• Journal of the Korea Institute of Military Science and Technology
• /
• v.12 no.5
• /
• pp.609-614
• /
• 2009

In this paper, we have proposed a design for security network system passing through the non-security network which is commonly used for various networking services. Based on the security requirements which are assumed that the large classified data are bi-transmitted between a server and several terminals remotely located, some application methods of security techniques are suggested such as the network separation technique, the scale-down application technique of certification management system based on the PKI(Public Key Infrastructure), the double encryption application using the crypto-equipment and the asymmetric keys encryption algorithm, unrecoverable data deleting technique and system access control using USB device. It is expected that the application of this design technique for the security network causes to increase the efficiency of the existing network facilities and reduce the cost for developing and maintaining of new and traditional network security systems.

• The KIPS Transactions:PartC
• /
• v.11C no.1
• /
• pp.21-30
• /
• 2004

Most applications using the PKI allows a user to execute the certificate validation processing. The efficiency of user system can be declined by the user-side processing resulting the overhead and low speed of the validation processing. Therefore, in this paper, we propose a new certificate validation processing method can decrease the overhead on user by allowing CAs of the hierarchical PKI to participate in the validation processing. Therefore, our proposed scheme can not only reduce the considerable overhead caused by the user-side whole processing without a new implementation of the delegated server but also improve the time spent for the processing by the reduction of the validation processing job on user.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.73-79
• /
• 2008

Nowadays, all over the world's banks use internet banking through various authentication methods. Although there are strong authentication methods using OTP (One Time Password), there still has vulnerability from sophisticated attacks such as MITM (Man In The Middle). This letter proposes signing-based authentication protocol that copes with attacks, such as MITB (Man In The Browser), and provides non-repudiation function. The protocol shows generic method to prevent the sophisticated attacks through connecting advantages from OTP and PKI (Public Key Infrastructure) certificate, and that can be deployed to various extended form in internet banking.

• Journal of the military operations research society of Korea
• /
• v.33 no.2
• /
• pp.115-127
• /
• 2007

The army developed the ATCIS(Army Tactical Command Information System) for the battlefield information system with share the command control information through the realtime. The using the public key and the encryption equipment in the ATCIS is enough to the confidentiality, integrity. but, it is vulnerable about the availability with the zero day attack. In this paper, we implement the worm propagation simulation on the ATCIS infrastructure through the modelling on the ATCIS operation environment. We propose the countermeasures based on the results from the simulation.

• The Journal of Society for e-Business Studies
• /
• v.8 no.4
• /
• pp.167-181
• /
• 2003

The contents for multimedia are very activated along to revolution of Internet. So this fact allows the contents for multimedia to be commercialized. These contents , however, included much vulnerability that it is difficult to be commercialized because attackers easily reproduce that. Many developers want to use watermarking method as the technique to protect the contents for multimedia, but it is very vulnerable to use only one method. This paper proposes the Secure DRM system which protects the contents for multimedia using Public Key Infrastructure and steganography methods. The SDRM system is more powerful than general DRM systems in that it has the special feature of watermarking and steganography techniques. We can prevent the attackers from reproducing and stealing the contents illegally, and authenticating users through SDRM systems.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.1
• /
• pp.888-892
• /
• 2005

현재 무선 인터넷 시장이 급속도로 발전하고 있고 여러 가지 콘텐츠 및 전자 거래 서비스가 유선상에서 제공하는 것처럼 서비스를 제공하고 있다. 국내에서는 휴대폰을 중심으로 각종 서비스들이 제공되고 있는 실정이다. 그러나 휴대폰은 유선상의 PC와 성능을 비교하면 절대적인 열세에 있다. 다시 말해서, 유선의 서비스처럼 안전한 보안을 바탕으로 제공하는 서비스가 아니라 하드웨어 성능의 열세로 인한 안전하지 못한 서비스이다. 이를 보완하기 위해 단말기 사양에 맞는 표준안들이 국제 포럼에서 계속해서 제정 중에 있으며 효과적인 보안통신을 위한 여러 연구들이 진행 중에 있다. 무선용 인증서를 사용하여 안전한 암호화 통신을 위한 연구로 무선 공개키 기반구조(WPKI :Wireless Public Key Infrastructure)가 있다. 본고에서는 이에 대해서 살펴보고 또, 무선용 프로토콜인 WAP포럼의 WAP(Wireless Application Protocol), Microsoft사의 ME(Mobile Explore) 그리고 일본 도코모사의 i-mode 중에서 가장 국제적으로 통용되어 쓰이고 있는 WAP에 대해서 살펴본다. 또한 현재 암호화 통신에서 사용되는 암호학적 안전성에 대해 논하고 안전한 무선 암호화 통신을 가로막는 요인과 해결 방안에 대해 논의한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.828-832
• /
• 2005

무선 인터넷에서는 원격지 이동, 근무자의 근무지원, 무선 상거래로 그 초점이 맞추어지면서 당연히 현재 무선인터넷의 보안도 트랜잭션(transaction) 보안을 시발점으로 하고 있다. 본 논문에서는 현재 무선인터넷에서 가장 화두가 되고 있는 WPKI(Wireless Public Key Infrastructure)를 이용한 단대단(End-to-End) 시스템과 MVPN(Mobile Virtual Private Network)을 분석하고, 현재 국내에서 무선인터넷 서비스를 하고 있는 이동통신 사업자의 네트워크 환경을 분석하여, 우선적으로 이동통신망을 이용한 무선 인터넷에서의 보안 시스템에 대해 기술하고자 한다. 그리고 이동전화사업자와 단말기 업체들에 이어 종합 포털(portal)들도 호환성이 강점인 자바 기반의 ‘J2ME(Jave 2 Micro Edition)’을 사용하여 무선인터넷 플랫폼 최적화 움직임이 가속화되고 있는 추세에 맞추어, 본 논문에서는 무선 인터넷 서비스 방식 중 콘텐츠 프로그램의 서버 보관 등 타사 플랫폼과는 차별화된 서비스를 제공하기 때문에 이용자들에게 한층 더 향상된 무선인터넷 서비스를 이용할 수 있게 하는 J2ME 서비스를 기초로 한 단대단간의 보안 역할을 하는 중계보안시스템에 대해 논의하고자 하며, 향후 그 모듈의 일환으로 무선 암호 메시지 전송의 구현을 통하여 이를 현실화하고자 한다.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.739-746
• /
• 2003

In real life, we frequently use th proxy signatrue by delegating one's own privileges. It is necessary to distribute the data related to privilege delegation securely in order to use such a proxy signature in the Internet. However, inorder to use the secure proxy signature, we need to have some mechanism to prevent a proxy signer from misuse of privileges by applying proxy certificate and a privilege delegation mechanism to manage information with related to privilege delegarion. In addition, we have implemented the prototype to demonstrate the possible proxy signature service using proxy certificate.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.5
• /
• pp.768-776
• /
• 2002

According as practical use of server system is generalized in multimedia and internet environment, the security of all data that is stored to system is actuality that security mechanism of high level such as competence grant or access control is required. Also, standardization of informations that is stored in system in scattered environment protection technology of more complicated system by absence of done schema, non-systemicity etc. Therefore in this paper. General access control way explained basic modeling because enough investigate and analyze general access control way. And assigning role about each modules separating module of RBAC(Role-Based Access Control) modeling, existent access control modeling and RBAC modeling using mixing new access control modeling present.

• International journal of advanced smart convergence
• /
• v.8 no.1
• /
• pp.44-57
• /
• 2019

Most banks in Korea have provided Internet banking services based on PKI(Public Key Infrastructure) certificates since the early 2000s when Internet banking began in Korea. To support PKI Internet banking, the Korean government backed the electronic signature law and supported the rapid spread of PKI-based Internet banking by regulating the application of PKI certificates to be compulsory in Internet banking until 2015. PKI Internet Banking in Korea has been developed as a pioneer in this field through many challenges and responses until its present success. Korea's PKI banking, which started with soft-token-based closed banking, has responded to various types of cyber attack attempts and promoted the transition to open banking by accepting various criticisms due to lack of compatibility with international standards. In order to improve the convenience and security of PKI Internet banking, various attempts have been made, such as biometric-integrated smartphone-based PKI authentication. In this paper, we primarily aim to share the experience and lessons of PKI banking by analyzing the evolution process of PKI Internet banking in Korea. It also has the purpose of presenting the challenges of Korea's PKI Internet banking and sharing its development vision.