• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.45-52
• /
• 2003

정보통신기술의 발달로 인터넷상의 PKC를 사용한 전자거래가 활성화되었다. 이에 따라 실질적으로 Web Server나 Database Server에 접속하기 위한 접근통제의 방안으로 속성인증서에 대한 연구도 활발히 진행되고 있다. 그러나 현재 제안되고 있는 CRL(Certificate Revocation List) 및 OCSP를 이용한 공개키인증서 검증방법은 속성인증서의 인증상태확인과 적용시킬 수 없다. 따라서 본 논문에서는 기존의 공개키인증서 검증방법인 OCSP 방법에 속성인증서 검증방법을 포함시킴으로서, 공개키인증서와 속성인증서간의 동기문제를 해결하고자 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.7
• /
• pp.2719-2735
• /
• 2015

In the cloud environment, users pay more attentions to their data security since all of them are stored in the cloud server. Researchers have proposed many mutual authentication schemes for the access control of the cloud server by using the smart card to protect the sensitive data. However, few of them can resist from the smart card lost problem and provide both of the forward security and the backward security. In this paper, we propose a novel authentication scheme for cloud computing which can address these problems and also provide the anonymity for the user. The trick we use is using the password, the smart card and the public key technique to protect the processes of the user's authentication and key exchange. Under the Elliptic Curve Diffie-Hellman (ECDH) assumption, it is provably secure in the random oracle model. Compared with the existing smart card based authentication schemes in the cloud computing, the proposed scheme can provide better security degree.

• Journal of Information Processing Systems
• /
• v.3 no.2
• /
• pp.43-53
• /
• 2007

The use of agent paradigm in today's applications is hampered by the security concerns of agents and hosts alike. The agents require the presence of a secure and trusted execution environment; while hosts aim at preventing the execution of potentially malicious code. In general, hosts support the migration of agents through the provision of an agent server and managing the activities of arriving agents on the host. Numerous studies have been conducted to address the security concerns present in the mobile agent paradigm with a strong focus on the theoretical aspect of the problem. Various proposals in Intrusion Detection Systems aim at securing hosts in traditional client-server execution environments. The use of such proposals to address the security of agent hosts is not desirable since migrating agents typically execute on hosts as a separate thread of the agent server process. Agent servers are open to the execution of virtually any migrating agent; thus the intent or tasks of such agents cannot be known a priori. It is also conceivable that migrating agents may wish to hide their intentions from agent servers. In light of these observations, this work attempts to bridge the gap from theory to practice by analyzing the security mechanisms available in Aglet. We lay the foundation for implementation of application specific protocols dotted with access control, secured communication and ability to detect tampering of agent data. As agents exists in a distributed environment, our proposal also introduces a novel security framework to address the security concerns of hosts through collaboration and pattern matching even in the presence of differing views of the system. The introduced framework has been implemented on the Aglet platform and evaluated in terms of accuracy, false positive, and false negative rates along with its performance strain on the system.

• Journal of Advanced Marine Engineering and Technology
• /
• v.38 no.4
• /
• pp.430-436
• /
• 2014

This paper relates to the study about the street security light management system. The purpose of the wireless remote management system is to manage street security lights efficiently. The system is composed of three components like light controller, CDMA gateway and web based remote management server. The zigbee solution is adopted to make local wireless network between street security lights. The CDMA network is used for the wireless communication between street security light controller and the remote control center. The gateway to interconnect zigbee network and CDMA was designed with low power 32 bits Cortex M3 micro-controller. For the data communication between the management server and the gateway, SMS and socket based TCP streaming is used. The management server sends SMS to the gateway to deliver light control and management requests, and the gateway replies with the light controllers report via TCP streaming. By using both SMS and TCP streaming communication, it was verified that simple cost effective management is possible for street security lights. We tried real test for 95 street security lights in real environment during two months and analyzed the practical possibility for mass supply.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.223-232
• /
• 2017

Previous research on data recovery in Microsoft SQL Server has focused on restoring data based on in the transaction log that might have deleted records exist. However, there was a limit that was not applicable if the related transaction log did not exist or the physical database file was not connected to Server. Since the suspect in the crime scene may delete the data records using a different deletion statements besides "delete", we need to check the remaining data and a recovery possibility of the deleted record. In this paper, we examined the changes "Page Allocation information" of the table, "Unallocation deleted data", "Row Offset Array" in the page according to "delete", "truncate" and "drop" events. Finally it confirmed the possibility of data recovery and availability of management tools in Microsoft SQL Server digital forensic investigation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.954-955
• /
• 2012

Recently as increasing the use of mobile communication devices the use of mobile readers for recognition tag attached to objects is also increasing. Accordingly, meantime, that gives rise to the vulnerability of RFID systems between reader and tag security issues, as well as security issues between the reader and the back-end server will occur. In this paper between the reader and the back-end server to security vulnerabilities efficient authentication protocol using the hash function is proposed.

• Proceedings of the IEEK Conference
• /
• 2000.07b
• /
• pp.977-981
• /
• 2000

The traditional client-server model RPC and mobile agents have been used for interprocess communication between processes in different hosts. The performances of two mechanisme were analyzed in the literature [4, 6, 9]. But the security services which extensively affect the performance of systems because of low speed have not been considered. We propose two performance models considering the security services for the RPC and the mobile agent Through the analysis of the models, we show that the execution time of the mobile agent takes less than the RPC In the environment considering security services.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.17-25
• /
• 2004

As Internet and Internet users are rapidly increasing and getting popularized in the world the existing firewall has limitations to detect attacks which exploit vulnerability of web server. And these attacks are increasing. Most of all, intrusions using web application's programming error are occupying for the most part. In this paper, we introduced real-time web-server agent which analyze web-server based log and detect web-based attacks after the analysis of the web-application's vulnerability. We propose the method using real-time agent which remove Process ID(pid) and block out attacker's If if it detects the intrusion through the decision stage after judging attack types and patterns.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.321-330
• /
• 2007

This paper proposes a two-phase server login authentication system by XML-Signature schema extension to protect server's information resources opened on network which offer various web contents. A proposed system requests and publishes XML-based certificate through on-line, registers certificate extension information provided by CA(Certification Authority) to XCMS(XML Certificate Management Server), and performs prior authentication using user's certificate password. Then, it requests certificate extension information added by user besides user's certificate password and certificate extension information registered in XCMS by using SOAP message, and performs posterior authentication by comparing these certificate extension information. As a result, a proposed system is a security reinforced system compared with existing systems.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.101-106
• /
• 2012

As the existing strategy of preventing DDoS(Distributed Denial of Service) attacks has limitations, this study is intended to suggest the more effective method of preventing DDoS attacks which reduces attack power and distributes attack targets. Currently, DDoS attacks have a wide range of targets such as individuals, businesses, labs, universities, major portal sites and financial institutions. In addition, types of attacks change from exhausting layer 3, network band to primarily targeting layer 7. In response to DDoS attacks, this study suggests how to distribute and decrease DDoS threats effectively and efficiently using Proxy Server Group and Dynamic DNS.