• The Journal of the Korea Contents Association
• /
• v.10 no.6
• /
• pp.156-165
• /
• 2010

ESM(Enterprise Security Management) is representing domestic security management, and there is requirement to enhance it. This paper will evaluate quality of ESM products, understand its quality level, and derive method to improvement so as to develop security evaluation model and test methodology which can support quality enhancement. In addition, it presented the performance test cases and evaluation method to measure product's security quality, and to perform research on the judgement method for the results based on appropriate criteria. Developed quality evaluation model is expected perform important role in evaluating and enhancing the quality of intrusion prevention system.

• The Journal of Korean Association of Computer Education
• /
• v.7 no.5
• /
• pp.93-99
• /
• 2004

The most important technology in the electronic commerce based on Internet is to guarantee the security of trading information exchange. Many technologies are proposed as a standard to support this security problem. One of them is an XML (eXtensible Markup Language). This is used in various applications as the document standard for electronic commerce system. The XML security has become very important topic. In this paper an XML security model for web services based electronic commerce system to guarantee the secure exchange of trading information. To accomplish the security of XML, the differences of XML signature, XML encryption and XML key management scheme respect to the conventional system should be provided. The new architecture is proposed based on unique characteristics of XML. Especially the method to integrate the process management system need to the electronic commerce is proposed.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.39-46
• /
• 2013

Recently, the problem of global warming has become a globally important issues. and To solve these problems, has been receiving increasing attention for the Green IT. In these situation, IT techniques are evolving with variety services and hacking techniques. so, it is inevitable to the use of a many and diverse secure system. As a result, Carbon Dioxide emissions are expected to increase. Therefore, in this paper is analyzed the factors of security system's $CO_2$ emissions through Experiments and A case study. and is proved that is reducing $CO_2$ emissions by improving the functional restructuring of the security system. In a future, this paper is expected to serve as a valuable Information for security network design and performance improvements and to reduce Carbon Emissions in the Field of IT.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.47-53
• /
• 2015

Recently, the Internet of Things is an important technology with a Cloud computing services and a Big data in the IT fields. and The Internet of Things is widely used in various industries. This trend may be referred to as the emergence of significant based technologies for realizing a ubiquitous times. But the security problems of Internet of things are expected to increase with being realized in a variety of industries. and it will be have to provide a corresponding technology to the security threat for this. Therefore, this paper will be analyzed to the security threats of the Internet of Things by the cases. Thereby this is expected to be utilized as a basis for the countermeasure of Internet of Things in a future.

• Convergence Security Journal
• /
• v.17 no.2
• /
• pp.101-107
• /
• 2017

Recent cyber attacks on South Korea, including hacking and viruses, are increasing significantly. To deal with the cyber invasion of cyber aggression, the Ministry of National Defense defined the necessary procedures for cyber security with guidelines for cyber security. In spite of, based on the analyses the cyber defense operations published, the number of violations are increasing. To address issues stated above, the safety check items should be reviewed and revised. This paper will revisit current safety check items and provide new guidelines to prevent cyber security breaches, which will provide more safe and efficient cyber environment.

• The KIPS Transactions:PartC
• /
• v.12C no.2 s.98
• /
• pp.207-216
• /
• 2005

It is difficult to decide which security functions(class, family, component) in the Common Criteria(CC) are important, since there is no research result about the frequency of use of security functions in real security product or Protection Profiles(PPs). Thus, we survey security functions in CC and 33 PPs that can be classified by 10 product types, and create a set of 'frequency of use of security functions' in CC and each types of security product. Our research results are useful for development of a new classification schema, as well as, estimation of development and evaluation efforts of security products.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.17-27
• /
• 2005

With the development of wire and wireless based networks, a various security protocols have been proposed to protect important resources and user information against attackers. However, many security protocols have found oかy to be later vulnerable to attacks. In this Paper, we introduce the formal methodology to verify the safety of security protocols in the design phase, and we take advantage of the formal methodology which uses Casper/CSP and FDR tools by introducing the verification example of EKE protocol and BCY protocol. Lastly, we propose a new BCY protocol after verifying it's safety.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.109-122
• /
• 2022

The purpose of information security activities is to reduce large-scale material and human accidents that are concerned about hacking damage to important systems, such as control systems, through periodic preventive activities in addition to finding the cause and taking follow-up measures after damage caused by hacking. For this reason, although each institution is using a security work audit model in accordance with the relevant regulations, it is not easy to conduct company-wide inspection activities due to the constraints of manpower and time. Therefore, in this paper, we will analyze the major vulnerabilities of public institutions over the past 10 years and present a security audit model that can perform efficient security activities compared to the models for domestic and foreign security audits.

• Annual Conference of KIPS
• /
• 2023.05a
• /
• pp.176-177
• /
• 2023

최근 USB 저장장치의 데이터 노출 및 탈취 문제를 해결하기 위하여, 보안 USB 저장장치가 등장하였으나, 데이터를 보호하기 위한 다양한 보안기술을 적용함에도 불구하고, 사용자 인증 우회나 비밀번호 노출과 같은 취약점으로 인하여, 보안 USB에 저장된 중요한 자료나 민감한 정보가 노출되는 문제점이 지속해서 발견되는 실정이다. 이에 따라, 보안 USB의 취약점 연구도 지속적으로 연구되고 있지만, 보안 USB 취약점을 분석하는 것은 수동적이고, 많은 노력과 시간이 소요되므로, 취약점을 자동으로 진단하고 분석하는 도구가 요구된다. 따라서, 본 논문에서는 자동화된 취약점진단 및 분석 도구를 제작하기 위하여, F 제품을 대상으로, 해당 제품에서 제공하는 비밀번호인증에서 발생하는 취약점을 분석하고 실증하며, 그 결과를 기반으로 최종적으로는 보안 USB 취약점 익스플로잇 도구 프로토타입을 개발한다.

• Annual Conference of KIPS
• /
• 2008.11a
• /
• pp.1448-1451
• /
• 2008

VANET(Vehicle Ad-hoc Network)은 통신 기능을 지원하는 지능형 차량들로 이루어진 애드혹 네트워크 환경으로써 최근 들어서 그 연구가 매우 활발하게 진행되고 있는 분야이다. VANET은 원활한 교통 소통, 사고 방지 등 여러 가지 편리한 기능들을 제공하지만, 그 기반을 애드혹 네트워크에 두고 있기 때문에 애드혹 네트워크에서 발생할 수 있는 보안 문제가 그대로 발생하며, 또한 그 환경적 특성에 따라 추가적인 보안 요구사항 역시 존재한다. VANET 환경에서 가장 중요하게 요구되는 보안요소는 협력 운전(cooperative driving) 시 메시지 인증, 무결성, 부인방지 등과 특정 차량에 대한 추적을 할 수 없도록 하는 위치 프라이버시 보호이다. 그러나 이 가운데 사용자의 위치 프라이버시는 조건적으로 신뢰기관에 의한 추적 역시 가능해야 한다는 조건을 포함한다. 본 논문에서는 L. Martucci 등이 제안한 자체적으로 생성하고 인증하는 pseudonym 기법[1]을 이용하여 이러한 보안 요구사항들을 만족시키는 방법을 제안하고자 한다. 제안하는 기법은 최초 차량 등록 시 받은 비밀 인자를 이용하여 보안 통신을 하며 추가적으로 신뢰 기관으로의 통신이 필요하지 않는 효율적인 보안 기법이다. 또한 기존 연구에서 발생했던 저장 공간의 문제, RSU(Road Side Unit) 접근 문제 등을 해결한다.