• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.435-441
• /
• 2013

This paper review about kerberos security authentication scheme and policy for big data service. It analyzed problem for security technology based on Hadoop framework in big data service environment. Also when it consider applying problem of kerberos security authentication system, it analyzed deployment policy in center of main contents, which is occurred in commercial business. About the related applied Kerberos policy in US, it is researched about application such as cross platform interoperability support, automated Kerberos set up, integration issue, OPT authentication, SSO, ID, and so on.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.256-258
• /
• 2005

최근 유비쿼터스 컴퓨팅 기술이 활발하게 연구되고 있는 실점에서 상황인지 (Context Aware)에 의한 위치 기반 서비스 (LBS : Location Based Service)와 POI(Point of Interest) 서비스가 활발히 연구되고 있다. 그러나 실외 위치 측위를 위한 GPS의 이용이 불가능한 실내 이동 환경에서는 사용자의 위치 변화 인지가 불가능하므로. 실내에서의 위치 기반 서비스를 위해서는 실내 환경에 적합한 위치측위 방식을 고려하여야 한다. 최근 물류 관리나 사용자 인증 등에 주로 사용되고 있는 RFID (Radio frequency IDentification)는 비접촉 인식 기술로서 위치 ID를 이용하여 실시간으로 실내의 위치 변화에 반응하도록 함으로써 실내 측위 시스템으로의 응용이 가능하다. 본 연구에서는 RFID를 이용해 실시간으로 위치 ID를 인지해 실내 위치 정보를 획득하고, XML 웹서비스와 벡터기반의 SVG를 이용하여 이동 클라이언트인 PDA에 사용자 위치정보를 적용한 실내 공간 정보 서비스 및 POI 서비스가 가능하도록 실내 위치 측위 시스템을 설계하고 구현하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2006.05a
• /
• pp.709-712
• /
• 2006

일반적인 침입탐지 시스템의 원리를 보면 공격자가 공격 패킷을 보내면 침입탐지서버에 IDS 프로그램으로 공격자의 패킷을 기존의 공격패턴과 비교하여 탐지한다. 공격자가 일반적인 공격 패킷이 아닌 패킷을 가짜 패킷과 공격 패킷을 겸용한 진보된 방법을 사용할 경우 IDS는 이를 탐지하지 못하고 로그 파일에 기록하지 않는다. 이는 패턴 검사에 있어 공격자가 IDS를 속였기 때문이다. 따라서 공격자는 추적 당하지 않고서 안전하게 공격을 진행할 수 있다. 본 논문에서는 이러한 탐지를 응용프로그램 단계가 아닌 커널 단계에서 탐지함으로서 침입탐지뿐만 아니라 침입 방지까지 할 수 있도록 하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.5100-5119
• /
• 2018

Most of existing privacy-preserving multi-authorities attribute-based encryption schemes (PP-MA-ABE) only considers the privacy of the user identity (ID). However, in many occasions information leakage is caused by the disclosing of his/her some sensitive attributes. In this paper, we propose a collusion-resisting ciphertext-policy PP-MA-ABE (CRPP-MACP-ABE) scheme with hiding both user's ID and attributes in the cloud storage system. We present a method to depict anonymous users and introduce a managerial role denoted by IDM for the management of user's anonymous identity certificate ($AID_{Cred}$). The scheme uses $AID_{Cred}$ to realize privacy-preserving of the user, namely, by verifying which attribute authorities (AAs) obtain the blinded public attribute keys, pseudonyms involved in the $AID_{Cred}$ and then distributes corresponding private keys for the user. We use different pseudonyms of the user to resist the collusion attack launched by viciousAAs. In addition, we utilize IDM to cooperate with multiple authorities in producing consistent private key for the user to avoid the collusion attack launched by vicious users. The proposed CRPP-MACP-ABE scheme is proved secure. Some computation and communication costs in our scheme are finished in preparation phase (i.e. user registration). Compared with the existing schemes, our scheme is more efficient.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.3
• /
• pp.24-31
• /
• 2020

Centralized systems in computing environments have various problems, such as privacy infringement due to hacking, and the possibility of privacy violations in case of system failure. Blockchain, one of the core technologies for the next generation of converged information, is expected to be an alternative to the existing centralized system, which has had various problems. This paper proposes a blockchain-based user authentication system that can identify users using EID in an online environment. Existing identification (ID)/password (PW) authentication methods require users to store personal information in multiple sites, and receive and use their respective IDs. However, the proposed system can be used without users signing up at various sites after the issuing of an EID. The proposed system issues an EID with a minimum of information, such as an e-mail address and a telephone number. By comparing the stability and efficiency of a centralized system, the proposed integrated authentication system proved to be excellent. In order to compare stability against existing systems, we chose attack methods and encroachments on the computing environment. To verify efficiency, the total throughput between the user's app, the issuance and certification-authority's servers, and the service provider's servers was compared and analyzed based on processing time per transaction.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.113-123
• /
• 2023

This paper introduces the Cherry system, a user-independent blockchain donation system. This is a procedure that is delivered to the beneficiary's bank account through a virtual account when a donor makes a donation, so there is no difference from the existing donation delivery method from the user's point of view However, within the blockchain, Cherry Points, a virtual currency based on the user ID, are issued and delivered to the beneficiary, while all transactions and the beneficiary's usage history are managed on the blockchain. By adopting this method, there was an improvement in blockchain performance, with transaction processing exceeding 1,000 TPS in typical transaction condition and service completion within 21.3 seconds. By applying the automatic influence control algorithm to this system, the influence according to stake, which is an individual donation, is greatly reduced to 0.3 after 2 months, thereby concentrating influence could be controlled automatically. In addition, it was designed to enable micro tracking by adding a tracking function by timestamp to the donation ledger for each individual ID, which greatly improved the transparency in the use of donations. From a service perspective, existing blockchain donation systems were handled as limited donation delivery methods. Since it is a direct service in a user-independent method, convenience has been greatly improved by delivering donations in various forms.

• The KIPS Transactions:PartC
• /
• v.13C no.3 s.106
• /
• pp.359-368
• /
• 2006

AAA(Authentication, Authorization, Accounting) is the service that offers authentication, authorization, and accounting method, and every terminal that accesses the network requires this AAA service. The authentication process of a mobile terminal is as follows: a mobile phone accesses an authentication server in a home network via the authentication service in an external network, which receives the authentication result. And, for the home authentication server to offer secure service, a unique key is distributed for the secure communication between the external agent and the user, the external agent and the home authentication server, and the user and the home authentication server. This paper discusses and proposes the key distribution for secure communication among external authentication servers when a mobile terminal travels to an external network. As the proposed method does not require the home authentication server to reissue another authentication when a user travels to other external networks, it reduces the overload in the home authentication server. It can also distribute a PIN-driven key.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.10
• /
• pp.1447-1452
• /
• 2022

Seoul Special City, one of the world's top 10 cities and Metro City, has traditional urban manufacturing industries such as printing, sewing, and mechanical metals. Small business owners in these manufacturing clusters have developed in the form of mutual assistance. Due to the nature of the agglomeration site, each process is handled by an individual company. It is difficult for relatively small business owners to prepare order processing services that provide real-time logistics movement information between processes. This paper collects and analyzes existing logistics data for smooth order and delivery of small business owners in package manufacturing and special printing fields We design an artificial intelligence Fulfillment Service Platform system with CRNN, k-NN, and ID3 Decision Tree Algorithm. Through this study, it is expected that it will greatly contribute to increasing sales and improving capabilities by allowing small business owners in integrated areas to use individual orders and delivery customized services through the Cloud network.

• Journal of the Korean BIBLIA Society for library and Information Science
• /
• v.30 no.1
• /
• pp.29-51
• /
• 2019

Most fields of society have constructed and utilized various name identifier systems such and International Standard Name Identifier(ISNI), Open Researcher and Contributor ID(ORCID), and Interested Parties Information System(IPI) in order to uniquely identify individual authors and institutions and to associate them to data related to creative works. Although it might be inevitable to apply name identifier systems in the current data environment with rapid association and integration of data across fields, there are many problems to be addressed when utilizing those systems. In order to overcome these problems and construct better information ecological system by associating and linking data from various fields, this research analyzed advanced cases for data integration based on ISNI. Through the analysis, it suggested managemental refinements for efficiently utilizing ISNI in data integration and association.

• Journal of Korea Multimedia Society
• /
• v.11 no.8
• /
• pp.1101-1110
• /
• 2008

Nespot provides a convenient wireless internet connection service. The existing IEEE 802.1X EAP-MD5 authentication mechanism can be achieved based on ID/password information for a wireless connection. The Nespot system offers an advanced accounting and authorization procedure for providing wireless user authentication mechanism. However, many problems were found on the existing Nespot EAP-MD5 mechanism such as a ill value exposure, a leakage of personal information on wireless authentication procedure and a weakness on Nespot mutual authentication mechanism. Therefore, we analyzed the limitation of the existing IEEE 802.1X EAP-MD5 certification system, and suggested a one-time session key based authentication mechanism. And then we offered a simplified encryption function on the Nespot certification process for providing secure mutual authentication process.