• 한국통신학회논문지
• /
• 제40권3호
• /
• pp.551-558
• /
• 2015

Wi-Fi 및 핫스팟의 사용이 많아짐에 따라, 최근 비인증 AP는 현대사회에 있어서 중요한 보안문제가 되어가고 있다. 그에 따라 2010년대 초반 비인증 AP를 탐지하는 연구가 꾸준히 이루어지고 있다. 특히나 무선 네트워크 자원을 이용하는 비인증 AP를 탐지하는 다양한 기법들이 제시되었다. 현재 많은 연구들에서 비인증 AP를 찾아내는 방식은 추가된 무선구간으로 인한 지연된 시간(평균이나 표준편차)을 이용하는 방식을 사용되고 있다. 그러나 앞선 대부분의 연구에서 비인증 AP는 노트북에 무선랜카드를 추가하여 구성되는데, 지연된 시간의 원인이 운영체제에 의한 소프트웨어 방식의 네트워크 공유에 있을 수 있음을 고려하지 않고 있다. 이 논문에서는 기존의 시간 측정기반 비인증 AP 탐지 기법들이 고성능 하드웨어를 이용하여 구성된 비인증 AP를 효율적으로 분류해내지 못함을 보이려고 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권7호
• /
• pp.2919-2937
• /
• 2020

Post-Quantum Cryptography (PQC) is rapidly developing as a stable and reliable quantum-resistant form of cryptography, throughout the industry. Similarly to existing cryptography, however, it does not prevent a third-party from using the secret key when third party obtains the secret key by deception, unauthorized sharing, or unauthorized proxying. The most effective alternative to preventing such illegal use is the utilization of biometrics during the generation of the secret key. In this paper, we propose a biometric-based secret key generation scheme for multivariate quadratic signature schemes, such as Rainbow. This prevents the secret key from being used by an unauthorized third party through biometric recognition. It also generates a shorter secret key by applying Principal Component Analysis (PCA)-based Confidence Interval Analysis (CIA) as a feature extraction method. This scheme's optimized implementation performed well at high speeds.

• 한국컴퓨터정보학회논문지
• /
• 제10권1호
• /
• pp.141-148
• /
• 2005

근래에 허가되지 않은 사용자로부터 공유된 자원에 대한 불법적인 접근이 빈번하게 이루어지고 있다. 접근 제어는 허가되지 않은 사용자가 컴퓨터 자원, 정보 자원 그리고 통신 자원을 이용하지 못하게 제어하는 것이며, 이처럼 허가받지 않은 사용자가 시스템 자원에 접근하는 것을 막는 것은 정보 보호에서 중요한 이슈로 떠오르고 있다. 본 논문에서는 접근 제어 정책 중의 하나인 강제적 접근 제어 메커니즘을 대상으로 TCSEC 보안 등급 B2 수준에 근접하는 보호 프로파일을 작성하였다. 본 연구 결과로 작성된 보호 프로 파일은 정보 보호 시스템을 평가하는데 있어서 유용한 자료로 사용될 수 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권12호
• /
• pp.4889-4908
• /
• 2020

With the advances in Information Technology (IT), users can download or stream copyrighted works, such as videos, music, and webtoons, at their convenience. Thus, the frequency of use of copyrighted works has increased. Consequently, the number of unauthorized copies and sharing of copyrighted works has also increased. Monitoring is being conducted on sites suspected of conducting copyright infringement activities to reduce copyright holders' damage due to unauthorized sharing of copyrighted works. However, suspected copyright infringement sites respond by changing their domains or blocking access requests. Although research has been conducted for improving the effectiveness of suspected copyright infringement site detection by defining suspected copyright infringement sites' response techniques as a lifecycle step, there is a paucity of studies on automation techniques for lifecycle detection. This has reduced the accuracy of lifecycle step detection on suspected copyright infringement sites, which change domains and lifecycle steps in a short period of time. Thus, in this paper, an automated detection technique for suspected copyright infringement sites is proposed for efficient detection and response to suspected copyright infringement sites. Using our proposed technique, the response to each lifecycle step can be effectively conducted by automatically detecting the lifecycle step.

• Journal of Communications and Networks
• /
• 제15권4호
• /
• pp.407-410
• /
• 2013

Secret sharing is that a dealer distributes a piece of information (called a share) about a secret to each participant such that authorized subsets of participants can reconstruct the secret but unauthorized subsets of participants cannot determine the secret. In this paper, an access structure can be represented by a label graph G, where a vertex denotes a participant and a complete subgraph of G corresponds to a minimal authorized subset. The vertices of G are labeled into distinct vectors uniquely determined by the maximum prohibited structure. Based on such a label graph, a verifiable secret sharing scheme realizing general access structures is proposed. A major advantage of this scheme is that it applies to any access structure, rather than only structures representable as previous graphs, i.e., the access structures of rank two. Furthermore, verifiability of the proposed scheme can resist possible internal attack performed by malicious participants, who want to obtain additional shares or provide a fake share to other participants.

• Journal of Information Processing Systems
• /
• 제10권3호
• /
• pp.483-490
• /
• 2014

In today's world, communication, the sharing of information, and money transactions are all possible to conduct via the Internet, but it is important that it these things are done by the actual person. It is possible via several means that an intruder can access user information. As such, several precautionary measures have to be taken to avoid such instances. The purpose of this paper is to introduce the idea of a one-time password (OTP), which makes unauthorized access difficult for unauthorized users. A OTP can be implemented using smart cards, time-based tokens, and short message service, but hardware based methodologies require maintenance costs and can be misplaced Therefore, the quick response code technique and personal assurance message has been added along with the OTP authentication.

• 한국멀티미디어학회논문지
• /
• 제19권9호
• /
• pp.1698-1709
• /
• 2016

These days, anyone can easily product and share their own content through a web service such as blogs and SNS. However, contents are being operated separately because of the space limitation in individual SNS. Therefore, it is hard to search contents efficiently in individual SNS. To solve this problem, this paper propose a "Private Contents Management and Sharing Service with Voluntary Sharing Economy System." The system is in part [Input], [Save] and it provides a way to collect the content that are scattered on the Internet based on the creation of personal index. It also proposes a more systematic content management and sharing by creating and updating the website standard index by introducing an index Coordinator concept. Furthermore in [Use] section, by providing a portion of the index as the primary search results, it avoid unclassified content list which was simply collected by users. In conclusion, unlike previous studies, this system will contribute to the acquisition and management of interspersed content and ultimately contribute to the shared activation by preventing secondary processing and unauthorized processing to the original article.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권8호
• /
• pp.2708-2721
• /
• 2014

Data outsourcing in the cloud (DOC) is a promising solution for data management at the present time, but it could result in the disclosure of outsourced data to unauthorized users. Therefore, protecting the confidentiality of such data has become a very challenging issue. The conventional way to achieve data confidentiality is to encrypt the data via asymmetric or symmetric encryptions before outsourcing. However, this is computationally inefficient because encryption/decryption operations are time-consuming. In recent years, a few DOC schemes based on secret sharing have emerged due to their low computational complexity. However, Dautrich and Ravishankar pointed out that most of them are insecure against certain kinds of collusion attacks. In this paper, we proposed a novel DOC scheme based on Shamir's secret sharing to overcome the security issues of these schemes. Our scheme can allow an authorized data user to recover all data files in a specified subset at once rather than one file at a time as required by other schemes that are based on secret sharing. Our thorough analyses showed that our proposed scheme is secure and that its performance is satisfactory.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2018년도 추계학술발표대회
• /
• pp.235-237
• /
• 2018

The Internet has allowed many things to move fast, including sharing of data, files and others within a second. Many domains use applications range from IoT, smart cities, healthcare, and organizations to share the data when necessary. However, there are some challenges faced by existing systems that works on centralized nature. Such challenges are data breach, trustiness issue, unauthorized access and data fraud. Therefore in this work, we focus on using a smart contract which is used by blockchain platform and works on decentralized form. Furthermore, in this work our contract provides an access to the file uploaded onto the decentralized storage such as IPFS. By leveraging smart contract-role based which consist of a contract owner who can manage the users when access the certain resources such as a file and as well as use of decentralized storage to avoid single point of failure and censorship over secure communication channel. We checked the gas cost of the smart contract since most of contracts tends to be a high cost.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권6호
• /
• pp.1600-1619
• /
• 2023

Organizations and other institutions have recently started using cloud service providers to store and share information in light of the Internet of Things (IoT). The major issues with this storage are preventing unauthorized access and data theft from outside parties. The Block chain based Security Sharing scheme with Data Access Control (BSSDAC) was implemented to improve access control and secure data transaction operations. The goal of this research is to strengthen Data Access Control (DAC) and security in IoT applications. To improve the security of personal data, cypher text-Policy Attribute-Based Encryption (CP-ABE) can be developed. The Aquila Optimization Algorithm (AOA) generates keys in the CP-ABE. DAC based on a block chain can be created to maintain the owner's security. The block chain based CP-ABE was developed to maintain secures data storage to sharing. With block chain technology, the data owner is enhancing data security and access management. Finally, a block chain-based solution can be used to secure data and restrict who has access to it. Performance of the suggested method is evaluated after it has been implemented in MATLAB. To compare the proposed method with current practices, Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) are both used.