• Journal of Information Processing Systems
• /
• v.16 no.2
• /
• pp.301-317
• /
• 2020

An enterprise patch-management system (PMS) typically supplies a single point of failure (SPOF) of centralization structure. However, a Blockchain system offers features of decentralization, transaction integrity, user certification, and a smart chaincode. This study proposes a Hyperledger Fabric Blockchain-based distributed patch-management system and verifies its technological feasibility through prototyping, so that all participating users can be protected from various threats. In particular, by adopting a private chain for patch file set management, it is designed as a Blockchain system that can enhance security, log management, latest status supervision and monitoring functions. In addition, it uses a Hyperledger Fabric that owns a practical Byzantine fault tolerant consensus algorithm, and implements the functions of upload patch file set, download patch file set, and audit patch file history, which are major features of PMS, as a smart contract (chaincode), and verified this operation. The distributed ledger structure of Blockchain-based PMS can be a solution for distributor and client authentication and forgery problems, SPOF problem, and distribution record reliability problem. It not only presents an alternative to dealing with central management server loads and failures, but it also provides a higher level of security and availability.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.5
• /
• pp.2646-2659
• /
• 2017

Equipped with the advantages of flexible access control and fine-grained authentication, attribute based signcryption is diffusely designed for security preservation in many scenarios. However, realizing efficient key evolution and reducing the calculation costs are two challenges which should be given full consideration in attribute based cryptosystem. In this paper, we present a key-policy attribute based signcryption scheme (KP-ABSC) with delegated computation and efficient key updating. In our scheme, an access structure is embedded into user's private key, while ciphertexts corresponds a target attribute set. Only the two are matched can a user decrypt and verify the ciphertexts. When the access privileges have to be altered or key exposure happens, the system will evolve into the next time slice to preserve the forward security. What's more, data receivers can delegate most of the de-signcryption task to data server, which can reduce the calculation on client's side. By performance analysis, our scheme is shown to be secure and more efficient, which makes it a promising method for data protection in data outsourcing systems.

• Journal of Internet Computing and Services
• /
• v.4 no.5
• /
• pp.87-96
• /
• 2003

The additional mechanism is required to set up a secure connection among the communication subjects in the internet environment. Each entity should transfer and receive the encrypted and hashed data to guarantee the data integrity. Also, the mutual authentication procedure should be processed using a secure communication protocol. Although the OpenSSL which implements the TLS is using by many developers and its stability and performance are proved, it has a difficulty in using because of its large size. So, this paper designs and implements the secure communication which the users can use easily by modification works of OpenSSL library API. We proved the real application results using the client/server case which supports a secure communication using the implemented API.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.139-146
• /
• 2006

A Signcryption proposed by Yuliang Zheng in 1997 is a hybrid public key primitive that combines a digital signature and a encryption. It provides more efficient method than a straightforward composition of an signature scheme with a encryption scheme. In a mobile communication environment, the authenticated key agreement protocol should be designed to have lower computational complexity and memory requirements. The password-based authenticated key exchange protocol is to authenticate a client and a server using an easily memorable password. This paper proposes an secure Authenticated Key Exchange protocol using Signcryption scheme. In Addition we also show that it is secure and a more efficient that other exiting authenticated key exchange protocol.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.10
• /
• pp.3333-3354
• /
• 2022

The 5G Core Network (5GC) is an essential part of the mobile communication network, but its security protection strategy based on the boundary construction is difficult to ensure the security inside the network. For example, the Network Function (NF) mutual authentication mechanism that relies on the transport layer security mechanism and OAuth2.0's Client Credentials cannot identify the hijacked NF. To address this problem, this paper proposes a trust model for 5GC based on NF interaction behavior to identify malicious NFs and improve the inherent security of 5GC. First, based on the interaction behavior and context awareness of NF, the trust between NFs is quantified through the frequency ratio of interaction behavior and the success rate of interaction behavior. Second, introduce trust transmit to make NF comprehensively refer to the trust evaluation results of other NFs. Last, classify the possible malicious behavior of NF and define the corresponding punishment mechanism. The experimental results show that the trust value of NFs converges to stable values, and the proposed trust model can effectively evaluate the trustworthiness of NFs and quickly and accurately identify different types of malicious NFs.

• International Journal of Computer Science & Network Security
• /
• v.23 no.5
• /
• pp.128-134
• /
• 2023

The widespread usage of blockchain technology in cryptocurrencies has led to the adoption of the blockchain concept in data storage management systems for secure and effective data storage and management. Several innovative studies have proposed solutions that integrate blockchain with distributed databases. In this article, we review current blockchain databases, then focus on two well-known blockchain databases-BigchainDB and FalconDB-to illustrate their architecture and design aspects in more detail. BigchainDB is a distributed database that integrates blockchain properties to enhance immutability and decentralization as well as a high transaction rate, low latency, and accurate queries. Its architecture consists of three layers: the transaction layer, consensus layer, and data model layer. FalconDB, on the other hand, is a shared database that allows multiple clients to collaborate on the database securely and efficiently, even if they have limited resources. It has two layers: the authentication layer and the consensus layer, which are used with client requests and results. Finally, a comparison is made between the two blockchain databases, revealing that they share some characteristics such as immutability, low latency, permission, horizontal scalability, decentralization, and the same consensus protocol. However, they vary in terms of database type, concurrency mechanism, replication model, cost, and the usage of smart contracts.

• International Journal of Contents
• /
• v.11 no.1
• /
• pp.41-51
• /
• 2015

Management systems for electronic library have been developed on the basis of Client/Server or ASP framework in domestic market for a long time. Therefore, both service provider and user suffer from their high cost and effort in management, maintenance, and repairing of software as well as hardware. Recently in addition, mobile devices like smartphone and tablet PC are frequently used as terminal devices to access computers through the Internet or other networks, sophisticatedly customized or personalized interface for n-screen service became more important issue these days. In this paper, we propose a new scheme of integrated management system for electronic library based on SaaS and Web Standard. We design and implement the proposed scheme applying Electronic Cabinet Guidelines for Web Standard and Universal Code System. Hosted application management style and software on demand style service models based on SaaS are basically applied to develop the management system. Moreover, a newly improved concept of duplication check algorithm in a hierarchical evaluation process is presented and a personalized interface based on web standard is applied to implement the system. Algorithms of duplication check for journal, volume/number, and paper are hierarchically presented with their logic flows. Total framework of our development obeys the standard feature of Electronic Cabinet Guidelines offered by Korea government so that we can accomplish standard of application software, quality improvement of total software, and reusability extension. Scope of our development includes core services of library automation system such as acquisition, list-up, loan-and-return, and their related services. We focus on interoperation compatibility between elementary sub-systems throughout complex network and structural features. Reanalyzing and standardizing each part of the system under the concept on the cloud of service, we construct an integrated development environment for generating, test, operation, and maintenance. Finally, performance analyses are performed about resource usability of server, memory amount used, and response time of server etc. As a result of measurements fulfilled over 5 times at different test points and using different data, the average response time is about 62.9 seconds for 100 clients, which takes about 0.629 seconds per client on the average. We can expect this result makes it possible to operate the system in real-time level proof. Resource usability and memory occupation are also good and moderate comparing to the conventional systems. As total verification tests, we present a simple proof to obey Electronic Cabinet Guidelines and a record of TTA authentication test for topics about SaaS maturity, performance, and application program features.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.12C
• /
• pp.1258-1267
• /
• 2003

As the need for stable and high speed wireless Internet service Brows, the wireless LAN service provider hurries to preempt wireless LAN service market. IAPP(InterAccess Point protocol) is defined to be able to provide a secure handoff mechanism of wireless LAN terminal information between AP(Access Point)s, and the related IEEE standard is IEEE 802.11f. For the secure handoff of wireless LAN terminal, it is necessary to transfer terminal's authentication & accounting information securely from old AP to new AP IEEE 802.11f recommends RADIUS server as IAPP server which authenticates AP and provides information for secure channel between APs. This paper proposes IAPP server using Diameter protocol to overcome the limit of RADIUS sewer, and describes about the interaction between server components and integration method with the current IAPP client system.

• Journal of Internet Computing and Services
• /
• v.4 no.2
• /
• pp.11-19
• /
• 2003

The technique which stores cache data in EXT2 or UFS designed for general purpose is not suitable for satisfying the speed required for web cache due to the general purpose file system. This study shows that there is the better solution by optimizing the file system using the characteristics of web file. It is impossible that the suggested RawCFS changes the size of cached object and the access authentication, and this results from the existence of up-to-dated object in the original server. This file system is proved in the capability test that it is faster than the technique by 40% which stores in each file by object unit. This can be used in the design of high end web server such as shoppingmall or Internet Broadcasting station which should provide objects like image or HTML as well as cache server to the client for the fast service.

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.643-648
• /
• 2005

Intranet system for use within an organization, usually a corporation, is to basically pass through user authentication, but information can be leaked, modified, and deleted by malevolent users who disguise an authorized user or due to user's mistakes in using various functions of web browser. Thus, there is a need for measures to protect the information from illegal use, transformation through partial modification, and illegal leakage such as fraudulent use. This paper presents a flexible Web Security Access Control system based ACM which Provide efficient suity Policy to Protect information in intranet. This Web Security Access Control system not only enhances security by Performing encryption/decryption of information in intranet but also, for sharing confidential information among departments, performs effective and useful access control by assigning different authority to the secured web page. And, by controlling the functions of client PC in various ways, information leakage on malicious purpose or by mistake can be prevented.