• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.9
• /
• pp.409-418
• /
• 2015

In order to delivery of the correct information in IoT environment, it is important to deduce collected information according to a user's situation and to create a new information. In this paper, we propose a control access scheme of information through context-aware to protect sensitive information in IoT environment. It focuses on the access rights management to grant access in consideration of the user's situation, and constrains(access control policy) the access of the data stored in network of unauthorized users. To this end, after analysis of the existing research 'CP-ABE-based on context information access control scheme', then include dynamic conditions in the range of status information, finally we propose a access control policy reflecting the extended multi-dimensional context attribute. Proposed in this paper, access control policy considering the dynamic conditions is designed to suit for IoT sensor fusion environment. Therefore, comparing the existing studies, there are advantages it make a possible to ensure the variety and accuracy of data, and to extend the existing context properties.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.12
• /
• pp.90-96
• /
• 2010

IT environment is rapidly changed, thus security threats such as worms and viruses have increased. Especially company's internal network requires to be inherently protected against these threats. In this respect, NAC(Network Access Control) has attracted attention as new network security techniques. The NAC implements the endpoint access decision based on the collected endpoint security status information and platform measurement information. In this paper, we describe the design and implementation of unauthorized NAC which protect against such as a worm, virus, malware-infected PC, and mobile device to connect to company's internal networks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1023-1030
• /
• 2020

Wearable devices, such as a smart watch and a wrist band, store owner's private information in the devices so that security in a high level is required. Applications developed by third parties in Tizen request for an access to designated services through the desktop bus (D-Bus). The D-Bus verifies application's privileges to grant the request for an access. We developed a fuzzing tool, so-called DAN (the D-bus ANalyzer), to detect errors in implementations for privilege verifications and access controls within Tizen's system services. The DAN has found a number of vulnerable services which granted accesses to unauthorized applications. We built a proof-of-concept application based on those findings to demonstrate a bypass in the privilege examination.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.307-318
• /
• 2013

Smart grid is composed of variable domains including different systems, and different types of the access control are needed in the multiple domain. Therefore, the access control model suitable for the smart grid environment is required to minimize access control error and deny the unauthorized access. This paper introduce the access control requirements in the smart grid environment and propose the access control model, SG-RBAC, satisfied with the requirements. SG-RBAC model imposes constraints on the access right activation according to the user property, the role property, and the system property. It also imposes constraints on the delegation and the inheritance of access right according to temporal/spatial information and a crisis occurrence.

• Journal of Advanced Navigation Technology
• /
• v.11 no.3
• /
• pp.259-265
• /
• 2007

Systematic components for implementing ubiquitous computing, for example, electronic devices, electric home appliances, and controllers, etc, are consist of not only circuits but also softwares expected to do some special system-controlling functions, and these softwares used to be called like as embedded software. Because embedded software is a core component controlling systems, the codes or control flows should be protected from being opened to the public or modified. Embedded software security can be divided into 2 parts: first is the unauthorized access to development site and embedded software, second is the unauthorized disclosure or modification. And this research is related to the first aspect of them.This paper proposes some security check requirements related to embedded software development site by analyzing the ALC_DVS.1 of the ISO/IEC 15408 and Base Practices (BPs) of the ISO/IEC 21827. By applying this research, we expect to protect unauthorized modification of embedded software indirectly.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.8 no.3
• /
• pp.57-70
• /
• 2008

This paper introduces a new paradigm of physical layer security through channel coding for wireless networks. The well known spread spectrum based physical layer security in wireless network is applicable when code division multiple access (CDMA) is used as wireless air link interface. In our proposal, we incorporate the proposed security protocol within channel coding as channel coding is an essential part of all kind of wireless communications. Channel coding has a built-in security in the sense of encoding and decoding algorithm. Decoding of a particular codeword is possible only when the encoding procedure is exactly known. This point is the key of our proposed security protocol. The common parameter that required for both encoder and decoder is generally a generator matrix. We proposed a random selection of generators according to a security key to ensure the secrecy of the networks against unauthorized access. Therefore, the conventional channel coding technique is used as a security controller of the network along with its error correcting purpose.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.4 no.4
• /
• pp.25-34
• /
• 1981

Recently there has been a marked increase in concern for security in computerized operations. The purposes of computer security controls are to protect against the unauthorized access to and modification of data processing resources, unauthorised access to and modification of data files and software, and the misuse of authorized activities. The controls relate to the physical security of the data processing department and of the areas within the data processing department : to the security of the data files, programs, and system software : and to the human interaction with the data files, programs, and system software. The controls that will be discussed in this paper include : I. Risk on the computer use. II. Methods of risk counter measure. III. Role of system auditing.

• Journal of Korea Multimedia Society
• /
• v.8 no.5
• /
• pp.679-690
• /
• 2005

Business model in Web environments is usually provided by multimedia data. Information exchange between users and service providers should be made in encrypted data. Encrypted data are secure from being hacked. Application of DB encryption is a main technology for contents protection. We have applied the access control based on RBAC and prevented the unauthorized users from using the contents. In this paper, we propose a new DB encryption scheme which uses RHAC and digital signature based on PMI.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.07a
• /
• pp.167-168
• /
• 2015

본 논문에서는 스마트폰 인증기법 중 연산기반 패스워드 기법을 통하여 사용자의 접근을 제어하고 비인가 접근자에 대해 얼굴을 촬영하여 비인가 접근 시도를 소유자가 확인할 수 있도록 한다. 우선적으로 사용자 접근 제어를 위해 연산기반 패스워드 기법을 이용하고, 비인가 접근이 확인되는 경우 잠금 기능과 함께 비인가자의 얼굴을 촬영하여 소유자가 비인가자를 확인할 수 있는 카메라 액션을 추가한다. 스마트폰 소유자는 사용자의 접근을 제어하고 비인가자의 접근에 대한 확인을 할 수 있으므로 안전성에 대한 향상을 기대할 수 있다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.27-33
• /
• 2018

User authentication scheme is a method for controlling unauthorized users' access to securely share the services and resources provided by the server and for verifying users with access rights. Initial user authentication scheme was based on passwords. Nowadays, various authentication schemes such as ID based, smart-card based, and attribute based are being researched. The study of Lee et al. suggested a user authentication scheme that provides forward secrecy and protects anonymity of users. However, it is vulnerable to attacks by outsiders and attackers who have acquired smart-cards. In this paper, we propose a modified smart-card authentication scheme to complement the weakness of the previous studies. The proposed user authentication scheme provides the security for the ID guessing attack and the password guessing attacks of the attacker who obtained the login request message and the user's smart-card.