RFID 기반 물류정보 공유를 위한 인증 모델

김희열(Heeyoul Kim),김남기(Namgi Kim),김광훈(Kwang-Hoon Kim),방효찬(Hyo-Chan Bang),김선진(Sun-Jin Kim) 한국정보기술학회 2011 한국정보기술학회논문지 Vol.9 No.3

An authentication model for sharing logistic information based on RFID system is presented. Logistic systems where many companies collaborate with each other require an authentication model providing that only authenticated entities can share logistic information securely. The presented model applies federated identity technology in consideration of such environment. Each entity is only authenticated in its own domain, and then it can access logistic information in other domains. Based on the presented model, an authentication system is implemented preventing leakage of logistic information.

접근 제어를 위한 반응적 방식의 그룹키 관리 기법

김희열(Heeyoul Kim),이윤호(Younho Lee),박용수(Yongsu Park),윤현수(Hyunsoo Yoon) 한국정보과학회 2007 정보과학회논문지 : 시스템 및 이론 Vol.34 No.11·12

다양한 종류의 데이타 스트림과 다양한 권한을 가지는 사용자들을 위한 그룹 통신을 위해서는 접근 제어(access control)가 필수적이다. 동일한 접근 권한을 가지는 그룹 멤버들은 하나의 클래스에 속하게 되며, 이러한 클래스들은 주어진 접근 관계를 표현한 하나의 계층을 구성한다. 그리고 각 클래스에는 하나의 비밀키가 할당된다. 기존의 기법들에서는 계층으로부터 하나의 논리적 키 트리를 생성하고 각 사용자는 항상 자신이 접근할 수 있는 모든 클래스의 키를 관리하는 방식, 즉 선행적(proactive)인 방식이었다. 하지만, 계층의 규모가 큰 경우에 사용자가 키를 저장하기 위한 공간이 늘어나고 키 갱신을 위한 메시지 또한 커진다는 단점을 가진다. 그리고 대부분의 경우 사용자는 극히 일부의 스트림만을 동시에 접근하게 되며, 이를 위해 모든 키를 지속적으로 갱신하는 것은 낭비가 된다. 본 논문에서는 이를 고려한 반응적 (reactive)인 방식의 키 관리 기법을 제안한다. 각 사용자는 자신이 속한 서브그룹의 키만을 관리하며 다른 키가 필요한 경우에만 자신의 키와 공개 파라미터를 이용해서 해당 키를 추출하게 된다. 이로 인해 키갱신을 위한 비용이 줄어들게 되고, 특히 접근 관계가 복잡하고 규모가 큰 그룹에 대해 좋은 성능을 가진다. 그리고 접근 관계가 변하는 경우, 이를 쉽게 반영할 수 있다는 장점을 가진다. In the group communication which has multiple data streams and various access privileges, it is necessary to provide group access control. The group members having the same access privilege are classified into one class, and the classes form a hierarchy based on the access relations. Then each class is assigned to a secret key. In the previous schemes, a single logical key graph is constructed from the hierarchy and each member always holds all secret keys of the classes he can access in the proactive manner. Thus, higher-privileged members hold more keys then lowerprivileged members. However, if the hierarchy is large, each member manages too many keys and the size of multicast message in rekeying increases in proportion to the size of the hierarchy. Moreover, most of the members access a small portion of multiple data streams simultaneously. Therefore, it is redundant to receive rekeying message and update the keys in which he is not currently interested. In this paper, we present a new key management scheme that takes a reactive approach in which each member obtains the key of a data stream only when he wants to access the stream. Each member holds and updates only the key of the class he belongs. If he wants to get the key of other class, he derives it from his key and the public parameter. Proposed scheme considerably reduces the costs for rekeying, especially in the group where access relations are very complex and the hierarchy is large. Moreover, the scheme has another advantage that it easily reflects the change of access relations.

블록체인 플랫폼의 보안 위협과 대응 방안 분석

김희열(Heeyoul Kim) 한국정보기술학회 2018 한국정보기술학회논문지 Vol.16 No.5

The blockchain technology is attracting attention as a core technology of the 4<SUP>th</SUP> industrial revolution, and it provides trustworthiness and high availability through a decentralized structure without a centralized trusted third party and a distributed ledger based on participants’ consensus. Various attempts are being made to apply blockchain in logistics, medical, and public sector as well as cryptocurrency and finance. However, in order to meet the expectation, it is necessary to develop the core technology, especially in the security area. In this paper, we analyze blockchain technology and representative blockchain platforms, and discuss current levels and problems. Especially, we analyze various security threats and propose corresponding countermeasures to solve them.

Java에서의 타원곡선 암호 시스템의 설계 및 구현

김희열(Heeyoul Kim),이윤호(Youn-Ho Lee),정병천(Byung-Chun Chung),이재원(Jaewon Lee),하영국(Young-Guk Ha),윤현수(Hyunsoo Yoon) 한국통신학회 2001 한국통신학회 학술대회 및 강연회 Vol.2001 No.4

홈 네트워크 환경을 위한 안전하고 유연한 DRM 시스템

김희열(Heeyoul Kim) 한국정보기술학회 2010 한국정보기술학회논문지 Vol.8 No.5

A secure and flexible Digital Rights Management system based on right delegation for home networks is presented. In the proposed system, the central authority delegates its authorization right to the local manager in a home network by issuing a proxy certificate, and the local manager flexibly controls the access rights of home devices on digital contents with its proxy certificate. Furthermore, the proposed system provides a temporary accessing facility for external devices and achieves strong privacy for home devices. Also a prototype based on the presented system was implemented to show that it works properly.

부분 집합 차를 이용한 안전한 그룹 통신

김희열(Heeyoul Kim),이윤호(Yun-ho Lee),정병천(Byungchun Chung),이재원(Jaewon Lee),윤현수(Hyunsoo Yoon),조정완(Jung-wan Cho) 한국정보과학회 2003 한국정보과학회 학술발표논문집 Vol.30 No.1A

그룹 통신을 이용한 어플리케이션이 증가함에 따라 안전하면서도 효율적인 그룹 통신에 관한 요구가 높아지고 있다. 이를 위해서는 안전한 데이터 통신, 그룹 멤버 관리, 그리고 확장성이 요구되며, 특히 빈번한 멤버의 가입/탈퇴시에 효율적으로 키를 갱신하는 수단이 필요하다. 제안된 시스템에서는 대칭키 암호화 알고리즘을 통해 안전성을 획득하며, 부분집합 차를 이용해서 키 갱신을 수행하기 때문에 요구되는 메시지의 횟수를 감소시켰다. 기존 방법에서는 키 갱신을 위해 O(logn)번의 멀티캐스트가 요구되었지만, 제안된 시스템에서는 오직 한 번의 멀티캐스트만이 요구된다. 또한 제안된 시스템은 큰 정수의 인수분해 문제의 어려움에 기반하기 때문에, 안전성을 보장받을 수 있다.

모바일 환경을 위한 프라이버시 보안 기술

김희열(Heeyoul Kim) 한국정보기술학회 2017 한국정보기술학회논문지 Vol.15 No.11

Recently various mobile devices have been utilized actively and they provide new experiences to users. However, there are concerns regarding the invasion of users’ privacy in mobile environments, and the risk is very high due to the high portability and the continuous usage of mobile devices and the complexity of mobile ecosystem. This kind of concerns should be resolved in order to expand and improve the mobile market. In this paper, major security threats against mobile privacy, previous security policies, and current mobile security techniques are analyzed. Moreover, we present a mobile privacy protection system which enables mobile users to configure their privacy policy flexibly and enforces the policy.

물류정보 공유 시스템을 위한 보안모델 연구

김희열(Heeyoul Kim) 한국정보기술학회 2014 한국정보기술학회논문지 Vol.12 No.4

The interest about logistics information sharing system has been increased with expanding logistics area. There has been many researches on information sharing and synchronization, however researches on security of shared information and system itself are not enough. In this paper, a structured and fine-grained security model for logistics information sharing systems is presented. We first choose proper security goals, then analyze threats to the goals with STRIDE threat modeling. The proposed security model establishes security policies with applying various security techniques to enforce the policies. We also show that the proposed model satisfies the security goals above and solves almost threats.

다중 도메인간 정보 공유를 위한 아이디 연계 시스템 구현

김선필(Seon-Phil Kim),김희열(Heeyoul Kim),김남기(Namgi Kim) 한국정보기술학회 2011 한국정보기술학회논문지 Vol.9 No.12

The extranet is an interconnected intranets for sharing information among collaborative companies and it is definitely required the authentication about other intranet users. However, there is a mutual authentication problem because an intranet involved in the extranet has an independent security level and authentication model. Therefore, in this paper, we implement an identity federation system for sharing information with considering the multi-domain such as an extranet. This system based on the identity federation technology has a strength that it can be coupled with an authentication model in the individual domain. As well as supports mutual authentication among multi-domains without duplicated authentication process.

안드로이드 플랫폼을 위한 사용자 중심 접근 제어

김동민(Dongmin Kim),김희열(Heeyoul Kim) 한국정보기술학회 2015 한국정보기술학회논문지 Vol.13 No.5

Several vulnerabilities on permission model for Android platform, one of major mobile platforms, have been found. Some approaches have been proposed to improve security against these vulnerabilities, and these control each permission separately at the application level. However it is too complex to manage many applications and it cannot control cooperative attacks. In this paper we present a user-centric access control system where the user establishes security policies and they are applied to the whole system instead of a specific application. Moreover we validate the functionality of the proposed system and we show the performance degradation is not so large after adapting the system.