• ETRI Journal
• /
• v.43 no.2
• /
• pp.357-370
• /
• 2021

The evolution of blockchain-based systems has enabled researchers to develop nextgeneration e-voting systems. However, the classical consensus method of blockchain, that is, Proof-of-Work, as implemented in Bitcoin, has a significant impact on energy consumption and compromises the scalability, efficiency, and latency of the system. In this paper, we propose a hybrid consensus model (PSC-Bchain) composed of Proof of Credibility and Proof of Stake that work mutually to address the aforementioned problems to secure e-voting systems. Smart contracts are used to provide a trustworthy public bulletin board and a secure computing environment to ensure the accuracy of the ballot outcome. We combine a sharding mechanism with the PSC-Bchain hybrid approach to emphasize security, thus enhancing the scalability and performance of the blockchain-based e-voting system. Furthermore, we compare and discuss the execution of attacks on the classical blockchain and our proposed hybrid blockchain, and analyze the security. Our experiments yielded new observations on the overall security, performance, and scalability of blockchain-based e-voting systems.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.65-74
• /
• 2021

Digital image processing and retrieving have increasingly become very popular on the Internet and getting more attention from various multimedia fields. That results in additional privacy requirements placed on efficient image matching techniques in various applications. Hence, several searching methods have been developed when confidential images are used in image matching between pairs of security agencies, most of these search methods either limited by its cost or precision. This study proposes a secure and efficient method that preserves image privacy and confidentially between two communicating parties. To retrieve an image, feature vector is extracted from the given query image, and then the similarities with the stored database images features vector are calculated to retrieve the matched images based on an indexing scheme and matching strategy. We used a secure content-based image retrieval features detector algorithm called Speeded-Up Robust Features (SURF) algorithm over public cloud to extract the features and the Honey Encryption algorithm. The purpose of using the encrypted images database is to provide an accurate searching through encrypted documents without needing decryption. Progress in this area helps protect the privacy of sensitive data stored on the cloud. The experimental results (conducted on a well-known image-set) show that the performance of the proposed methodology achieved a noticeable enhancement level in terms of precision, recall, F-Measure, and execution time.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.95-102
• /
• 2024

In distributed computing, accessible encryption strategy over Auditable data is a hot research field. Be that as it may, most existing system on encoded look and auditable over outsourced cloud information and disregard customized seek goal. Distributed storage space get to manage is imperative for the security of given information, where information security is executed just for the encoded content. It is a smaller amount secure in light of the fact that the Intruder has been endeavored to separate the scrambled records or Information. To determine this issue we have actualize (CBC) figure piece fastening. It is tied in with adding XOR each plaintext piece to the figure content square that was already delivered. We propose a novel heterogeneous structure to evaluate the issue of single-point execution bottleneck and give a more proficient access control plot with a reviewing component. In the interim, in our plan, a CA (Central Authority) is acquainted with create mystery keys for authenticity confirmed clients. Not at all like other multi specialist get to control plots, each of the experts in our plan deals with the entire trait set independently. Keywords: Cloud storage, Access control, Auditing, CBC.

• Journal of Information Processing Systems
• /
• v.3 no.2
• /
• pp.43-53
• /
• 2007

The use of agent paradigm in today's applications is hampered by the security concerns of agents and hosts alike. The agents require the presence of a secure and trusted execution environment; while hosts aim at preventing the execution of potentially malicious code. In general, hosts support the migration of agents through the provision of an agent server and managing the activities of arriving agents on the host. Numerous studies have been conducted to address the security concerns present in the mobile agent paradigm with a strong focus on the theoretical aspect of the problem. Various proposals in Intrusion Detection Systems aim at securing hosts in traditional client-server execution environments. The use of such proposals to address the security of agent hosts is not desirable since migrating agents typically execute on hosts as a separate thread of the agent server process. Agent servers are open to the execution of virtually any migrating agent; thus the intent or tasks of such agents cannot be known a priori. It is also conceivable that migrating agents may wish to hide their intentions from agent servers. In light of these observations, this work attempts to bridge the gap from theory to practice by analyzing the security mechanisms available in Aglet. We lay the foundation for implementation of application specific protocols dotted with access control, secured communication and ability to detect tampering of agent data. As agents exists in a distributed environment, our proposal also introduces a novel security framework to address the security concerns of hosts through collaboration and pattern matching even in the presence of differing views of the system. The introduced framework has been implemented on the Aglet platform and evaluated in terms of accuracy, false positive, and false negative rates along with its performance strain on the system.

• The Journal of the Korea Contents Association
• /
• v.20 no.2
• /
• pp.15-26
• /
• 2020

Secure boot is security technology that verifies the integrity of the computer system in boot stage and controls the boot process accordingly. The computer system can establish a secure execution environment from the threat of various malwares by security boot and also supports the recovery when system in emergency case. Recently, Secure boot has been adopted by various modern computer manufacturers to protect users' information from hacker attacks and to prevent abuse of their products by malicious users. In this paper, we classify security boot developed by various companies and organizations by platform, and analyze the design and development purpose of each security boot and investigate the limitation of design. It can be used as a reference for system security designers in various information of security boot development method and security design of system.

• Journal of Digital Convergence
• /
• v.14 no.11
• /
• pp.501-505
• /
• 2016

Recently, the frequency of dealing important information regarding financial services like paying through smart device or internet banking on smart device has been increasing. Also, with the development of smart device execution environment towards open software environment, it became easier for users to download and use random application software, and its security aspect appears to be weakening. This study inspects features of hardware-based smart device security technology. Furthermore, this study proposes a realization method in MTM hardware-based secure smart device execution environment for an application software that runs in smart devices. While existing MTM provides the root of trust function only for the mobile device, the MTM-based mobile security environment technology proposed in this paper can provide numerous security functions that application program needs in mobile device. The further researches on IoT devices that are compatible with security hardware, gateway security technology and methods that secure reliability and security applicable to varied IoT devices by advancing security hardware are the next plan to proceed.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.4
• /
• pp.7-18
• /
• 2017

Electrical energy is one of the most important energy sources in modern society. Therefore, it is very important to control the supply and demand of electric power. However, the power consumption data needed to predict power demand may include the information about the private behavior of an individual, the analysis of which may raise privacy issues. In this paper, we propose a secure power demand forecasting method where regression analyses on power consumption data are conducted in a trusted execution environment provided by Intel SGX, keeping the power usage pattern of users private. We performed experiments using various regression equations and selected an equation which has the least error rate. We show that the average error rate of the proposed method is lower than those of the previous forecasting methods with privacy protection functionality.

• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.163-178
• /
• 2014

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.943-949
• /
• 2017

Cryptography implementation over lightweight Internet of Things (IoT) device needs to provide an accurate and fast execution for high service availability. However, adversaries can extract the secret information from the lightweight device by analyzing the unique features of computation in the device. In particular, modern ARM Cortex-M3 processors perform the multiplication in different execution timings when the input values are varied. In this paper, we analyze previous multiplication methods over ARM Cortex-M3 and provide optimized techniques to accelerate the performance. The proposed method successfully accelerates the performance by up-to 28.4% than previous works.

• Journal of Korean Society for Quality Management
• /
• v.45 no.1
• /
• pp.1-10
• /
• 2017

Purpose: Most enterprises adopt six sigma acts to maximize the business performance with raising the executiveness for the project improvements in each parts. But there are little studies about six sigma actual operations in manufacturing whether the six sigma improvements that have injected a lot of budget, efforts, labours and time are run properly. Methods: This study select 31 interviewees who have MBB or BB from 5 large enterprises running six sigma over 10 years and 5 SMEs running six sigma over 5 years to understand and review the operational status of six sigma actions in manufacturing industry and to secure representativeness. This study identify the operational status of six sigma actions and key factors enhancing or impeding execution of six sigma projects through face-to-face interviews and online surveys by e-mail. Results: This study figured out the operational status of six sigma actions and key factors enhancing or impeding execution of six sigma projects. We used SPSS 16.0 for the reliability and the validity of survey data. Conclusion: There can be a lot of different factors that affect six sigma project improvements besides the key factors from this study. More study need to think of the organization characteristics and the basic conditions and to remedy the unreasonable points and defects rather than following foreign companies and enterprises.