• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.931-933
• /
• 2012

IT기술 및 인터넷의 발전으로 시 공간의 제약 없이 다양한 서비스를 제공받을 수 있는 클라우드 컴퓨팅 기술이 등장하게 되었다. 이로 인해 기존 데이터센터를 가상화 및 클라우드 컴퓨팅 기술과 융합한 클라우드 데이터센터로 전환하여 개인용 클라우드 서비스(Private Cloud Service)나 외부 기업 등에게 아웃소싱 하여 공개형 클라우드 서비스(Public Cloud Service)를 제공하고 있다. 그러나 클라우드 환경은 기존의 IT환경에서 발생한 악성코드를 이용한 데이터 해킹 및 유출과 같은 보안 위협이 존재하며, 새로운 보안 위협들이 발생하고 있다. 따라서 본 논문에서는 안전한 클라우드 데이터센터 구축을 위한 보안요구사항에 대해서 분석한다.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.119-124
• /
• 2021

Today, both sides of modern culture are decisively invaded by digitalization. Authentication is considered to be one of the main components in keeping this process secure. Cyber criminals are working hard in penetrating through the existing network channels to encounter malicious attacks. When it comes to enterprises, the company's information is a major asset. Question here arises is how to protect the vital information. This takes into account various aspects of a society often termed as hyper connected society including online communication, purchases, regulation of access rights and many more. In this research paper, we will discuss about the concepts of MFA and KBA, i.e., Multi-Factor Authentication and Knowledge Based Authentication. The purpose of MFA and KBA its utilization for human.to.everything..interactions, offering easy to be used and secured validation mechanism while having access to the service. In the research, we will also explore the existing yet evolving factor providers (sensors) used for authenticating a user. This is an important tool to protect data from malicious insiders and outsiders. Access Management main goal is to provide authorized users the right to use a service also preventing access to illegal users. Multiple techniques can be implemented to ensure access management. In this paper, we will discuss various techniques to ensure access management suitable for enterprises, primarily focusing/restricting our discussion to multifactor authentication. We will also highlight the role of knowledge-based authentication in multi factor authentication and how it can make enterprises data more secure from Cyber Attack. Lastly, we will also discuss about the future of MFA and KBA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.31-40
• /
• 2010

The evolution of internet have opened the world of IPTV. With internet protocol, IPTV broadcasts contents stream. The IP protocol doesn't provide secure service due to IP characteristics. So, it is important to provide both connect and secure service. Conditional Access System and/or Digital Right Management are being used to protect IPTV contents. However, there exist restrictions in the view of security. In this paper, we analyse existing security technologies for IPTV and propose a novel method to enforce security efficiently. In the proposed method, OTP is used for encryption/decryption contents and CAS controls key for encryption/decryption and the right of user. With this scheme, it reduces the load of the system and provides more security.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.289-294
• /
• 2014

Recently, the various web service and applications are provided to the user. As to these service, because of providing the service to the authenticated user, the user undergoes the inconvenience of performing the authentication with the service especially every time. The OAuth(Open Authorization) protocol which acquires the access privilege in which 3rd Party application is limited on the web service in order to resolve this inconvenience appeared. This OAuth protocol provides the service which is convenient and flexible to the user but has the security vulnerability about the authorization acquisition. Therefore, we propose the method that analyze the security vulnerability which it can be generated in the OAuth 2.0 protocol and secure user authority authentication method.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.597-606
• /
• 2001

In this paper, we propose the delay sensitive traffic and a high bandwidth QoS service in order to supply real-time traffic such as VoIP, multimedia service. We use IntServ over DiffServ network to supply end-to-end QoS service in the IETF. We define the proposed QoS services which are Best, Good, Default service. We analyze the performance using NS simulator with end to end QoS service in IntServ over DiffServ network. The proposed billing system uses the Accounting, Authentication, Authorization (AAA) functions of RADIUS protocol and proposes the dynamic pricing method according to network usage state using end-to-end QoS of IntServ over DiffServ network. In order to secure billing system, we design and implement audit trail system by the IEEE POSIX.1E standard.

• Korean Journal of Computational Design and Engineering
• /
• v.11 no.5
• /
• pp.327-334
• /
• 2006

Recently, security incidents are growing rapidly in which internal employees let the drawing leak out to competitors or other countries. This type of security incidents has a characteristic that it occurs less frequently than other types of security incidents such as network or server security incident, but the damage is a lot more serious. The existing information security technologies to prevent internal information from being leaked out are only applicable to general documents(office documents, web pages and image files in which data are encrypted one by one). However, architectural drawings made up of collection of files with various formats(extensions) have problems with the process speed of en(de) cryption and accuracy, so the developments of security technologies by new methods are required. In this study, we design and develop a security technology based on work area with which users can protect the leakage of critical information in the kernel level while maintaining their work environment when they have to use sharing information that cannot be managed by the unit of file. As a result, we developed the "Virtual Secure Disk" which allows only authorized users and applications to have an access to drawings, and have verified its security by applying it to the actual company.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.48 no.2
• /
• pp.105-115
• /
• 2011

User authentication service is an absolutely necessary condition while securely implementing an IT service system. It allows for valid users to securely log-in the system and even to access valid resources from database. For efficiently and securely authenticating users, smart-card has been used as a popular tool because of its convenience and popularity. Furthermore the smart-card can maintain its own power for computation and storage, which makes it easier to be used in all types of authenticating environment that usually needs temporary storage and additional computation for authenticating users and server. First, in 1981, Lamport has designed an authentication service protocol based on user's smart-card. However it has been criticized in aspects of efficiency and security because it uses hash chains and the revealment of server's secret values are not considered. Over the years, many smart-card based authentication service protocol have been designed. Very recently, Xu, Zhu, Feng have suggested a provable and secure smart-card based authentication protocol. In this paper, first, we define all types of attacks in the smart-card based authentication service. According to the defined attacks, however, the protocol by Xu, Zhu, Feng is weak against an attack that an attacker with secret values of server is able to impersonate a valid user without knowing password and secret values of user. An efficient and secure countermeasure is suggested, then the security is analyzed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.650-652
• /
• 2013

As VANET(Vehicular Ad-hoc NETwork) improves road safety, efficiency, and comfort, and provides a value-added service such as commerce information or internet access. it is the most important technology in ITS(Intelligent Transportation System). But, In VANETs, better communication efficiency can be achieved by sacrificing security and vice versa. VANETs cannot get started without either of them. Therefore, to solve these problems simultaneously, this paper proposes MAC(Message Authentication Code) based SDAP(Secure Data Aggregation Protocol) which removes redundant data or abnormal data between vehicles and verifies the integrity of message. The MAC based SDAP not only improves the efficiency of data delivery but also enhances the security by detecting malicious attacks such as propagation jamming attack, forgery attack, and disguised attack.

• Convergence Security Journal
• /
• v.7 no.2
• /
• pp.107-118
• /
• 2007

Distributed wireless sensor network in various environment have characteristic that is surveillance of environment-element and offering usefully military information but there is shortcoming that have some secure risks. Therefore secure service must be required for this sensor network safety. More safe and effective techniques of node administration are required for safe communication between each node. This paper proposes effective cluster-header and clustering techniques in suitable administration techniques of group-key on sensor network. In this paper, first each node transmit residual electric power and authentication message to BS (Base-Station). BS reflects "Validity Authentication Rate" and residual electric power. And it selects node that is more than these regularity values by cluster header. After BS broadcasts information about cluster header in safety and it transmits making a list of information about cluster member node to cluster header. Also, Every rounds it reflects and accumulates "Validity Authentication Rate" of former round. Finally, BS can select more secure cluster header.

• Journal of Convergence for Information Technology
• /
• v.10 no.8
• /
• pp.144-151
• /
• 2020

User-authentication process is necessary in Fintech Service. Especially, authentication on smartphones are carried out through PIN which is inputted through virtual keypads on touch screen. Attacker can analogize password by watching touched letter and position over the shoulder or using high definition cameras. To prevent password spill, various research of virtual keypad techniques are ongoing. It is hard to design secure keypad which assures safety by fluctuative keypad and enhance convenience at once. Also, to reconfirm user whether password is wrongly pressed, the inputted information is shown on screen. This makes the password easily exposed through high definition cameras or Google Class during recording. This research analyzed QWERTY based secure keypad's merits and demerits. And through these features, creating Tetris shaped keypad and piece them together on Android environment, and showing inputted words as Tetris shape to users through smart-screen is suggested for the ways to prevent password spill by recording.