Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
The KIPS Transactions:PartC
Journal Basic Information
Journal DOI :
Korea Information Processing Society
Editor in Chief :
Volume & Issues
Volume 10C, Issue 7 - Dec 2003
Volume 10C, Issue 6 - Oct 2003
Volume 10C, Issue 5 - Oct 2003
Volume 10C, Issue 4 - Aug 2003
Volume 10C, Issue 3 - Jun 2003
Volume 10C, Issue 2 - Apr 2003
Volume 10C, Issue 1 - Feb 2003
Volume 10, Issue 7 - 00 2003
Volume 10, Issue 5 - 00 2003
Volume 10, Issue 4 - 00 2003
Volume 10, Issue 3 - 00 2003
Volume 10, Issue 2 - 00 2003
Volume 10, Issue 1 - 00 2003
Selecting the target year
Alert Correlation Analysis based on Clustering Technique for IDS
Shin, Moon-Sun ; Moon, Ho-Sung ; Ryu, Keun-Ho ; Jang, Jong-Su ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 665~674
DOI : 10.3745/KIPSTC.2003.10C.6.665
In this paper, we propose an approach to correlate alerts using a clustering analysis of data mining techniques in order to support intrusion detection system. Intrusion detection techniques are still far from perfect. Current intrusion detection systems cannot fully detect novel attacks. However, intrucsion detection techniques are still far from perfect. Current intrusion detection systems cannot fully detect novel attacks or variations of known attacks without generating a large amount of false alerts. In addition, all the current intrusion detection systems focus on low-level attacks or anomalies. Consequently, the intrusion detection systems to underatand the intrusion behind the alerts and take appropriate actions. The clustering analysis groups data objects into clusters such that objects belonging to the same cluster are similar, while those belonging to different ones are dissimilar. As using clustering technique, we can analyze alert data efficiently and extract high-level knowledgy about attacks. Namely, it is possible to classify new type of alert as well as existed. And it helps to understand logical steps and strategies behind series of attacks using sequences of clusters, and can potentially be applied to predict attacks in progress.
Design and Implementation of Security Kernel Module with Additional Password for Enhancing Administrator Authentication
Kim, Ik-Su ; Kim, Myung-Ho ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 675~682
DOI : 10.3745/KIPSTC.2003.10C.6.675
Attackers collect vulnerabilities of a target computer system to intrude into it. And using several attack methods, they acquire root privilege. They steal and alter information in the computer system, or destroy the computer sysem. So far many intrusion detection systems and firewallshave been developed, but recently attackers go round these systems and intrude into a computer system . In this paper, we propose security kernel module to prevent attackers having acquired root privilege from doing illegal behaviors. It enhances administrator authentication with additional password, so prevents attackers from doing illegal behaviors such as modification of important files and installation of rootkits. It sends warning mail about sttacker's illegal behaviors to administrators by real time. So using information in the mail, they can estabilish new security policies.
X-tree Diff: An Efficient Change Detection Algorithm for Tree-structured Data
Lee, Suk-Kyoon ; Kim, Dong-Ah ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 683~694
DOI : 10.3745/KIPSTC.2003.10C.6.683
We present X-tree Diff, a change detection algorithm for tree-structured data. Our work is motivated by need to monitor massive volume of web documents and detect suspicious changes, called defacement attack on web sites. From this context, our algorithm should be very efficient in speed and use of memory space. X-tree Diff uses a special ordered labeled tree, X-tree, to represent XML/HTML documents. X-tree nodes have a special field, tMD, which stores a 128-bit hash value representing the structure and data of subtrees, so match identical subtrees form the old and new versions. During this process, X-tree Diff uses the Rule of Delaying Ambiguous Matchings, implying that it perform exact matching where a node in the old version has one-to one corrspondence with the corresponding node in the new, by delaying all the others. It drastically reduces the possibility of wrong matchings. X-tree Diff propagates such exact matchings upwards in Step 2, and obtain more matchings downwsards from roots in Step 3. In step 4, nodes to ve inserted or deleted are decided, We aldo show thst X-tree Diff runs on O(n), woere n is the number of noses in X-trees, in worst case as well as in average case, This result is even better than that of BULD Diff algorithm, which is O(n log(n)) in worst case, We experimented X-tree Diff on reat data, which are about 11,000 home pages from about 20 wev sites, instead of synthetic documets manipulated for experimented for ex[erimentation. Currently, X-treeDiff algorithm is being used in a commeercial hacking detection system, called the WIDS(Web-Document Intrusion Detection System), which is to find changes occured in registered websites, and report suspicious changes to users.
Design and Implementation of Mobile Security System for Digital contents Rights Protection in Wireless Internet Environment
Kim, Hoo-Jong ; Na, Seung-Won ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 695~704
DOI : 10.3745/KIPSTC.2003.10C.6.695
As wireless Internet speads widely, circulation of various types of digital contents become active. Therefore, it is necesary to make a mobile-based DRM (Digatal Rights Management) system to protect digital contents from illegal reproduction and to give proper rights to contents users, In this paper, we present a mibile security system, which protects the copyright for digital contents offered throughout the mobile environment. Our security system is focused on presenting mobile-based DRM architecture. Especially, considering mobile device's decrying power, we adopted partial encryption scheme. For this, wecompared and evaluated the performant of each contents encryption scheme (the entire encryption scheme and the partial encription scheme) and proved that a proper DRM system for current wireless devices is the partial encryption system. Our mobile DRM system can be very efficient to protect contents on the wireless Internet environment.
Hybrid Statistical Learning Model for Intrusion Detection of Networks
Jun, Sung-Hae ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 705~710
DOI : 10.3745/KIPSTC.2003.10C.6.705
Recently, most interchanges of information have been performed in the internet environments. So, the technuque, which is used as intrusion deleting tool for system protecting against attack, is very important. But, the skills of intrusion detection are newer and more delicate, we need preparations for defending from these attacks. Currently, lots of intrusion detection systemsmake the midel of intrusion detection rule using experienced data, based on this model they have the strategy of defence against attacks. This is not efficient for defense from new attack. In this paper, a new model of intrusion detection is proposed. This is hybrid statistical learning model using likelihood ratio test and statistical learning theory, then this model can detect a new attack as well as experienced attacks. This strategy performs intrusion detection according to make a model by finding abnomal attacks. Using KDD Cup-99 task data, we can know that the proposed model has a good result of intrusion detection.
An Internet Time Synchronization Model using Dynamic Linear Model
Yu, Dong-Hui ; Hwang, So-Young ; Kim, Yong-Ho ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 711~716
DOI : 10.3745/KIPSTC.2003.10C.6.711
We propose a new Interet time synchronization model using danamic linear model and introduce the characteristics of internet transmission delays. SNTP(Simple Network Time Protocol) has been widely used as a time synchronization method on the Internet. While SNTP provides a very simple usage, SNTP may not provide the stable services, since SNTP does not consider the several essential error factors. In order to overcome the instabitily of SNTP, we analyze the process of time estimation of SNTP and find the difference between forward transmission delay and backward transmission delay operates the main error on the estimation of an time offset.
Design and Implementation of the Intrusion Detection Pattern Algorithm Based on Data Mining
Lee, Sang-Hoon ; Soh, Jin ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 717~726
DOI : 10.3745/KIPSTC.2003.10C.6.717
In this paper, we analyze the associated rule based deductive algorithm which creates the rules automatically for intrusion detection from the vast packet data. Based on the result, we also suggest the deductive algorithm which creates the rules of intrusion pattern fast in order to apply the intrusion detection systems. The deductive algorithm proposed is designed suitable to the concept of clustering which classifies and deletes the large data. This algorithm has direct relation with the method of pattern generation and analyzing module of the intrusion detection system. This can also extend the appication range and increase the detection speed of exiting intrusion detection system as the rule database is constructed for the pattern management of the intrusion detection system. The proposed pattern generation technique of the deductive algorithm is used to the algorithm is used to the algorithm which can be changed by the supporting rate of the data created from the intrusion detection system. Fanally, we analyze the possibility of the speed improvement of the rule generation with the algorithm simulation.
Communication Models and Performance Evaluation for the Delivery of Data and Policy in a Hybrid-Type Intrusion Detection System
Jang, Jung-Sook ; Jeon, Yong-Hee ; Jang, Jong-Soo ; Sohn, Seung-Won ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 727~738
DOI : 10.3745/KIPSTC.2003.10C.6.727
Much research efforts are being exerted for the study of intrusion detection system(IDS). However little work has been for the communication medels and performance eveluation of the IDS. Here we present a communication framework for doing hybrid intrusion detection in which agents are used for local intrusion detections with a centralized data anaysis componenta for a global intrusion detection at multiple domains environment. We also assume the combination of host-based and network-based intrusion detection systems in the oberall framework. From the local domain, a set of information such as alert, and / or log data are reported to the upper level. At the root of the hierarchy, there is a global manager where data coalescing is performed. The global manager delivers a security policy to its lower levels as the result of aggregation and correlation of intrusion detection alerts. In this paper, we model the communication mechanisms for the hybrid IDS and develop a simular using OPNET modeller for the performance evaluation of transmission capabillities for the delivery of data and policy. We present and compare simulation results based on several scenarios focuding on communication delay.
Design of Privilege Delegation Mechanism using Proxy Certificate
Jin, Seung-Hun ; Cho, Sang-Rae ; Kim, Tae-Sung ; Ryou, Jae-Cheol ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 739~746
DOI : 10.3745/KIPSTC.2003.10C.6.739
In real life, we frequently use th proxy signatrue by delegating one's own privileges. It is necessary to distribute the data related to privilege delegation securely in order to use such a proxy signature in the Internet. However, inorder to use the secure proxy signature, we need to have some mechanism to prevent a proxy signer from misuse of privileges by applying proxy certificate and a privilege delegation mechanism to manage information with related to privilege delegarion. In addition, we have implemented the prototype to demonstrate the possible proxy signature service using proxy certificate.
Multi User-Authentication System using One Time-Pseudo Random Number and Personal DNA STR Information in RFID Smart Card
Sung, Soon-Hwa ; Kong, Eun-Bae ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 747~754
DOI : 10.3745/KIPSTC.2003.10C.6.747
Thia paper suggests a milti user-authentication system comprises that DNA biometric informatiom, owner's RFID(Radio Frequency Identification) smartcard of hardware token, and PKI digital signqture of software. This system improved items proposed in  as follows : this mechanism provides one RFID smartcard instead of two user-authentication smartcard(the biometric registered seal card and the DNA personal ID card), and solbers user information exposure as RFID of low proce when the card is lost. In addition, this can be perfect multi user-autentication system to enable identification even in cases such as identical twins, the DNA collected from the blood of patient who has undergone a medical procedure involving blood replacement and the DNA of the blood donor, mutation in the DNA base of cancer cells and other cells. Therefore, the proposed system is applied to terminal log-on with RFID smart card that stores accurate digital DNA biometric information instead of present biometric user-authentication system with the card is lost, which doesn't expose any personal DNA information. The security of PKI digital signature private key can be improved because secure pseudo random number generator can generate infinite one-time pseudo randon number corresponding to a user ID to keep private key of PKI digital signature securely whenever authenticated users access a system. Un addition, this user-authentication system can be used in credit card, resident card, passport, etc. acceletating the use of biometric RFID smart' card. The security of proposed system is shown by statistical anaysis.
Comparison and Analysis of Protocols for the Secure Binding Updates in MIPv6
Won, You-Seuk ; Cho, Kyung-San ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 755~762
DOI : 10.3745/KIPSTC.2003.10C.6.755
For the route optimization in the MIPv6, MN(Mobile Node) sends CN(Correspondent Node) a binding update message to notify the binding of is HoA(Home Address) with its new CoA(Care-of Address). However, unautenticated binding updates expose the involved MN and CM to various sucurity attacks. Thus, protecting the binding update process becomes of paramount importance in the MIPv6, and several secure binding update protocols, and the performance of packet exchanges and cryptographic operations. Then, we analyze the four typical binding update protocols based on the presented criterions. In addition, we propose some improvement tips for secure binding updates.
A S/KEY Based Secure Authentication Protocol Using Public Key Cryptography
You, Il-Sun ; Cho, Kyung-San ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 763~768
DOI : 10.3745/KIPSTC.2003.10C.6.763
In this paper, we propose a S/KEY based authentication protocol using smart cards to address the vulnerebilities of both the S/KEY authentication protocol and the secure one-time password protpcol which YEH, SHEN and HWANG proposed . Because out protpcel is based on public key, it can authenticate the server and distribute a session key without any pre-shared secret. Also, it can prevent off-line dictionary attacks by using the randomly generated user is stored in the users smart card. More importantly, it can truly achieve the strength of the S/KEY scheme that no secret information need be stored on the server.
A Study on Key Information Service Protocol for Secure XML Web Service
Park, Nam-Je ; Moon, Ki-Young ; Sohn, Sung-Won ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 769~778
DOI : 10.3745/KIPSTC.2003.10C.6.769
XKMS(XML Key Management Specification), one of XML Security specification, defines the protocol for distributing and registering public keys for verifying digital signatures and enciphering XML documents of web service applications with various and complicate functions. In this paper, we propose XML Key Information protocol service model and implements reference model of protocol component based on standard specification. Also describes the analysis and security method of Key Information Service(XKIS) for Secure XML Web Service,paying attention to the features of XML based security service. This protocol component supported includes public key location by given identifier information, the binding of such keys to edentifier information. This reference model offers the security construction guideline for future domestric e-Business Frameworks.
A Correction Security Framework for Reliable Internet Services
Lee, Seung-Min ; Nam, Taek-Yong ; Sohn, Sung-Won ; Han, Chi-Moon ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 779~786
DOI : 10.3745/KIPSTC.2003.10C.6.779
We propose a correction security framework as next generation security technology to provide secure and reliable Internet services. The framework guarantees durability of the services in spite of external attack, intrusion, vulnerability for fault tolerance, and network management technology that covers the set of techniques aimed at providing rapid service recovery. The improvement technology includes system itself improvement and synamic improvement preventing faults from being re-activated, in cooperation with other systems such as vulnerability anaysis system, NMS, ESM. It is expected that our framework will be applied to global networks as well as system alone, and be able to guarantee the network survivability and reliable Internet services.
Digital Signature Mechanism by Mobile Agent Security Model of Distributed Web Environment
Choi, Kil-Hwan ; Shin, Min-Hwa ; Bae, Sang-Hyun ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 787~792
DOI : 10.3745/KIPSTC.2003.10C.6.787
Telecommunication network are becomming bigger and more complex. Its difficult to manage efficiently the networks, because these networks usually have heterogeneous and inompatoble compinents. Nevertheless, current approaches to network management have focused on centralized managementstrategies based on client-server architecture. These approaches have resulted in much weakness in the real-time management, the service extensibility, and the network scalability. In thispaper, we applied the mobile agent technology to solve the above problems. Jave is a promising technology for developing mobile agent system. But, there are several problems like the service extensibility in using the Java. To solve these problems, a new approach using digital signature is suggested to authenticate mobile agent in network management environments. This approach can solve the conflict between security of the system and extensibility of the mobile code. Moreover, the system suggested in this paper show the decentralized and flexible network management solutions.
An Access Control using SPKI Certificate in Peer-to-Peer Environment
Shin, Jung-Hwa ; Lee, Young-Kyung ; Lee, Kyung-Hyune ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 793~798
DOI : 10.3745/KIPSTC.2003.10C.6.793
The P2P service is a technology that can share their information with each other who is able to be connected ith a relating program without passing by a server. Since all personal compiters that linked to the internet under the P2P service can opetate as server or a client, they can provide and share both their information and services through the direct connection. Currently, the P2P service is giving an equal privilege to all users for sharing their resources,.Under this situation, a lot of vulnerability against the various sttacks through the Unternet is possoble, more sophisticated security services are necessary. In this paper, We propose and access control schemae using SPKI(Simple Public Key Infrastructure). The scheme designates and access and acces control by providing the certificate to users who request a connection for resource sharing and limits the resource usage of information provider according to the access right that is given to their own rights.
A Study on Survivability of Node using Response Mechanism in Active Network Environment
Yang, Jin-Seok ; Lee, Ho-Jae ; Chang, Beom-Hwan ; Kim, Hyoun-Ku ; Han, Young-Ju ; Chung, Tai-Myoung ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 799~808
DOI : 10.3745/KIPSTC.2003.10C.6.799
Existing security solutions such as Firewell and IDS (Intrusion Detection System) have a trouble in getting accurate detection rate about new attack and can not block interior attack. That is, existing securuty solutions have various shortcomings. Shortcomings of these security solutions can be supplemented with mechanism which guarantees an availability of systems. The mechanism which guarantees the survivability of node is various, we approachintrusion telerance using real time response mechanism. The monitoring code monitors related resources of system for survivability of vulnerable systm continuously. When realted resources exceed threshold, monitoring and response code is deployed to run. These mechanism guarantees the availability of system. We propose control mathod about resource monitoring. The monitoring code operates with this method. The response code may be resident in active node for availability or execute a job when a request is occurred. We suggest the node survivability mechanism that integrates the intrusion tolerance mechanism that complements the problems of existing security solutions. The mechanism takes asvantage of the automated service distribution supported by Active Network infrastructure instead of passive solutions. The mechanism takes advantage of the automated service distribution supported by Active Network infrastructure instead of passive system reconfiguration and patch.
A Group Key Management for Real-Time Multicasting Information Security
Hong, Jong-Joon ; Hwang, Kyo-Chul ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 809~814
DOI : 10.3745/KIPSTC.2003.10C.6.809
The multicast transmitting the real-time data to groups may easily have many attacks from abnormal attacks because it has many links as compared to the unicast. The existing group key management architectures for preventing these problems are designed for protocols suitable for a large scale. Thus these architectures applied to a small scale routing protocols may have many overheads with key distribution and a constant core tree. Therefore this paper proposes a groups key management protocol for a secure multicast in PIM-SM multicast group communication. The proposed method divide multicast groups with RO(Rendezvous-Point), and subgroup key managers are established in each RP and can be transmitted groups keys between senders and receivers, so the security cannel is set up for secure data transfer, And this does not have needs of the data translation for group keys and the new key distribution for path change. As a result of this, the data transmission time can be reduced.
PRISM: A Preventive and Risk-reducing Integrated Security Management Model using Security Label
Kim, Dong-Soo ; Kim, Tae-Kyung ; Chung, Tai-Myoung ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 815~824
DOI : 10.3745/KIPSTC.2003.10C.6.815
Many organizations operate security systems and manage them using the intergrated secutity management (ISM) dechnology to secyre their network environment effectively. But current ISM is passive and behaves post-event manner. To reduce cost and resource for managing security and to remove possbility of succeeding in attacks by intruder, the perventive security management technology is required. In this paper, we propose PRISM model that performs preventative security management with evaluating the security level of host or network and the sensitivity level of information asset from potential risks before security incidents occur. The PRISM can give concrete and effective security management in managing the current complex networks.
Distributed Secure Mail System For Roaming User
Yang, Jong-Phil ; Sur, Chul ; Lee, Kyung-Hyune ;
The KIPS Transactions:PartC, volume 10C, issue 6, 2003, Pages 825~834
DOI : 10.3745/KIPSTC.2003.10C.6.825
In this paper, we propose a new certified e-mail system which reduces user's computational overhead and distributes confidentiality of TTP(Trusted Third Partty). Based on the traditional cryptographic schemes and server-supported signiture for fairness and confidentiality of message, we intend to minimize to computation overhead of mobile device on public key algorithm. Therefore, our proposal becomes to be suitable for mail user sho uses mobile devices such as cellular phone and PDA. Moreover, the proposed system is fault-tolerant, secure against mobile adversary and conspiracy attack, since it is based on the threshold cryptography on server-side.