• 디지털콘텐츠학회 논문지
• /
• 제19권4호
• /
• pp.639-647
• /
• 2018

3GPP 5G 시스템은 서로 다른 액세스 네트워크를 하나의 인터페이스로 수용하는 Common Core (코어) 네트워크 구조를 지향하고 있으며, 이를 기반으로 한 3GPP 5G 시스템 Phase 1 (Release 15) 규격에서는 Untrusted Non-3GPP 액세스를 3GPP 액세스와 동일한 인터페이스로 코어 네트워크와 연결되는 하나의 액세스 네트워크로 수용하고 있다. Untrusted Non-3GPP 액세스를 수용하기 위하여, 3GPP 5G 시스템은 RAN 위치에 N3IWF (Non-3GPP Inter-Working Function)을 두고 UE와 코어 네트워크 간의 인터페이스를 지원하며, Trusted Non-3GPP 액세스 네트워크의 수용은 Release 16를 목표로 하고 있다. 본 논문에서는 3GPP 5G 시스템에서 Trusted Non-3GPP 액세스를 수용하기 위한 네트워크 구조 및 시그널링, 각 기능 구조 등의 설계 방안을 제안하고, 이를 기반으로 구현한 5G 시스템의 동작 결과를 보여준다. 제안된 방식은 N3IWF가 Untrusted/Trusted 액세스 네트워크를 모두 수용할 수 있도록 설계되었고, Untrusted/Trusted와 같이 서로 다른 종류의 Non-3GPP 액세스를 수용하더라도 N3IWF의 기능은 동일하다는 장점이 있다. 구현된 시스템 결과물은 3GPP 5G 시스템 Phase 1 구조를 그대로 수용하며 Trusted Non-3GPP 액세스 네트워크를 위한 별도의 추가기능 없이도, 액세스 독립적인 인터페이스를 코어 네트워크로 제공할 수 가능성을 보여준다.

• IEIE Transactions on Smart Processing and Computing
• /
• 제2권5호
• /
• pp.282-296
• /
• 2013

With the emergence of cloud computing, more and more sensitive user data are outsourced to remote storage servers. The privacy of users' access pattern to the data should be protected to prevent un-trusted storage servers from inferring users' private information or launching stealthy attacks. Meanwhile, the privacy protection schemes should be efficient as cloud users often use thin client devices to access the data. In this paper, we propose a lightweight scheme to protect the privacy of data access pattern. Comparing with existing state-of-the-art solutions, our scheme incurs less communication and computational overhead, requires significantly less storage space at the user side, while consuming similar storage space at the server. Rigorous proofs and extensive evaluations have been conducted to show that the proposed scheme can hide the data access pattern effectively in the long run after a reasonable number of accesses have been made.

• Asian Pacific Journal of Cancer Prevention
• /
• 제15권15호
• /
• pp.6171-6176
• /
• 2014

Background: In order to design effective educational intervention for cancer survivors, it is necessary to identify most-trusted sources for health-related information and the amount of attention paid to each source. Objective: The objective of our study was to explore the sources of health information used by cancer survivors according to their access to the internet and levels of trust in and attention to those information sources. Materials and Methods: We analyzed sources of health information among cancer survivors using selected questions adapted from the 2012 Health Information National Trends Survey (HINTS). Results: Of 357 participants, 239 (67%) had internet access (online survivors) while 118 (33%) did not (offline survivors). Online survivors were younger (p<0.001), more educated (p<0.001), more non-Hispanic whites (p<0.001), had higher income (p<0.001), had more populated households (p<0.001) and better quality of life (p<0.001) compared to offline survivors. Prevalence of some disabilities was higher among offline survivors including serious difficulties with walking or climbing stairs (p<0.001), being blind or having severe visual impairment (p=0.001), problems with making decisions (p<0.001), doing errands alone (p=0.001) and dressing or bathing (p=0.001). After adjusting for socio-demographic status, cancer survivors who were non-Hispanic whites (OR= 3.49, p<0.01), younger (OR=4.10, p<0.01), more educated (OR= 2.29, p=0.02), with greater income (OR=4.43, p<0.01), and with very good to excellent quality of life (OR=2.60, p=0.01) had higher probability of having access to the internet, while those living in Midwest were less likely to have access (OR= 0.177, p<0.01). Doctors (95.5%) were the most and radio (27.8%) was the least trusted health related information source among all cancer survivors. Online survivors trusted internet much more compared to those without access (p<0.001) while offline cancer survivors trusted health-related information from religious groups and radio more than those with internet access (p<0.001 and p=0.008). Cancer survivors paid the most attention to health information on newsletters (63.8%) and internet (60.2%) and the least to radio (19.6%). More online survivors paid attention to internet than those without access (68.5% vs 39.1%, p<0.001) while more offline survivors paid attention to radio compared to those with access (26.8% vs 16.5%, p=0.03). Conclusions: Our findings emphasize the importance of improving the access and empowering the different sources of information. Considering that the internet and web technologies are continuing to develop, more attention should be paid to improve access to the internet, provide guidance and maintain the quality of accredited health information websites. Those without internet access should continue to receive health-related information via their most trusted sources.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2003년도 춘계학술발표논문집 (하)
• /
• pp.2117-2120
• /
• 2003

Trusted channel provides a means of secure communication and it includes security services such as confidentiality, authentication, and so on. This paper describes the implementation of trusted channel between secure operating systems that integrates access control mechanisms with FreeBSD kernel code[1]. The trusted channel we developed offers confidentiality an4 message authentication for network traffic based on the destination address. It is implemented in the kernel level of IP layer and transparent to users.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2003년도 ICCAS
• /
• pp.2097-2100
• /
• 2003

Many studies have been done on secure operating system using secure kernel that has various access control policies for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policies like DAC(Discretionary Access Control), MAC(Mandatory Access Control), RBAC(Role Based Access Control), and so on. But, even if secure operating system is running under various access control policies, network traffic among these secure operating systems can be captured and exposed easily by network monitoring tools like packet sniffer if there is no protection policy for network traffic among secure operating systems. For this reason, protection for data within network traffic is as important as protection for data within local system. In this paper, we propose a secure operating system trusted channel, SOSTC, as a prototype of a simple secure network protocol that can protect network traffic among secure operating systems and can transfer security information of the subject. It is significant that SOSTC can be used to extend a security range of secure operating system to the network environment.

• 정보보호학회논문지
• /
• 제14권3호
• /
• pp.3-12
• /
• 2004

보안운영체제는 운영체제에 내재된 보안상의 결함으로 인하여 발생할 수 있는 각종 해킹으로부터 시스템을 보호하기 위해서 기존 운영체제에 다양한 보안기능을 추가한 운영체제이다. 보안운영체제는 시스템 보안을 목적으로 고안되었으나 전체 시스템의 안전을 위해서는 네트워크 측면에서의 보안이 필수적이다. 이를 위해서 IPsec이나 SSL과 같은 네트워크 보안 프로토콜들이 개발되어 사용되고 있으나 정책이나 키 관리에 많은 주의를 필요로 하고 보안운영체제의 특성을 반영하기 어렵다. 본 논문에서는 보안운영체제 사이에서 안전한 통신을 제공하기 위한 간단한 신뢰채널 메커니즘을 소개한다. 본 신뢰채널은 네트워크 트래픽에 대해 기밀성과 인증 서비스를 제공하며, 보안운영체제에 사용되는 특정 보안정보를 전달할 수 있는 구조를 가진다. IP 계층의 커널 수준에서 구현된 신뢰채널은 단순한 처리구조를 통하여 신뢰채널 처리과정에서 발생할 수 있는 오버헤드를 줄일 수 있다.

• 한국차세대컴퓨팅학회논문지
• /
• 제13권2호
• /
• pp.7-17
• /
• 2017

본 논문에서는 TPM(Trusted Platform Module) 기반의 개인정보보호 자동화 시스템, TPS(TPM-enhanced Privacy Protection System)를 제안한다. TPS는 클라이언트 내 저장된 문서 중 개인정보를 포함하는 문서를 주기적으로 탐지하고 개인정보가 탐지된 문서를 암호화하여 서버에서 이를 관리하도록 하는데, TPM 기반의 키 관리기법 및 클라이언트 시스템의 무결성 검증을 통해 비정상 상태의 클라이언트에 대한 개인정보 포함 문서의 열람을 제한하여 보안성을 높였다. 또한 개인정보가 포함된 문서가 암호화 되어 원격 서버에 저장이 되나, 사용자에게는 일반 문서 접근과 동일한 사용자 인터페이스를 제공하기 위한 VTF(Virtual Trusted File) 인터페이스를 제안하고 이를 구현하였다. 이를 통해 TPS는 개인정보 탐지, 암호화, 원격 서버로의 저장까지의 일련의 과정을 자동 수행하도록 하여 사용자 관점에서의 개입 없이 개인정보보호법을 준수를 자동화 하는 시스템을 구현하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권9호
• /
• pp.2405-2423
• /
• 2012

In a traditional Single Sign-On (SSO) scheme, the user and the Service Providers (SPs) have given their trust to the Identity Provider (IdP) or Authentication Service Provider (ASP) for the authentication and correct assertion. However, we still need a better solution for the local/native true SSO to gain user confidence, whereby the trusted entity must play the role of the ASP between distinct SPs. This technical gap has been filled by Trusted Computing (TC), where the remote attestation approach introduced by the Trusted Computing Group (TCG) is to attest whether the remote platform integrity is indeed trusted or not. In this paper, we demonstrate a Trustworthy Mutual Attestation (TMutualA) protocol as a proof of concept implementation for a local true SSO using the Integrity Measurement Architecture (IMA) with the Trusted Platform Module (TPM). In our proposed protocol, firstly, the user and SP platform integrity are checked (i.e., hardware and software integrity state verification) before allowing access to a protected resource sited at the SP and releasing a user authentication token to the SP. We evaluated the performance of the proposed TMutualA protocol, in particular, the client and server attestation time and the round trip of the mutual attestation time.

• Journal of Computing Science and Engineering
• /
• 제5권4호
• /
• pp.331-337
• /
• 2011

Recently, Virtual Desktop Infrastructure (VDI) has been widely adopted to ensure secure protection of enterprise data and provide users with a centrally managed execution environment. However, user experiences may be restricted due to the limited functionalities of thin clients in VDI. If thick client devices like laptops are used, then data leakage may be possible due to malicious software installed in thick client mobile devices. In this paper, we present Data Firewall, a security framework to manage and protect security-sensitive data in thick client mobile devices. Data Firewall consists of three components: Virtual Machine (VM) image management, client VM integrity attestation, and key management for Protected Storage. There are two types of execution VMs managed by Data Firewall: Normal VM and Secure VM. In Normal VM, a user can execute any applications installed in the laptop in the same manner as before. A user can access security-sensitive data only in the Secure VM, for which the integrity should be checked prior to access being granted. All the security-sensitive data are stored in the space called Protected Storage for which the access keys are managed by Data Firewall. Key management and exchange between client and server are handled via Trusted Platform Module (TPM) in the framework. We have analyzed the security characteristics and built a prototype to show the performance overhead of the proposed framework.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권1호
• /
• pp.302-322
• /
• 2021

In the system of ciphertext policy attribute-based encryption (CP-ABE), only when the attributes of data user meets the access structure established by the encrypter, the data user can perform decryption operation. So CP-ABE has been widely used in personal health record system (PHR). However, the problem of key abuse consists in the CP-ABE system. The semi-trusted authority or the authorized user to access the system may disclose the key because of personal interests, resulting in illegal users accessing the system. Consequently, aiming at two kinds of existing key abuse problems: (1) semi-trusted authority redistributes keys to unauthorized users, (2) authorized users disclose keys to unauthorized users, we put forward a CP-ABE scheme that has authority accountability, user traceability and supports arbitrary monotonous access structures. Specifically, we employ an auditor to make a fair ruling on the malicious behavior of users. Besides, to solve the problem of user leaving from the system, we use an indirect revocation method based on trust tree to implement user revocation. Compared with other existing schemes, we found that our solution achieved user revocation at an acceptable time cost. In addition, our scheme is proved to be fully secure in the standard model.