• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제18권4호
• /
• pp.37-44
• /
• 2008

The 128-bit block cipher SMS4 which is used in WAPI, the Chinese WALN national standard, uses a 128-bit user key with the number of 32 rounds. In this paper, we present a differential attack on the 20-round SMS4 using 16-round differential characteristic. This attack requires $2^{126}$ chosen plaintexts with $2^{105.85}$ 20-round SMS4 decryptions. This result is better than any previously known cryptanalytic results on SMS4 in terms of the numbers of attacked rounds.

• Venture DIGEST
• /
• 통권117호
• /
• pp.31-33
• /
• 2008

2006년도 새해 벽두부터 신문과 TV 등 언론을 통해 뜻밖의 사건이 발생하였다. 공기업에서 민영화 된 KT&G를 공격한 칼 아이칸의 기사가 신문에 도배되면서 적대적 M&A라는 용어가 일반인에 게도 알려지게 되었으며, 대기업은 물론 중소, 벤처기업 등 많은 기업들도 이에 대한 방어전략에 부심하는 등 이 사건은 적대적 M&A에 대한 관심이 높아진 계기가 되었다. 그러나 우리는 이미 2003년과 2004년에 적대적 M&A가 발생하여 진행되는 과정을 경험한 바 있다. 소버린이 SK의 경영권 탈취를 위하여 약 15%에 이르도록 저가로 주식을 매집하여 최대주주가된 후에 집요하게 경영권 확보를 위하여 공격을 하였지만 국내 금융기관 및 소액주주가 SK의 백기사가 되어 줌으로써 경영권을 탈취하는 데 실패하였다. 하지만 소버린은 이 과정에서 막대한 주가차익을 챙기는 소득이 있었으며 모든 주식을 정리한 후에 철수를 하였다.

• Information Systems Review
• /
• 제4권2호
• /
• pp.81-94
• /
• 2002

The study employs the conceptual framework of the strategic success paradigm developed by Ansoff (1990). The strategic success paradigm denotes that optimal performance will be attained when the level of environmental turbulence is aligned with the strategic aggressiveness and organizational capability. Based on the paradigm, authors developed the concept of IT (information technology) aggressiveness (IT aggressiveness henceforth) and capability (IT capability henceforth). In order to clarify the different concept of IT aggressiveness and capability, the author brought the concept of IT architecture. The difference of capability and architecture lies in the depth of technical considerations. Where capability refers attitudinal aspects of managers, architecture emphasizes technical capacity of the organization as a whole. The study validated the need for alignment among IT architecture, environmental turbulence and IT aggressiveness. The imbalance between IT strategy and IT architecture (such as a higher level of IT aggressiveness but a lower level of IT architecture, or vice versa) has a marginal contribution to the organizational IT performance. The alignment among organizational environmental turbulence, IT aggressiveness, and IT architecture resulted in an optimal level of IT performance especially in a turbulent environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제19권1호
• /
• pp.103-111
• /
• 2009

Recently, cyber attacks against public communications networks are getting more complicated and varied. Moreover, in some cases, one country could make systematic attacks at a national level against another country to steal its confidential information and intellectual property. Therefore, the issue of cyber attacks is now regarded as a new major threat to national security. The conventional way of operating individual information security systems such as IDS and IPS may not be sufficient to cope with those attacks committed by highly-motivated attackers with significant resources. As a result, the monitoring and control of cyber security, which enables attack detection, analysis and response on a real-time basis has become of paramount importance. This paper discusses how to improve efficiency and effectiveness of national cyber security monitoring and control services. It first reviews major threats to the public communications network and how the responses to these threats are made and then it proposes a new approach to improve the national cyber security monitoring and control services.

• Convergence Security Journal
• /
• 제23권2호
• /
• pp.27-36
• /
• 2023

In recent years, ransomware attacks have become more organized and specialized, with the sophistication of attacks targeting specific individuals or organizations using tactics such as social engineering, spear phishing, and even machine learning, some operating as business models. In order to effectively respond to this, various researches and solutions are being developed and operated to detect and prevent attacks before they cause serious damage. In particular, honeypots can be used to minimize the risk of attack on IT systems and networks, as well as act as an early warning and advanced security monitoring tool, but in cases where ransomware does not have priority access to the decoy file, or bypasses it completely. has a disadvantage that effective ransomware response is limited. In this paper, this honeypot is optimized for the user environment to create a reliable real-time dynamic honeypot file, minimizing the possibility of an attacker bypassing the honeypot, and increasing the detection rate by preventing the attacker from recognizing that it is a honeypot file. To this end, four models, including a basic data collection model for dynamic honeypot generation, were designed (basic data collection model / user-defined model / sample statistical model / experience accumulation model), and their validity was verified.

• Journal of Industrial Convergence
• /
• 제16권4호
• /
• pp.47-52
• /
• 2018

WebShell is a web script file created by a hacker to remotely commands to a web server. The hacker can bypass the security system using the web shell, access the system, control the system such as file modification, copying and deletion, install malicious code in the web source code, attack the user's PC, And so on. There are many types of WebShell attack, but we study about attacks on PHP and JSP based web server which are used as representative ones. And we propose the method of web page management, method of development, and several other methods. By using these countermeasures, it is possible to effectively prevent damage caused by WebShell attacks.

• Journal of the military operations research society of Korea
• /
• 제34권2호
• /
• pp.143-162
• /
• 2008

This paper aims to formulate the method of estimating the wartime stockpile requirement of 155mm self-propelled artillery including intelligent ammunition for armored vehicles, currently being developed. The usual method of utilizing war-game simulation results in considerable margins in expected occupancy ratio between ground forces and air forces for each weapon system for armored vehicles. Also, the method tends to produce excessive output greater than the minimal stockpile requirements; therefore, the study aims to overcome limitations like these by the allocation method for each weapon system according to targets. This allocation method is better than war-game simulation method.

• Journal of Internet of Things and Convergence
• /
• 제8권4호
• /
• pp.85-96
• /
• 2022

The purpose of this study was to investigate how the management strategies and organizational culture required in the digital economy have an effect on business performance. It provided basic data on management strategies and organizational culture necessary to approach as a digital leading country. For data collection, a survey was conducted from March 1 to May 30, 2022 for companies located in J province and engaged in industries related to the digital economy. The survey was conducted online and non-face-to-face, and a total of 225 companies participated in the survey. For statistical analysis, frequency analysis, exploratory factor analysis and reliability analysis, cluster analysis, independent sample t-test, and multiple regression analysis were performed. The research results are as follows. First, organizational culture was classified into high and low groups according to preference in innovation oriented, relationship oriented, task oriented, and hierarchical oriented. Second, the 4 types of organizational culture showed differences in prospectors strategy, analyzers strategy, defenders strategy, differentiation strategy, cost leadership strategy, financial performance, and non-financial performance according to preference. Third, management strategies affecting financial performance were found to be analyzers strategy, differentiation strategy, prospectors strategy, and cost leadership strategy. Fourth, management strategies affecting non-financial performance were found to be differentiation strategy, defenders strategy, analysis strategy, offensive strategy, cost leadership strategy, and focus strategy. Fifth, organizational culture affecting financial performance was found to be task oriented. Sixth, organizational culture affecting non-financial performance was found to be innovation oriented and relationship oriented. Through these studies, it is expected that the economy will be revitalized in the domestic market and a growth ecosystem that can take a new leap forward is created in the global market.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 한국컴퓨터정보학회 2022년도 제66차 하계학술대회논문집 30권2호
• /
• pp.379-380
• /
• 2022

최근 이슈가 되고 있는 직장내 괴롭힘은 가해자가 피해자에게 정신적, 신체적 건강에 악영향을 주는 대표적인 이직요인이 되고 있다. 직장내 괴롭힘을 발생시키는 폭력은 그 폭력의 강도가 다소 약한 상태의 공격적 행동을 피해자 에게 전달하지만 이를 지속적이며 비신처제적인 공격으로 인해 피해자의 입장에서는 결국 강한 폭력과 같다고 할 수 있다. 이에 본 연구는 이러한 직장내 괴롭힘을 직무소진이라 하고 직무만족과 직무이직에 어떠한 요인이 가장 크게 작용하는지를 알아보고자 한다.

• Journal of Industrial Convergence
• /
• 제18권5호
• /
• pp.23-29
• /
• 2020

The Internet of things (IoT) is the extension of Internet connectivity into various devices and everyday objects. Embedded with electronics, Internet connectivity and other forms of hardware. The IoT poses significant risk to the entire digital ecosystem. This is because so many of these devices are designed without a built-in security system to keep them from being hijacked by hackers. This paper proposed a mutual authentication protocol for IoT Devices using symmetric-key algorithm. The proposed protocol use symmetric key cryptographic algorithm to securely encrypt data on radio channel. In addition, the secret key used for encryption is random number of devices that improves security by using variable secret keys. The proposed protocol blocked attacker and enabled legal deives to communicate because only authenticated devices transmit data by a mutual authentication protocol. Finally, our scheme is safe for attacks such as eavesdropping attack, location tracking, replay attack, spoofing attack and denial of service attack and we confirmed the safety by attack scenario.