• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.123-132
• /
• 2024

In the era of the Internet of Things, 7 billion diverse devices have been interconnected worldwide. Ensuring information security across these varied devices is crucial in this hyper-connected age. To achieve essential security functions such as confidentiality, integrity, and authentication, it is imperative to implement true random number generators (TRNGs). Therefore, this study proposes a method to rapidly characterize the randomness of TRNGs. While there are international standards for formally characterizing the randomness of TRNGs, adhering to these standards often requires significant time and resources. This study aims to help TRNG developers enhance efficiency in both time and cost by characterizing rough randomness and unpredictability. Firstly, we propose applying auto-correlation and cross-correlation metrics for analog signals. Secondly, we suggest adopting joint entropy and mutual information metrics for digital signals.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.79-87
• /
• 2024

This paper addresses the increasing cyber attacks exploiting security vulnerabilities in software due to the rise in web applications. CSRF (Cross-Site Request Forgery) attacks pose a serious threat to web users and developers and must be prevented in advance. CSRF involves performing malicious requests without the user's consent, making protection methods crucial for web applications. This study compares and verifies the CSRF defense performance of two frameworks, Spring Security and Apache Shiro, to propose an effectively applicable framework. The results show that both frameworks successfully defend against CSRF attacks; however, Spring Security processes requests faster, averaging 2.55 seconds compared to Apache Shiro's 5.1 seconds. This performance difference stems from variations in internal processing methods and optimization levels. Both frameworks showed no significant differences in resource usage. Therefore, Spring Security is more suitable for environments requiring high performance and efficient request processing, while Apache Shiro needs improvement. These findings are expected to serve as valuable references for designing web application security architectures

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.2
• /
• pp.153-163
• /
• 2011

Smartphone is a mobile device which can perform better than feature phone. Recently, growth in demand for advanced mobile devices boasting powerful performance, market share of smartphone is increasing rapidly in mobile device market, for example, iphone and android phone. Smartphone can provide many functionalities, e-mail, scheduler, word-processing, 3D-game, and etc, based on its powerful performance. Thus, various secret information is integrated in smartphone. To provide service, sometimes, smartphone transmits informations to outside via wireless network. Because smartphone is a mobile device, user can lose his/her smartphone, easily, and losing smartphone can cause serious security threats, because of integrated information in smartphone. Also data which is transmitted in wireless network can be protected for privacy. Thus, in present, it is very important to keep secure smartphone. In this paper, we analyze threats and vulnerabilities of smartphone based on its environments and describe countermeasures against threats and vulnerabilities.

• Korean Security Journal
• /
• no.61
• /
• pp.87-107
• /
• 2019

With the government policy on converting contract workers to full-time employees, there have been significant changes about the security personnel at the nation's critical facilities, including the National Assembly Building and airports. Moreover, the scheduled disbandment of the conscripted police force in 2023 has raised concerns about security management at different government agencies. To examine the college students' perceptions on the possible alternatives to fill the expected security gap, 234 undergraduate students of security management and protection in the Seoul metropolitan region were surveyed. Particularly, a comparative analysis was conducted on the legal bases and supervision, the employment types and salaries, and the scopes of responsibility and authority of suggested alternatives were compared. The results showed that utilization of private police forces was thought to be the most effective option. Based on the research findings, the university departments should develop and maintain a quality curriculum to educate their students to be prepared security professionals with a focus on emergency response capabilities and martial arts, including the courses on private police law and emergency rescue and cardiopulmonary resuscitation (CPR).

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.73-84
• /
• 2014

As the society turns into more of an information an technology centric society, the importance of information security is being increased these days. Recently, as the number of leaking accidents of personal information and valuable industrial technology is on the rise, every field of industry endeavors to come up with a security solution. In particular, since defense industry is a field where it establishes national defense power that is essential of national security, it requires higher standards of security solutions than any other ordinary fields of industry. According to Defense Industry Security Work Instructions, defense industry firms from security organizations and employ a security worker corresponding to the firm's scale and conditions. In an environment where essential information and technology are stored and managed in information and communication system or storing media, the duty and role of IT security workers are crucial. However, there is a shortage of systematic analysis on the work of IT security workers and development of curriculum to enhance their professionalism. Thus DACUM process, a job analysis technique, was used to identify IT Security workers' duties and responsibilities and verify the validity and credibility of the deducted results from the survey. The findings of this study will help in development of IT security duty in defense industry and can be used as baseline data for the development of curriculum and amendments of related regulations.

• Journal of Korea Port Economic Association
• /
• v.27 no.2
• /
• pp.333-354
• /
• 2011

After the terrorist attack of 9/11 on the USA, the security concern to global trade has been raised. In particular, the USA has actively promoted a series of initiatives and rules such as CSI, 24 hour rule, C-TPAT, and so on in the area of logistics activities, which aimed to better protect the country against the potential terrorist threats. While implementing such schemes called as a multi-layed logistics security strategy, a large number of countries trading with USA are facing with the issues of additional time and costs for inspecting cargos in their logistics facilities. As a result, most countries all over the world have sought a way to minimize the impacts from such strategy. The Korea also is preparing the several security programs operated by various ministries, which are aiming to not only improve the efficiency of trade flows but also to ensure supply chain security. However, many companies are expressing the inefficiency of operating such programs. Thus, this paper analyzed several global supply chain security programs currently adopted by international organizations(ISO, WCO, and IMO) and major countries(USA, EU, and Singapore) and suggested a guideline for developing the national logistics security system.

• Review of KIISC
• /
• v.23 no.4
• /
• pp.7-14
• /
• 2013

영업비밀 관련 또는 특허문제로 소송이 빈번하게 발생하는 요즘 특허 전쟁에 있어서도 해당 정보를 적절하게 보호하고 유지하기 위한 특허정보 관리체계에 있어서의 정보보안은 매우 중요한 요인으로 인식되고 있다. 이러한 상황에서 보안사고가 발생했을 경우, 이에 효과적으로 대응하기 위한 방안들에 대해 기업 전반에 걸쳐 인지될 필요성 또한 부각되고 있으며 이를 가능하게 해주는 방안으로 국제인증 기준이 떠오르고 있다. 각종 정보보호의 중요성에 따른 기업 관리시스템들이 이러한 인증체계를 도입 및 운영하고 있는 추세이며 이를 뒷받침 해주기 위해 특허법을 비롯하여 관련 컴플라이언스를 준수하기 위한 개인정보보호법(안전성 확보조치), 정보통신망 이용촉진 및 정보보호 등에 관한 법률과 같은 정보보호 법률을 기준으로 제시할 수 있다. 사례 기업에서는 이 중 정보보호 국제인증의 대표격인 ISO27001을 바탕으로 현재 특허관련 기업에 필요한 정보보호관리체계를 정립 및 적용하였다. 해당 정보보호 관리체계는 특허관련 업무분장에서 주요하게 다루어지지 않았던 기술적, 관리적, 물리적 보안에 대한 부적합사항을 충족시키고 특허정보보호업무, 감사업무, 검사업무, 전산운영 등 분산된 업무를 일관된 업무로 통합하는 효과적인 관리체계가 될 수 있음을 제시하였다.

• Review of KIISC
• /
• v.28 no.3
• /
• pp.5-10
• /
• 2018

블록체인의 특징인 신뢰성, 보안성, 투명성, 탈중앙성을 지지하는 합의 알고리즘을 환경과 목표에 따라 적절하게 선택하는 것이 매우 중요하다. 본 논문에서는 합의 알고리즘에 대한 연구 동향을 파악하기 위해 블록체인을 참여 대상에 따라 퍼블릭 블록체인과 프라이빗 블록체인으로 나누어 설명하였고 체인 유지 방식에 따라 경쟁 방식 합의 알고리즘과 비경쟁 방식 합의 알고리즘으로 나누어 설명하였으며, 이를 위해 다섯가지 합의 알고리즘의 원리와 장단점 등을 분석하였다. 그리고 분석 결과를 바탕으로 참여 대상과 체인 유지 방식간의 관계와 신뢰모델과 중앙화, 속도, 보안성간의 관계를 도출해내었다. 향후에는 현재의 여러 합의 알고리즘 원리와 장단점을 발전 및 보완하여 환경과 목적에 따라 속도가 빠르고 보안적으로 안전하며 일관된 블록체인을 유지하는 합의 알고리즘을 개발할 수 있을 것이다.

• Proceedings of the Korea Contents Association Conference
• /
• 2003.05a
• /
• pp.189-193
• /
• 2003

정보화 사회가 도래하고 인터넷과 네트워크기술이 발전함에 따라 전자적 거래 등 원격지간의 비 대면 거래방식은 시대가 바뀜에 따라 피할 수 없는 현실이 되고 있으며, 이에 따른 시스템 불법침입에 의한 사고사례를 우리 주변에서 쉽게 접할 수 있다. 따라서, 인증되지 않은 외부 침입자로부터 시스템의 정보보호를 위한 많은 노력과 연구가 병행되어왔다. 즉, 침입탐지 시스템 및 암호화, 복호화 알고리즘을 적용하여 소프트웨어 측면에서의 보안기법과 Firewall 등의 하드웨어적인 보안기술이 도입 및 실용화 되고있는 것이다. 따라서, 본 논문은 침입 탐지 기법에 관련된 것들과 과 암호화 방식들의 소개 그리고 정보 보호 방안으로 내부적 안전을 위한 프로그램적 기법으로 데이터를 저장할 때 중요한 자료들을 데이터베이스에 저장할 때 SMA(Security Mapping Array)에 보관된 임의의 암호화 코트를 이용하여 암호화하여 저장하고 필요할 때 복호화 하는 시스템 내부적인 보안 방법을 제시하고자 한 다.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.209-216
• /
• 2002

This treatise deals with designing a database encryption model that interworks with Intranet within a system. Today attempts are being made to substitute legacy client/server computing environment with what interworks with web and database, and thus the question how the security for the database that interworks with Intranet can be secured is emerging as a matter of great importance. This treatise, therefore, offers an encryption model which offers how to create an encryption key using an ID and a password most widely used in Intranet access and by using this key, how to encipher information ill a DB table, providing a maintenance scheme for the Key as well.