• The KIPS Transactions:PartC
• /
• 제8C권5호
• /
• pp.573-584
• /
• 2001

Policy-Based Network Management (PBNM) architecture is to meet various needs of network users and to provide effective management facilities in distributed and large scale networks to network managers. In PBNM, network managers perform network management operations by stipulating a set of rules rather than control each network component. On the other hand, providing security services such as authentication, privacy of messages as well as a new flexible and extensible administration framework, SNMPv3 enables network managers to monitor and control the operation of network components more secure way than ever before. Despite of its enhanced security services, SNMPv3 has difficulties in managing distributed, large-scaled network because it does not provide centralized security management facilities. In this paper, we propose a new security model called Role-based Security Management model (RSM) with security management policy to support scalable and centralized security management for SNMP-based networks. Also, the structure and the operation of the security system as well as the efficiency analysis of RSM in terms of security management are also described.

• Journal of Internet Computing and Services
• /
• 제6권1호
• /
• pp.27-38
• /
• 2005

Recently, the rapidly development of computing environments and the spread of Internet make possible to obtain and use of information easily. Immediately, by opposition function the Hacker's unlawful intrusion and threats rise for network environments as time goes on. Specially, the internet consists of Unix and TCP/IP had many vulnerability. the security techniques of authentication and access controls cannot adequate to solve security problem, thus IDS developed with 2nd defence line. In this paper, intrusion detection method using Bayesian Networks estimated probability values of behavior contexts based on Bayes theory. The contexts of behaviors or events represents Bayesian Networks of graphic types. We profiled concisely normal behaviors using behavior context. And this method be able to detect new intrusions or modificated intrusions. We had simulation using DARPA 2000 Intrusion Data.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 한국정보통신학회 2012년도 추계학술대회
• /
• pp.769-772
• /
• 2012

Personal Information Article2 defines personal authentication information, secret information, bio information for personal information and it is stipulated under article29 that the one who have duties must take adequate technological, administrative, physical measures to prevent from illegal reading and sneaking. Also it is stipulated under information communication network law28(1), enforcement regulation9, Korea Communications Commitee notice. To satisfy this, the one who have to take security actions of personal information are required to take technological measures and establish positive measures to continuously manage it.The insurance of technological security is possible by encryption of personal information, secure management and operation of encryption key,taking personal information security level of providin access control of personal information reading and audit.In this paper, we will analyze various technologies of personal information encryption which are essencial component in technological security measuresof personal information. This paper will help choose which technological measures you should take in personal information security.

• The KIPS Transactions:PartA
• /
• 제16A권5호
• /
• pp.369-380
• /
• 2009

SNMP (Simple Network Management Protocol) is a standard protocol for management of network devices, and it provides excellent features such as scalability, information management, authentication, encryption, and access control. However, SNMP has a structural weakness to fully support control functions for integrated management of digital convergence devices, and it has a limitation of message length in SNMP communication. In this paper, we present an extended SNMP scheme for integrated management of digital convergence devices with control functions. We modified the SNMP architecture by adding DDS (Device Driver Subsystem) to SNMP engine for controlling different devices and by defining CADM (Control Agent Driver Model), therefore we solved the ambiguity problem between 'set' and 'control' of SNMP. And the extended SNMP made it easy for SNMP applications to use various control functions. The extended SNMP can transport massive high-level information by adding three new SNMP commands which eliminate the limit of message length.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• 제23권3호
• /
• pp.267-275
• /
• 2019

Currently, due to the widespread use of a smartphone, QR codes allow users to access a variety of added services. However, the QR codes posted on curved surfaces tend to be non-uniformly illuminated and bring about the decline of recognition rate. So, in this paper, the block-adaptive binarization policy is adopted to find an optimal threshold appropriate for bimodal image like QR codes. For a large block, its histogram distribution is found to get an initial threshold and then the block is partitioned to reflect the local characteristics of small blocks. Also, morphological operation is applied to their neighboring boundary at the discontinuous at the QR code junction. This paper proposes an authentication method based on the color code, uniquely painted within QR code. Through a variety of practical experiments, it is shown that the proposed algorithm outperforms the conventional method in detecting QR code and also maintains good recognition rate up to 40 degrees on curved surfaces.

• Journal of the Korea Society of Computer and Information
• /
• 제14권4호
• /
• pp.101-109
• /
• 2009

An encryption module is equipped basically at 8i version ideal of Oracle DBMS, encryption module, but a performance decrease is caused, and users are restrictive. We analyze problem of DB security by technology by circles at this paper whether or not there is an index search, object management disorder, a serious DB performance decrease by encryption, real-time data encryption beauty whether or not there is data approach control beauty circular-based IP. And presentation does the comprehensive security Frame Work which utilized the DB Masking technique that is an alternative means technical encryption in order to improve availability of DB security. We use a virtual account, and set up a DB Masking basis by security grades as alternatives, we check advance user authentication and SQL inquiry approvals and integrity after the fact through virtual accounts, utilize to method as collect by an auditing log that an officer was able to do safely DB.

• Journal of the Korea Society of Computer and Information
• /
• 제19권10호
• /
• pp.185-195
• /
• 2014

In this paper, we designed a role-based emergency medical information security system REMISS added the security concept to the existing emergency medical information system. Also we suggested a REMISS protocol based on HL7 for using the emergency medical information and the security information. The procedure of security consists of user authentication phase and role/permission assign phase in the REMISS. The REMISS can supply proper security service since the REMISS assign proper permissions to each users of emergency medical information system and allow the user to access the permitted emergency medical information by using security information of the REMISS. There are some advantages that REMISS can adapt to the changing of the role of each user by dynamic exchanging the security information and assigning permissions to each user.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• 제8권6호
• /
• pp.491-496
• /
• 2015

Cloud computing has emerged with promise to decrease the cost of server additional cost and expanding the data storage and ease for computer resource sharing and apply the new technologies. However, Cloud computing also raises many new security concerns due to the new structure of the cloud service models. Therefore, the secure user authentication is required when the user is using cloud computing. This paper, we propose the enhanced AdaBoost algorithm for access cloud security zone. The AdaBoost algorithm despite the disadvantage of not detect a face inclined at least 20, is widely used because of speed and responsibility. In the experimental results confirm that a face inclined at least 20 degrees tilted face was recognized. Using the FEI Face Database that can be used in research to obtain a result of 98% success rate of the algorithm perform. The 2% failed rate is due to eye detection error which is the people wearing glasses in the picture.

• The Journal of the Korea Contents Association
• /
• 제9권9호
• /
• pp.9-17
• /
• 2009

RFID (Radio Frequency Identification) is a next generation technology that will replace barcode. RFID can identify an object by reading ID inside a RFID tag using radio frequency. However, because a RFID tag replies its unique ID to the request of any reader through wireless communication, it is vulnerable to attacks on security or privacy through wiretapping or an illegal reader's request. The RFID authentication protocol has been studied actively in order to solve security and privacy problems, and is used also in tag search. Recently, as the number of tags is increasing in RFTD systems and the cost of data collection is also rising, the importance of effective tag search is increasing. This study proposed an efficient search method that solved through ta9 group the problem of large volume of database computation in Miyako Ohkubo's hash chain mechanism, which meets requirements for security and privacy protection. When we searched first the group of tags with access rate of 5 or higher in a database with 100,000 records, search time decreased by around 30%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제15권2호
• /
• pp.81-94
• /
• 2005

Recently, wireless LAN circumstance is being widely deployed in Public spots. Many People use Portable equipments such as PDA and laptop computer for multimedia applications, and also demand of mobility support is increasing. However, handoff latency is inevitably occurred between both APs when clients move from one AP to another. To reduce handoff latency. in this paper, we suggest WFH(Weighted Frequent Handoff) using effective data structure. WFH improves cache hit ratio using a new cache replacement algorithm considering the movement pattern of users. It also reduces unessential duplicate traffics. Our algorithm uses FHR(Frequent Handoff Region) that can change pre-authentication lesion according to QoS based user level, movement Pattern and Neighbor Graph that dynamically captures network movement topology.