• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.12
• /
• pp.5135-5149
• /
• 2015

Communications among multi-party must be fast, cost effective and secure. Today's computing environments such as internet conference, multi-user games and many more applications involve multi-party. All participants together establish a common session key to enable multi-party and secure exchange of messages. Multi-party password-based authenticated key exchange scheme allows users to communicate securely over an insecure network by using easy-to-remember password. Kwon et al. proposed a practical three-party password-based authenticated key exchange (3-PAKE) scheme to allow two users to establish a session key through a server without pre-sharing a password between users. However, Kwon et al.'s scheme cannot meet the security requirements of key authentication, key confirmation and anonymity. In this paper, we present a novel, simple and efficient multi-party password-based authenticated key exchange (M-PAKE) scheme based on the elliptic curve cryptography for mobile environment. Our proposed scheme only requires two round-messages. Furthermore, the proposed scheme not only satisfies security requirements for PAKE scheme but also achieves efficient computation and communication.

• Korean Journal of Computational Design and Engineering
• /
• v.20 no.2
• /
• pp.182-192
• /
• 2015

In recent years, numerous studies have attempted to extract quantity data by using Building Information Modeling (BIM). In terms of open-BIM based quantity take-off at the early design stage, only few studies were conducted in the field of cost engineering. A lack of compatibility of open BIM for information exchange is postulated as the cause. The Industry Foundation Classes (IFC) extension model has been developed to accommodate the interoperability with quantity take-off software. Improvement of open BIM for quantity take-off needs exchange requirements and model guidelines. For this purpose, the quantity data of IFC models were analyzed using BIM analysis tools. This paper also provides a proposal of requirements on open BIM based quantity take-off at the early design stage. Further this study have been develop the interface system for open BIM based quantity take-off requirements with the results on this study.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.141-154
• /
• 2022

In the data economy era, various policies are being implemented to create an active data distribution environment. In South Korea, the formation of a big data distribution platform and data trading began with the launch of the Financial Data Exchange under public data governance. In the case of major advanced countries in the data field, they have built a data distribution environment based on the data broker industry for decades and have strengthened national data competitiveness through added values generated from the industry. However, behind the active data distribution through data brokers, there are numerous information security issues, which have resulted in various privacy issues and national security threats. These problems can occur sufficiently in the process of domestic financial data exchange. In our study, we analyzed various information security issues of data trading caused by data brokers and derived information security requirements to be considered when trading data. We verified whether information security requirements are well reflected in the information security policy for each transaction stage of the domestic financial data exchange. Based on the verification, measurements to strengthen information security for financial data exchange are presented in our paper.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.11 no.1
• /
• pp.51-56
• /
• 2008

The counter-fire operation system performs its mission exchanging information with other related systems such as command & control systems and military information systems. In the process of exchanging information, the counter-fire operation system uses a type of data message which contains exchange data information in the format of KMTF. The requirement of data exchange of count-fire operation will continue to evolve. But the EDX(External Data eXchange) configuration item of the current counter-fire operation system can not effectively cope with the variation of data exchange requirements due to its fixed software structure. In the paper, a solution for improving flexibility of external data exchange in counter-fire operation system is proposed.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.715-720
• /
• 2023

The military is driving innovative changes such as AI, cloud computing, and drone operation through the Fourth Industrial Revolution. It is expected that such changes will lead to a rapid increase in the demand for information exchange requirements, reaching all lower-ranking soldiers, as networking based on IoT occurs. The flow of such information must ensure efficient information distribution through various infrastructures such as ground networks, stationary satellites, and low-earth orbit small communication satellites, and the demand for information exchange that is distributed through them must be appropriately dispersed. In this study, we redefined the DSCP, which is closely related to QoS (Quality of Service) in information dissemination, into 11 categories and performed research to map each cluster group identified by cluster analysis to the defense "information exchange requirement list" on a one-to-one basis. The purpose of the research is to ensure efficient information dissemination within a multi-layer integrated network (ground network, stationary satellite network, low-earth orbit small communication satellite network) with limited bandwidth by re-establishing QoS policies that prioritize important information exchange requirements so that they are routed in priority. In this paper, we evaluated how well the information exchange requirement lists classified by cluster analysis were assigned to DSCP through M&S, and confirmed that reclassifying DSCP can lead to more efficient information distribution in a network environment with limited bandwidth.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.8 no.6
• /
• pp.520-527
• /
• 2015

The key exchange protocols are very crucial tools to provide the secure communication in the broadband satellite access network. They should be required to satisfy various requirements such as security, key confirmation, and key freshness. In this paper, we present the security functions in ETSI(European Telecommunications Standards Institute), and analyze the specification of the security primitives and the key exchange protocols for the authenticated key agreement between RCST(Return Channel Satellite Terminal) and NCC(Network Control Centre). ETSI key exchange protocols consists of Main Key Exchange, Quick Key Exchange, and Explicit Key Exchange. We analyse the pros and cons of key exchange protocols based on performance analysis and performance evaluation.

• Journal of information and communication convergence engineering
• /
• v.3 no.3
• /
• pp.163-166
• /
• 2005

The Key exchange protocols are very crucial tools to provide the secure communication in the broadband satellite access network. They should be required to satisfy various requirements such as security, Key confirmation, and Key freshness. In this paper, Two authenticated key exchange protocols TPEKE-E(Two Pass Encrypted Key Exchange-Exchange-Efficient) and TPEKE-S(Two Pass Encrypted Key xchange-Secure) are introduced. A basic idea of the protocols is that a password can be represented by modular addition N, and the number of possible modular addition N representing the password is $2^N$. The TPEKE-E is secure against the attacks including main-in-the-middle attack and off-line dictionary attack, and the performance is excellent so as beyond to comparison with other authenticated key exchange protocols. The TPEKE-S is a slight modification of the TPEKE-E. The TPEKE-S provides computational in feasibility for learning the password without having performed off line dictionary attack while preserving the performance of the TPEKE-E.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.1
• /
• pp.41-50
• /
• 2010

This paper proposes a mutual identification and session key exchange scheme in secure vehicular communication based on the group signature. In VANETs, security requirements such as authentication, conditional privacy, non-repudiation, and confidentiality are required to satisfy various vehicular applications. However, existing VANET security methods based on the group signature do not support a mutual identification and session key exchange for data confidentiality. The proposed scheme allows only one credential to authenticate ephemeral Diffie-Hellman parameters generated every key exchange session. Our scheme provides a robust key exchange and reduces storage and communication overhead. The proposed scheme also satisfies security requirements for various application services in VANETs.

• Journal of Internet Computing and Services
• /
• v.17 no.5
• /
• pp.25-32
• /
• 2016

There has been a rapid growth in the development of mobile application resulting from its wide usage for online transaction, data storage and exchange of information. However, an important issue that has been overlooked is the lack of emphasis on the security issues at the early stage of the development. In fact, security issues have been kept until the later stage of the implementation of mobile apps. Requirements engineers frequently ignore and incorrectly elicit security related requirements at the early stage of mobile application development. This scenario has led to the failure of developing secure and safe mobile application based on the needs of the users. As such, this paper intends to provide further understanding of the real challenges in extracting security attributes for mobile application faced by novice requirements engineers. For this purpose, two experiments on eliciting security attributes requirements of textual requirements scenario were conducted. The performance related to the correctness and time taken to elicit the security attributes were measured and recorded. It was found that the process of eliciting correct security attributes for mobile application requires effort, knowledge and skills. The findings indicate that an automated tool for correct elicitation security attributes requirement could help to overcome the challenges in eliciting security attributes requirements, especially among novice requirements engineers.

• Journal of the Korean Society for information Management
• /
• v.28 no.4
• /
• pp.243-261
• /
• 2011

This study aims to investigate a framework for linkage of national research performance evaluation and research information service from the perspective of metadata representation and exchange. Based on results of the functional requirements for metadata of national research performance evaluation are derived, this study suggests strategies for the application of international metadata standards. Also, this study presents an method to implement the metadata of research performance evaluation based on OAI-ORE, which is an international standard that can reuse and exchange the research information on web architecture.