• Journal of the Korea Society of Computer and Information
• /
• v.10 no.2 s.34
• /
• pp.169-177
• /
• 2005

The Conditional Access System is a complete system for ensuring that broadcasting services be accessible to only those who are entitled to receive them. Secure key management and efficient delivery mechanism are very important design factors to this system. In this paper, we propose secure and efficient protocols which would be well fitted to a Pay TV system including the satellite DMB. Further. by applying our protocol to the existing conditional access system, we propose a new system that properly enables the control of conditional access to the Pay TV in satellite DMB environment.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.171-180
• /
• 2013

Data security is always an important issue. In particular, the current emerging cloud computing system inevitably raises the issue of data security. However, data security is no longer safe with a simple way, but requires rather advanced method to secure the data. In this paper, instead of exploiting the existing text-based cryptography approach an image-based access control of data content is studied to present a higher level of data security. Color key chain is generated both using histogram value of the original image, and the location information and featured color information extracted by geometric transformation to form the security key to access secure data content. Finally, the paper addresses design interface and implementation for data content access control for evaluation of the proposed scheme.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.4
• /
• pp.35-42
• /
• 2010

This paper reviews the current studies about the current secure OS, security module and SELinux, and suggests Linux access control module that uses the user discriminating authentication, security authority inheritance of subjects and objects, reference monitor and MAC class process and real-time audit trailing using DB. First, during the user authentication process, it distinguishes the access permission IP and separates the superuser(root)'s authority from that of the security manager by making the users input the security level and the protection category. Second, when the subjects have access to the objects through security authority inheritance of subjects and objects, the suggested system carries out the access control by comparing the security information of the subjects with that of the objects. Third, this system implements a Reference Monitor audit on every current events happening in the kernel. As it decides the access permission after checking the current MAC security attributes, it can block any malicious intrusion in advance. Fourth, through the real-time audit trailing system, it detects all activities in the operating system, records them in the database and offers the security manager with the related security audit data in real-time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.93-104
• /
• 2011

A conditional access system is an essential element in IPTV services enabling service providers to allow authorized access to their services only to paid subscribers. Currently, there are two types of IPTV service models, namely PPC (pay-per-channel) and PPV (pay-per-view). However, a more desirable model would be the flexible PPC model, in which subscribers are free to choose any combination of preferred channels and add/remove channels independently. In this paper, we first point out that a previously proposed key management scheme for F-PPC is not secure. We then propose a new conditional access system using 4-level key hierarchy to realize secure F-PPC services. Compared to existing schemes, the proposed system is very efficient, just requiring O(1) communication for key update.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.47-58
• /
• 2002

The access control techniques, which can control unauthorized members to access to multicast service, have not been studied very often while there are a lot of on-going study on secure multicast architecture, multicast key distribution and sender authentication scheme have been studied. Multi level access control scheme in multicast can be used in a remote secure conference or to provide graduated multimedia services to each customers. In fact, multicast network has its own virtual networks according to different security levels. However, Early schemes are not effective when it protects unauthorized access in multi-access network environment. Furthermore this scheme does not provide us with hierarchical access control mechanism. This paper, therefore, proposes hierarchical access control scheme to provide the effectiveness in network layer by security level comparison. And we also suggests hierarchical key distribution scheme for multi level access control in application layer and effective hierarchical key renewal scheme in dynamic multicast environment which is easy to join and leaving the multicast group.

• ETRI Journal
• /
• v.32 no.2
• /
• pp.204-213
• /
• 2010

In this paper, we investigate the possible security threats to downloadable conditional access system (DCAS) host devices. We then propose a DCAS secure micro (SM) and transport processor (TP) security protocol that counters identified security threats using a secure key establishment and pairing management scheme. The proposed protocol not only resists disclosed SM ID and TP ID threats and indirect connection between TA and TP threats, but also meets some desirable security attributes such as known key secrecy, perfect forward secrecy, key compromised impersonation, unknown key-share, and key control.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2117-2120
• /
• 2003

Trusted channel provides a means of secure communication and it includes security services such as confidentiality, authentication, and so on. This paper describes the implementation of trusted channel between secure operating systems that integrates access control mechanisms with FreeBSD kernel code[1]. The trusted channel we developed offers confidentiality an4 message authentication for network traffic based on the destination address. It is implemented in the kernel level of IP layer and transparent to users.

• The KIPS Transactions:PartC
• /
• v.16C no.2
• /
• pp.199-208
• /
• 2009

Recently,IP-based broadcasting systems,such as Mobile-TV and IP-TV, have been widely deployed. These systems require a security system to allow only authorized subscribers access to broadcasting services. We analyzed the Conditional Access System, which is a security system used in the IP-based Pay-TV systems. A weakness of the system is that it does not scale well when the system experiences frequent membership changes. In this paper, we propose a group key distribution protocol which overcomes the scalability problem by reducing communication and computation overheads without loss of security strength. Our experimental results show that computation delay of the proposed protocol is smaller than one of the Conditional Access System. This is attributed to the fact that the proposed protocol replaces expensive encryption and decryption with relatively inexpensive arithmetic operations. In addition, the proposed protocol can help to set up a secure channel between a server and a client with the minimum additional overhead.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 1999.11a
• /
• pp.438-442
• /
• 1999

More and more residential and mobile users are requiring access to the Internet. This paper presents an architecture of the network solution for cost-effective Internet/intranet access between users and Network Service Providers(NSPs). It also presents a functional architecture of Internet access router in the integrated access node system. The proposed Internet access router provides the functionality that users select any of a number of NSPs and mutiple user PPP calls are multiplexed over each secure tunnel between the Internet access router and NSP.

• Journal of Information Processing Systems
• /
• v.15 no.3
• /
• pp.538-549
• /
• 2019

Cloud computing is the concept of providing information technology services on the Internet, such as software, hardware, networking, and storage. These services can be accessed anywhere at any time on a pay-per-use basis. However, storing data on servers is a challenging aspect of cloud computing. This paper utilizes cryptography and access control to ensure the confidentiality, integrity, and proper control of access to sensitive data. We propose a model that can protect data in cloud computing. Our model is designed by using an enhanced RSA encryption algorithm and a combination of role-based access control model with extensible access control markup language (XACML) to facilitate security and allow data access. This paper proposes a model that uses cryptography concepts to store data in cloud computing and allows data access through the access control model with minimum time and cost for encryption and decryption.