• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.10a
• /
• pp.882-884
• /
• 2009

네트워크보안에서 네트워킹기능과 정보보호기능을 분리하여 관리하지 않고 연계하여 종합 메커니즘을 구성 및 적용할 경우 종합적인 정보보호 효율은 시너지효과로 나타난다. 본 연구는 네트워킹 기능과 정보보호기능을 연계하여 정보보호기능을 적용했을 경우의 연동메커니즘 구현방법을 제안하기 위한 것이다. 연동 메커니즘에 의한 보안차단성과는 분리상황의 성과보다 증대되어 나타나므로 네트워크 인프라상에서의 정보보호기능 구현은 반드시 네트워킹기능과 정보보호기능을 연계하여 구성하고 그 성과를 측정, 관리하는 것이 정보보호 성과 관리에 효율적 방법임을 본 연구를 통해 제시하고자 한다.

• 정보보호뉴스
• /
• s.133
• /
• pp.22-23
• /
• 2008

정보보호 관련 사고가 자주 등장하면서 그 원인과 결과를 놓고 '이렇게 하면 된다 혹은 저렇게 하면 된다'는 식의 해결책이 쏟아지고 있다. 물론 정보보호를 잘할 수 있는 방법은 하나일 수가 없다. 관점에 따라, 한편으로 상황에 따라 얼마든지 달라질 수 있다. 그 해법에 대해 국내 민간 분야의 정보보호를 담당하고 있는 KISA의 이사진들은 어떻게 생각하고 있을까. 이번 호부터 이들과 함께 그 해법을 찾아 보고자 한다.

• Review of KIISC
• /
• v.13 no.2
• /
• pp.43-58
• /
• 2003

본 연구에서는 국제적으로 통용되고 있는 정보보호 자격에 대하여 운영기관, 응시자격, 검정방법, 시험과목, 합격결정 기준, 합격률, 합격자수에 대하여 상세히 분석한다. 정보보호 분야의 국제통용 자격으로 CISSP, SSCP, CISA, ISO17799/BS7799, GIAC, CBCP, CIA 등 7개의 자격에 대한 분석을 통하여 국외 정보보호 자격의 추세와 흐름을 고찰한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.4
• /
• pp.91-104
• /
• 1997

TCP/IPv4정보보호를 위하여 본 논문에서는 사용자 인증, 전송 데이터의 기밀성 및 데이터의 무결성을 보장해 줄 수 있는 프로토콜 스택과 안전한 IP데이터그램을 제안하였다. 또한 look-up형태의 액세스 테이블을 이용해 정보보호 모듈이 있는 사용자는 물론 정보보호 모듈이 없는 사용자와도 자유롭게 정보를 교환할 수 있도록 하는 방법을 제시하였다.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.10
• /
• pp.25-32
• /
• 2019

In this paper, we propose a method to apply the attack surface expansion through decoy traps to a protected server network. The network consists of a large number of decoys and protected servers. In the network, each protected server dynamically mutates its IP address and port numbers based on Hidden Tunnel Networking that is a network-based moving target defense scheme. The moving target defense is a new approach to cyber security and continuously changes system's attack surface to prevent attacks. And, the attack surface expansion is an approach that uses decoys and decoy groups to protect attacks. The proposed method modifies the NAT table of the protected server with a custom chain and a RETURN target in order to make attackers waste all their time and effort in the decoy traps. We theoretically analyze the attacker success rate for the protected server network before and after applying the proposed method. The proposed method is expected to significantly reduce the probability that a protected server will be identified and compromised by attackers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.565-577
• /
• 2019

In recent years, biometric authentication has been used for various applications. Since biometric features are unchangeable and cannot be revoked unlike other personal information, there is increasing concern about leakage of biometric information. Recently, Jin et al. proposed a new cancelable biometric scheme, called "Index-of-Max" (IoM) to protect fingerprint template. The authors presented two realizations, namely, Gaussian random projection-based and uniformly random permutation-based hashing schemes. They also showed that their schemes can provide high accuracy, guarantee the security against recently presented privacy attacks, and satisfy some criteria of cancelable biometrics. However, the authors did not provide experimental results for other biometric features (e.g. finger-vein, iris). In this paper, we present the results of applying Jin et al.'s scheme to iris data. To do this, we propose a new method for processing iris data into a suitable form applicable to the Jin et al.'s scheme. Our experimental results show that it can guarantee favorable accuracy performance compared to the previous schemes. We also show that our scheme satisfies cancelable biometrics criteria and robustness to security and privacy attacks demonstrated in the Jin et al.'s work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.167-174
• /
• 2009

Recently, Li et al. proposed a new differential fault analysis(DFA) attack on the block cipher ARIA using about 45 ciphertexts. In this paper, we apply their DFA skill on AES and improve attack method and its analysis. The basic idea of our DFA method is that we recover intermediate ciphertexts in last round using final faulty ciphertexts and find out last round secret key. In addition, we present detail DFA procedure on AES and analysis of complexity. Furthermore computer simulation result shows that we can recover its 128-bit secret key by introducing a correct ciphertext and 2 faulty ciphertexts.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1998.12a
• /
• pp.345-353
• /
• 1998

본 논문에서는 next-bit 검정의 이론적 배경을 고찰하고, 실제적인 검정법으로 구현된 검정방법에 대하여 조사 분석한다. Next-bit 검정 이론은 Schrift와 Shamir가 제시한 다양한 검정방법을 중심으로 소개한다. 그리고 구현된 통계적 검정 방법은 ACISP'96에서 발표된 검정법과 CISC'97에서 제안된 검정법을 비교 분석한다.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.41-53
• /
• 2014

In order to achieve efficient and effective organizational information security objectives, for the level of information security to accurately evaluation and direction for improving that performance evaluation index and method of measurement for information security outcomes are needed. For information security activities of domestic companies to measure the performance or effectiveness, that standard method of measuring and the available evaluation Index are insufficient. company is difficult to investment for information security budget. Therefore, the purpose of this study was developing of performance evaluation index and method of measurement for information security outcomes applying BSC available in the company. The results of this study that companies can determine the level of information security itself. Analysis of the information security status and the strategy establishment of the information security investment can be applied.

• The Journal of Society for e-Business Studies
• /
• v.16 no.2
• /
• pp.159-169
• /
• 2011

In order for agencies and companies at the IT service industry to check as well as to upgrade the current status of their information security programs, this paper suggests the assessment method for information security levels. The study developed 12 assessment fields and 54 assessment items derived from domestic and foreign cases including SP800-26, SP800-53, ISMS, and ISO27001. It categorized 54 assessment items into 5 levels for determining information security levels. Also, the study presents 7 strategies for performing their efficient evaluations. The proposed method and process in this paper can be useful guidelines for improving the national information security level.