• The Journal of the Korea institute of electronic communication sciences
• /
• v.13 no.3
• /
• pp.601-608
• /
• 2018

While the legislation on the protection of personal information in public institutions was enacted and amended, the guidelines and laws on information security were focused, contracted and realized with focus on specific institutions. Mutual laws and guidelines have been applied and realized for the dual purpose of securing both the asset of macroscopic information and the asset of personally identification information, which are mutually different media information. However, in a bid to present the definition and direction of the fourth industrial revolution in 2017, a variety of products and solutions for security designed to ensure the best safety line of the 21st century, and the third technology with the comprehensive coverage for all these fields, a number of solutions and technologies, including IOT(: Internet of Things), ICT Internet of Things(: ICT), ICT Cloud, and AI (: Artificial Intelligence) are pouring into the security market as if plastic doll toys were manufactured in massive scale into the market. With the rising need for guaranteeing the interrelation for securities with dualistic physical, administrative, logical and psychological differences, that is, information security and personal information security that are classified into two main categories and for the enhanced security for integrated management and technical application, the study aims to acquire the optimal security by analyzing the interrelationship between the two cases and applying it to the study results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1191-1204
• /
• 2012

As attackers try to paralyze information security systems, many researchers have investigated security testing to analyze vulnerabilities of information security products. Penetration testing, a critical step in the development of any secure product, is the practice of testing a computer systems to find vulnerabilities that an attacker could exploit. Security testing like penetration testing includes gathering information about the target before the test, identifying possible entry points, attempting to break in and reporting back the findings. Therefore, to obtain maximum generality, re-usability and efficiency is very useful for efficient security testing and vulnerability hunting activities. In this paper, we propose a threat analysis based software security testing technique for evaluating that the security functionality of target products provides the properties of self-protection and non-bypassability in order to respond to attacks to incapacitate or bypass the security features of the target products. We conduct a security threat analysis to identify vulnerabilities and establish a testing strategy according to software modules and security features/functions of the target products after threat analysis to improve re-usability and efficiency of software security testing. The proposed technique consists of threat analysis and classification, selection of right strategy for security testing, and security testing. We demonstrate our technique can systematically evaluate the strength of security systems by analyzing case studies and performing security tests.

• Journal of Korea Society of Industrial Information Systems
• /
• v.16 no.5
• /
• pp.163-171
• /
• 2011

In e-commerce environment, security should be considered as an essential factor for success. In this paper, we analyze security requirements for e-commerce system, and it is focused on the practical usage, not theoretical contribution, in the field of e-commerce security. To identify the security requirements being specific to e-commerce environment, the researches related to e-commerce security are surveyed and a phase of Delphi method and Analytic Hierarchy Process(AHP) are used to determine the relative importance of e-commerce security factors. Since researchers and practitioners can have significantly different views because of each different work environment, we divide the professionals into two respondents' group. This survey result can be useful security guidelines in the development of e-commerce service system from the initial system development step to the completion.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.171-180
• /
• 2013

Data security is always an important issue. In particular, the current emerging cloud computing system inevitably raises the issue of data security. However, data security is no longer safe with a simple way, but requires rather advanced method to secure the data. In this paper, instead of exploiting the existing text-based cryptography approach an image-based access control of data content is studied to present a higher level of data security. Color key chain is generated both using histogram value of the original image, and the location information and featured color information extracted by geometric transformation to form the security key to access secure data content. Finally, the paper addresses design interface and implementation for data content access control for evaluation of the proposed scheme.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.35-41
• /
• 2015

Internet of Things has a wide range of vulnerabilities are exposed to information security threats. However, this does not deal with the basic solution, the vaccine does not secure encryption for the data transmission. The encryption and authentication message transmitted from one node to the construction of the secure wireless sensor networks is required. In order to satisfy the constraint, and security requirements of the sensor network, lightweight encryption and authentication technologies, the light key management technology for the sensor environment it is required. Mandatory sensor network security technology, privacy protection technology subchannel attack prevention, and technology. In order to establish a secure wireless sensor networks encrypt messages sent between the nodes and it is important to authenticate. Lightweight it shall apply the intrusion detection mechanism functions to securely detect the presence of the node on the network. From the sensor node is not involved will determine the authenticity of the terminal authentication technologies, there is a need for a system. Network security technology in an Internet environment objects is a technique for enhancing the security of communication channel between the devices and the sensor to be the center.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.31-37
• /
• 2010

The risks and threats in IT security systems to protect, prevent damage and Risk should be minimized. Context of information security products such as information processing, storage, delivery, and in the process of information system security standards, That is the basic confidentiality, availability, integrity and secondary clarity, potential evidence, detection, warning and defense capabilities, to ensure sufficient and should be. Web services are the most important elements in the security, the web nature of port 80 for the service to keep the door open as a structure, Web applications, web sources and servers, networks, and to hold all the elements are fundamental weaknesses. Accordingly, these elements through a set of Web application development errors and set-up errors and vulnerabilities in Web applications using their own home pages and web servers to prevent hacking and to improve the efficiency of Web services is proposed methodology performs security BMT.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.667-678
• /
• 2016

Due to a development of the cable/wireless network infra, the traffic as big as unable to compare with the past is being served through the internet, the traffic is increasing every year following the change of the network paradigm such as the object internet, especially the traffic of about 1.6 zettabyte is expected to be distributed through the network in 2018. As the network traffic increases, the performance of the security infra is developing together to deal with the bulk terabyte traffic in the security equipment, and is generating hundreds of thousands of security events every day such as hacking attempt and the malignant code. Efficiently analyzing and responding to an event on the attack attempt detected by various kinds of security equipment of company is one of very important assignments for providing a stable internet service. This study attempts to overcome the limit of study such as the detection of Tor network traffic using the existing low-latency by classifying the anonymous network by means of the suggested algorithm about the event detected in the security infra.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.157-167
• /
• 2020

The big data and artificial intelligence technology, which has provided the foundation for the recent 4th industrial revolution, has become a major driving force in business innovation across industries. In the field of information security, we are trying to develop and improve an intelligent security system by applying these techniques to large-scale log data, which has been difficult to find effective utilization methods before. The quality of security log big data, which is the basis of information security AI learning, is an important input factor that determines the performance of intelligent security system. However, the difference and complexity of log data by various product has a problem that requires excessive time and effort in preprocessing big data with poor data quality. In this study, we research and analyze the cases related to log data collection of various firewall. By proposing firewall log data collection format standard, we hope to contribute to the development of intelligent security systems based on security log big data.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.35-41
• /
• 2013

What is an alternative to medical information security of medical information more secure preservation and safety of various types of security threats should be taken, starting from the software design. Interspersed with medical information systems medical information to be able to integrate the real-time exchange of medical information must be reliable data communication. The software architecture design of medical information systems and sharing of medical information security issues and communication phase allows the user to identify the requirements reflected in the software design. Software framework design, message standard design, design a web-based inter-process communication procedures, access control algorithm design, architecture, writing descriptions, evaluation of various will procedure the establishing architecture. The initial decision is a software architecture design, development, testing, maintenance, ongoing impact. In addition, the project will be based on the decision in detail. Medical information security method based on the design software architecture of today's medical information security has become an important task of the framework will be able to provide.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.101-108
• /
• 2013

Sensor network configurations are for a specific situation or environment sensors capable of sensing, processing the collected information processors, and as a device is transmitting or receiving data. It is presently serious that sensor networks provide many benefits, but can not solve the wireless network security vulnerabilities, the risk of exposure to a variety of state information. u-Healthcare sensor networks, the smaller the sensor node power consumption, and computing power, memory, etc. restrictions imposing, wireless sensing through the kind of features that deliver value, so it ispossible that eavesdropping, denial of service, attack, routing path. In this paper, with a focus on sensing of the environment u-Healthcare system wireless security vulnerabilities factors u-Healthcare security framework to diagnose and design methods are presented. Sensor network technologies take measures for security vulnerabilities, but without the development of technology, if technology is not being utilized properly it will be an element of threat. Studies suggest that the u-Healthcare System in a variety of security risks measures user protection in the field of health information will be used as an important guide.