• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.3
• /
• pp.1249-1262
• /
• 2020

Along with the increase of the importance of information used in practice, adversaries tried to take valuable information in diverse ways. The simple and fundamental solution is to encrypt the whole data. Since the cost of encryption is increasing along with the size of data, the cost for securing the data is a burden to a system where the size of the data is not small. For the reason, in some applications where huge data are used for service, service providers do not use any encryption scheme for higher security, which could be a source of trouble. In this work, we introduce a new type of data securing technique named Trapdoor Digital Shredder(TDS) which disintegrates a data to multiple pieces to make it hard to re-construct the original data except the owner of the file who holds some secret keys. The main contribution of the technique is to increase the difficulty in obtaining private information even if an adversary obtains some shredded pieces. To prove the security of our scheme, we first introduce a new security model so called IND-CDA to examine the indistinguishability of shredded pieces. Then, we show that our scheme is secure under IND-CDA model, which implies that an adversary cannot distinguish a subset of shreds of a file from a set of random shreds.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2754-2767
• /
• 2019

Cloud computing is widely used in information spreading and processing, which has provided a easy and quick way for users to access data and retrieve service. Generally, in order to prevent the leakage of the information, the data in cloud is transferred in the encrypted form. As one of the traditional security technologies, access control is an important part for cloud security. However, the current access control schemes are not suitable for cloud, thus, it is a vital problem to design an access control scheme which should take account of complex factors to satisfy the various requirements for cipher text protection. We present a novel access control scheme based on proxy re-encryption(PRE) technology (PreBAC) for cipher text. It will suitable for the protection of data confidently and information privacy. At first, We will give the motivations and related works, and then specify system model for our scheme. Secondly, the algorithms are given and security of our scheme is proved. Finally, the comparisons between other schemes are made to show the advantages of PreBAC.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.6 no.4
• /
• pp.3-38
• /
• 1996

The mobile station shall convolutionally encode the data transmitted on the reverse traffic channel and the access channel prior to interleaving. Code symbols output from the convolutional encoder are repeated before being interleaved except the 9600 bps data rate. All the symbols are then interleaved, 64-ary orthogonal modulation, direct-sequence spreading, quadrature spreading, baseband filtering and QPSK transmission. The sync, paging, and forward traffic channel except the pilot channel in the forward CDMA channel are convolutionally encoded, block interleaved, spread with Walsh function at a fixed chip rate of 1.2288 Mcps to provide orthogonal channelization among all code channels. Following the spreading operation, the I and Q impulses are applied to respective baseband filters. After that, these impulses shall be transmitted by QPSK. Authentication in the CDMA system is the process for confirming the identity of the mobile station by exchanging information between a mobile station and the base station. The authentication scheme is to generate a 18-bit hash code from the 152-bit message length appended with 24-bit or 40-bit padding. Several techniques are proposed for the authentication data computation in this paper. To protect sensitive subscriber information, it shall be required enciphering ceratin fields of selected traffic channel signaling messages. The message encryption can be accomplished in two ways, i.e., external encryption and internal encryption.

• Proceedings of the IEEK Conference
• /
• 2002.07a
• /
• pp.631-634
• /
• 2002

In this paper, we propose an improved optical security system using three phase-encoded images and the principle of interference. This optical system based on a Mach-Zehnder interferometer consists of one phase-encoded virtual image to be encrypted and two phase-encoded images, encrypting image and decrypting image, where every pixel in the three images has a phase value of '0' and '$\pi$'. The proposed encryption is performed by the multiplication of an encrypting image and a phase-encoded virtual image which dose not contain any information from the decrypted image. Therefore, even if the unauthorized users steal and analyze the encrypted image, they cannot reconstruct the required image. This virtual image protects the original image from counterfeiting and unauthorized access.. The decryption of the original image is simply performed by interfering between a reference wave and a direct pixel-to-pixel mapping image of the encrypted image with a decrypting image. Both computer simulations and optical experiments confirmed the effectiveness of the proposed optical technique for optical security applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5610-5624
• /
• 2017

A novel scheme based on polarization modulation and the weighted fractional Fourier transform (PM-WFRFT) is proposed in this paper to enhance the physical layer security of dual-polarized satellite systems. This scheme utilizes the amplitude and phase of the carrier as information-bearing parameters to transmit the normal signal and conceals the confidential information in the carrier's polarization state (PS). After being processed by WFRFT, the characteristics of the transmit signal (including amplitude, phase and polarization state) vary randomly and in nearly Gaussian distribution. This makes the signal very difficult for an eavesdropper to recognize or capture. The WFRFT parameter is also encrypted by a pseudo-random sequence and updated in real time, which enhances its anti-interception performance. Furthermore, to prevent the polarization-based impairment to PM-WFRFT caused by depolarization in the wireless channel, two components of the polarized signal are transmitted respectively in two symbol periods; this prevents any mutual interference between the two orthogonally polarized components. Demodulation performance in the system was also assessed, then the proposed scheme was validated with a simulated dual-polarized satellite system.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.111-116
• /
• 2018

The Cyber space of the ROK Army is constantly threatened by enemy. In order to reponse to such cyber treats, vulnerabilities of information assets of the ROK Army should be identified and eliminated early. However, the ROK Army currently lacks systematic management of vulnerabilities. Therefore, this paper investigates trends of each country's vulnerability management and the actual situation of the management of the vulnerabilities in the ROK Army, and suggests ways of linking vulnerability database and the ROK Army information asset management system for effective vulnerability management of the ROK Army information assets.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.349-350
• /
• 2022

As research on IT convergence continues, the scope of IoT (Internet of Things) services continues to expand. The IoT service uses a device suitable for the purpose. These IoT devices require an authentication function. In addition, in IoT services that handle important information such as personal information, security of transmission data is required. In this study, we implement a crypto key-based IoT network security system that can authenticate devices for IoT services and securely transmit data between devices. Through this study, IoT service can authenticate the device itself and maintain the confidentiality of transmitted data. However, since it is an IoT service, additional research on the application efficiency of the encryption algorithm is required.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.658-661
• /
• 2008

As network security is coming up with significant problem after the major Internet sites were hacked nowadays, IDS(Intrusion Detection System) is considered as a next generation security solution for more trusted network and system security. We propose the new IDS model which can detect intrusion in the expanded distribute environment in host level, drawback of existing IDS, and implement prototype. We used pattern extraction agent so that we extract automatically audit file needed in intrusion detection even in other platforms.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.8
• /
• pp.1435-1442
• /
• 2006

The ideal method of safety evaluation is to verify results of execution against all possible operations within operating system, but it is impossible. However, the formal method can theoretically prove the safety on actual logic of operating system. Therefore we explain the contents of the art of the safety verification of security kernel, and make a comparative study of various standardized formal verification tools. And then we assigned PVS(Prototype Verification system) of SRI(Stanford Research Institute) to verify the safety of a modified BLP(Bell & LaPadula) model, the core access control model of multi-lavel based security kernel. Finally, we describe formal specification of the revised BLP model using the PVS, and evaluate the safety of the model by inspecting the specification of the PVS.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.189-198
• /
• 2002

In this paper, we have designed the Web_based Home Gateway Management System using SSL, which can manage subscribers using Home Gateway device in home networking technology. To manage Home Gateway devices with SNMP, management elements are classified into system. performance. fault functional area based on MIB objects from Home Gateway devices MIB. System analysis provides configuration information of each Home Gateway, and Performance analysis provides device's traffic information and state. And fault analysis provides fault logging for the unexpected events and trap message from devices. HGMS uses SSL (Secure Socket Layer) to enforce the security of communication which is between server and client, and it improved the stability of HGMS.