Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
The KIPS Transactions:PartC
Journal Basic Information
Journal DOI :
Korea Information Processing Society
Editor in Chief :
Volume & Issues
Volume 8C, Issue 6 - Dec 2001
Volume 8C, Issue 5 - Oct 2001
Volume 8C, Issue 4 - Aug 2001
Volume 8C, Issue 3 - Jun 2001
Volume 8C, Issue 2 - Apr 2001
Volume 8C, Issue 1 - Feb 2001
Selecting the target year
Iris Pattern Recognition for Personal Identification and Authentication Algorithm
Go, Hyoun-Joo ; Lee, Sang-Won ; Chun, Myung-Geun ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 499~506
In this work, we present an iris pattern recognition method as a biometrically based technology for personal identification and authentication For this, we propose a new algorithm for extracting an unique feature from the iris of the human eye and representing this feature using the discrete Walsh-Hadamard transform. From the computational simplicity of the adopted transform, this can perform the personal identification and authentication in a fast manner to accomplish the information security.
The Decision Method of A Threshold in Sequence-based Anomaly Detection Sensor
Kim, Yong-Min ; Kim, Min-Su ; Kim, Hong-Geun ; No, Bong-Nam ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 507~516
In this paper, we implement sequence-based anomaly detection sensor using SOM and HMM, and analyze what is important information in system call and how a threshold is decided. The new filtering and reduction rules of SOM reduces the input size of HMM. This gives real-time processing to HMM-based anomaly detection sensor. Also, we introduced an anomaly count into the sensor. Due to lessened sensibility, a user easily understand easily the detection information and false-positive was decreased. And the active coordination of the threshold value makes the detection sensor adapt according to the system condition.
A Study on the Realtime Cert-Validation of Certification based on DARC
Jang, Heung-Jong ; Lee, Seong-Eun ; Lee, Jeong-Hyeon ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 517~524
There are cases that revoke the certification because of disclosure of private key, deprivation of qualification and the expiration of a term of validity based on PKI. So, a user have to confirm the public key whether valid or invalid in the certification. There are many method such as CRL, Delta-CRL, OCSP for the cert-validation of certification. But these method many problems which are overload traffic on network and the CRL server because of processing for cert-validation of certification. In this paper we proposed the realtime cert-validation of certification method which solved problems that are data integrity by different time between transmission and receiving for CRL, and overload traffic on network and the CRL server based on DARC.
QuadTree-Based Lossless Image Compression and Encryption for Real-Time Processing
Yoon, Jeong-Oh ; Sung, Woo-Seok ; Hwang, Chan-Sik ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 525~534
Generally, compression and encryption procedures are performed independently in lossless image compression and encryption. When compression is followed by encryption, the compressed-stream should have the property of randomness because its entropy is decreased during the compression. However, when full data is compressed using image compression methods and then encrypted by encryption algorithms, real-time processing is unrealistic due to the time delay involved. In this paper, we propose to combine compression and encryption to reduce the overall processing time. It is method decomposing gray-scale image by means of quadtree compression algorithms and encrypting the structural part. Moreover, the lossless compression ratio can be increased using a transform that provides an decorrelated image and homogeneous region, and the encryption security can be improved using a reconstruction of the unencrypted quadtree data at each level. We confirmed the increased compression ratio, improved encryption security, and real-time processing by using computer simulations.
An Integrated Authentication System for Mobile Codes
Bae, Seong-Hun ; Lee, Su-Hyeon ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 535~542
Mobile codes such as Java, Java-Script, ActiveX, and Script code are loaded into a client system first and then run without any notice to the client user. Executing code by this mechanism may cause various security problems such as flowing out system information, deleting or modifying files, and exhausting system resources. In this paper we propose an integrated authentication system to establish the uniform security countermeasure on various mobile codes. The system helps to solve to problems mentioned above. An integrated authentication system allows to load into an interpreter using ACL (Access Control List) which sets up an access authority to the executable contents and communicates with an interpreter using client/server model.
An Improved Detection System for the Network Vulnerability Scan Attacks
You, Il-Sun ; Cho, Kyung-San ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 543~550
In this paper, an improved detection system for the network vulnerability scan attacks is proposed. The proposed system improves the methodology for detecting the network vulnerability scan attacks and provides a global detection and response capability that can counter attacks occurring across an entire network enterprize. Through the simulation, we show that the proposed system can detect vulnerable port attacks, coordinated attacks, slow scans and slow coordinated attacks. We also show our system can achieve more global and hierarchical response to attacks through the correlation between server and agents than a stand-alone system can make.
Implementing the ESES for Secure Electronic Commerce Platform
Lee, Joo-Young ; Kim, Ju-Han ; Lee, Jae-Seung ; Moon, Ki-Young ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 551~556
The ESES system has been developed to supply a digital signature function, an encryption function, and a library of cryptographic primitives and algorithm for securing an XML document and the existing non-XML documents that are exchanged in the electronic commerce. In this paper, we will introduce the overview of ESES system and explain how the ESES processes to offer security services Finally we\`ll conclude our talk by presenting the summary and further works.
Secure User and Program Interface for SecuROS
Doo, So-Young ; Go, Jong-Guk ; Eun, Seong-Gyeong ; Kim, Jeong-Nyeo ; Gong, Eun-Bae ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 557~564
Many people use Linux and FreeBSD because it is freeware and excellent performance. The open source code is very important feature but it also has some problem which may be attacked by hackers frequently. This paper describes the SecuROS of secure operating system that is best solution to this problem and introduces user and programmer interface for active use of secure operating system. Developed secure operating system is composed of the access control method MAC and ACL and conforms to the POSIX which is universally used.
Design and Simulation of Policy Based Integrated Server System Capable to Provide Real-time Internet Security Service
Kim, Gi-Yeong ; An, Gae-Il ; Jang, Jong-Su ; Lee, Sang-Ho ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 565~572
Recently, due to the open architecture of the internet and wide spread of internet users, the cyber terror threatens to the network\`s weak point are tending grow. Until now, information security solutions are passive on security host and particular security system. This passive information security solution is weak from the attacks through the networks connected worldwide internet systems, and has limitation on the defense against cyber terror attacks. Therefore, network level integrated security function must be provided. In this paper, we consider technology limitations on the information security problems and its environment. Then we present the architecture and functions of policy-based information security services for network level active information security function. This paper also includes design of target system, which provide information security services. Finally, we discuss network level system deployment direction and discuss with Network Security Simulation.
Design and Analysis of Role-based Security Management Model for Policy-based Security Management in SNMPv3 Network
Ju, Gwang-Ro ; Lee, Hyeong-Ho ; No, Bong-Nam ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 573~584
Policy-Based Network Management (PBNM) architecture is to meet various needs of network users and to provide effective management facilities in distributed and large scale networks to network managers. In PBNM, network managers perform network management operations by stipulating a set of rules rather than control each network component. On the other hand, providing security services such as authentication, privacy of messages as well as a new flexible and extensible administration framework, SNMPv3 enables network managers to monitor and control the operation of network components more secure way than ever before. Despite of its enhanced security services, SNMPv3 has difficulties in managing distributed, large-scaled network because it does not provide centralized security management facilities. In this paper, we propose a new security model called Role-based Security Management model (RSM) with security management policy to support scalable and centralized security management for SNMP-based networks. Also, the structure and the operation of the security system as well as the efficiency analysis of RSM in terms of security management are also described.
Design and Implementation of a Web Security System using a Chaos Cipher Algorithm
Lee, Bong-Hwan ; Kim, Cheol-Min ; Yun, Dong-Won ; Chae, Yong-Ung ; Kim, Hyeon-Gon ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 585~596
In this paper, a new stream cipher algorithm based on the chaos theory is proposed and is applied to a Web security system. The Web security system is composed of three parts： certificate authority (CA), Web client, and Web server. The Web client and server system include a secure proxy client (SPC) and a secure management server (SMS), respectively, for data encryption and decryption between them. The certificate is implemented based on X.509 and the RSA public key algorithm is utilized for key creation and distribution to certify both the client and server. Once a connection is established between the client and server, outgoing and incoming data are encrypted and decrypted, respectively, using one of the three cipher algorithms： chaos, SEED, and DES. The proposed chaos algorithm outperforms the other two conventional algorithms in processing time and complexity. Thus, the developed Web security system can be widely used in electronic commerce (EC) and Internet banking.
Secure QoS Billing System Using Audit Trail Subsystem Design & Implementation
Park, U-Chul ; Kim, Jeong-Nyeo ; Lee, Byeong-Ho ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 597~606
In this paper, we propose the delay sensitive traffic and a high bandwidth QoS service in order to supply real-time traffic such as VoIP, multimedia service. We use IntServ over DiffServ network to supply end-to-end QoS service in the IETF. We define the proposed QoS services which are Best, Good, Default service. We analyze the performance using NS simulator with end to end QoS service in IntServ over DiffServ network. The proposed billing system uses the Accounting, Authentication, Authorization (AAA) functions of RADIUS protocol and proposes the dynamic pricing method according to network usage state using end-to-end QoS of IntServ over DiffServ network. In order to secure billing system, we design and implement audit trail system by the IEEE POSIX.1E standard.
A Study of Hierarchical Policy Model of Policy-based Integrated Security Management for managing Heterogeneous Security Systems
Lee, Dong-Yeong ; Kim, Dong-Su ; Jeong, Tae-Myeong ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 607~614
With a remarkable growth and expansion of Internet, the security issues emerged from intrusions and attacks such as computer viruses, denial of services and hackings to destroy information have been considered as serious threats for Internet and the private networks. To protect networks from those attacks, many vendors have developed various security systems such as firewalls, intrusion detection systems, and access control systems. However, managing those systems individually requires too much work and high cost. Thus, in order to manage integrated security management and establish consistent security management for various security products, the policy model of PN-ISMS (Policy Based Integrated Security Management System) has become very important. In this paper, present the hierarchical policy model which explore the refinement of high-level/conceptual policies into a number of more specific policies to form a policy hierarchy. A formal method of policy description was used as the basis of the mode in order to achieve precision and generality. Z-Notation was chosen for this propose. The Z-Notation is mathematical notation for expressing and communicating the specifications of computer programs. Z uses conventional notations of logic and set theory organized into expressions called schemas.
A Study on Valuation of Security Property in Electronic Commerce
Kim, Min-Cheol ; Noh, Kyoo-Sung ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 615~620
This paper is a study on the model that measures economic values for the non-market properties of Electronic Commerce(EC). For development of this model, first of all, we reviewed the properties of EC service, and looked around the relation between customer satisfaction and/or payment value and EC properties. In addition, we checked the method to measure economic values of these properties. This measurement method is the contingent valuation method which is a method of measuring the value of the environmental product. We modified it to adapt to the EC. Finally, in this paper, we proposed an economic value model which measures the value of willingness to pay(WTP) to our objectives. However, there could be some restrictions at the time when surveying empirically. Therefore, the succeeding study should be done in order to improve these restrictions some day.
Analysis Using Petri Nets for SKP-based SET Protocol
Song, Yu-Jin ; Seo, Mi-Gyeong ; Lee, Jong-Geun ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 621~628
SET is one of the useful protocol for credit payment in the Electronic market. Since, the delivery problem is conformed to delivery cooperation not payment problem, the classic SET protocol didn\`t consider about the certification of delivery. But the environment of electronic market be changed to manage the sold, delivery and payment etc.. In this paper, based on this consider, we propose a new SET protocol which has an function to verify the delivery based on SKP and verify it after analyzed by Petri nets. Specially, we consider SKP between Customer, Merchant, and Acquirer for improve the verify function.
A Study of Efficient Algorithm for Survivable Network Design with Conduit
Kang, Hyo-Kwan ; Han, Chi-Geun ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 629~636
Network is changed from voice-based network into multimedia-based network by development of communication technology and multimedia service. We need a large bandwidth for multimedia service. The optical fiber is a more suitable medium than existing copper-based cable for large bandwidth. But, it is so expensive than copper-based cable. So, Minimizing total cost becomes a more important concept. In order to construct a minimum cost network, we have to consider existing conduits in network. On the other hand, optical fiber network allows that larger amount of traffic can be transmitted than copper-based network does. However, a failure of a node or link can make a serious damage to the network service. Thus, we have to get multiple paths to support continuous service even if a loss of failure occurs in some point of the network. The network survivability problem is to design the network that can provide reliable service to customers anytime with minimum total cost. In an existing solution of the network survivability problem with conduits, a conduit is considered only one time. But, the conduit is reusable if the network satisfies the required survivability. Proposed algorithm can more effectively considered already existed conduit. Network survivability and edge cost is predetermined. The proposed algorithm finds the best solution by conduit sharing within the limits of network survivability. According to the simulation result, the proposed method can decrease 7% of total cost than an existing method by effective conduits adaption.
The Regional transferring Model for Multicasting Service based on IP
Jang, Kyung-Sung ; Kim, Byung-Ki ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 637~646
The multicasting telecommunication is an important research as an applicable technique in the development of adaptable technique for modern mobile computing and mobile IP, because that is supposed to be a solution for transferring the large-size information on the mobile and wireless network with the narrow bandwidth. This paper will suggest one solution for the bidirectional tunneling and the local re-registration problems to support transferring mobile multicasting datagram by the partitioned network. The bidirectional tunneling technique is in use for mobile host moving around in a region and the local re-registration technique for crossing regions to reduce traffic load caused by transferring datagram along a long distance, and we compare those models with our suggested model by simulation.
A Selective Layer Discard Algorithm for Stored Video Delivery over Resource Constrained Networks
No, Ji-Won ; Lee, Mi-Jeong ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 647~656
Video delivery from a server to a client across a network system is an important part of many multimedia applications. Usually, the network system has constraint in both the amount of network bandwidth and the buffer size in the client. While delivering a video stream across such a constrained network system, loss of frames may be unavoidable. The system resources consumed by the dropped frames are wasted, and the losses of frames would result in discontinuous display at the client. In this paper, for delivering hierarchically encoded video stream, we introduce the notion of selective layer discard algorithm at the server which not only preemptively discards data at the server but also drops less important part of a frame instead of the entire frame. By the simulation, we compare the proposed selective layer discard algorithm and the existing selective frame discard algorithm. The simulation results show that the proposed algorithm may improve the quality of decoded video, and decrease the replay discontinuity at the client.
Design and Implementation of Web based Voice Traffic Management System using CDR
Kim, Eun-Seong ; An, Seong-Jin ; Jeong, Jin-Uk ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 657~666
In this paper, it is proposed the management items for voice traffic using CDRs so that global carriers can treat and manage the voice traffic for a customer, and defined computational expressions to produce the management items. From them, we have designed the management system, which is composed of web interface module, analysis module, data collection module and database management module, and have improved the availability and convenience of the system using web technologies. In addition, we have tested these items using CDRs in real environments that are collected by the global carrier in order to verify their validity. It is expected that the proposed web based voice traffic management system provide a global carrier with network information collection, fault detection/trouble-shooting and high quality of service through analyzing the characteristics of subscribers.
The QoS Guarantees of Multimedia Traffic using MIP-DUDN with RSVP in Mobile Computing Environments
Han, Seung-Jin ; Lee, Jeong-Hyeon ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 667~676
We have solved a problem occurring in case that RSVP is applied to existing wired network in order to guarantee a QoS of multimedia traffic in mobile computing environment in this paper. If MN moves to another area when Mobile IP is applied to RSVP, HA makes new tunnel to FA because SESSION ID of MN is changed. However, we suggest MIP-DUDN method, which applied RSVP. Although MN moves to another area in this method, it does not make new tunnel because it eliminates the problem of existing Triangle Routing Problem. We design the new protocol of RMIP-DUDN and compare with the method of existing Mobile IP applied to RSVP.
Dynamic Paging and Location Management Algorithm for Reducing Location Update Overhead in A Microcell Environment
Jang, Young-Sang ; Oh, Sam-Kwon ; Lee, Sung-Yooung ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 677~682
In a microcell environment having frequent inter-cell movement of a subscriber, the amount of signalling traffic rapidly increases due to the treatment of location update and other necessary actions. As a way to reduce such an overhead, this paper presents an algorithm that dynamically allocates subscribers paging and location areas each of which has a different size and shape, depending on the characteristics of subscriber mobility. Mathematical analysis results show that this algorithm allows reduced area management cost, compared to conventional algorithms.
Design and implementation of an integrated network management agent
Park, Sang-Cheol ; Kim, Tae-Su ; Lee, Gwang-Hwi ;
The KIPS Transactions:PartC, volume 8C, issue 5, 2001, Pages 683~692
In this paper, an integrated network management agent has been proposed and implemented to support different network management protocols, SNMP (Simple Network Management Protocol) for Internet and CMIP (Common Management Information Protocol) for OSI networks. We used MOVI (Managed Object View Interface) concept to integrate the different network management systems. We reviewed three models to design the integrated network management agent and then selected a suitable model among them. The logical structure of an agent, the implementation method and the operation of each module have been shown in this paper. The osimis and ucd-snmp network management system have been used as the reference systems for implementing our system. The integrated network management agent can support the internetworking between Internet and OSI networks in the aspect of network management. Using MOVI concept, if a new management system is introduced, internetworking with this can be achieved by adding the new interface on the view interface of managed object.