• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1069-1080
• /
• 2022

Zero trust, which means never trust anything before verifying it, is emerging as a hot issue in security field. After authenticating users, zero trust establishes network boundaries so that only networks in the trusted range can be accessed. This concept is also consistent with the concept of SDP, which performs pre-verification and creates a network boundary with a dynamic firewall so that clients can access only as many as they have permission to connect. Therefore, we recommend the SDP model as an example of how zero trust can be achieved in a zero trust architecture. In this paper, we point out the areas where SDP needs to be modified for zero trust and suggest ways to overcome them. In addition, we propose an onboarding method, which is one of the processes for becoming an SDP entity, and present performance measurement results.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.4
• /
• pp.867-875
• /
• 2014

Rapid development of internet service is enabling internet banking services in anywhere and anytime. However, service access through internet can be exposed to adversary easily. To prevent, current service providers execute authentication process with user's identification and password. However, majority of users use short and simple password and do not periodically change their password. As a result of this, user's password could be exposed to attacker's brute force attack. In this paper, we presented enhanced password system which guarantee higher security even though users do not change their current password. The method uses additional secret information to replace real password periodically without replacement of real password.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.41-49
• /
• 2008

VoIP is a service that changes the analogue audio signal into a digital signal and then transfers the audio information to the users after configuring it as a packet; and it has an advantage of lower price than the existing voice call service and better extensibility. However, VoIP service has a system structure that, compared to the existing PSTN (Public Switched Telephone Network), has poor call quality and is vulnerable in the security aspect. To make up these problems, TLS service was introduced to enhance the security. In practical system, however, since QoS problem occurs, it is necessary to develop the VoIP security system that can satisfy QoS at the same time in the security aspect. In this paper, a user authentication VoIP system that can provide a service according to the security and the user through providing a differential service according to the approach of the users by adding AA server at the step of configuring the existing VoIP session is suggested. It was found that the proposed system of this study provides a quicker QoS than the TLS-added system at a similar level of security. Also, it is able to provide a variety of additional services by the different users.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.3-8
• /
• 2022

Security threats occur from the outside, but more often from the inside. In particular, since the internal user knows about the information service, the security threat damage caused by the internal user is greater. In this environment, the actions of all users accessing information services should be monitored and recorded in real-time. However, the current operating system records only the logs of system and application execution, so there is a limit to monitoring user behavior in real-time. In such a security environment, damage may occur due to user's unauthorized actions. To solve this problem, this study proposes an architecture that monitors user behavior in real-time in a Linux environment. As a result of verifying the function to confirm the effectiveness of the proposed architecture, the console input values and output angles of all users who have access to the operating system are monitored in real-time and stored. Although the performance of the proposed architecture is somewhat slower than the identification and authentication functions provided by the operating system, it was confirmed that the performance was not at a level that users would recognize, and thus it was judged to be sufficiently effective. However, since this study focuses on monitoring the console behavior, it is impossible to monitor the behavior of user applications running in the background, so additional research is needed.

• The KIPS Transactions:PartD
• /
• v.14D no.4 s.114
• /
• pp.373-380
• /
• 2007

Ubiquitous electronic commerce can offer anytime, anywhere access to network and exchange convenient informations between individual and group, or between group and group. To use secure ubiquitous electronic commerce, it is essential for users to have digital signature with the properties of integrity and authentication. The digital signature for ubiquitous networks is required neither a trusted group manager, nor a setup procedure, nor a revocation procedure etc. because ubiquitous networks can construct or deconstruct groups anytime, anwhere as occasion demands. Therefore, this paper proposes a threshold ring signature as digital signature for secure ubiquitous electronic commerce using the ring signature without forgery (integrity) and the (n,t) ring signature solving the problem cannot prove the fact which a message is signed by other signer. Thus the proposed threshold ring signature is ubiquitous group signature for the next generation.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.6
• /
• pp.197-208
• /
• 2023

In the coming future, anyone using the Internet will have more than one NFT. Unlike FT, NFT can specify the owner, and tracking management is easier than FT. Even in the 2022 survey, WPA2 is the most widely used wireless protocol worldwide to date. As it is a protocol that came out in 2006, it is a protocol with various vulnerabilities at this time. In order to use WPA2-EAP or WPA3 (2018), which were released to compensate for the vulnerabilities of WPA2, additional equipment upgrades are required for STA (station) and AP (access point, router), which are connected devices. The use of expensive router equipment solves the security part, but it is economically inefficient to be introduced in Small Office Home Office (SOHO). This paper uses NFT as a means of authentication and uses the existing WPA2 as it is without equipment upgrade, defend crack tools of WPA2 that have been widely used so far and compared to the existing WPA2, it was shown that it was not difficult to actually use them in SOHO.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.4
• /
• pp.1926-1934
• /
• 2013

M2M (Machine-to-Machine Communication) refers to technologies that allow wired and wireless systems to communicate with other devices with similar capabilities. M2M has special features which consist of low electricity consumption, cheap expenses, WAN, WLAN and others. Therefore, it can communicate via a network. Also, it can handle itself without a person's management. However, it has a wireless-communicate weakness because of the machine-communicate request, and also it is difficult to administrate and control each other. So In this Paper, It suggests the safety protocol between Device, Gateway and Network Domain in M2M environment. Proposed protocol is based on ID-Based encryption's certificate and creates session key between the Access Server and the Core Server in the Network Domain. It uses that session key for sending and receiving data in mutual, and adds key renewal protocol so it will automatically update discern result. a comparative analysis of the existing M2M communication technologies and PKI-based certificate technology is compared with the proposed protocol efficiency and safety.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.1
• /
• pp.68-75
• /
• 2013

Recently IPTV that transmits multimedia contents in real time through internet, cable TV net and satelite net gets the limelight. But IPTV service that gives service to users by various media has a problem of not supporting user certification fully. This paper suggests a certification model which prevents getting access permission of IPTV service by sending illegal certification information by adolescent through integrating mobile communication technique with RFID(Radio Frequency IDentification) technique which is a key technique of Ubiquitous environment. This model performs the process of adult certification by keeping synchronization with user's certificaiton information that is saved in data-base of certification server and contents server after getting the system of class categorization in contents server to overcome disadvantage of simple adult certification system that is popular in the existing internet. Also, it adapts double hash chain technique not to down load illegally contents without the permission of manager even if an adolescent gets manager's approval key.

• Convergence Security Journal
• /
• v.13 no.2
• /
• pp.155-163
• /
• 2013

Connection hijacking attack using the vulnerability of the TCP protocol to redirect TCP stream goes through your machine actively (Active Attack). The SKEY such as one-time password protection mechanisms that are provided by a ticket-based authentication system such as Kerberos or redirection, the attacker can bypass.Someone TCP connection if you have access on TCP packet sniffer or packet generator is very vulnerable. Sniffer to defend against attacks such as one-time passwords and token-based authentication and user identification scheme has been used. Active protection, but these methods does not sign or encrypt the data stream from sniffing passwords over insecure networks, they are still vulnerable from attacks. For many people, an active attack is very difficult and so I think the threat is low, but here to help break the illusion successful intrusion on the UNIX host, a very aggressive attack is presented. The tools available on the Internet that attempt to exploit this vulnerability, known as the recent theoretical measures is required. In this paper, we propose analysis techniques on a wireless network intruder detection.

• Journal of Korea Multimedia Society
• /
• v.8 no.9
• /
• pp.1258-1268
• /
• 2005

While the concept of Home Network is laying by and its interests are increasing by means of digitalizing of the information communication infrastructure, many efforts are in progress toward convenient lives. Moreover, as information household appliances which have a junction of connecting to the network are appearing over the past a few years, the demands against intellectual Home Services are increasing. In this paper, by being based upon Multimedia which is an essential factor for developing of various application services on ubiquitous computing environments, we suggest a simplified application model that could apply the information to the automated processing system after studying user's behavior patterns using authentication and access control for identity certification of users. In addition, we compared captured video images in the fixed range by pixel unit through some time and checked disorder of them. And that made safe of user certification as adopting self-developed certification method which was used 'Hash' algorism through salt function of 12 byte. In order to show the usefulness of this proposed model, we did some testing by emulator for control of information after construction for Intellectual Multimedia Server, which ubiquitous network is available on as a scheme so as to check out developed applications. According to experimental results, it is very reasonable to believe that we could extend various multimedia applications in our daily lives.