• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.7 no.6
• /
• pp.871-880
• /
• 2017

Recently, service based on internet is inter-connected and integrated with a variety of connection. This kind of internet of things consist of heterogenous devices such as sensor node, devices and end-to end equipment which used in conventional protocols and services. The representative system is healthcare system. From healthcare appliance used by IoT, patient and doctor can utilize healthcare information with safety and high speed management. It is very convenient management to operate mobility. But it induced security and vulnerability issues because it has small memory capacity, low power supply and low computing power. This made impossible to implement security algorithm with embedded engine based on hardware. Nowdays, we can't realize conventional standard algorithm due to these kinds of reasons. From the critical issues, it occurred security and vulnerability issues. Therefore, we analysed and compared with conventional method and proposed techniques. Finally, we evaluated security issues and requirement for end-to-end point healthcare system based on internet of things.

• Journal of Korea Multimedia Society
• /
• v.15 no.1
• /
• pp.93-100
• /
• 2012

Recently, the security monitoring and control systems based on spatial information in various field are operated and being developed according to evolve the spatial information technology. Especially, the CCTV monitoring and control system can be used in various field as a typical system. However, the security vulnerability problems have become an issue because the system connected by computer network and getting bigger than before. Therefore we studied security vulnerabilities of CCTV monitoring and control system which is being developed and operated. In addition, it is important to consider disaster and terrorism with unauthorized changes on location information. Therefore we analyzed the performance of observation when the cameras are break down as a result by hacking to CCTV monitoring and control system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.231-242
• /
• 2013

Recently, automated software testing methods such as fuzzing have been researched to find software vulnerabilities. The purpose of fuzzing is to disclose software vulnerabilities by providing a software with malformed data. In order to increase the probability of vulnerability discovery by fuzzing, we must solve the test suite reduction problem because the probability depends on the test case quality. In this paper, we propose a new method to solve the test suite reduction problem which is suitable for the long test case such as file. First, we suggested the length of test case as a measure in addition to old measures such as coverage and redundancy. Next we designed a test suite reduction algorithm using the new measure. In the experimental results, the proposed algorithm showed better performance in the size and length reduction ratio of the test suite than previous studies. Finally, results from an empirical study suggested the viability of our proposed measure and algorithm for file fuzzing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1345-1354
• /
• 2012

The modern society with the wide spread USB memory, witnesses the acceleration in the development of USB products that applied secure technology. Secure USB is protecting the data using the method as device-based access control, encryption of stored files, and etc. In terms of forensic analyst, to access the data is a lot of troubles. In this paper, we studied software-based data en/decryption technology and proposed for analysis mechanism to validation vulnerability that secured on removable storage media. We performed a vulnerability analysis for USB storage device that applied security mechanism. As a result, we found vulnerabilities that extracts a source file without a password.

• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.11-20
• /
• 2003

Now a days the threatenings of using internet web system's vulnerability are rapidly increasing. To protect the threat we introduce the sorts of threats and present the verification method of web application security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.171-182
• /
• 2014

Common Criteria is a scheme that minimize IT products's vulnerabilities in accordance with the evaluation assurance level. SSDLC(Secure Software Development Lifecycle) is a methodology that reduce the weakness that can be used to generate vulnerabilities of software development life cycle. However, Common Criteria does not consider certificated IT products's vulnerabilities after certificated it. So, it can make a problem the safety and reliability of IT products. In addition, the developer and the evaluator have the burden of duplicating evaluations of IT products that introduce into the government business due to satisfy both Common Criteria and SSDLC. Thus, we researched the relationship among the Common Criteria, the static code analysis tools, and the SSDLC. And then, we proposed how to combine SSDLC into Common Criteria.

• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.413-421
• /
• 2017

This study explored relationships between health perception and behavior of Korean relevant to particulate matter(PM) as PM in the atmosphere getting worse. To investigate the relationship in the personal hygiene dimension, we analysed the structural relationships among multi-dimensional health locus of control, perceived susceptibility and severity, and health behavior intention. Except internal among three tendencies of multi-dimensional health locus of control, chance and powerful other had an effect on perceived susceptibility and severity, respectively. Perceived susceptibility and severity also had a positive effect on the intention. Thus, to facilitate PM-related disease prevention, timely and reliable information should be supplied with the solution for lessening damage from PM, and then training for internalizing locus of control should be encouraged through eliminating fear and uncertainty. Finally, we discussed suggestions for future study.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.8
• /
• pp.1768-1773
• /
• 2005

The IEEE 802.1x standard provides an architectural framework which can be used various authentication methods. But, IEEE 802.1x also has vulnerabilities about the DoS, the session hijacking and the Man in the Middle attack due to the absence of AP authentication. In this paper, we propose a WLAN secure system which can offer a robust secure communication and a user authentications with the IEEE 802.1x framework. The user authentication on the WLAN secure system accomplishes mutual authentications between authentication severs, clients and the AP using PKI and prevents an illegal user from intervening in communication to disguise oneself as a client, the AP or authentication servers. Also, we guarantee the safety of the communication by doing secure communication between clients and the AP by the Dynamic WEP key distribution.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.69-76
• /
• 2018

One of the most remarkable technologies in the era of the 4th industrial revolution is the interest in the field of smart cars. In the near future, it will not only be possible to move to a place where you want to ride a smart car, but smart cars, including artificial intelligence elements, can avoid sudden car accidents. However, as the field of smart automobiles develops, the risks are expected to increase. Therefore, based on the understanding of security vulnerabilities that may occur in smart car networks, we can apply safe information security technology using FIDO and attribute-based authorization delegation technique to provide smart car control technology that is safe and secure. I want to. In this paper, we show that the proposed method can solve security vulnerabilities by using secure smart car control technology. We will further study various proposals to solve security vulnerabilities in the field of smart car networks through future research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1225-1236
• /
• 2020

Fuzzing is an automated software testing methodology that dynamically tests the security of software by inputting randomly generated input values outside of the expected range. KISA is releasing open source for standard cryptographic algorithms, and many crypto module developers are developing crypto modules using this source code. If there is a vulnerability in the open source code, the cryptographic library referring to it has a potential vulnerability, which may lead to a security accident that causes enormous losses in the future. Therefore, in this study, an appropriate security policy was established to verify the safety of block cipher source codes such as SEED, HIGHT, and ARIA, and the safety was verified using differential fuzzing. Finally, a total of 45 vulnerabilities were found in the memory bug items and error handling items, and a vulnerability improvement plan to solve them is proposed.