• Annual Conference of KIPS
• /
• 2003.05c
• /
• pp.1913-1916
• /
• 2003

전자상거래 일반적인 구조인 SET(Secure Electronic Transaction)프로토콜은 비밀키 알고리즘의 DES(Data Encryption Standard), 공개키 알고리즘의 RSA(Rivest, Shamir, Adleman), 메시지 다이제스트의 SHA-1를 사용하고 있다. 본 논문에서는 비밀키 알고리즘의 DES를 이용하여 수신측에 전송하는 과정을 3BC알고리즘으로 대체함으로서 생략하였고, 공개키 알고리즘의 요소를 ECC(Elliptic Curve Cryptosystem)알고리즘을 사용하였다. 또한 전자서명을 위한 방법은 Double Signature를 사용하여 SET프로토콜에서 DES의 전송을 위한 전자봉투를 삭제한 결과 수행시간의 단축과 보안의 강도를 강화시켰다.

• TTA Journal
• /
• s.164
• /
• pp.8-15
• /
• 2016

전 세계적으로 ICT 활용 패러다임이 정보시스템을 자체 구축하는 방식에서 서비스 이용량에 비례하여 비용을 지불하는 클라우드 컴퓨팅으로 전환 중이며, 2010년부터 미국 등 주요국가에서는 클라우드 우선 정책을 기반으로 정부 기업에서 클라우드의 이용이 급속히 확산 중이다. 우리나라에서도 2015년 3월 세계 최초로 클라우드 발전법을 제정하고, 11월 'K-ICT 클라우드 컴퓨팅 활성화 계획'을 수립하여 클라우드 선도국가로의 도약을 위해 다양한 노력을 기울이고 있다. 클라우드 서비스가 확산될수록 공적 표준화 기구를 중심으로 클라우드 서비스를 제공하기 위해 필요한 요소 기술에 대한 표준화 작업이 활발해짐에 따라, 국내 클라우드 컴퓨팅 관련 기술의 국제 표준화 추진 및 협력 방안 마련을 위한 전략의 개발이 요구되고 있는 시점이다. 본고에서는 클라우드컴퓨팅표준화포럼을 탐방하여 국내 표준 제정 현황을 살펴보고, 국내외 클라우드 기술 및 산업, 정책 동향을 짚어보고자 한다. 또한, 현재 국제 공적표준화 기구의 이슈를 점검하여 클라우드 컴퓨팅 참조구조를 기반으로 하는 표준 기술에 대해 소개하고, 클라우드 보안 및 상호운용성에 대한 표준 동향을 소개하여 클라우드 분야의 핵심 기술을 이해하는데 도움을 주고자 한다.

• Journal of KIISE:Information Networking
• /
• v.37 no.3
• /
• pp.187-197
• /
• 2010

The fusion stream of recent broadcasting and communication make multimedia content served in the area of broadcasting into IPTV service which transmits it through high-speed internet, cable TV net and satellite net in realtime. However, as the digital broadcasting service is extended to various media, the security of IPTV service content provided to users by service provider is not fully supported by CAS(Conditional Access System) provided by existing broadcasting system. This paper proposes interactive certification protocol which can efficiently distinguish the receiving-qualification of user between Set-Top Box and Smart Card which are parts of configurations for IPTV system. The proposed protocol uses hash function to make Set-Top Box transmit receiving-qualification about the channel fee which user pays more properly than existing protocol. Also, the proposed protocol uses session key generated between receiver and smart card through inter certification process and encrypts EMM not the service to be used by anyone illegally.

• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.95-104
• /
• 2024

The performance capability of the future battlefield depends on whether the next-generation technology of the Fourth Industrial Revolution, called ABCMS (AI, Bigdata, Cloud, Mobile, Security), can be applied to secure innovative defense capabilities It is no exaggeration to say. In addition, the future military operation environment is rapidly changing into a net work-oriented war (NCW) in which all weapon systems mutually share battlefield information and operate in real-time within a single integrated information and communication network based on the network and is expanding to the scope of operation of the manned and unmanned complex combat system. In particular, communication networks responsible for high-speed and hyperconnectivity require high viability and efficiency in power operation based on multi-tier (defense mobile, satellite, M/W, wired) networks for the connection of multiple combat elements and smooth distribution of information. From this point of view, this study is different from conventional single-media, single-path transmission with fixed specifications, It is an artificial intelligence-based transmission technology using RNN (Recurrent Neural Networks) algorithm and load distribution during traffic congestion using available communication wired and wireless infrastructure multimedia simultaneously and It is the development of MMMP-Multi-Media Multi-Path adaptive network technology.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.3 no.2
• /
• pp.411-420
• /
• 1999

The topic of electronic commerce is a hot issue in computer technology. There are many kinds of risks associated with electronic commerce which performs financial transactions by exchanging electronic information over public networks. Therefore, security factors such as confidentiality, integrity, authentication and non-repudiation should be required to construct secure electronic commerce systems. In this paper, the credit card-based payment protocol applying dual signature is presented. It provides payment information to the bank a cardholder pays to, but conceals ordering information. It also offers ordering information to a merchant, but hides payment information including the card number. Thus, cardholder's private information can be protected. In order to accomplish this, dual signature is performed employing both symmetric method utilizing cardholder's secret number as an encryption key and asymmetric method.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.278-281
• /
• 2018

The early Web technology was to show text information through a browser. However, as web technology advances, it is possible to show large amounts of multimedia data through browsers. Web technologies are being applied in a variety of fields such as sensor network, hardware control, and data collection and analysis for big data and AI services. As a result, the standard has been prepared for the Internet of Things, which typically controls a sensor via HTTP communication and provides information to users, by installing a web browser on the interface of the Internet of Things. In addition, the recent development of web-assembly enabled 3D objects, virtual/enhancing real-world content that could not be run in web browsers through a native language of C-class. Factors that evaluate the performance of existing Web applications include performance, network resources, and security. However, since there are many areas in which web applications are applied, it is time to revisit and review these factors. In this thesis, we will conduct an analysis of the factors that assess the performance of a web application. We intend to establish an indicator of the development of web-based applications by reviewing the analysis of each element, its main points, and its needs to be supplemented.

• Journal of Platform Technology
• /
• v.9 no.3
• /
• pp.3-17
• /
• 2021

Advanced persistent threat (APT) attacks are attacks aimed at a particular entity as a set of latent and persistent computer hacking processes. These APT attacks are usually carried out through various methods, including spam mail and disguised banner advertising. The same name is also used for files, since most of them are distributed via spam mail disguised as invoices, shipment documents, and purchase orders. In addition, such Infostealer attacks were the most frequently discovered malicious code in the first week of February 2021. CDR is a 'Content Disarm & Reconstruction' technology that can prevent the risk of malware infection by removing potential security threats from files and recombining them into safe files. Gartner, a global IT advisory organization, recommends CDR as a solution to attacks in the form of attachments. There is a program using CDR techniques released as open source is called 'Dangerzone'. The program supports the extension of most document files, but does not support the extension of HWP files that are widely used in Korea. In addition, Gmail blocks malicious URLs first, but it does not block malicious URLs in mail systems such as Naver and Daum, so malicious URLs can be easily distributed. Based on this problem, we developed a 'Dangerzone' program that supports the HWP extension to prevent APT attacks, and a Chrome extension that performs URL checking in Naver and Daum mail and blocking banner ads.

• Journal of Digital Convergence
• /
• v.11 no.3
• /
• pp.415-426
• /
• 2013

Smart work has recently introduced as a way to solve problems such as greenhouse gas emissions, low birth rate and aging as well as to improve productivity. Because of development of ICT infrastructure and the proliferation of smart devices, the mobile office has the most commonly used within types of smart work in Korea. But the adoption of the mobile office in small businesses is only half of that of large corporations. The security issue appears to be one of the biggest obstacles to the introduction of smart work in small businesses. Therefore, the purpose of this study is to analyze the information security factors that should be considered when the mobile office is introduced to small businesses. By analyzing the previous studies, the information security factors of the mobile office are classified 5 groups composed of 24 factors. 5 groups are terminals, applications and platforms, networks, servers and users. According to the survey result using AHP, 'User' was drawn to the most important group, and 'Data Encryption', 'Wireless LAN Control' and 'Terminal Recovery When Leaving' were drawn to the important information security factors of the mobile office among 24 factors.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.31-40
• /
• 2017

UAV (Unmanned Aerial Vehicle) is increasingly used in diverse fields such as disaster, distributi on, and logistics, but it is pointed out that the inadequacy of related laws and invasion of privacy is an obstacle to industrial growth. The regulatory framework for UAV convergence services is pr oposed based on the regulatory framework. From the technical point of view, regulation on archite ctural design, from the market point of view, concurrent operation of services in a limited area, a l egal evaluation based on post-evaluation rather than a pre-regulation under the legislation of visua l information protection law and a social consensus will contribute to the early settlement of UAV -based convergence services.

• The KIPS Transactions:PartD
• /
• v.13D no.6 s.109
• /
• pp.847-856
• /
• 2006

In this paper, we suggested a mobile collaboration framework for supporting mobile services among mobile devices, and designed and implemented on this environment. The suggested framework has three elements; groups of sensors and mobile devices(Fixed and Moving-typed PDAs) and a home server. We designed interfaces for interactions with each other in collaboration environment with three elements described above. The information collected by sensors can be share and exchanged by mobile devices or a home server in accordance with Push and Pull methods. This framework is based on the distributed object group framework(DOGF) we implemented before. Therefore the DOGF provides functions of object group management, storing information and security services to our mobile collaboration framework via application interfaces defined. The information collected by sensors is arranged according to user's security 'demands. And user profile information is used for checking authority of each service object. Each component for executing functions of mobile devices and a home server is implemented by TMO scheme. And we used the TMOSM for interactions between distributed components. Finally, we showed via GUI the executablity of a given healthcare application scenario on our mobile collaboration framework.