• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.169-185
• /
• 2017

Juliano Rizzo and Thai Duong, the authors of the BEAST attack [11, 12] on SSL, have proposed a new attack named CRIME [13] which is Compression Ratio Info-leak Made Easy. The CRIME exploits how data compression and encryption interact to discover secret information about the underlying encrypted data. Repeating this method allows an attacker to eventually decrypt the data and recover HTTP session cookies. This security weakness targets in SPDY and SSL/TLS compression. The attack becomes effective because the attacker is enable to choose different input data and observe the length of the encrypted data that comes out. Since Transport Layer Security (TLS) ensures integrity of data transmitted between two parties (server and client) and provides strong authentication for both parties, in the last few years, it has a wide range of attacks on SSL/TLS which have exploited various features in the TLS mechanism. In this paper, we will discuss about the CRIME and other versions of SSL/TLS attacks along with countermeasures, implementations. We also present direction for SSL/TLS attacks resistance in practice.

• The KIPS Transactions:PartC
• /
• v.19C no.2
• /
• pp.99-118
• /
• 2012

In PMIPv6-based network, mobile nodes can be made smaller and lighter because the network nodes perform the mobility management-related functions on behalf of the mobile nodes. The one of the protocols, Fast Handovers for Proxy Mobile IPv6(FPMIPv6)[1] has studied by the Internet Engineering Task Force(IETF). Since FPMIPv6 adopts the entities and the concepts of Fast Handovers for Mobile IPv6(FMIPv6) in Proxy Mobile IPv6(PMIPv6), it reduces the packet loss. Conventional scheme has proposed that it cooperated with an Authentication, Authorization and Accounting(AAA) infrastructure for authentication of a mobile node in PMIPv6, Despite the best efficiency, without begin secured of signaling messages, PMIPv6 is vulnerable to various security threats such as the DoS or redirect attAcks and it can not support global mobility between PMIPv. In this paper, we analyze Kang-Park & ESS-FH scheme, and then propose an Enhanced Security scheme for FPMIPv6(ESS-FP). Based on the CGA method and the pubilc key Cryptography, ESS-FP provides the strong key exchange and the key independence in addition to improving the weaknesses for FPMIPv6. The proposed scheme is formally verified based on Ban-logic, and its handover latency is analyzed and compared with that of Kang-Park scheme[3] & ESS-FH and this paper propose inter-domain fast handover sheme for PMIPv6 using proxy-based FMIPv6(FPMIPv6).

• Journal of KIISE
• /
• v.42 no.9
• /
• pp.1175-1184
• /
• 2015

Recently, there has been an explosive increase in the volume of multimedia data that is available as a result of the development of multimedia technologies. More and more data is becoming available on a variety of web sites, and it has become increasingly cost prohibitive to have a single data server store and process multimedia files locally. Therefore, many service providers have been likely to outsource data to cloud storage to reduce costs. Such behavior raises one serious concern: how can data users be authenticated in a secure and efficient way? The most widely used password-based authentication methods suffer from numerous disadvantages in terms of security. Multi-factor authentication protocols based on a variety of communication channels, such as SMS, biometric, or hardware tokens, may improve security but inevitably reduce usability. To this end, we present a data block-based authentication scheme that is secure and guarantees usability in such a manner where users do nothing more than enter a password. In addition, the proposed scheme can be effectively used to revoke user rights. To the best of our knowledge, our scheme is the first data block-based authentication scheme for outsourced data that is proven to be secure without degradation in usability. An experiment was conducted using the Amazon EC2 cloud service, and the results show that the proposed scheme guarantees a nearly constant time for user authentication.

• The Korean Journal of Archival Studies
• /
• no.35
• /
• pp.93-132
• /
• 2013

It is principle that the National Assembly Minutes are open to the general public based on the Constitution of the Republic of Korea. However, it will not be released to the public when the minutes are produced at a meeting held privately -the closed minutes- and the parts of the minutes are not published because of 'the demands on keeping confidential of the Chairman of the National Assembly or needs for the National Security' based on the National Assembly Act article 118 clause 1. These two minutes infringe the democratic rights, the public's rights to know seriously by reason that there are no procedures to disclose to the public. Especially the non-published parts of the minutes are highly likely in breach of the constitution. This paper will deal with the regulations and guidelines related to the disclosure of the closed minutes focusing on the United States and the United Kingdom where developing countries on the parliamentary democracy. Then, it is suggested placing an emphasis on the legal aspects that the plans to make public of the closed minutes and non published parts of the minutes based on the reviewed results of the committee of the National Assembly Archives and the initiative proposed by the member of the National Assembly, Jung Chang-rae in the last 2004.

• Cartoon and Animation Studies
• /
• s.22
• /
• pp.81-97
• /
• 2011

The technology of 'Virtual Reality' has placed in advanced tools for human beings' joy and anger together with sorrow and pleasure in our generation. It has recently tried in a variety ways to use as an implication for treatment in the field of Cognitive Psychology. Especially, it widely approaches to human in terms of that a sense of reality in a virtual world through the five senses should reinterpret the meaning of cognition in the real world. Based on this paradigm shift, it allows for new treatment using the technology of virtual reality. A typical example is a field of Therapy in order to overcome panic disorder. It has advantages that in particular development of flexible interaction technologies in a virtual space can lead patients to experience psychological environments rather than physical one. the interaction technology provides environments in which users' five senses can be actively stimulated, it is very useful that information from the experiences in the virtual world allows people to learn through real experiences by renewing potential energies, advantages of Virtual Reality Therapy can be customized treatment by depending on symptoms in patients with panic disorder and are capable of differentiate application for the cure at each stage. It is to treat by leading patients to get accustomed to environments and situations in real world through care process with each symptom and stage. It is helpful that based on A Human-Sensibility Ergonomics, technologies like immersive virtual reality equipment, force-relative feedback and stereophonic sound, and like stimulating the sense of smell make people to induce experiences by stimulating human's five senses. There are many advantages of immersion in virtual world in that the phenomenon such as challenge, interaction, reality, illusion, and cooperation is expanded. As an application for therapy by growing such augmented reality, virtual space and sharing of data through the Internet and also inexpensive its availability have recently expanded the base. There are other benefits of Virtual Reality Therapy offering active interaction environments for cognitive experience which can provide appropriately adjusted environments for patients who are hard to overcome the real situation because of phobia. In addition to that it is safe and economical and patients' confidentiality is assured. Moreover, due to the principles of applying real-time navigation the Virtual Reality Therapy makes modification and supplementation easier and also it can reduce cybersickness because of the supply of Lenticular allowing people to see stereoscopy without eyeglasses, which makes sense of presence clearer. On top of that due to the development of interactive technologies, it is becoming close to sense of reality similar to real world by leading users to navigate by themselves and to operate objects in a virtual space. This paper will therefore examine, although it is of limited, characteristics of application of virtual reality technology based on A Human-Sensibility Ergonomics used for treatment for a disorder. this paper will analyse a range of its application and problems and it will suggest the future possibilities.

• Journal of Legislation Research
• /
• no.44
• /
• pp.611-653
• /
• 2013

An whistle-blowing is recognition of acts of misconduct or corruption by individuals(laborers) or party which belongs to a certain organization and it refers to the act of informing to the senior organization or to the outside public agency to avoid jeopardies that could be potentially lead against benefit of the public. These whistle-blowings can be a Ansatz that improve corporation's transparency and accountability by prevention of enterprise's misconduct as well, it has been recognized as an important role for the establishment of corporate ethics, moreover, social justice. What to be treated primarily as labor law problem is arousing some controversies of the possibility that the public announcement could be whether a disciplinary punishment or not because it brings some mischievous effects for the honor and the reputation to the company which conducted the illegal actions and the action of the contrary to the social value. And futhermore, recently, the matter of compensational responsibility according to the arrangement conversion, bullying followed by the informant has been brought up. The fundamental standpoint of precedent related with the judgement of justification for the punishment as reason of the whistle-blowing ought to do the sincere duty for the labor contract which is the employees are supposed to consider the employer's profits. For that reason, if the emploee release the inside fact to the public and give any damages to employer's secret or confidence or honor, it will be a causing reasong of the disciplinary punishment, but in specific cases, the relevant and level of punishment limitation can be judged by the contents of public announcement and the truth, the purpose of the acts and details and the way of announcement. Precisely, on the assumption that there are necessity of the characteristic profit or the freedom of expression for the informant, with overall consideration whether or the basis part of the informant is true or there is a fair reason which make the informant believe is true or the purpose of informant has the public profit or the contents of the whistle-blowing are important for relevant organization or the means and the way was suitable, if the whistle-blowing are approved to be resonable, the organization are not permitted the reprimand or dismiss Futhermore, to find the solution for the issues of the disciplinary punishment and the treatment of all sorts of disadvantages, for the reason of whistle-blowing, since the protection law for public declarer which was enacted in last 2011 have the position as the general law, the purport of the equal law has to be considered sytematically and also the judicial precedent which is related to the justification of whistle-blowing are needed to be considered as well.

• The Korean Journal of Archival Studies
• /
• no.29
• /
• pp.225-268
• /
• 2011

The general public are interested in the politics and form public opinion and keep in check the government for true democracy. The general public have the right to be furnished information from the government. And the government should enact the Freedom of Information Act to provide the public's right to know. At the same time, the government should enact the Data Protection Act to provide the public's right to privacy. There is a friction between the Freedom of Information Act and the Data Protection Act. It's hard to maintain the proper balance between the Freedom of information Act and the Data Protection Act, but many countries try to do so. The UK enacted the Data Protection Act 1998(DPA), which entered into force on 2000, to comply with EU Directive 1995. The Freedom of Information Act 2000(FOI), which came fully into force on 2005, was passed in 2000. The FOI imposes significant duties and responsibilities on public authorities to give access to the information they hold. The purpose of this study is to consider the provisions of the personal data in FOI and DPA. Besides this, it identifies the complaint cases on public authorities about the disclosure and exemption of the personal data in comparison with the acts. If information is the personal data of the person making the request, it will disclose under the DPA. If information is the personal data of a third party, it will disclose under the FOI. These acts interact each other to make up for the weak points in the other to make a proper application of the act on public authorities. This study may have any limitation in making a comparative study of the disclosure and exemption of the personal data in Korea. But it is expected to provide a basis for understanding the disclosure and exemption of the personal data in the UK.

• Journal of Korean Society of Archives and Records Management
• /
• v.1 no.1
• /
• pp.201-230
• /
• 2001

Conserving the recored cultural inheritance is actually the duty of all of us. Above all, the management and conservation of archives and documents is up to archivists who have technical knowledge about archival science. Archivists have to not only conserve archives and documents but also carry out classifying and appraising them in order to define them as current historic ones. The fundamental education about archival science is made up of history and law. Because Archive is the organisation which manage archives and documents produced by legal and administrative actions. Although there are still arguments about technical knowledge and degree archivists have to acquire, most of them prefer the studies related with history and emphasize legal studies to be the general boundary of archivits' ideology and trust. The training course about conservation of archives is conducted in about 9 National Archives of Torino, Milano, Venezia, Genova, Bologna, Parma, Roma, Napoli, Palermo. The training course in 19th was mostly based on the lectures of Phaleography, Diplomatics. There were not the education about archival science yet. Toward the end of 19th and 20th, people stressed the most basic subject in the training course of National Archive was not Phaleography and Diplomatics but archival science. The goal of archival science is to study the institution and organisation transferring archives and documents to Archive. And also it help archivists not wander about with ignorance of organisational and original procedures and divisions but know exactly theirs works. Like this, the studies on institution and organisation have got in the saddle as a branch of archival science since a few ten years. While archival science didn't evoke sympathy among people and experienced the tedious and difficult path in italy and other countries, Archive was managed by experts of other branches. As a result, there were a lot of faults in Archival Science. Specializing training course for Italian archivists came into being under the backdrop of Social Science Institute of Roma National University in 1925. The archival course of universities accomplished by the studies of history, law and economy. And such as Eugenio Casanova and Giorgio Cencetti were devoted archival science was abled to settle down in national archive. The training course for experts of 'archival science, 'Phaleography and Diplomatics' in National Archive of Bologna(Archivio di Stato di Bologna) is one of courses conducted in 17 National Archives in italy. This course is gratuitous and made up of 8 subjects(Archivistica, Paleografia, Diplomatica, Storia dell' Archivio, Notariato e documenti privati, istituzione medievale, istituzione moderna, istituzione contemporanea) students have to complete for two years. Students can receive the degree through passing twice written exam and once oral test. After department of Culture and education finally puts the marks of students, the chief Nationa Archive of Bologna confer the degree of 'archival science Phaleography and Diplomatics' on students passing the exams. This degree authenticates trainees' qualification which enables him to work at the archive in province, district and administrative capital city and archive of comunity and so on. Italian training course naturally leads archivists to keep in contact with valuable cultural inheritance through training in Archive. And it shows the intention to strengthen the affinity with each documents in the spot of archival management before training archivists. Also this is appraised as one of positive policies to conserve the local cultual inheritante in connection with the original qualitity of national archive with testify the history of each region. Traning course for archivist in Italy shows us the way how we have to prepare and proceed it. First, from producing documents to conserving than forever there has introduced 'original order that is to say a general rule to respect the first order given at the time producing documents'. Management of administrative documents is related consistently with one of historical documents. Second, the traning course for archivist is managing around 17 national archives. because italian national archive lay stress not or rducation of theory bus on train for archivest working in the first time of archival science. Third, diplomatics and phaleography for studies about historical document support archives. Forth, the studies on history id proceeding by cooperation between archivist and historian around archive. How our duties is non continuinf disputer who has to conserve and manage document and archives, but traing experts who having ability, vision and flexible thought, responsibility about archivals.