• Proceedings of the Korean Information Science Society Conference
• /
• 2007.10d
• /
• pp.112-117
• /
• 2007

사이버 침해란 정보시스템의 취약한 부분을 공격하여 시스템 내부에 침입하거나 시스템을 마비/파괴하는 등의 사고를 유발하는 모든 행위를 말한다. 이러한 사이버 침해의 피해를 줄이기 위해 국내외 많은 연구 기관과 업체에서는 침입탐지시스템과 같은 정보보호 기술을 연구 개발하여 상용화하고 있다. 그러나 기존의 정보보호 기술은 이미 발생한 침해를 탐지하여 피해의 확산을 막는 데만 한정적으로 사용되고, 침해의 발생 가능성을 예측하지는 못하기 때문에 점차 첨단화, 다양화되고 있는 사이버 침해에 대응하기 힘들다는 문제점을 갖는다. 본 논문에서는 보안 취약점을 이용한 사이버 침해를 대상으로 전문가 설문을 통해 사이버 침해의 발생 가능성을 예측하는 방법을 제안하고, 이를 위한 사이버 침해 예측 항목을 추출하였다. 예측 항목 추출은 3 단계로 구성되며, 첫 번째 단계에서는 기존 연구와 사례 분석을 통해 예측 항목의 계층 구조를 생성한다. 두 번째 단계에서는 첫 번째 단계를 통해 생성된 예측 항목들을 델파이 방법을 통해 개선하여 최적의 예측 항목을 결정한다. 마지막 단계에서는 각 항목들에 대한 쌍대 비교 설문을 진행하여 항목 간 가중치를 추출한다.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.3
• /
• pp.19-26
• /
• 2007

In recent rears. web portal system has received much attention as a user interface for the grid environment. Grid system uses symmetric key for authenticating user identity while the traditional portal system does a password-based authentication. Regarding this, many researches are progressing to integrate portal accounts with symmetric key. Specially. researches such as GAMA and PURSE are active and those focus on easy usability for users who familiar with password-based authentication. However the protection of data and resources is a critical issue in Grid environment, because those are shared through a wide-area network. In this paper, we suggest a new authentication mechanism which unify authentication mechanisms between portal system and grid service by using symmetric key. It will improve a security level in UI layer as much as in grid service.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11a
• /
• pp.123-126
• /
• 2002

근래 들어 무선 인터넷이 가능한 고성능의 휴대형 단말들이 널리 보급되어 감에 따라, 모바일 기업 응용에 대한 요구가 증가하고 있다. 모바일 기업 응용에서는 모바일 클라이언트와 기업 서버간의 데이터 동기화가 필수적이다. 왜냐하면, 모바일 클라이언트는 그 특성상 기업 서버에 항상 접속해 있을 수 없기 때문이다. 하지만 이러한 모바일 기업 응용을 작성하기 위해서는 확장성 이형성, 자원제약, 보안등과 같은 여러 기술적인 문제들을 해결해야만 한다. 따라서 본 논문에서는 이러한 기술적인 문제들 뿐만 아니라 데이터 동기화 부분을 처리해 줌으로써 응용 개발자들에게 오직 데이터 동기화를 위한 추상화된 인터페이스만을 제공해주는 데이터 동기화 미들웨어 시스템인 MoIM-Sync 시스템의 설계 및 구현에 관해 기술한다. 우리 시스템은 구현 언어로 Java를, 동기화 프로토콜로 표준 동기화 프로토콜인 SyncML을 사용함으로써 이형성 문제를 극복하였으며, 3 계층 구조를 통해 확장성 및 기존 동기화 시스템/서버 시스템들과의 연동 문제를 해결하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.769-772
• /
• 2012

Personal Information Article2 defines personal authentication information, secret information, bio information for personal information and it is stipulated under article29 that the one who have duties must take adequate technological, administrative, physical measures to prevent from illegal reading and sneaking. Also it is stipulated under information communication network law28(1), enforcement regulation9, Korea Communications Commitee notice. To satisfy this, the one who have to take security actions of personal information are required to take technological measures and establish positive measures to continuously manage it.The insurance of technological security is possible by encryption of personal information, secure management and operation of encryption key,taking personal information security level of providin access control of personal information reading and audit.In this paper, we will analyze various technologies of personal information encryption which are essencial component in technological security measuresof personal information. This paper will help choose which technological measures you should take in personal information security.

• Journal of Korean Home Economics Education Association
• /
• v.34 no.4
• /
• pp.77-92
• /
• 2022

Recently, digital transformation in the financial industry has been accelerated, and it has become an important task to improve the level of utilization of Internet banking by elderly consumers, who are vulnerable to Internet use. Accordingly, this study analyzed 3,101 respondents in their 60s or older from the 11th year of the Media Panel Survey to identify demographic, experiential, and psychological factors that affect the self-efficacy of elderly consumers' usage of Internet banking. The main research findings are as follows. First, gender, education, occupation, and income were identified as demographic variables. Second, the Internet shopping experience was identified as an experiential factor. Also, concerns about information security, digital literacy, and high will for problem-solving were identified as psychological factors. Third, as a result of the moderating effect analysis on whether the experiential and psychological factors have different influences according to the group divided into the 60s and 70s, the effect on self-efficacy in the usage of the Internet was classified by age. The results of this study will be able to enrich the discussions related to the intention to utilize technology among elderly consumers by empirically revealing that there are characteristics that cause differences in financial behavior even within one group called the elderly.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.2
• /
• pp.287-293
• /
• 2012

It has been only few years that various contents information subject for information processing system has been remarkably increased in online. If we say the year 2000 is the technology based year when deluge of information and data such as real time sharing, the time since after 2000 until 2011 has been a period plentiful of application based functions and solutions. Also, as the applicable range of these information process systems extends, individual information effluence has been social issues twice in 2009 and 2010. Thus now there are continuous efforts made to develop technologies to secure and protect information. However, the range problem has been extended from the illegal access from outside to the legal access from internal user and damages by agents hidden in internal information process system and client system. Therefore, this study discusses the necessity for the studies on efficiency based information security by control of access to internal information and authority setting for administrator and internal users. Based on the result of this study, it provides data that can be used from SOHO class network to large scale for information security method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.43-56
• /
• 2012

Wireless sensor networks consist of numerous small-sized nodes equipped with limited computing power and storage as well as energy-limited disposable batteries. In this networks, nodes are deployed in a large given area and communicate with each other in short distances via wireless links. For energy efficient networks, dynamic clustering protocol is an effective technique to achieve prolonged network lifetime, scalability, and load balancing which are known as important requirements. this technique has a characteristic that sensing data which gathered by many nodes are aggregated by cluster head node. In the case of cluster head node is exposed by attacker, there is no guarantee of safe and stable network. Therefore, for secure communications in such a sensor network, it is important to be able to encrypt the messages transmitted by sensor nodes. Especially, cluster based sensor networks that are designed for energy efficient, strongly recommended suitable key management and authentication methods to guarantee optimal stability. To achieve secured network, we propose a key management scheme which is appropriate for hierarchical sensor networks. Proposed scheme is based on polynomial key pool pre-distribution scheme, and sustain a stable network through key authentication process.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.81-91
• /
• 2021

The purpose of this study is to examine COVID-19 situation in temrs of war-theory and to find out ways to overcome it. Just as the war changes the paradigm in the international situation and the national crisis management system, the current COVID-19 pandemic is bringing about the entry of the so-called "New Normal" era having the characteristics including untact culture. Although academic research on COVID-19 is mainly dealt with in terms of medical, tourism, and economics, the military research has not yet begun from the perspective of military science or war theory. In the concept of a comprehensive crisis that COVID-19 can cause enormous damage to the life and property of a country, it can be regarded as a target or enemy to be overcome. Among various war theories, the similarities with COVID-19 incident are analyzed in terms of the nature and aspect of the war and the factors of victory. Qualitative and questionnaire analysis results show that the COVID-19 outbreak is very similar to war when considering a variety of war-characteristics. In addition this research proposes ways to overcome COVID-19 based on the victorious factors of the past war, and predicts the impact of the international community after the end of COVID-19 pandemic. As a result of analyzing the priority of overcoming factors through the Analytical Hierarchy Process (AHP) shows that clear goals and establishment of alliances should be prioritized for successfully overcoming COVID-19.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.143-151
• /
• 2020

The cyber battlefield called the fifth battlefield, is not based on geological information unlike the existing traditional battlefiels in the land, sea, air and space, and has a characteristics that all information has tightly coupled correlation to be anlayized. Because the cyber battlefield has created by the network connection of computers located on the physical battlefield, it is not completely seperated from the geolocational information but it has dependency on network topology and software's vulnerabilities. Therefore, the analysis for cyber battlefield should be provided in a form that can recognize information from multiple domains at a glance, rather than a single geographical or logical aspect. In this paper, we describe a study on the development of the cyber operation COP(Common Operational Picture), which is essential for command and control in the cyber warfare. In particular, we propose an architecure for cyber operation COP to intuitively display information based on visualization techniques applying the multi-layering concept from multiple domains that need to be correlated such as cyber assets, threats, and missions. With this proposed cyber operation COP with multi-layered visualization that helps to describe correlated information among cyber factors, we expect the commanders actually perfcrm cyber command and control in the very complex and unclear cyber battlefield.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.45 no.1
• /
• pp.14-26
• /
• 2008

IP over Ethernet technology widely used as Internet access uses the ARP(Address Resolution Protocol) that translates an ip address to the corresponding MAC address. recently, there are ARP security attacks that intentionally modify the IP address and its corresponding MAC address, utilizing various tools like "snoopspy". Since ARP attacks can redirect packets to different MAC address other than destination, attackers can eavesdrop packets, change their contents, or hijack the connection. Because the ARP attack is performed at data link layer, it can not be protected by security mechanisms such as Secure Shell(SSH) or Secure Sockets Layer(SSL). Thus, in this paper, we classify the ARP attack into downstream ARP spoofing attack and upstream ARP redirection attack, and propose a new security mechanism using DHCP information for acquisition of IP address. We propose a "DHCP snoop mechanism" or "DHCP sniffing/inspection mechanism" for ARP spoofing attack, and a "static binding mechanism" for ARP redirection attack. The proposed security mechanisms for ARP attacks can be widely used to reinforce the security of the next generation internet access networks including BcN.