• Review of KIISC
• /
• v.31 no.3
• /
• pp.73-80
• /
• 2021

기업 내부 전산망을 관리하는데 용이한 Active Directory(AD) 환경이 보편적으로 사용되는 가운데, 적절치 않은 정책 설정으로 대형 침해사고로 이어지는 경우가 발생하고 있다. AD는 다수 시스템과 사용자 등 자원을 관리하기 효율적이라는 장점이 있지만, 핵심 권한을 탈취당하면, 모든 자원에 접근할 수 있다는 반작용도 존재한다. 한국인터넷진흥원은 기업의 보안성 제고를 위하여 AD 환경에서 발생하는 침해사고를 상세히 분석하고 최신 동향을 지속적으로 공유하고 있다. 하지만, 침해사고 보고서는 사업 특성 및 구축환경의 다양성으로 인하여 획일화된 대응 전략을 제시할 수 없으며, 기업에 특화된 적용방안은 각자 마련해야 한다. 본고에서는 공개된 보고서를 기업 환경에 적용하기 어렵다는 문제를 해결하기 위하여 최근 발생한 AD 환경에서의 침해사고를 분석하고, 각 기업에서 어떻게 활용할 수 있는지 방안을 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.04a
• /
• pp.198-201
• /
• 2010

본 논문은 현재 국내 외에서 활발히 연구개발이 진행되고 있는 지능형 교통시스템(ITS: Intelligent Transportation System)의 중요한 역할을 하게 되는 원격감시망의 교통감시 제어시스템을 Internet을 이용하여 개발하고 그에 따라 데이터 송 수신 시 발생할 수 있는 정보 보안의 취약점을 해소하기 위해 대칭암호 알고리즘인 AES(Advanced Encryption Standard) 알고리즘을 적용하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.149-152
• /
• 2008

사생활 보호에 대한 인식이 커지고, 인터넷 시대에 접어들면서 네트워크 기반의 보안시스템의 개발이 활발하다. 실시간 비디오 카메라를 통한 움직이는 물체를 검출하기 위해서는 불필요한 잡음이나 조명의 변화에 대처해야 한다. 이러한 많은 요소들을 고려하여 움직이는 물체를 검출하려면 많은 계산 복잡도를 가지게 된다. 또한, 카메라의 영상크기가 증가함에 따라 움직이는 물체를 검출하기 위해서 더 많은 계산 복잡도를 가지게 된다. 본 논문에서는 기존의 통상적인 움직임 검출방법 과 적응적 배경방식인 '물체 검출을 위한 동적인 장면의 베이시안 모델링 기반 물체 검출 방법'을 분석하고, 실시간으로 처리되는 동적 비디오 영상에서 이동 물체를 검출하는 과정에서의 영상의 크기가 커지고, 이동하는 물체의 개수가 많아짐에 따라 발생되는 계산의 복잡도를 'CPU 성능과 영상 resize 를 이용한 계산 복잡도 감소 방법'을 통해 초당 프레임 처리속도를 유지시키는 방법을 제시한다.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.10
• /
• pp.1269-1284
• /
• 2001

The Secure Sockets Layer is a protocol for encryption TCP/IP traffic that provides confidentiality, authentication and data integrity. Also the SSL is intended to provide the widely applicable connection-oriented mechanism which is applicable for various application-layer, for Internet client/server communication security. SSL, designed by Netscape is supported by all clients' browsers and server supporting security services. Now the version of SSL is 3.0. The first official TLS vl.0 specification was released by IETF Transport Layer Security working group in January 1999. As the version of SSL has had upgraded, a lot of vulnerabilities were revealed. SSL and TLS generate the private key with parameters exchange method in handshake protocol, a lot of attacks may be caused on this exchange mechanism, also the same thing may be come about in record protocol. In this paper, we analyze SSL protocol, compare the difference between TLS and SSL protocol, and suggest what developers should pay attention to implementation.

• Journal of IKEEE
• /
• v.22 no.3
• /
• pp.723-728
• /
• 2018

This paper proposes a signal detection method for IoT door lock system which is a new application field of VLC (Visible Light Communication). This paper describes the signal detection technique for user recognition that needs to be overcome in order to apply VLC to door lock system which has a demand for new technology due to security issue. This system has security and high signal detection characteristics because it uses existing infrastructure to communicate with visible light. In order to detect the signal using FFT, the signal of the user who accesses the authentication channel based on the pilot signal is detected, and the performance of the false alarm probability and detection probability is shown in the channel model.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.412-415
• /
• 2004

As computers and networks become popular, corporation or country organization composes security network including various kinds information protection system to protect informations and resources from internet and is operating system and network. But current firewall and IDS(Intrusion Detection System) of the network level suffers from many vulnerabilities in internal computing informations and resources. In this paper, we design of ICMP-based Traceback System using a ICMP Traceback Message for efficiently traceback without change structure of routers. ICMP-based Traceback System. Create of ICMP message is managed by “Traceback Agent” mirroring port for router. Victim's systems that are received the message store it and “Traceback Manager” is detect a attack(like a DDoS). Using a information of this message starting a traceback and detecting a source of attacker, so response a attack.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.561-568
• /
• 2013

Instrumentation and control system in nuclear power plant performs protecting, controling and monitoring safety operation of Nuclear Power Plant. As cyber attack to the control equipment of instrumentation and control system can cause reactor shutdown and radiation release, it is required to design the instrumentation and control system considering cyber security in accordance with regulatory guides and industrial standards. In this paper, we proposed a design method of uni-directional communication structure which is required in the design of defense-in-depth model according to regulatory guides and industrial standards and we implemented a communication board with the proposed method. This communication board was tested in various test environments and test items and we concluded it can provide uni-directional communication structure required to design of defense-in-depth model against cyber attack by analyzing the results. The proposed method and implemented communication board were applied in the design of SMART (system-integrated modular advanced reactor) I&C (instrumentation and control) systems.

• Convergence Security Journal
• /
• v.21 no.2
• /
• pp.3-10
• /
• 2021

Nowadays, data-based scientific research is a trend, and the transmission of large amounts of data has a great influence on research productivity. To solve this problem, a separate network structure for transmitting large-scale scientific big data is required. ScienceDMZ is a network structure designed to transmit such scientific big data. In such a network configuration, it is essential to establish an access control list(ACL) for users and resources. In this paper, we describe the R&E Together project and the network structure implemented in the actual ScienceDMZ network structure, and define users and services to which access control policies are applied for safe data transmission and service provision. In addition, it presents a method for the network administrator to apply the access control policy to all network resources and users collectively, and through this, it was possible to achieve automation of the application of the access control policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.81-89
• /
• 2003

With the rapid development of information and communication technology, online dissemination increases rapidly. So, It becomes more important to protect information. Recently the authentication system using public key infrastructure (PKI) is being utilized as an information protection infrastructure for electronic business transactions. And the smartcard system makes the most use of such an infrastructure. But because the certification based on the current PKI provides oかy basic user certification information, the use has to be limited in various application services that need the identification and authorization information as well as face-to-face information of the user. In order to protect a system from various kinds backings and related treats, we have proposed angular and private key multiplexing for prevention of smartcard forgery and alteration based on a photopolymer cryptosystem. When smartcard becomes prone to forgery and alteration, we should be able to verify it. Also, our parer proposes a new authentication system using multi authentication based on PKI. The smartcard has an excellent advantage in security and moving.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.135-142
• /
• 2023

In addressing the prominent issues of climate change, resource scarcity, and environmental pollution associated with household waste, extensive research has been conducted on intelligent waste classification methods. These efforts range from traditional classification algorithms to machine learning and neural networks. However, challenges persist in effectively classifying waste in diverse environments and conditions due to insufficient datasets, increased complexity in neural network architectures, and performance limitations for real-world applications. Therefore, this paper proposes i-YOLOX as a solution for rapid classification and improved accuracy. The proposed model is evaluated based on network parameters, detection speed, and accuracy. To achieve this, a dataset comprising 10,000 samples of household waste, spanning 17 waste categories, is created. The i-YOLOX architecture is constructed by introducing the Involution channel convolution operator and the Convolution Branch Attention Module (CBAM) into the YOLOX structure. A comparative analysis is conducted with the performance of the existing YOLO architecture. Experimental results demonstrate that i-YOLOX enhances the detection speed and accuracy of waste objects in complex scenes compared to conventional neural networks. This confirms the effectiveness of the proposed i-YOLOX architecture in the detection and classification of multiple household waste objects.