• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.29-34
• /
• 2023

KMS (Knowledge Management System) is used by various organizations to share information. This KMS includes important information as well as basic information used by each organization. To protect infortant information stored in KMS, many KMS use user identification and authentication features. In such a KMS security environment, if the account information of a user who can access the KMS is leaked, a malicious attacker using the account information can access the KMS and access all authorized important information. In this study, we propose KMS with user access control function that can protect important information even if user account information is leaked. The KMS with the user access control function proposed in this study protects the stored files in the KMS by applying an encryption algorithm. Users can access important documents by using tokens after logging in. A malicious attacker without a Token cannot access important files. As a result of checking the unit function for the target user access control function for effectiveness verification, it was confirmed that the access control function to be provided by KMS is normally provided.

• Journal of Korea Multimedia Society
• /
• v.8 no.2
• /
• pp.211-224
• /
• 2005

With the wide acceptance of the Internet and the Web, volumes of information and related users have increased and companies have become to need security mechanisms to effectively protect important information for business activities and security problems have become increasingly difficult. This paper proposes a improved access control model for access control enforcement in enterprise environments through the integration of the temporal constraint character of the GT-RBAC model and sub-role hierarchies concept. The proposed model, called Extended GT-RBAC(Extended Generalized Temporal Role Based Access Control) Model, supports characteristics of GTRBAC model such as of temporal constraint, various time-constrained cardinality, control now dependency and separation of duty constraints(SoDs). Also it supports unconditional inheritance based on the degree of inheritance and business characteristics by using sub-roles hierarchies in order to allow expressing access control policies at a finer granularity in corporate enterprise environments.

• International Journal of Computer Science & Network Security
• /
• v.23 no.4
• /
• pp.172-178
• /
• 2023

When the mobile device moves from the coverage of one access point to the radio coverage of another access point it needs to maintain its connection with the current access point before it successfully discovers the new access point, this process is known as handoff. During handoff the acceptable delay a voice over IP application can bear is of 50ms whereas the delay on medium access control layer is high enough that goes up to 350-500ms. This research provides a suitable methodology on medium access control layer of the IEEE 802.11 network. The medium access control layer comprises of three phases, namely discovery, reauthentication and re-association. The discovery phase on medium access control layer takes up to 90% of the total handoff latency. The objective is to effectively reduce the delay for discovery phase to ensure a seamless handoff. The research proposes a scheme that reduces the handoff latency effectively by scanning channels prior to the actual handoff process starts and scans only the neighboring access points. Further, the proposed scheme enables the mobile device to scan first the channel on which it is currently operating so that the mobile device has to perform minimum number of channel switches. The results show that the mobile device finds out the new potential access point prior to the handoff execution hence the delay during discovery of a new access point is minimized effectively.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.1
• /
• pp.145-164
• /
• 2023

Cloud computing offers a platform that is both adaptable and scalable, making it ideal for outsourcing data for sharing. Various organizations outsource their data on cloud storage servers for availing management and sharing services. When the organizations outsource the data, they lose direct control on the data. This raises the privacy and security concerns. Cryptographic encryption methods can secure the data from the intruders as well as cloud service providers. Data owners may also specify access control policies such that only the users, who satisfy the policies, can access the data. Attribute based access control techniques are more suitable for the cloud environment as they cover large number of users coming from various domains. Multi-authority attribute-based encryption (MA-ABE) technique is one of the propitious attribute based access control technique, which allows data owner to enforce access policies on encrypted data. The main aim of this paper is to comprehensively survey various state-of-the-art MA-ABE schemes to explore different features such as attribute and key management techniques, access policy structure and its expressiveness, revocation of access rights, policy updating techniques, privacy preservation techniques, fast decryption and computation outsourcing, proxy re-encryption etc. Moreover, the paper presents feature-wise comparison of all the pertinent schemes in the field. Finally, some research challenges and directions are summarized that need to be addressed in near future.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.2 no.4
• /
• pp.233-241
• /
• 2007

In an ubiquitous environment, for controlling user access according to environment of users, a number of access control models enforcing dynamic environment of users have been proposed. However, they do not support personalized environments of each user and have a run-time overhead of searching active roles. In this paper, we propose a new model, PE-RBAC, that extends the RBAC architecture by addition of a personalized environment component as a constraint to accommodate dynamic and mobile users. In this model, a dynamic role activation is presented by using a new role-to-environment structure instead of the conventional role hierarchy, which makes it efficient to find the active roles according to a user's personalized environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1025-1035
• /
• 2013

There has been an explosive increase in the population of OSN(online social network) for 10 years. OSN provides users with many opportunities to have communication among friends, families and goes so far as to make relationships among unknown people having similar belief or interest. However, OSN also produced adverse effects such as privacy breaches, leaking uncontrolled information or disseminating false information. Access control models such as MAC, DAC, RBAC are applied to the OSN to control those problems but those models in OSN are not fit in dynamic OSN environment because user's acts in OSN are unpredictable and static access control imposes burden on users to change access control rules one by one. This paper proposes the dynamic trust-based access control to solve the problems of traditional static access control in OSN.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.599-606
• /
• 2009

For many mission-critical related wireless sensor network applications such as military and homeland security, user's access restriction is necessary to be enforced by access control mechanisms for different access rights. Public key-based access control schemes are more attractive than symmetric-key based approaches due to high scalability, low memory requirement, easy key-addition/revocation for a new node, and no key predistribution requirement. Although Wang et al. recently introduced a promising access control scheme based on elliptic curve cryptography (ECC), it is still burdensome for sensors and has several security limitations (it does not provide mutual authentication and is strictly vulnerable to denial-of-service (DoS) attacks). This paper presents an energy-efficient access control scheme based on ECC to overcome these problems and more importantly to provide dominant energy-efficiency. Through analysis and simulation based evaluations, we show that the proposed scheme overcomes the security problems and has far better energy-efficiency compared to current scheme proposed byWang et al.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.5
• /
• pp.1634-1652
• /
• 2022

Due to the increasing need for data sharing in the age of big data, how to achieve data access control and implement user permission revocation in the blockchain environment becomes an urgent problem. To solve the above problems, we propose a novel blockchain-based data sharing scheme (BDSS) with fine-grained access control and permission revocation in this paper, which regards the medical environment as the application scenario. In this scheme, we separate the public part and private part of the electronic medical record (EMR). Then, we use symmetric searchable encryption (SSE) technology to encrypt these two parts separately, and use attribute-based encryption (ABE) technology to encrypt symmetric keys which used in SSE technology separately. This guarantees better fine-grained access control and makes patients to share data at ease. In addition, we design a mechanism for EMR permission grant and revocation so that hospital can verify attribute set to determine whether to grant and revoke access permission through blockchain, so it is no longer necessary for ciphertext re-encryption and key update. Finally, security analysis, security proof and performance evaluation demonstrate that the proposed scheme is safe and effective in practical applications.

• Electronics and Telecommunications Trends
• /
• v.34 no.4
• /
• pp.117-128
• /
• 2019

As companies use increasing amounts of data more and more, people are more concerned about protecting their privacy. Many researches studies have been conducted with a to securely view of manage managing and share sharing private information securely using the Bblockchain technology. These studies have suggested a Bblockchain-based approaches to provide efficiency, scalability, data ownership, and systematic data lifecycles that were are the limitations of lacking in traditional access controls. More Sspecifically, these studies have introduced a new access control models, distributed hash tables, trusted execution environments, and hierarchical ID-based cryptographic mechanisms to provide reliable access control even in complex environments such as IoT Internet of Things. In this paperstudy, we present the criteria to for classifying the functional characteristics of the Bblockchain-based access control methods and derive the differentiateion between of each the several methods.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.11a
• /
• pp.291-295
• /
• 2004

As a large quantity of information is presented in XML format on the web, there are increasing demands for XML security. Until now research on XML security has been focused on the security of data network using digital signature and encryption technology. As XML data become extensive and complex however XML security comes to involve not only network security but also managerial security. But XML encryption support simple network security. So it cannot support multiple users and multiple access control policy. In this paper, we propose an integration method of encryption and access control policy for securing XML documents. This methodology can support multiple authorization of multiple users with integrating access control. And this can reduce the cost of the existing complicated access evaluation process of access control by using pre-processing.