• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2117-2120
• /
• 2003

Trusted channel provides a means of secure communication and it includes security services such as confidentiality, authentication, and so on. This paper describes the implementation of trusted channel between secure operating systems that integrates access control mechanisms with FreeBSD kernel code[1]. The trusted channel we developed offers confidentiality an4 message authentication for network traffic based on the destination address. It is implemented in the kernel level of IP layer and transparent to users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.3-12
• /
• 2004

Secure operating system is a special operating system that integrates some security functions(i.e. access control, user authentication, audit-trail and etc.) with normal operating system in order to protect system from various attacks. But it doesn't consider my security of network traffic. To guarantee the security of the whole system, network traffic must be protected by a certain way and IPsec is a representative technology for network security. However, it requires administrator's carefulness in managing security policies and the key management mechanism is very heavy as well as complicated. Moreover, it doesn't have a suitable framework for delivery of security information for access control mechanism. So we propose a simple trusted channel mechanism for secure communication between secure operating systems. It provides confidentiality md authentication for network traffic and ability to deliver security information. It is implemented at the kernellevel of IP layer and the simplicity of the mechanism can minimize the overhead of trusted channel processing.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2097-2100
• /
• 2003

Many studies have been done on secure operating system using secure kernel that has various access control policies for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policies like DAC(Discretionary Access Control), MAC(Mandatory Access Control), RBAC(Role Based Access Control), and so on. But, even if secure operating system is running under various access control policies, network traffic among these secure operating systems can be captured and exposed easily by network monitoring tools like packet sniffer if there is no protection policy for network traffic among secure operating systems. For this reason, protection for data within network traffic is as important as protection for data within local system. In this paper, we propose a secure operating system trusted channel, SOSTC, as a prototype of a simple secure network protocol that can protect network traffic among secure operating systems and can transfer security information of the subject. It is significant that SOSTC can be used to extend a security range of secure operating system to the network environment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1015-1018
• /
• 2002

신뢰채널은 시스템 사이에 신뢰성이 보장되는 통신 경로를 제공하며, 이는 통신 트래픽에 대한 기밀성 및 인증, 부인방지 등의 다양한 보안 서비스를 포함한다. 본 논문에서는 강제적 접근제어가 구현된 커널, 즉 보안 운영체제 사이에서의 신뢰채널 구현에 대해 설명한다. 설명하는 신뢰채널은 트래픽에 대해서 불법적인 노출과 변조를 방지할 수 있도록 기밀성 서비스와 인증 서비스 중 메시지 인중을 제공하며, IP 계층의 커널수준에서 구현되어 사용자에게 투명하게 동작한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.340-347
• /
• 2001

Security operating system applied to MAC(Mandatory Access Control) or to MLS(Multi Level Security) gives both subject and object both Security Level and value of Category, and it restrict access to object from subject. But it violates Security policy of system and could be a circulated course of illegal information. This is correctly IPC(Interprocess Communication)mechanism and Covert Channel. In this thesis, I tried to design and implementation as OS kernel in order not only to give confidence of information circulation in the Security system, but also to defend from Covert Channel by Storage and IPC mechanism used as a circulated course of illegal information. For removing a illegal information flow by IPC mechanism. I applied IPC mechanism to MLS Security policy, and I made Storage Covert Channel analyze system call Spec. and than distinguish Storage Covert Channel. By appling auditing and delaying, I dealt with making low bandwidth.

• Asia pacific journal of information systems
• /
• v.16 no.3
• /
• pp.67-93
• /
• 2006

Some consumers prefer online and others prefer offline. What makes them prefer online or offline? There has been a lack of theoretical development to adequately explain consumers' channel switching behavior between traditional physical stores and new virtual stores. Through consumers' purchase decision processes, this study examined the reasons why consumers changed channels depending on purchase process stages. Consumer's purchase decision process could be divided into three stages: pre-purchase stage, purchase stage, and post-purchase stage. We used the intention of channel selection as a surrogate dependent variable of channel selection. And some constructs, that is, channel function, channel benefits, customer relationship benefits, and perceived behavioral control, were selected as independent variables. In buying look-and-feel products, it was identified that consumers preferred virtual stores to physical stores at pre-purchase stage. To put it concretely, all constructs except channel benefits were more influenced to consumers at virtual stores. This result implied that information searching function, which is a main function at pre-purchase stage, was better supported by virtual stores than physical stores. In purchase stage, consumers preferred physical stores to virtual stores. Specially, all constructs influenced much more to consumers at physical stores. This result implied that although escrow service and trusted third parties were introduced, consumers felt that financial risk, performance risk, social risk, etc. still remained highly online. Finally, consumers did not prefer any channel at post-purchase stage. But three independent variables, i.e. channel function, channel benefits, and customer relationship benefits, were significantly preferred at physical stores rather than virtual stores at post-purchase stage. So we concluded that physical stores were a little more preferred to virtual stores at post-purchase stage. Through this study, it was identified that most consumers might switch channels according to purchase process stages. So, first of all, sales representatives should decide that what benefits should be given them through virtual stores at the pre-purchase stage and through physical stores at the purchase and post-purchase stages, and then devise collaborative channel strategies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.151-162
• /
• 2008

As the innovative internet technologies and multimedia are being rapidly developed, digital content is a remarkable new growth industry and supplied by various channel. For example, domestic sales volume in digital contents marked an annual increase of 14.7% since 2003. Against the merits of digital content distribution, Information reengineering aspects are getting more serious issues in these days such as infringement of copyright, flood of inappropriate content, invasion and infringement of privacy, etc. In this paper, we are making a suggestion of the TDCDA-Trusted Digital Content Distribution Architecture in order to solve above problems. TDCDA is provided to how well-define and design the trusted path in digital contents distribution in internet environments using a secure distribution mechanism, digital content integrity and copyright protection. Finally, we also proposed the TDCDA algorithm and applicable guidelines for feasible approach in real computing environment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.267-269
• /
• 2021

Trusted Execution Environment(TEE) is an execution environment provided by CPU hardware to gain guarantee that the execution context is as expected by the execution requester. Remote attestation of the execution context naturally arises from the concept of TEEs. Many implementations of TEEs use cryptographic remote attestation methods. Though the implementation of attestation may be simple, the implementation of verification may be very complex and heavy. By using a server delegating the verification process of attestation information, one may produce lightweight binaries that may verify peers and establish a secure channel with verified peers.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.3
• /
• pp.13-19
• /
• 2016

The PSK (Pre-shared Secret Key) based method is appropriate for the IoT environment consisting of lightweight devices since this method requires less computing time and energy than the method to configure the session key based on the public key algorithm. A fundamental prerequisite for the PSK based method is that PSK should have been configured between the communication entities safely in advance. However, in case of a small sensor or actuator, no input and output interface such as keyboard and monitor required for configuration exists, so it is more difficult to configure PSK for such lightweight devices safely in the IoT environment than the previous Internet devices. Especially, normal users lack expertise in security so they face difficulty in configuration. Therefore, the default value configured at the time of manufacturing at factories is used or the device installer configures PSK in most cases. In such case, it is a matter for consideration whether all installers and manufacturers can be trusted or not. In order to solve such problem, this paper proposes a secure bootstrapping scheme, which utilizes the NFC (Near Field Communication) as an OOB (Out-Of-Band) channel, for lightweight devices with limited resources.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.11 no.5
• /
• pp.507-513
• /
• 2018

Steganography is a technique that uses hidden messages to prevent anyone apart from knowing the existence of a secret message, except the sender and trusted recipients. This paper applies 24 bit color image as cover medium. And a 24-bit color image has three components corresponding to red, green and blue. This paper proposes an image steganography method that uses Triple-A algorithm to hide the secret (Hangul) message by arbitrarily selecting the number of LSB bits and the color channel to be used. This paper divides the secret character into the chosung, jungsung and jongsung, and applies crossover, encryption and arbitrary insertion positions to enhance robustness and confidentiality. Experimental results of the proposed method show that insertion capacity and correlation are excellent and acceptable image quality level. Also, considering the image quality, it was confirmed that the size of LSB should be less than 2.