• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.1001-1011
• /
• 2014

Smart Grid Devices could have security vulnerabilities that have legacy communication networks because of the fact that Smart Grid employs bi-directional communications and adopted a variety of communication interface. Consequently, it is required to build concrete response processes and to minimize the damage of the cyber attacks including security evaluation and certification methods. DCU is designed to collect meter data from numerous smart meter and send to utility's server so DCU installed between smart meter and utility's server. For this reason, If DCU compromised by attacker then attacker could use DCU to launching point for and attack on other devices. However, DCU's security evaluation and certification techniques do not suffice to be deployed in smart grid infrastructure. This work development DCU protection profile based on CC, it is expected that provide some assistance to DCU manufacturer for development of DCU security target and to DCU operator for help safety management of DCU.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.9
• /
• pp.2114-2120
• /
• 2015

Vehicle cloud technology is a fusion technology of vehicle communication technology and cloud computing used in wired and wireless Internet, and has attracted attention as a new IT paradigm. It is expected that it would contribute to resolve the road traffic problem with effective communication by providing computer, sensor, communication, device, and resource. but security is necessary to apply vehicle cloud environment and it have to resolve security threats and various attacks occurred in wired and wireless vehicle environment. Therefore, in this paper, we designed security framework to provide secure communication between vehicle and vehicle, and vehicle and the Road side in the vehicle cloud environment. Safety and security of the vehicle environment was satisfied with the security requirements of the vehicle and cloud-based environment, and increased efficiency than the conventional vehicle network communication protocols.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.11
• /
• pp.409-418
• /
• 2014

The amount of data located in storage servers has dramatically increased with the growth in cloud and social networking services. Storage systems with very large capacities may suffer from poor reliability and long latency, problems which can be addressed by the use of a hybrid disk, in which mechanical and flash memory storage are combined. The Linux-based SSD(solid-state disk) uses a caching technique based on the DM-cache utility. We assess the limitations of DM-cache by evaluating its performance in diverse environments, and identify problems with the caching policy that it operates in response to various commands. This policy is effective in reducing latency when Linux is running in native mode; but when Linux is installed as a guest operating systems on a virtual machine, the overhead incurred by caching actually reduces performance.

• The Journal of Society for e-Business Studies
• /
• v.26 no.3
• /
• pp.119-132
• /
• 2021

Identification of associated knowledge based on content relevance is a fundamental functionality in managing service and security of core knowledge. This study compares the performance of methods to identify associated knowledge based on content relevance, i.e., the associated document network composition performance of keyword-based and word-embedding approach, to examine which method exhibits superior performance in terms of quantitative and qualitative perspectives. As a result, the keyword-based approach showed superior performance in core document identification and semantic information representation, while the word embedding approach showed superior performance in F1-Score and Accuracy, association intensity representation, and large-volume document processing. This study can be utilized for more realistic associated knowledge service management, reflecting the needs of companies and users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.135-145
• /
• 2002

Active networks represent a new approach to network architecture. Nodes(routers, switches, etc.) can perform computations on user data, while packets can carry programs to be executed on nodes and potentially change the state of them. While active networks provide a flexible network iufrastructure, they are more complex than traditional networks and raise considerable security problems. Nodes are Public resources and are essential to the proper and contract running of many important systems. Therefore, security requirements placed upon the computational environment where the code of packets will be executed must be very strict. Trends of research for active network security are divided into two categories: securing active nodes and securing active packets. For example, packet authentication or monitoring/control methods are for securing active node, but some cryptographic techniques are for the latter. This paper is for transferring active packets securely between active nodes. We propose a new method that can transfer active packets to neighboring active nodes securely, and execute executable code included in those packets in each active node. We use both public key cryptosystem and symmetric key cryptosystem in our scheme

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.85-98
• /
• 2003

Computational power of IC chip is improved day after day producing IC chips holding co-processor continuously. Also a lot of wireless terminals which IC chip embedded in are produced in order to provide simple and various services in the wireless terminal market. However it is difficult to apply the key distribution protocol under wired communication environment to wireless communication environment. Because the computational power of co-processor embedded in IC chip under wireless communication environment is less than that under wired communication environment. In this paper, we propose the hey distribution protocol appropriate for wireless communication environment which diminishes the computational burden of server and client by using co-processor that performs cryptographic operations and makes up for the restrictive computational power of terminal. And our proposal is satisfied with the security requirements that are not provided in existing key distribution protocol.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.3-10
• /
• 2020

Recently, the Internet and networks are regarded as essential infrastructures that constitute society, and security threats have been constantly increased. However, the network switch that actually transmits packets in the network can cope with security threats only through firewall or network access control based on fixed rules, so the effective defense for the security threats is extremely limited in the network itself and not actively responding as well. In this paper, we propose an in-network security framework using the high-level data plane programming language, P4 (Programming Protocol-independent Packet Processor), to deal with DDoS attacks and IP spoofing attacks at the network level by monitoring all flows in the network in real time and processing specific security attack packets at the P4 switch. In addition, by allowing the P4 switch to apply the network user's or administrator's policy through the SDN (Software-Defined Network) controller, various security requirements in the network application environment can be reflected.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.04a
• /
• pp.729-732
• /
• 2010

통신망의 발달로 다양한 인터넷 기반 기술들이 등장함에 따라 현재는 데이터뿐만 아닌 음성에 대한 부분도 IP 네트워크를 통해 전송하려는 움직임이 발판이 되어 VoIP(Voice Over Internet Protocol)라는 기술이 등장하였다. SIP(Session Initiation Protocol) 프로토콜 기반 VoIP 서비스는 통신 절감 효과가 큰 장점과 동시에 다양한 부가서비스를 제공하여 사용자 수가 급증하고 있다. VoIP 서비스는 호(Call)를 제어하기 위해 SIP 기반으로 구성이 되며, SIP 프로토콜은 IP 망을 이용하여 다양한 음성과 멀티미디어 서비스를 제공하게 되는데 IP 프로토콜에서 발생하는 인터넷 보안 취약점을 그대로 동반하기 때문에 DoS(Denial of Service) 및 DDoS(Distribute Denial of Service)에 취약한 성향을 가지고 있다. DDoS 공격은 단시간 내에 대량의 패킷을 타깃 호스트 또는 네트워크에 전송하여 네트워크 접속 및 서비스 기능을 정상적으로 작동하지 못하게 하거나 시스템의 고장을 유도하게 된다. 인터넷 기반 생활이 일상화 되어 있는 현 시점에서 안전한 네트워크 환경을 만들기 위해 DDoS 공격에 대한 대응 방안이 시급한 시점이다. DDoS 공격에 대한 탐지는 매우 어렵기 때문에 근본적인 대책 마련에 대한 연구가 필요하며, 정상적인 트래픽 및 악의적인 트래픽에 대한 탐지 시스템 개발이 절실히 요구되는 사항이다. 본 논문에서는 SIP 프로토콜 및 공격기법에 대해 조사하고, DoS와 DDoS 공격에 대한 특성 및 종류에 대해 조사하였으며, SIP를 이용한 VoIP 서비스에서 IP 분류와 메시지 중복 검열을 통한 DDoS 공격 탐지기법을 제안한다.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.3
• /
• pp.60-71
• /
• 2017

Smart devices such as smart phones, smart TVs, and smart pads have become essential devices in recent years. As the popularity and demand grows, the performance of smart devices is also getting better and users are dealing with a lot of things such as education and business using smart devices instead of desktop. However, smart devices that still have poor performance compared to desktop, even with improved performance, have difficulty running high performance applications due to limited resources. In this paper, we propose a load balancing algorithm applying the characteristics of smart devices to overcome the resource limitations of devices. in order to verify the algorithm, we implemented the algorithm after adding the distributed processing system service in Android platform. After constructing the cluster on the smart device, various experiments were conducted. Through the analysis of the test results, it is confirmed that the proposed algorithm efficiently improves the overall distributed processing performance by effectively aggregating different amounts of computing resources in heterogeneous smart devices.

• Journal of KIISE:Computing Practices and Letters
• /
• v.13 no.5
• /
• pp.271-281
• /
• 2007

Real-time support of embedded OS is not optional, but essential in contemporary embedded systems. In order to achieve these system#s real-time property, it is crucial that schedulability analysis for tasks having its property have been accomplished before system execution. Acquiring Worst-Case Execution Time(WCET) of task is a core part of schedulability analysis. Because traditional WCET tools analyze only its estimation of application task(i.e. program), it is not considered that application tasks are affected by scheduling primitives(e.g. scheduler, interrupt service routine, etc.) of OS when it schedules them. In this paper, we design and implement WCET analysis tool which deliberates on scheduling primitives of system using embedded Linux widely used in embedded OSes. This tool can estimate either WCET of normal application programs or corresponding primitives which have an influence on schduling property in embedded Linux kernel. Therefore, precision of estimation about schedulability analysis is improved. We develop this tool as Eclipse#s plug-in to work properly in any platform and support convenient interface or functionality for user.