Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
The KIPS Transactions:PartC
Journal Basic Information
Journal DOI :
Korea Information Processing Society
Editor in Chief :
Volume & Issues
Volume 12C, Issue 7 - Dec 2005
Volume 12C, Issue 6 - Oct 2005
Volume 12C, Issue 5 - Oct 2005
Volume 12C, Issue 4 - Aug 2005
Volume 12C, Issue 3 - Jun 2005
Volume 12C, Issue 2 - Apr 2005
Volume 12C, Issue 1 - Feb 2005
Selecting the target year
An Efficient Variant of Self-Healing Group Key Distribution Scheme with Revocation Capability
Kang Ju-Sung ; Hong Dowon ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 941~948
DOI : 10.3745/KIPSTC.2005.12C.7.941
Pairwise Key Agreement Protocols Using Randomness Re-use Technique
Jeong, Ik-Rae ; Lee, Dong-Hoon ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 949~958
DOI : 10.3745/KIPSTC.2005.12C.7.949
In the paper we study key agreement schemes when a party needs to establish a session key with each of several parties, thus having multiple session keys. This situation can be represented by a graph, tailed a key graph, where a vertex represents a party and an edge represents a relation between two parties sharing a session key. graphs to establish all session keys corresponding to all edges in a key graph simultaneously in a single session. A key agreement protocol of a key graph is a natural extension of a two-party key agreement protocol. We propose a new key exchange model for key graphs which is an extension of a two-party key exchange model. using the so-called randomness re-use technique which re-uses random values to make session keys for different sessions, we suggest two efficient key agreement protocols for key graphs based on the decisional Diffie-Hellman assumption, and prove their securities in the key exchange model of key graphs. Our first scheme requires only a single round and provides key independence. Our second scheme requires two rounds and provides forward secrecy. Both are proven secure In the standard model. The suggested protocols are the first pairwise key agreement protocols and more efficient than a simple scheme which uses a two-party key exchange for each necessary key. Suppose that a user makes a session key with n other users, respectively. The simple scheme's computational cost and the length of the transmitted messages are increased by a factor of n. The suggested protocols's computational cost also depends on n, but the length of the transmitted messages are constant.
Enhanced ID-based Authentication Scheme using Smartcards and Fingerprints
Jeon Il-Soo ; Kim Hyun-Sung ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 959~964
DOI : 10.3745/KIPSTC.2005.12C.7.959
Recently, Kim et al. proposed ID-based authentication schemes using smartcards and fingerprints. However, Scott showed that they were vulnerable to the passive eavesdropping attack. Thereby, this paper proposes an enhanced ID-based authentication scheme to solve the problems in Kin et al. scheme. Especially, the proposed scheme solves the ID repairability problem commonly shared in the previous ID based Cryptosystems. The proposed ID-based authentication scheme supports the advantages in the previous ID-based authentication scheme and solves the problems in them effectively.
An Architecture for Securing Digital Documents Using Radio Frequency Identification(RFID)
Choi, Jae-Hyun ; Lee, Woo-Jin ; Chon, Ki-Won ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 965~972
DOI : 10.3745/KIPSTC.2005.12C.7.965
Digital documents have become the mainstay of the paperless office. This is due to the increased usage of computer networks and the widespread digital culture. Along with the increased usage of digital documents comes the problem of securing them. The documents nay have very important information such as confidential business policies and intellectual Property statements. Generally, most of users protect them by using a password or secured flash memory or security software, but it has several weaknesses. Accordingly, we propose a new architecture for securing digital documents. The proposed architecture bases on RFID and several encrypting techniques. It makes up for the weakness of traditional securing architectures, and supports various Policies for digital documents of users.
Design of User Authentication and DRM Security System Using Security Agent
Kim Jung-Jae ; Lee Kyung-Seog ; Jun Moon-Seog ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 973~980
DOI : 10.3745/KIPSTC.2005.12C.7.973
This paper proposes the more various key generation algorithms than existing method and the DRM encryption system supporting the higher security than the existing systems which do not store a symmetric key made by the key generation algorithm in a server. Also, we propose a client security agent system which decrypts a data by analogized key. We designed and implemented the proposed system And, we tested the video data files with the various sizes to evaluate the performance of our system Our experiment results show that the delay time which includes an encryption and decryption time was significantly reduced through our proposed scheme.
Master Integrity Principle for Effective Management of Role Hierarchy
Oh Se-Jong ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 981~988
DOI : 10.3745/KIPSTC.2005.12C.7.981
Administrative Role-Based Access Control(ARBAC) is a typical model for decentralized authority management by plural security administrators. They have their work range on the role hierarchy. A problem is that legal modification of role hierarch may induce unexpected side effect. Role-Role Assignment 97(RRA97) model introduced some complex integrity principles to prevent the unexpected side effect based on geometric approach. We introduce simple and new one integrity principle based on simple set theory. It is simple and intuitive. It can substitute for all integrity principles of RRA97 model.
A Study on the Modeling Mechanism for Security Risk Analysis in Information Systems
Kim Injung ; Lee Younggyo ; Chung Yoonjung ; Won Dongho ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 989~998
DOI : 10.3745/KIPSTC.2005.12C.7.989
Information systems are today becoming larger and mostly broadband-networked. This exposes them at a higher risk of intrusions and hacking than ever before. Of the technologies developed to meet information system security needs, risk analysis is currently one of the most actively researched areas. Meanwhile, due to the extreme diversity of assets and complexity of network structure, there is a limit to the level of accuracy which can be achieved by an analysis tool in the assessment of risk run by an information system. Also, the results of a risk assessment are most oftennot up-to-date due to the changing nature of security threats. By the time an evaluation and associated set of solutions are ready, the nature and level of vulnerabilities and threats have evolved and increased, making them obsolete. Accordingly, what is needed is a risk analysis tool capable of assessing threats and propagation of damage, at the same time as security solutions are being identified. To do that, the information system must be simplified, and intrusion data must be diagrammed using a modeling technique this paper, we propose a modeling technique information systems to enable security risk analysis, using SPICE and Petri-net, and conduct simulations of risk analysis on a number of case studies.
Efficient Techniques to Secure User Data in the Secure OS for a Multi-user Environment
Ahn, Sun-Il ; Han, Sang-Yong ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 999~1006
DOI : 10.3745/KIPSTC.2005.12C.7.999
The Secure OS is an operating system which adds security functions to the existing operating system, in order to secure a system from sorority problems originated from inherent frailty of applications or operating systems. With the existing Secure Oses for it is difficult to set an effective security policy securing personal resources in a multi-user environment system. To solve this problem in this paper we present two Techniques to secure user data efficiently in the RBAC-based Secure OS for a multi-user environment. Firstly we utilizes object's owner information in addition to object's filename. Secondly we make use of meta symbol('
'), which is able to describe multiple access targets. In addition this paper gives some examples to show advantages from these techniques. And these features are implemented in an solaris-based Secure OS called Secusys.
Selection of Detection Measures using Relative Entropy based on Network Connections
Mun Gil-Jong ; Kim Yong-Min ; Kim Dongkook ; Noh Bong-Nam ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 1007~1014
DOI : 10.3745/KIPSTC.2005.12C.7.1007
A generation of rules or patterns for detecting attacks from network is very difficult. Detection rules and patterns are usually generated by Expert's experiences that consume many man-power, management expense, time and so on. This paper proposes statistical methods that effectively detect intrusion and attacks without expert's experiences. The methods are to select useful measures in measures of network connection(session) and to detect attacks. We extracted the network session data of normal and each attack, and selected useful measures for detecting attacks using relative entropy. And we made probability patterns, and detected attacks using likelihood ratio testing. The detecting method controled detection rate and false positive rate using threshold. We evaluated the performance of the proposed method using KDD CUP 99 Data set. This paper shows the results that are to compare the proposed method and detection rules of decision tree algorithm. So we can know that the proposed methods are useful for detecting Intrusion and attacks.
A Specification for Restricted Delegation to suitable on Distributed Computing
Eun Seung-Hee ; Kim Yong-Min ; Noh Bong-Nam ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 1015~1024
DOI : 10.3745/KIPSTC.2005.12C.7.1015
A delegation of privileges is one of important processes that empower authority to relevant node to process job that user wants in large-stale distributed environment such as Grid Computing. However, existing delegation methods do not give suitable privilege about Job, and do not atomize range of delegation and exists delegation of access privilege for only resources itself that is not delegation about executing process of job itself. Also, they do not apply about process that needs delegation before and after. execution of job such as reservation of system resources or host access before and after execution. Therefore, this paper proposes a method and specification for restricted delegation in distributed environment. Proposed method separates delegation for job side and privilege side, and express specification and procedure of delegation using XML schema and UML and present restricted delegation scenario in distributed computing environment.
Performance Analysis of Transmit Weights Optimization for Cooperative Communications in Wireless Networks
Kong, Hyung-Yun ; Ho, Van Khuong ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 1025~1030
DOI : 10.3745/KIPSTC.2005.12C.7.1025
Cooperative communications among users in multiple access wireless environments is an efficient way to obtain the powerful benefits of multi-antenna systems without the demand for physical arrays. This paper proposes a solution to optimize the weights of partnering users' signals for the minimum error probability at the output of maximum likelihood (ML) detector under the transmit power constraints by taking advantage of channel state information (CSI) feedback from the receiver to the transmitter. Simulation programs are also established to evaluate the performance of the system under flat Rayleigh fading channel plus AWGN (Additive White Gaussian Noise).
Interconnection Scheme for Multiple Path Source Routing Protocol for Wireless Mobile Ad-hoc Network and Mobile-IP
Kim, Moon-Jeong ; Eom, Young-Ik ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 1031~1038
DOI : 10.3745/KIPSTC.2005.12C.7.1031
As the research on home network technologies, sensor network technologies, and ubiquitous network technologies makes rapid progresses, wireless ad-hoc network have attracted a lot of attention. A wireless ad-hoc network is a temporary network formed by a collection of wireless mobile nodes without the aid of my existing network infrastructure or centralized administration, and it is suitable for ubiquitous computing environments. In this paper, we suggest an interconnection scheme between the wireless ad-hoc network environment based on multiple path source routing protocol and a Mobile-IP based network environment. This scheme reduces the overhead of route re-establishment and re-registration by maintaining multiple paths between the mobile host in wireless ad-hoc network and the base station in mobile-IP network. Also it puts the base station in charge of function that performs translation between wireless ad-hoc network packets and Mobile-IP packets, reducing the load of mobile hosts. In this paper, our simulations show that our scheme outperforms existing interconnecting schemes with regards to throughput and end-to-end delay Also we show that our scheme outperforms multi-paths approach using disjoint routes with regards to routing overhead.
An Effective Solution to Overcome the Restriction of SACK Blocks' Number in TCP SACK
Lin, Cui ; Hong, Choong-Seon ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 1039~1046
DOI : 10.3745/KIPSTC.2005.12C.7.1039
TCP SACK is the unique mechanism to reflect the situation of sink's sequence space, some TCP variants and proposals can perform in conjunction with SACK mechanism for achieving optimal performance. By definition of RFC 2018, however, each contiguous block of data queued at the data receiver is defined in the SACK option by two 32-bit unsigned integers in network byte order. Since TCP Options field has a 40-byte maximum length, when error bursts now, we note that the available option space may not be sufficient to report all blocks present in the receiver's queue and lead to unnecessarily force the TCP sender to retransmit Packets that have actually been received by TCP sink. For overcoming this restriction, in this thesis, a new solution named 'one-byte offset based SACK mechanism' is designed to further improve the performance or TCP SACK and prevent those unwanted retransmissions. The results or both theory analysis and simulation also show that his proposed scheme operates simply and more effectively than the other existing schemes by means of the least bytes and most robust mechanism to the high packet error rates often seen in networks environment.
A Scheme for Return Channel Utilization for Efficient Download of Data Broadcasting Applications
Kang Seung-Mi ; Sun Seungsang ; Eom Young Ik ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 1047~1056
DOI : 10.3745/KIPSTC.2005.12C.7.1047
The existing data broadcasting system has the mechanism that the receiving device should download repetitively the entire broadcasting application data until it acquires the whole of the application data. This mechanism takes long time for the download. To solve this problem this paper proposes a scheme that the device effectively downloads the missing parts of broadcasting application data through the return channel and shows the performance evaluations of the proposed scheme with respect to the experiment.
Extending a WebDAV Protocol to Efficiently Support the Management of User Properties
Jung Hye-Young ; Kim Dong-Ho ; Ahn Geon-Tae ; Lee Myung-Joon ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 1057~1066
DOI : 10.3745/KIPSTC.2005.12C.7.1057
WebDAV(Web-based Distributed Authoring and Versioning), a protocol which supports web-based distributed authoring and versioning, provides a standard infrastructure for asynchronous collaboration on various contents through the Internet. A WebDAV property management is a function to set and manage the main information of the resources as properties, and a user property, one kind of the WebDAV properties, has the ability to be freely defined by users. This free definition of user property makes it very useful to develop web-based applications like a collaboration system based on WebDAV However, with an existing WebDAV property management scheme, there is a limit to develop various applications. This paper describes a DavUP(WebDAV User property design Protocol) protocol which extended the original WebDAV and its uti-lization which efficiently supports management of WebDAV user properties. DavUP needs the definition of the collection structure and type definition properties for an application. To do this, we added a new header md appropriated WebDAV method functions to the WebDAV protocol. To show the usefulness of DavUP protocols, we extended our DAVinci WebDAV server to support DavUP Protocols and experimentally implemented a general Open Workspace, which provides effective functions to share and exchange open data among general users, on the DAVinci.
Application of Korean Alphabet Domain-Names for Convenient Information Access in a Ubiquitous Information Network
Kim, Yung-Bok ;
The KIPS Transactions:PartC, volume 12C, issue 7, 2005, Pages 1067~1074
DOI : 10.3745/KIPSTC.2005.12C.7.1067
The mobile user interface becomes important to access information fast and conveniently, especially in the ubiquitous computing environment. Among many new services in the mobile computing environment, ubiquitous information networking service was studied using korean alphabet (consonant or vowel) domain-names including Korean single-character domain-names. Instead of handling long English/Korean URL-strings, as convenient user interface for information access, the Korean single-character/alphabet domain names are more convenient than long URL strings to retrieve information and to send information in the wired Internet as well as in the mobile Internet. We studied the convenience of Korean alphabet domain names with PCs as well as with mobile phones. We introduce the Implementation and the application of ubiquitous information portal, which has the functionality of Text to Speech (TTS) and is accessible with Korean single - character/alphabet domain - names.