• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.12
• /
• pp.1411-1416
• /
• 2015

Grayhole attack, one of attack to MANET routing function, is very severe in point of view of causing results which disturbs normal transmission function of network with uneasy finding of attacks. In this paper, effects of grayhole attack to application service on MANET is analyzed. Based on this analysis, some conditions is suggested for anti-intrusion to operate an application service on MANET under grayhole attack. This study is done with computer simulation based on NS-2 be added grayhole attack function which is implemented in this paper.

• Journal of Korea Society of Industrial Information Systems
• /
• v.22 no.4
• /
• pp.45-64
• /
• 2017

The Purpose of this Study is to find out the Implications of the Information Security Activities of Financial Companies on the Confidence of the Information Security Officers and to find Academic and Practical Implications to Supplement the Insufficiencies. As a Result, it was Confirmed that the Information Security Officer's Confidence in Information Security for Companies and the Level of Information Security Awareness of the Employees are Increased when Financial Companies Conduct Information Protection Activities Focusing on Information Security Education, Security Incident Responses and In/Out Security.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.6
• /
• pp.143-152
• /
• 2016

Currently many central administrative agencies, municipalities and public and private institutions operate Managed security services to cope with cyber security incidents. These entities exert efforts in operating efficiencies rather than introduction of services as they used to. Accordingly, quite a few policies, directions and guidelines have been established for stable operation of Managed security services. Still, Managed security is operated by individuals, whose competencies influence the quality of Managed security services to a great extent. In this respect, the present article examines Managed security technology and methods and describes evaluation methods and examples relevant to human competencies, so as to seek for some potential courses for further development as well as more efficient approaches to human resource management in terms of institutional Managed security services.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.204-207
• /
• 2019

DDoS(Distributed Denial of Service) 공격은 네트워크상에서 다수의 시스템 협업으로 하나의 표적 시스템을 공격하여 서비스의 가용성을 침해하는 공격이다. 이는 점차 지능적인 방법으로 진화하고 있으며 특히 IoT를 대상으로 한 DDoS 공격이 증가하고 있다. 이기종의 기기들이 연결된 IoT는 기존 IT디바이스와 비교하여 제한된 자원을 가지고 있어 IoT 네트워크 특성을 고려한 DDoS 보안 기법이 요구된다. 국제 인터넷 표준화 기구 IETF에서 IoT를 지원하기 위해 제정한 CoAP(Constrained Application Protocol)은 기존 IT 네트워크와 호환성을 가진 응용 계층 프로토콜이다. 본 논문은 CoAP의 DDoS 공격 취약점과 대응 방안을 정리하고 새로운 프로토콜을 추가할 시 고려해야 할 사항을 제시한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.12
• /
• pp.2171-2178
• /
• 2008

Recently, Network companies have introduced security solutions to protect the network from intrusions, attacks and viruses but the network has still weakness and vulnerability. It is time to bring more stable and reliable authentication system that would meet the Internet user's need. In this study, Current broadband networks don't have hierarchic and stable authentication solutions. And so, an integrated and hierarchic system is needed to provide a various kinds of application services. I'd like to present a new authentication system which is based on unified web authentication design. It will unit various authentication systems that have been deployed in various network environment and reinforce network security to provice a various kinds of application services in a stable and safe environment. that is a simple and more secure method for fighting a rise in card-not-present fraud.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.578-581
• /
• 2014

Blackhole attack, a kinds of attacks to routing function, can cause critical effects to network transmission function, Especially, on MANET(Mobile Ad-hoc Network) which it is not easy to prepare functions to respond malicious intrusion, transmission functions of entire networks could be degraded. In this paper, effects of blackhole attack to network transmission performance is analyzed on lattice structured MANET. Specially, performance is measured for various location of blackhole attack on lattice MANET, and compared with the performance of random structured MANET. This paper is done with computer simulation, VoIP(Voice over Internet Protocol) traffic is used in simulation. The results of this paper can be used for data to deal with blackhole attack.

• Journal of Platform Technology
• /
• v.8 no.4
• /
• pp.29-37
• /
• 2020

We propose a plan to reduce the operational risk of domestic cryptocurrency exchanges for protecting cryptocurrency exchange users and establishing a stable operating environment. For market participants using cryptocurrency exchanges, cryptocurrency exchange risk is greater than the price risk. In the cryptocurrency market, illegal transactions using the anonymity of cryptocurrency are occurring frequently. In addition, loss accidents due to cybercrimes and insider corruptions are continuing. And the resulting losses are passed on to the users of the exchange. In terms of operational risk, we analyze the current situation of domestic cryptocurrency exchanges and present the direction of development of each exchange platform to attract and protect users.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.4
• /
• pp.695-702
• /
• 2022

Smart railway system, which has been actively studied in recent years, is entering the intelligent stage beyond the automation stage based on ICT (Information & Communication Technology) such as communication technology and information technology. ICT technology used in smart railways is generally supported by various information protection technologies as it is vulnerable to information infringement. As a means of high-speed/mass transportation, it is essential to devise an information protection plan for ICT technology that forms the basis for smartening the railway system. Therefore, this paper presents the necessity of step-by-step information protection that measures for smart railway communication by examining potential risk factors of smart railway communication base and considering information protection factors that can respond to them.

• Journal of Korea Multimedia Society
• /
• v.25 no.2
• /
• pp.221-236
• /
• 2022

BLE protocol prevents MITM attacks with user interaction through some input/output devices such as keyboard or display. Therefore, If it use a device which has no input/output facility, it can be vulnerable to MITM attack. If messages to be sent to a control device is forged by MITM attack, the device can be abnormally operated by malicious attack from attacker. Therefore, we describes a scenario which has the vulnerabilities of the BLE network in this paper and propose countermeasure method against MITM attacks integrity violations. Its mechanism provides data confidentiality and integrity with MD5 and security key distribution of Diffie Helman's method. In order to verify the effectiveness of the countermeasure method proposed in this paper, we have conducted the experiments. ​As experiments, the message was sent 200 times and all of them successfully detected whether there was MITM attack or not. In addition, it took at most about 4.2ms delay time with proposed countermeasure method between devices even attacking was going on. It is expected that more secure data transmission can be achieved between IoT devices on a BLE network through the method proposed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.638-640
• /
• 2021

The network separation environment is a network security design system that separates the internal business network from the external Internet network. It separates the internal business network from the external Internet by separating it into a business network that is not connected to the network to which the Internet is connected. The network is separated, and it is a relatively secure network structure compared to Danilman in terms of security. However, there are frequent cases of infecting internal networks by using vulnerabilities in internal systems, network devices, and security devices. In this paper, we analyze the vulnerability of IT security threats in such a network isolation environment and provide technical measures for effective security monitoring.