• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.5
• /
• pp.1027-1037
• /
• 2017

By a spread of utilizing environment of the CNG library, it is required to analyze its vulnerability. For this reason, in this paper, we analyzed SSL communication process in CNG library. This study is expected to draw vulnerabilities and security threats and improve security criteria for various applications to fully take advantage of the CNG library.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.11a
• /
• pp.265-269
• /
• 2002

본 논문에서는 무선랜 시스템에서 보안상의 취약점을 해소하기 위해 적용되고 있는 보안 기법들에 관해 분석하였다. WLAN에서 적용되고 있는 보안규정 WEP는 RC4 스트림 키퍼의 특징에서 오는 IV Reuse 문제 및 ICV를 생성하는 CRC-32의 선형특성에 따른 문제를 분석하고 현재 사용되는 보안기법인 액세스컨트롤의 강화와 WEP 키관리 및 VPN에서의 사용자 인증알고리즘 및 데이터 암호화기술을 분석하고, 802.11a에서 보안모델의 나아갈 방향을 제시하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1108-1111
• /
• 2010

구글 안드로이드 플랫폼은 오픈소스 형태로 응용프로그램을 손쉽게 개발할 수 있는 환경을 제공하며 이러한 특징으로 인해 빠른 속도로 시장 점유율을 높이고 있다. 하지만 오픈 소스의 특징으로 인해 보안 취약점에 대한 우려가 증가하고 있다. 안드로이드 고유의 보안모델은 응용프로그램의 시스템자원에 대한 부적절한 접근을 제어하기 위한 권한을 중심으로 이루어진다. 본 연구에서는 안드로이드의 권한 기반 보안모델에 대한 취약성을 테스트 코드수행과 플랫폼 소스분석을 통해 알아보고 이에 대해 간단한 해결방안을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.75-86
• /
• 2014

Demand for the femtocell is largely credited to the surge in a more always best connected communication conscious public. 3GPP defines new architecture and security requirement for Release 9 to deal with femtocell, Home eNode B referred as HeNB. In this paper, we analyze the HeNB security with respect to mutual authentication, access control, and secure key agreement. Our analysis pointed out that a number of security vulnerabilities have still not been addressed and solved by 3GPP technical specification. These include eavesdropping, man-in-the-middle attack, compromising subscriber access list, and masquerading as valid HeNB. To the best of our knowledge, any related research studying HeNB security was not published before. Towards this end, this paper proposes an improved authentication and key agreement mechanism for HeNB which adopts proxy-signature and proxy-signed proxy-signature. Through our elaborate analysis, we conclude that the proposed not only prevents the various security threats but also accomplishes minimum distance from use-tolerable authentication delay.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.707-714
• /
• 2023

The Internet of Things, which is the key factor of the 4th industrial revolution, are apt to apply to many systems. The existing security mechanism cannot be realized with limited resources such as low capacity of devices and sensors. In order to apply IoT system, a new structure and ultra-lightweight encryption is required. In this paper, we analyzed security issues that can operate in Internet-based smart home networks, and to solve the critical issues against these attacks, technologies for device protection between heterogeneous devices. Security requirements are required to protect from attacks. Therefore, we analyzed the demands and requirements for its application by analyzing the security architecture and features in smart home network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.309-320
• /
• 2019

Blockchain has been developed as a key technology for many cryptocurrency systems such as Bitcoin. These days, blockchain technology attracts many people to adopt it to various fields beyond cryptocurrency systems for their information sharing and processing. However, with the development and increasing adoption of the blockchain, security incidents frequently happen in the blockchain systems due to their implementation flaws. In order to solve this problem, in this paper, we analyze the software vulnerabilities of Bitcoin and Ethereum, which are the most widely used blockchain applications in real world. For that purpose, we conduct an in-depth analysis of source code of them to detect software vulnerabilities, and examine an OS command injection attack exploiting the detected ones.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.508-510
• /
• 2015

2014년을 기준으로 안드로이드 OS기반 태블릿이 전체 태블릿 시장의 67.4%를 차지하고 있고, 스마트폰은 약 80%에 육박하는 시장 점유율을 가지고 있으므로 스마트폰 사용자 5명 중 4명은 안드로이드 스마트폰을 사용한다. 스마트폰이 가진 편리성으로 인해 급속도로 확산되고 있는 스마트폰 중 특허 안드로이드 환경의 스마트폰의 보안 취약점을 이용한 보안사고가 꾸준히 증가하고 있다. 스마트폰에는 주소록, SMS, 위치 정보 등의 많은 개인정보들이 담겨 있는데, 스마트폰이 가지고 있는 다양한 종류의 보안 취약점을 이용하여 개인 정보를 갈취하고 악용하는 등의 악의적인 목적의 공격들이 끊임없이 발생하고 있다. 따라서 본 논문은 개인정보의 유출을 막기 위한 다양한 보안 기법에 대해 살펴보고자 한다.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.5 no.2
• /
• pp.289-296
• /
• 2015

Java is an interpreted language that can run on a variety of platforms, also Java has a number of useful features for network. Due to theses features of Java language, Java is used in various fields. In this paper, we will talk about how the malware that threaten the Java Security Manager of the Java Virtual Machine is using the vulnerability of the Java Virtual Machine. And for corresponding measures, this paper suggest vulnerability analysis method of Java system class by using Java Call Graph and Java Access Permission Checking Tree. By suggesting that, we want to lay groundwork for preventing Java security threats in advance.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.19-24
• /
• 2022

Metaverse is a compound word of the English words 'meta', meaning 'virtual' and 'transcendence', and 'universe' meaning the universe. dimensional virtual world. Metaverse is a concept that has evolved one step further than virtual reality (VR, a cutting-edge technology that enables people to experience life-like experiences in a virtual world created by a computer). It has the characteristic of being able to engage in social and cultural activities similar to reality. However, there are many security issues related to this, and cybersecurity vulnerabilities may occur. This paper analyzes cybersecurity threats that may occur in the metaverse environment and checks vulnerabilities.

• Journal of Service Research and Studies
• /
• v.7 no.4
• /
• pp.69-81
• /
• 2017

Smart work refers to enhancing the efficiency of work by utilizing smart devices. Smart work improves business productivity by improving business productivity of companies, reducing costs, but there is a threat to various information protection. To operate telecommuting, mobile office, and smart work center, hardware and software are needed to support various network resources, servers, and platforms. As a result, there are many vulnerabilities to security and information protection that protect information resources. In this paper, we analyze the smart work environment for smart work service and analyze vulnerability for smart work information protection through analysis of IOS27001 and KISA-ISMS. We have developed requirements for information protection requirements for users and service providers. We have developed a solution for information security protection for smart work environments such as common parts, mobile office, telecommuting, and smart work center for security threats and weaknesses per smart work type.