• International Journal of Computer Science & Network Security
• /
• 제24권10호
• /
• pp.63-70
• /
• 2024

This paper is about information technology of creation of mobile (of rapid deployment) security systems of the area perimeter. This system appears to be a complex of models and methods, information, software and hardware means that are interacted with users during decision-making and control of implementation for management solutions. The proposed information technology aimed at improving the protection level for security departments by automating the process of dangers detection for perimeters and decision-making for alarm. The structural model of the system, the model of system's components interaction and the model of identifying the subjects of emergencies threats have been proposed. A method for identifying unauthorized access to the perimeter of the protected object, using the production model of knowledge representation, was created. It is a set of linguistic expressions (such as "IF-THEN") and knowledge matrix. The method of ranking for objects, which are threats of unauthorized access to the perimeter for protected area, has been proposed. Practical value of work consists in the possibility of the use this information technology by perimeter's security systems of various objects. Proposed models are complete and suitable for the hardware and software implementation.

• 정보보호학회논문지
• /
• 제34권5호
• /
• pp.1007-1019
• /
• 2024

Microsoft RMS(Rights Management Services)는 조직 내 파일에 대해 접근이 가능한 사용자를 제한하고, 각 사용자별로 세부 권한을 관리하는 서비스이다. 데이터의 무단 접근 및 유출을 방지하기 위해 RMS는 높은 보안이 요구된다. 본 논문에서는 기기 내 데이터 보호 관점에서 RMS에 대한 안전성 점검을 수행한다. RMS의 권한 관리를 지원하기 위해 사용되는 정보는 사용자의 기기 내에 저장되므로, 해당 정보는 기기 탈취 상황에서도 보호되어야 한다. 사용자 기기 내에서 해당 정보가 보호되는 과정을 분석하고, 잠긴 기기로부터 획득한 문서의 보호를 우회하는 두 가지 공격을 제안한다. 9개의 서로 다른 Windows RMS 운용 환경에서 공격에 의한 데이터 유출 취약성을 확인한다.

• 전기학회논문지
• /
• 제59권3호
• /
• pp.657-663
• /
• 2010

Today, rapid evolution of Internet makes various types of services in ubiquitous environment are intelligent and active. As a result, user's demand on high quality of life increases and health care service based on ubiquitous environment draws a lot of attention. However, user's private information used for health care service is illegally distributed and exposed, causing serious individual and social problems. Therefore, this thesis is intended to suggest a secure health care service to prevent unauthorized third party's access and to protect user's privacy in health care systems. The proposed scheme establishes a session key through communication channel between health care system and user based on explicit mutual authentication and provides secure communication and access control, improving security as one of the leading health care systems.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 2003년도 춘계종합학술대회
• /
• pp.729-732
• /
• 2003

무선 통신망의 데이터를 보호하기 위한 암호화의 방법 및 비밀 통신을 위한 인중 메카니즘에 대한 방법을 제안하였다. 무선 통신망의 경우 기존의 유선망에 비해, 설치, 이동성 등이 우수하여 많은 기술적인 발전을 보이고 있다. 따라서 이에 대한 데이터의 보호에 대한 관심이 고조되고 있다. 본 논문에서는 가정, 사무실, 건물과 같은 전형적인 외부 환경에 대해 정보를 보호할 수 있는 시스템의 구조를 설계하여 제안하였다.

• 정보학연구
• /
• 제6권1호
• /
• pp.11-20
• /
• 2003

정보통신기술의 발달로 최근 인터넷의 급격한 성장에 따라 공개키 인증서를 사용한 전자상거래가 활성화되고 있다. 또한 인터넷상의 웹서버, 데이터베이스에 접근하기 위한 접근통제시스템에 대한 연구도 활발히 진행되고 있다. 본 논문에서는 접근통제방식으로는 최근 주목되고 있는 역할기반의 접근제어(RBAC: Role-Based Access Control) 기법에 기존의 속성인증서를 적용한 방법과 SPKI 인증서를 적용한 접근제어 방식을 제안하고 이를 비교한다.

• 정보보호학회논문지
• /
• 제17권2호
• /
• pp.3-17
• /
• 2007

본 논문에서는 IGMP(Internet group management protocol)를 부당하게 사용함으로써 발생하는 DoS(Denial-of Service) 공격으로부터 멀티캐스트 분배트리를 보호하기 위해 IGMP의 보안관련 기능을 확장시킴으로써 수신자 접근제어기법을 제안하였다. IP 멀티캐스트 애플리케이션의 상업적인 적용을 위해 채택된 특정 네트워크와 비즈니스 모델을 기반으로, CP(Content Provider), NSP(Network Service Provider), 그룹멤버(group member)에 대한 회계 및 청구와 함께 제안 접근제어기법의 부트스트래핑(bootstrapping)을 위해 키 관리기법 또한 제시하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권9호
• /
• pp.2052-2072
• /
• 2012

Access control is an essential security component in protecting sensitive data and services from unauthorized access to the resources in mission-critical Cyber-Physical Systems (CPSs). CPSs are different from conventional information processing systems in such that they involve interactions between the cyber world and the physical world. Therefore, existing access control models cannot be used directly and even become disabled in an emergency situation. This paper proposes an adaptive Access Control model for Emergences (AC4E) for mission-critical CPSs. The principal aim of AC4E is to control the criticalities in these systems by executing corresponding responsive actions. AC4E not only provides the ability to control access to data and services in normal situations, but also grants the correct set of access privileges, at the correct time, to the correct set of subjects in emergency situations. It can facilitate adaptively responsive actions altering the privileges to specific subjects in a proactive manner without the need for any explicit access requests. A semiformal validation of the AC4E model is presented, with respect to responsiveness, correctness, safety, non-repudiation and concurrency, respectively. Then a case study is given to demonstrate how the AC4E model detects, responds, and controls the emergency events for a typical CPS adaptively in a proactive manner. Eventually, a wide set of simulations and performance comparisons of the proposed AC4E model are presented.

• Journal of the Optical Society of Korea
• /
• 제6권4호
• /
• pp.156-160
• /
• 2002

In this paper, we propose an improved optical security system using three phase-encoded images and the principle of interference. This optical system based on a Mach-Zehnder interferometer consists of one phase-encoded virtual image to be encrypted and two phase-encoded images, en-crypting image and decrypting image, where every pixel in the three images has a phase value of '0'and'$\pi$'. The proposed encryption is performed by the multiplication of an encrypting image and a phase-encoded virtual image which dose not contain any information from the decrypted im-age. Therefore, even if the unauthorized users steal and analyze the encrypted image, they cannot reconstruct the required image. This virtual image protects the original image from counterfeiting and unauthorized access. The decryption of the original image is simply performed by interfering between a reference wave and a direct pixel-to-pixel mapping image of the en crypted image with a decrypting image. Computer simulations confirmed the effectiveness of the proposed optical technique for optical security applications.

• ETRI Journal
• /
• 제24권3호
• /
• pp.181-189
• /
• 2002

Digital watermark technology is now drawing attention as a new method of protecting digital content from unauthorized copying. This paper presents a novel audio watermarking algorithm to protect against unauthorized copying of digital audio. The proposed watermarking scheme includes a psychoacoustic model of MPEG audio coding to ensure that the watermarking does not affect the quality of the original sound. After embedding the watermark, our scheme extracts copyright information without access to the original signal by using a whitening procedure for linear prediction filtering before correlation. Experimental results show that our watermarking scheme is robust against common signal processing attacks and it introduces no audible distortion after watermark insertion.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권12호
• /
• pp.4545-4566
• /
• 2021

The evolution of IoT technology is having a significant impact on people's lives. Almost all areas of people's lives are benefiting from increased productivity and simplification made possible by this trending technology. On the downside, however, the application of IoT technology is posing some security challenges, among them, unauthorized access to IoT devices. This paper presents an Attribute-based Access Control Fog architecture that aims to achieve effective distribution, increase availability and decrease latency. In the proposed architecture, the main functional points of the Attribute-based Access Control are distributed to provide policy decision and policy information mechanisms in fog nodes, locating these functions near end nodes. To evaluate the proposed architecture, an access control engine based on the Attribute-based Access Control was built using the Balana library and simulated using EdgeCloudSim to compare it to the traditional cloud-based architecture. The experiments show that the fog-based architecture provides robust results in terms of reducing latency in making access decisions.