• 중소기업융합학회논문지
• /
• 제2권2호
• /
• pp.7-12
• /
• 2012

본 논문은 정보화경영체제를 인증획득한 중소기업이 왜 인증을 취소하는 가에 대한 원인을 분석하여 중소기업의 정보화경영체제를 지속적이고 체계적으로 추진하도록 개선방안을 마련하는데 목적을 두었다. 연구결과 정보화경영체제의 인증이 정보화경영의 기본을 준수하고 기업의 정보화경영체제 정착을 위하여 필요한 기업이 인증받고 유지했으나 정보화지원사업의 변화에 따라 지원기관의 요구조건이 없어지게 되면서 인증유지의 필요성을 느끼지 못하는 경영진의 관심과 지원부족, 그리고 전사원의 협조부족으로 인하여 취소와 반납이 나타나게 되는 것으로 분석되었다. 이러한 원인과 연관되어 있는 요인으로는 '지속적인 문서화 작업'으로 인한 것으로 나타났으며 이러한 요인이 중소기업에서 정보화경영체제를 유지하는데 어려운 문제로 인식되고 있어서 이를 위하여 정보화경영체제 추진 담당자의 채용과 인증유지를 위한 심사비 등을 부담으로 느끼는 중소기업의 경영자가 인증을 유지하지 못하고 반납 및 취소를 하고 있는 것으로 분석되었다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권5호
• /
• pp.1634-1652
• /
• 2022

Due to the increasing need for data sharing in the age of big data, how to achieve data access control and implement user permission revocation in the blockchain environment becomes an urgent problem. To solve the above problems, we propose a novel blockchain-based data sharing scheme (BDSS) with fine-grained access control and permission revocation in this paper, which regards the medical environment as the application scenario. In this scheme, we separate the public part and private part of the electronic medical record (EMR). Then, we use symmetric searchable encryption (SSE) technology to encrypt these two parts separately, and use attribute-based encryption (ABE) technology to encrypt symmetric keys which used in SSE technology separately. This guarantees better fine-grained access control and makes patients to share data at ease. In addition, we design a mechanism for EMR permission grant and revocation so that hospital can verify attribute set to determine whether to grant and revoke access permission through blockchain, so it is no longer necessary for ciphertext re-encryption and key update. Finally, security analysis, security proof and performance evaluation demonstrate that the proposed scheme is safe and effective in practical applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권4호
• /
• pp.1404-1423
• /
• 2015

In smart grid, electricity consumption data may be handed over to a third party for various purposes. While government regulations and industry compliance prevent utility companies from improper or illegal sharing of their customers' electricity consumption data, there are some scenarios where it can be very useful. For example, it allows the consumers' data to be shared among various energy resources so the energy resources are able to analyze the data and adjust their operation to the actual power demand. However, it is crucial to protect sensitive electricity consumption data during the sharing process. In this paper, we propose a fine-grained access control scheme (FAC) with efficient attribute revocation and policy updating in smart grid. Specifically, by introducing the concept of Third-party Auditor (TPA), the proposed FAC achieves efficient attribute revocation. Also, we design an efficient policy updating algorithm by outsourcing the computational task to a cloud server. Moreover, we give security analysis and conduct experiments to demonstrate that the FAC is both secure and efficient compared with existing ABE-based approaches.

• 한국컴퓨터정보학회논문지
• /
• 제13권3호
• /
• pp.91-97
• /
• 2008

기존 CA(Certificate Authority)에서 인증서의 유효기간 및 클라이언트에서 폐지한 CRI (Certificate Revocation Information)를 관리하는데 있어서 많은 문제점이 있었다. 이를 해결하기 위한 여러 연구들이 행하여졌으나, 클라이언트 측면에서 인증서의 상태 정보를 실시간으로 검증할 수 있기에는 미흡하였다. 본 논문은 이러한 한계를 극복하기 위하여 분산 OCSP(On-line Certificate Status Protocol) 환경에서 새로운 CRI 운영 모델을 제안한다. CRL(Certificate Revocation Lists)을 분할하여 여러 OCSP 서버에게 최신의 CRL을 중복시키고, 그 외 CRL은 각 서버들에게 중복하여 분산시킨다. 이로써 기존의 CA의 병목현상을 줄이고, 전송되는 CRL의 크기도 효과적으로 줄임으로써 클라이언트가 인증서 상태를 실시간으로 검증할 수 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권1호
• /
• pp.302-322
• /
• 2021

In the system of ciphertext policy attribute-based encryption (CP-ABE), only when the attributes of data user meets the access structure established by the encrypter, the data user can perform decryption operation. So CP-ABE has been widely used in personal health record system (PHR). However, the problem of key abuse consists in the CP-ABE system. The semi-trusted authority or the authorized user to access the system may disclose the key because of personal interests, resulting in illegal users accessing the system. Consequently, aiming at two kinds of existing key abuse problems: (1) semi-trusted authority redistributes keys to unauthorized users, (2) authorized users disclose keys to unauthorized users, we put forward a CP-ABE scheme that has authority accountability, user traceability and supports arbitrary monotonous access structures. Specifically, we employ an auditor to make a fair ruling on the malicious behavior of users. Besides, to solve the problem of user leaving from the system, we use an indirect revocation method based on trust tree to implement user revocation. Compared with other existing schemes, we found that our solution achieved user revocation at an acceptable time cost. In addition, our scheme is proved to be fully secure in the standard model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권7호
• /
• pp.1935-1950
• /
• 2023

The arrival of the Internet of Things and 5G technology enables users to rely on edge computing platforms to process massive data. Data sharing based on edge computing refines the efficiency of data collection and analysis, saves the communication cost of data transmission back and forth, but also causes the privacy leakage of a lot of user data. Based on attribute-based encryption and blockchain technology, we design a fine-grained access control scheme for data in edge computing, which has the characteristics of verifiability, support for outsourcing decryption and user attribute revocation. User attributes are authorized by multi-attribute authorization, and the calculation of outsourcing decryption in attribute encryption is completed by edge server, which reduces the computing cost of end users. Meanwhile, We implemented the user's attribute revocation process through the dual encryption process of attribute authority and blockchain. Compared with other schemes, our scheme can manage users' attributes more flexibly. Blockchain technology also ensures the verifiability in the process of outsourcing decryption, which reduces the space occupied by ciphertext compared with other schemes. Meanwhile, the user attribute revocation scheme realizes the dynamic management of user attribute and protects the privacy of user attribute.

• 무역상무연구
• /
• 제38권
• /
• pp.3-45
• /
• 2008

A motive and aim of enactment of UN Convention on the Use of Electronic Communication in Int'l Contracts is based on need to eliminate legal obstacles that might arise under existing int'l trade law instruments and promote int'l electronic commercial transaction. But when it is used with related articles, 14, 15, 16, 17 for offer under CISG, one of the most successful conventions which produces substantive law for the unification of int'l trade, questions of practical importance, for example possibilities of withdrawal, revocation, rejection of offer, the extent of its criteria arise from therewith. In conclusion, a effective electronic offer has to assure easily access and confirmation of trade terms besides criteria of offer under CISG. An offer can be withdrawal, if electronic message of withdrawal has entered the offeree's server before or at the same time when the offer has reached the offeree but agreement expressly or impliedly, between the parties about type, format, email address is a prerequisited. Implied consent could be presumed through prior conduct or trade usages between the parties under CISG articles 8, 9. The term "have reached" correspond to the time which is able to retrieve the electronic message of withdrawal. But without express or implied agreement between them about electronic communication of type, format, email address, an offer can be withdrawal before or at the same time when it has entered offeree's other e-mail address and confirmed by his retrieval. In case of the revocation, electronic message of the revocation is effective before the offeree's dispatching an acceptance. A prerequisite for the revocation by electronic communication is came as the above mentioned withdrawal except for concept of a time difference for reach. In case of a rejection of offer, when a rejection by electronic communication has entered the offeror's server, an offer is ended. But a prerequisite for the rejection by electronic message is same as the above mentioned withdrawal and revocation.

• 정보보호학회논문지
• /
• 제26권1호
• /
• pp.17-30
• /
• 2016

본 논문에서는 효율적인 공개키 기반 공모자 추적 및 제외 스킴을 제안하고자 한다. 공모자 추적 및 제외 스킴은 암호 전송 스킴(Broadcast encryption scheme)에 공모자 추적과 제외 기능을 추가한 것으로 악의적인 사용자들이 유출한 개인키 또는 공모한 해적판 키를 시스템에서 제외함으로서 스킴의 안전성을 유지하는 것이다. 또한 제외 기능은 일부 사용자만을 위한 암호문을 만들 수 있어 다양한 응용 환경에 적용할 수 있는 스킴이다. 본 논문에서는 합성수 위수의 겹선형 군을 기반으로 설계된 스킴[Augmented broadcast encryption scheme]을 소수 위수의 겹선형 군을 기반으로 하는 스킴으로 변화시켰고, 효율성의 척도인 공개키, 개인키, 암호문의 크기를 크게 개선했다. 또한 제외 기능에 대한 분석을 통해 기존 논문의 제한적인 제외 기능을 충분한 제외 기능으로 확장하는 결과를 얻을 수 있었다. 본 논문에서 제안하는 스킴의 구조는 계층적 구조 또는 피라미드 구조를 갖는 우리나라 정부, 군 조직 등에 쉽게 적용 가능하다.

• 한국컴퓨터정보학회논문지
• /
• 제21권10호
• /
• pp.77-83
• /
• 2016

To verify the trustworthiness of messages, public key certificates and certificate revocation list(CRL) has been standardized for vehicular networks. However, timely distribution of large CRLs to vehicles should be more elaborated with low bandwidth utilization from a practical point of view. To address this concern, we propose a CRL distribution scheme using long term evolution(LTE) point-to-multicast transmission, namely the enhanced multimedia broadcast multicast service(eMBMS). The schem is much more resource efficient than the existing unicast CRL distribution schemes for vehicular networks and it allows realizing the regional CRL distribution schemes efficiently in LTE network. By means of ns-3 simulation, we analyze the performance, latency, and execution time of the scheme in terms of varying coverage of the multimedia broadcast multicast service over single frequency network (MBFSN).

• 한국컴퓨터정보학회논문지
• /
• 제22권12호
• /
• pp.109-116
• /
• 2017

Short-lived pseudonym certificates as vehicle identities could satisfy both security and privacy requirements. However, to remove revoked certificates especially in vehicle communications, pseudonym certificate revocation list (CRL) should be distributed resource-efficiently from a practical deployment point of view and in a timely manner. In this paper, we propose a novel CRL distribution scheme capable of CRL multicast to only activated vehicles registered to the CRL multicast group using the group communication system enabler, namely, the GCSE which is being standardized. The scheme is resource efficient by using CRL distribution paths instead of paging processes to find out multicast vehicle(s) within a certain region. The analyzed results show that the proposed scheme outperforms in terms of paging cost, packets transmission cost, and the processing cost at the respective entities compared to the existing four schemes in the literature.