internet. Therefore, Intrusion Detection System has been an active research area to reduce the risk from intruders. Especially, The paper proposes a new Security Policy-based Intrusion Detection System Model, which consists of several computer with Intrusion Detection System, based on Intrusion Detection System and describes design of the Security Policy-based Intrusion Detection System model and prototype implementation of it. The Security Policy-based Intrusion Detection Systems are distributed and if any of distributed Security Policy- based Intrusion Detection Systems detect anomaly system call among system call sequences generated by a privilege process, the anomaly system call can be dynamically shared with Security Policy-based Intrusion Detection Systems, This makes the Security Policy - based Intrusion Detection Systems improve the ability of countermeasures for new intruders.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.10
• /
• pp.1849-1854
• /
• 2017

Recently, RF energy harvesting, in which energy is collected from the external RF signals, is considered as a promising technology to resolve the energy shortage problem of wireless sensors. In addition, it is important to guarantee secure communication between sensors for implementing Internet-of-Things. In this paper, we propose a power splitting-based network analog coding for maximizing a physical layer security in 2-hop networks where the wireless-powered relay can harvest energy from the signals transmitted by two sources. We formulate systems where two sources, relay, and eavesdropper exist, and find an optimal power splitting ratio for maximizing the minimum required secrecy capacity using an exhaustive search. Through simulations under various environments, it is demonstrated that the proposed scheme improves the minimum required secrecy capacity by preventing the eavesdropper from overhearing source signals, compared to the conventional scheme.

• Journal of KIISE:Databases
• /
• v.27 no.1
• /
• pp.42-52
• /
• 2000

In many real time applications that the system maintains sensitive information to be shared by multiple users with different security levels, security is another important requirement. A secure real time database system must satisfy not only logical data consistency but also timing constrains and security requirements associated with transactions. Even though an optimistic concurrency control method outperforms locking based method in firm real time database systems, where late transactions are immediately discarded, most existing secure real time concurrency control methods are based on locking. In this paper, we propose a new optimistic concurrency control protocol for secure real time database systems, and compare the performance characteristics of our protocol with locking based method while varying workloads. The result shoes that our proposed O.C.C protocol has good performance in case of many data conflict.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.501-507
• /
• 2015

The online banking service handles a banking business over the internet, it is necessary to ensure that all financial transactions are processed securely. So, there are various authentication technique for e-banking service : a certificate, a personal identification number(PIN), a security card and a one-time password(OTP). Especially, the security card is most important means including secret information. If the secret information of card is leaked, it means not only loss of security but also easy to attack because security card is a difficult method to get. In this paper, we propose that a multi-channel security card saves an secret information in distributed channel. Proposed multi-channel security card reduces vulnerability of the exposed and has a function to prevent phishing attacks through decreasing the amount of information displayed and generating secret number randomly.