• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1996.11a
• /
• pp.205-218
• /
• 1996

World Wide Web(WWW) has a lot of useful charaters. Easiness of use, multi-media data supporting and interactive communication capability are typical reasons why people want to use WWW. But because WWW is based on Internet, it has some security problems which originate in plain format data transmission on physical transmission line. The unique solution fer this problems is data encryption. Since theoritically proved encryption algorithms ensure data confidentiality, a unauthorized user can not know what is transmitted on network. In this paper, we propose a cryptography system which uses public key system. In detail, our public key based web security mechanism is using PGP module. PGP is a e-mail security system implemented by Phil Zimmermann. The basic idea of our propose is data encryption and integrity checking for all data which is transmitted on Web. To implement these facilities, we. use netscape browser extension technology, plug-in. Through these technology, security mechanisms are added on netscape browser.

• Journal of Information Processing Systems
• /
• v.3 no.2
• /
• pp.43-53
• /
• 2007

The use of agent paradigm in today's applications is hampered by the security concerns of agents and hosts alike. The agents require the presence of a secure and trusted execution environment; while hosts aim at preventing the execution of potentially malicious code. In general, hosts support the migration of agents through the provision of an agent server and managing the activities of arriving agents on the host. Numerous studies have been conducted to address the security concerns present in the mobile agent paradigm with a strong focus on the theoretical aspect of the problem. Various proposals in Intrusion Detection Systems aim at securing hosts in traditional client-server execution environments. The use of such proposals to address the security of agent hosts is not desirable since migrating agents typically execute on hosts as a separate thread of the agent server process. Agent servers are open to the execution of virtually any migrating agent; thus the intent or tasks of such agents cannot be known a priori. It is also conceivable that migrating agents may wish to hide their intentions from agent servers. In light of these observations, this work attempts to bridge the gap from theory to practice by analyzing the security mechanisms available in Aglet. We lay the foundation for implementation of application specific protocols dotted with access control, secured communication and ability to detect tampering of agent data. As agents exists in a distributed environment, our proposal also introduces a novel security framework to address the security concerns of hosts through collaboration and pattern matching even in the presence of differing views of the system. The introduced framework has been implemented on the Aglet platform and evaluated in terms of accuracy, false positive, and false negative rates along with its performance strain on the system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.331-337
• /
• 2014

Paradigm shift to cloud computing has increased the importance of security. Even though public cloud computing providers such as Amazon, already provides security related service like firewall and identity management services, it is not suitable to protect data in cloud environments. Because in public cloud computing environments do not allow to use client's own security solution nor equipments. In this environments, user are supposed to do something to enhance security by their hands, so the needs of visualized security management arises. To implement visualized security management, developing near realtime data handling & packet classification mechanisms are crucial. The key technical challenges in packet classification is how to classify packet in the manner of unsupervised way without human interactions. To achieve the goal, this paper presents automated packet classification mechanism based on naive-bayesian and packet Chunking techniques, which can identify signature and does machine learning by itself without human intervention.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.91-101
• /
• 2005

Although the studies on the analysis and classification of source-level vulnerabilities in operating systems are not direct and positive solutions to the exploits with which the host systems are attacked, It is important in that those studies can give elementary technologies in the development of security mechanisms. But, whereas Linux systems are widely used in Internet and intra-net environments recently, the information on the basic and fundamental vulnerabilities inherent in Linux systems has not been studied enough. In this paper, we propose characteristic classification and correlational analyses on the source-level vulnerabilities in Linux kernel that are opened to the public and listed in the SecurityFocus site for 6 years from 1999 to 2004. This study may contribute to expect the types of attacks, analyze the characteristics of the attacks abusing vulnerabilities, and verify the modules of the kernel that have critical vulnerabilities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.39-52
• /
• 2006

Recently purpose is used by an crucial part to security management when collecting data about privacy. The W3C(World Wide Web Consortium) describes a standard spec to control personal data that is provided by data providers who visit the web site. But they don't say anymore about security management about personal data in transit after data collection. Recently several researches, such as Hippocratic Databases, Purpose Based Access Control and Hippocratic in Databases, are dealing with security management using purpose concept and access control mechanism after data collection a W3C's standard spec about data collection mechanism but they couldn't suggest an efficient mechanism for privacy protection about personal data because they couldn't represent purpose expression and management of purposes sufficiently. In this paper we suggest a mechanism to improve the purpose expression. And then we suggest an accesscontrol mechanism that is under least privilege principle using the purpose classification for privacy protection. We classify purpose into Along purpose structure, Inheritance purpose structure and Stream purpose structure. We suggest different mechanisms to deal with then We use the role hierarchy structure of RBAC(Role-Based Access Control) for flexibility about access control and suggest mechanisms that provide the least privilege for processing the task in case that is satisfying using several features of purpose to get least privilege of a task that is a nit of business process.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.109-119
• /
• 2020

The FPGAs are semiconductors that can be redesigned after initial fabrication. It is used in various embedded systems such as signal processing, automotive industry, defense and military systems. However, as the complexity of hardware design increases and the design and manufacturing process globalizes, there is a growing concern about hardware trojan inserted into hardware. Many detection methods have been proposed to mitigate this threat. However, existing methods are mostly targeted at IC chips, therefore it is difficult to apply to FPGAs that have different components from IC chips, and there are few detection studies targeting FPGA chips. In this paper, we propose a method to detect hardware trojan by learning the static features of hardware trojan in LUT-level netlist of FPGA using machine learning.

• Journal of Internet Computing and Services
• /
• v.15 no.2
• /
• pp.129-142
• /
• 2014

Latest in Smart Grid projects are emerging as the biggest issue that smart meter should meet the security goal and the SW upgrade for compliance with future standard. However, unlike regular equipment, Smart meters should be designed in accordance with the regulation of legal metrology instrument in order to establish a fair trade-based business and unauthorized changes, it is not allowed and it is strictly limited by law. Therefore, this paper propose a new scheme of certification regarding type approval and verification for legal smart meter as analyzing the requirements of a smart meter regarding upgrade and security. This analysis shows that the proposed scheme comply with the regulation and the specification of smart meter by applying it to smart meter with smart card.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1069-1078
• /
• 2012

It is known that memory has been frequently a target threatening the computer system's security while attacks on the system utilizing the memory's weakness are actually increasing. Accordingly, various memory protection mechanisms have been studied on OS while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as attacks of Return to Library or Return-Oriented Programing and recently, a technique bypassing the countermeasure against Return-Oriented Programming proposed. Therefore, this paper is intended to suggest a detection mechanism at binary level by analyzing the procedure and features of Jump-Oriented Programming. In addition, we have implemented the proposed detection mechanism and experimented it may efficiently detect Jump-Oriented Programming attack.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.189-194
• /
• 2022

The formation of a new world order is primarily caused by new conditions and military operations on the European continent. The intensification of military-political tension led to the formation of new centers of power and gravity, which in turn led to the concentration of weapons and general militarization. Changes in the world order as a result of military conflicts and an increase in hot spots in the world, an increase in threats and the formation of centers of military gravity, the inability of existing institutions to resolve the situation lead to the need to develop new security mechanisms. Studies show that in the current situation, the countries of the Baltic countries are especially actively increasing their level of technologization of the army and militarization in general. The creation of any alliance is always conditioned by the presence of external threats. Naturally, the increase in the number of threats creates preconditions for the development of new forms of cooperation within existing military alliances. It seems obvious that due to the current situation in the context of the military conflict and military aggression of Russia in Ukraine, as well as its constant threats, including to the Baltic countries, there is a need to form a certain alliance that can protect the eastern border of Europe and form a certain border between European countries and aggressor countries. The Baltic countries are actively involved in these processes, in addition, it is the Baltic countries that can enter the new military alliance proposed by Britain, which will unite Poland, Ukraine, the Baltic countries and, possibly, Great Britain.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.3182-3203
• /
• 2023

With the growing adoption of cloud-based technologies, maintaining the privacy and security of cloud data has become a pressing issue. Privacy-preserving encryption schemes are a promising approach for achieving cloud data security, but they require careful design and implementation to be effective. The integrated approach to cloud data security that we suggest in this work uses CogniGate: the orchestrated permissions protocol, index trees, blockchain key management, and unique Opacus encryption. Opacus encryption is a novel homomorphic encryption scheme that enables computation on encrypted data, making it a powerful tool for cloud data security. CogniGate Protocol enables more flexibility and control over access to cloud data by allowing for fine-grained limitations on access depending on user parameters. Index trees provide an efficient data structure for storing and retrieving encrypted data, while blockchain key management ensures the secure and decentralized storage of encryption keys. Performance evaluation focuses on key aspects, including computation cost for the data owner, computation cost for data sharers, the average time cost of index construction, query consumption for data providers, and time cost in key generation. The results highlight that the integrated approach safeguards cloud data while preserving privacy, maintaining usability, and demonstrating high performance. In addition, we explore the role of differential privacy in our integrated approach, showing how it can be used to further enhance privacy protection without compromising performance. We also discuss the key management challenges associated with our approach and propose a novel blockchain-based key management system that leverages smart contracts and consensus mechanisms to ensure the secure and decentralized storage of encryption keys.