• Journal of Internet Computing and Services
• /
• v.8 no.6
• /
• pp.1-8
• /
• 2007

The Mobile Ad-hoc network does environmental information which an individual collects in nodes which are many as the kernel of the USN technology based on the radio communication. And it is the latest network description delivering critical data to the destination location desiring through a multi-hop. Recently, the Ad-hoc network relative technique development and service are activated. But the security function implementation including an authentication and encoding about the transmitted packets, and etc, is wirelessly the insufficient situation on the Ad-hoc network. This paper provides the security service of key exchange, key management. entity authentication, data enciphering, and etc on the Mobile Ad-hoc network. It implements with the Ad-hoc network security management server system design which processes the security protocol specialized in the Ad-hoc network and which it manages.

• Journal of Digital Contents Society
• /
• v.10 no.1
• /
• pp.129-145
• /
• 2009

As the secure distribution and sharing of information over the World Wide Web becomes increasingly important, the needs for flexible and efficient support of access control systems naturally arise. Since the eXtensible Markup Language (XML) is emerging as the de-facto standard format of the Internet era for storing and exchanging information, there have been recently, many proposals to extend the XML model to incorporate security aspects. To the lesser or greater extent, however, such proposals neglect the fact that the data for XML documents will most likely reside in relational databases, and consequently do not utilize various security models proposed for and implemented in relational databases. In this paper, we take a rather different approach. We explore how to support security models for XML documents by leveraging on techniques developed for relational databases considering object perspective. More specifically, in our approach, (1) Users make XML queries against the given XML view/schema, (2) Access controls for XML data are specified in the relational database, (3) Data are stored in relational databases, (4) Security check and query evaluation are also done in relational databases, and (5) Controlling access control is executed considering XML tree levels

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.67-72
• /
• 2005

The exponential increase of malicious and criminal activities in cyber space is posing serious threat which could destabilize the foundation of modern information society. In particular, unexpected network paralysis or break-down created by the spread of malicious traffic could cause confusion and disorder in a nationwide scale, and unless effective countermeasures against such unexpected attacks are formulated in time, this could develop into a catastrophic condition. In order to solve a same problem, this paper researched early detection techniques for only early warning of cyber threats with separate way the detection due to and existing security equipment from the large network. It researched the cyber example alert system which applies the module of based honeynet from the actual large network and this technique against the malignant traffic how many probably it will be able to dispose effectively from large network.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.8 no.6
• /
• pp.528-533
• /
• 2015

In the construction of USN environment, the implementation of a safe sensor network using wireless communications can be said to be the most important factor in the entire system. Although USN communication uses wireless communications to enhance accessability and non-contact capability, this results in the security vulnerability, thus endangering the system. In this regard, we propose a security protocol that can be effectively applied to USN, a multi-sensor network. The proposed protocol is a method using an individual chaotic system, and it is a security protocol to synchronize the main chaotic system mounted on each sensor and prepared key values into the initial values, and to communicate with the use of the synchronized values as symmetric keys. The communication protocol proposed in this paper is expected to yield good results as a new method to resolve security problems of USN and program capacity limitations of sensor nodes if subsequent studies continue to be carried out.

• Informatization Policy
• /
• v.21 no.2
• /
• pp.49-66
• /
• 2014

In the last few years, cloud computing has grown from being a promising business concept to one of the fast growing segments of the IT industry. However, as more and more information on individuals and companies are placed in the cloud, concerns on just how safe the computing environment is have gradually increased. In this study, it will be explored if key characteristics of cloud computing services would affect the behavioral intention to use public cloud computing services. A conceptual model is developed and seven research hypotheses are proposed for empirical testing. The proposed model is examined through structural equation analysis. The results show that perceived risk has statistically significant effect on the privacy concern of users and the privacy concern has a negative influence on the trust. Finally, the trust has a positive effect on the attitude and the attitude has statistically significant effect on use intention. Implications of these findings are discussed for both researchers and practitioners and future research issues are raised as well.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1105-1119
• /
• 2016

Android includes SEAndroid as a core security feature. SELinux is applied to Android OS as a SEAndroid, because there exists structural differences between Linux and Android. Since the security of SEAndroid depends on the reliable policy if the policy is tampered by the attacker, the serious security problems can be occurred. So we must protect policies which are the most important thing in SEAndoroid. In this paper, we analyze the process of SEAndroid policy updating to find out vulnerabilities and study the attack points on policy tampering. And we propose the SPPA to detect whether the policy is modified by an attacker. Moreover, we prove the performance and the effect of our proposed method on mobile device.

• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.605-612
• /
• 2004

In MIPv6, unauthenticated binding updates expose the involved MN and CN to various security attacks. Thus, protecting the binding update process becomes of paramount importance in the MIPv6, and several secure binding update protocols have been proposed. In this paper, we pro-pose a novel protocol for the secure binding updates in MIPv6, which can resolve the drawbacks of the Deng-Zhou-Bao's protocol ［2］, by adopt-ing Aura's CGA scheme with two hashes ［9］. Aura's scheme enables our protocol to achieve stronger security than other CGA-based protocols without a trusted CA, resulting in less cost of verifying the HA's public key than the Deng-Zhou-Bao's protocol. Through the comparison of our protocol with other protocols such as the Deng-Zhou-Bao's protocol, CAM-DH and SUCV, we show that our protocol can provide better performance and manageability in addition to stronger security than other approaches.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.125-133
• /
• 2008

As society develops, the importance of safety for individuals and facilities in public places is getting higher. Not only the areas such as the existing parking lot, bank and factory which require security or crime prevention but also individual houses as well as general institutions have the trend to increase investment in guard and security. This study suggests face feature extract and the method to simply divide face region and head region that are import for face recognition by using color transform. First of all, it is to divide face region by using color transform of Y image of YIQ image and head image after dividing head region with K image among CMYK image about input image. Then, it is to extract features of face by using labeling after Log calculation to head image. The clearly divided head and face region can easily classify the shape of head and face and simply find features. When the algorism of the suggested method is utilized, it is expected that security related facilities that require importance can use it effectively to guard or recognize people.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.215-223
• /
• 2019

The recent trend of cyber attack threat is mainly APT (Advanced Persistent Threat) attack. This attack is a combination of hacking techniques to try to steal important information assets of a corporation or individual, and social engineering hacking techniques aimed at human psychological factors. Spear phishing attacks, one of the most commonly used APT hacking techniques, are known to be easy to use and powerful hacking techniques, with more than 90% of the attacks being a key component of APT hacking attacks. The existing research for cyber security threat defense is mainly focused on the technical and policy aspects. However, in order to preemptively respond to intelligent hacking attacks, it is necessary to study different aspects from the viewpoint of social engineering. In this study, we analyze the correlation between human personality type (DISC) and cyber security threats, focusing on spear phishing attacks, and present countermeasures against security threats from a new perspective breaking existing frameworks.

• Journal of Digital Convergence
• /
• v.16 no.12
• /
• pp.343-349
• /
• 2018

Electroencephalograph(EEG) information, which is an important data of brain science, reflects various levels of information from the molecular level to the behavior and cognitive stages, and the explosively amplified information is provided at each stage. Therefore, EEG information is an intrinsic privacy area of an individual, which is important information to be protected. In this paper, we apply spring security to web based system of spring MVC (Model, View, Control) framework to build independent and lightweight server system with powerful security system. Through the proposal of the platform type EEG analysis system which enhances the security function, the web service security of the EEG information is enhanced and the privacy of the EEG information can be protected.