• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.53-62
• /
• 2010

In VANETs (Vehicular Ad hoc NETwork), conditional anonymity must be provided to protect privacy of vehicles while enabling authorities to identify misbehaving vehicles. To this end, previous systems provide a mechanism to revoke the anonymity of individual messages. In VANET, if we can trace the movement path of vehicles, it can be useful in determining the liability of vehicles in car accidents and crime investigations. Although route tracing can be provided using previous message revocation techniques, they violate privacy of other vehicles. In this paper, we provide a route tracing technique that protects privacy of vehicles that are not targeted. The proposed method can be employed independently of the authentication mechanism used and includes a mechanism to prevent authorities from abusing this new function.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.5A
• /
• pp.426-435
• /
• 2005

this paper, we made out blocking probability analysis for a new authentication structure for reducing the certificate acquisition time which is one of the factors that should be improved in a conventional wireless PKI. A conventional key exchange method simply performs the key exchange setup step based on discrete algebraic subjects. But the mutual-authentication procedure of wireless PKI for reducing authentication time uses an elliptical curve for a key exchange setup step. Besides, we proposed advanced handover method and blocking probability analysis for wireless PKI. Proposed handover method shows reduced handover processing time than conventional method since it can reduce CRL retrieval time. Also, we compared proposed authentication structure and conventional algorithm, and simulation results show that proposed authentication method outperforms conventional algorithm in all environment regardless of call arrival rate, queue service rate, queue size

• Korean Journal of Construction Engineering and Management
• /
• v.17 no.6
• /
• pp.24-30
• /
• 2016

Building Information Modeling, and its associated work practices, requires project participants to share not only 3D geometric data, but also information in the model that may be considered proprietary and even trade secrets. Thus protection of intellectual property, or BIM copyrights, must be in place for participants to share proprietary information among project stakeholders. Currently Korea does not have adequate copyright laws or mechanisms to provide such protection. This research examined three BIM copyright legal documents, namely U.S.' ConsensusDOCS 301, AIA Document E203/G202, and U.K.'s CIC BIM Protocol to determine how copyright protection is realized, and to formulate appropriate stipulations within the Korean construction context. The resultant requirements include stipulating ownership at to the BIM originator, adopting a license-sublicense scheme, employing a federated model, and use of a formal model delivey table to allocate responsibilities. Given Korea's adoption stage, liability should be minimal, and license revocation should be allowed if payments are not met. The three BIM legal documents focus on practical measures that allow participants to customize requirements for individual projects, and such conventions should be emulated in Korea.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.9
• /
• pp.337-346
• /
• 2015

There is great need for efficient user rights management method to provide a flexible service on variety protocols, domains, applications of IoT environments. In this paper, we propose a IoT service platform with CapSG to provide efficient access control for IoT various services of the environment. CapSG uses a token including authentication and access rights to perform authentication and access control service entity providing services. In addition, the generated token for service management, delegation, revocation, and provides a function such as denied. Also, it provides functions such as generation, delegation, disposal and rejection for service token management. In this paper, it provides the flexibility and efficiency of the access control for various services require of the IoT because of it is available to access control specific domain service by using the token group for each domain and is designed to access control using specific service token of tokens group.

• Journal of the Korea Convergence Society
• /
• v.9 no.8
• /
• pp.41-46
• /
• 2018

As the industry related to drones has been activated, the public interest in drones has increased explosively, and many cases of drone-using are increasing. In the case of military drones, the security problem is the level of defense of the aircraft or cruise missiles, but commercial small and low cost drones are often released and utilized without security count-measure. This makes it possible for an attacker to easily gain access to the root of the drones, access internal files, or send fake packets. However, this droning problem can lead to another dangerous attack. In this regard, this paper has identified the vulnerabilities inherent in the commercial drones by analyzing the attack cases in the communication process of the specific drones. In this paper, we analyze and test the vulnerability in terms of scanning attack, meson attack, authentication revocation attack, packet stop command attack, packet retransmission attack, signal manipulation and de-compile attack. This study is useful for the analysis of drones attack and vulnerability.

• Journal of Korea Multimedia Society
• /
• v.8 no.7
• /
• pp.974-987
• /
• 2005

As the ad hoc networks have been received a great deal of attention to not only the military but also the industry applications, some security mechanisms are required for implementing a practical ad hoc application. In this paper, we propose a security architecture in ad hoc networks for the purpose of supporting ID-based public key cryptosystems because of the advantage that ID-based schemes require less complex infrastructure compared with the traditional public key cryptosystems. We assume a trusted key generation center which only issues a private key derived from IDs of every nodes in the system setup phase, and use NIL(Node ID List) and NRL(Node Revocation List) in order to distribute the information about IDs used as public keys in our system. Furthermore, we propose a collaborative status checking mechanism that is performed by nodes themselves not by a central server in ad-hoc network to check the validity of the IDs.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.67
• /
• pp.23-47
• /
• 2015

European Commission drafted and proposed the Common European Sales Law(CESL) to the European Parliament for the realization of a uniform set of international private law rules within the EU internal market. Since its purpose is for free international commercial activities for the sale of goods, for the supply of digital content and for related services, it was proposed to enable EU Member States to adopt or supplement as their substantive law according to their options. This study is relate to the legal bases on termination of a contract under CESL, they are composed of three parts: damages and interest, restitution and prescription. Damages and interest are divided into damages, general provisions on interest on late payments, and late payment by traders. Damages are explained by dividing into right to damages, general measure of damages, foreseeability of loss, loss attributable to creditor, reduction of loss, substitute transaction, and current price. Restitution is described by dividing into restitution on revocation, payment for monetary value, payment for use and interest on money received, compensation for expenditure and equitable modification. Prescription is explained by dividing into general provisions, periods of prescription and their commencement and extension of periods of prescription. General provisions explain right subject to prescription into a right to enforce performance of an obligation and any right ancillary to such a right. Regarding period of prescription, the short one is two years and the long one is ten years. However, in the case of a right to damages for personal injuries, period of prescription for such right is thirty years. Regarding commencement, the short one begins to run from the time when the creditor has become, or could be expected to have become, aware of the facts as a result of which the right can be exercised, while the long one begins to run from the time when the debtor has to perform. However, in the case of a right to damages, the CESL clarifies that it begins to run from the time of the act which gives rise the right.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.439-448
• /
• 2015

IoT (Internet of Things) propels current networked communities into a advanced hyper-connected society/world where uniquely identifiable embedded computing devices are associated with the existing internet infrastructure. Therefore, the IoT services go beyond mere M2M (Machine-to-Machine communications) and should be able to empower users with more flexible communication capabilities over protocols, domains, and applications. In addition, The access control in IoT need a differentiated methods from the traditional access control to increase a security and dependability. In this paper, we describe implementation and design of the capability token based system for secure access control in IoT environments. In the proposed system, Authorities are symbolized into concepts of the capability tokens, and the access control systems manage the tokens, creation, (re)delegation and revocation. The proposed system is expected to decrease the process time of access control by using capability tokens.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.599-606
• /
• 2009

For many mission-critical related wireless sensor network applications such as military and homeland security, user's access restriction is necessary to be enforced by access control mechanisms for different access rights. Public key-based access control schemes are more attractive than symmetric-key based approaches due to high scalability, low memory requirement, easy key-addition/revocation for a new node, and no key predistribution requirement. Although Wang et al. recently introduced a promising access control scheme based on elliptic curve cryptography (ECC), it is still burdensome for sensors and has several security limitations (it does not provide mutual authentication and is strictly vulnerable to denial-of-service (DoS) attacks). This paper presents an energy-efficient access control scheme based on ECC to overcome these problems and more importantly to provide dominant energy-efficiency. Through analysis and simulation based evaluations, we show that the proposed scheme overcomes the security problems and has far better energy-efficiency compared to current scheme proposed byWang et al.

• The KIPS Transactions:PartD
• /
• v.14D no.4 s.114
• /
• pp.373-380
• /
• 2007

Ubiquitous electronic commerce can offer anytime, anywhere access to network and exchange convenient informations between individual and group, or between group and group. To use secure ubiquitous electronic commerce, it is essential for users to have digital signature with the properties of integrity and authentication. The digital signature for ubiquitous networks is required neither a trusted group manager, nor a setup procedure, nor a revocation procedure etc. because ubiquitous networks can construct or deconstruct groups anytime, anwhere as occasion demands. Therefore, this paper proposes a threshold ring signature as digital signature for secure ubiquitous electronic commerce using the ring signature without forgery (integrity) and the (n,t) ring signature solving the problem cannot prove the fact which a message is signed by other signer. Thus the proposed threshold ring signature is ubiquitous group signature for the next generation.