• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.618-620
• /
• 1998

Web보안 기능 중에서 가장 기본적이면서 중요한 보안 기능은 데이터의 암호 및 복호이다. 본 과제는 인터넷 web browser(Netscape Communicator 또는 Navigator)기능에 보안 모듈을 이용한 자료 및 문서 암호 기능을 통해서 안심하고 web page를 사용할 수 있는 시스템을 제공한다. 보안 모듈을 사용하지 않는 일반적인 web데이터 전송환경에는 SSL 프로토콜을 이용하여 web데이터 전송을 수행한다. 서버가 보안 모듈을 가지고 있는 경우는 web을 통해서 주고받는 데이터에 대해서 보안 모듈 내에 존재하는 암호 및 복호하는 알고리즘을 사용한다. 이런 방식을 사용할 경우에 일반적으로 많이 사용하는 DES알고리즘의 사용으로 쉽게 구현이 가능하다. 그러나 이러한 보안 모듈이 상호 연동해서 동작되기 때문에 이 모듈이 없이는 웹 상에 원하는 자료에의 접근이 불가능하다. 또한 이 방식은 기존의 방식이 갖는 보안 기능의 공개성 문제점을 극복하면서 안전한 보안 웹 환경을 제공해준다.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.550-552
• /
• 1998

본 논문은 인터넷web browser(Netscape communicator 또는 Netscape Navigator)기능에 문서보안 기능 등을 통해서 안심하고를 사용할 수 있는 클라이언트 환경을 제공한다. 보안 모듈을 사용하여 보안 데이터 전송을 수행한다. 본 보안 데이터 전송을 수행한다. 본 보안 모듈의 특징은 소프트웨어적으로 보안 환경을 사용하든 하드웨어적으로 보안 환경을 사용하든 독점적인 환경에서 웹 보안 기능을 제공할 수 있는 장점을 가진다. 일반적으로 보안이 절실히 요구되는 환경은 인트라넷이 구축된 경우이다. 이런 인트라넷 환경에서는 본 논문에서 제안하는 보안 기능을 사용할 경우 독점적인 보안 기능을 제공할 수 있다. 그리고 일반적인 인터넷 환경에서 보안을 만족하기 위하여 서버, 클라이언트 양쪽에서 모두 보안 모듈을 가져야 한다. 본 논문은 클라이언트 측에서 필요한 보안 모듈의 설계 및 구현 내용에 대해서 언급한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.4 no.3
• /
• pp.671-679
• /
• 2000

In this study, the messages sent at application layer are encrypted by using RSA Public Keys before sending. Then we developed the information security system devised for the secure WWW data transmission by extending the functions of the Netscape browser and by using application programs such as Java applications and by using the plug-in methods. Not only can these technologies reduce and make it easier to perform key management or encryption transmission process, but they can also reduce the processing time of encryption correspondence.

• Nuclear Engineering and Technology
• /
• v.35 no.3
• /
• pp.243-250
• /
• 2003

Nuclear power plants (NPPs) will be highly connected network enabled systems in the future. Using the network and web enabled tools, NPPs will be remotely monitored by operators at any time from any place connected to the network via a general web browser. However, there will be two major issues associated with this implementation. The first is the security issue. Only the authorized persons need to be allowed to access the plant since NPP is a safety-critical system. However, the web technology is open to the public. The second is the network disturbance issue. If operators can not access the plant due to network disturbances, the plant will come into the out-of-control situation. Therefore, in this work, we performed a conceptual design of a web-based remote monitoring and control system (RMCS) considering these issues.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.121-134
• /
• 2009

Consumer-centric marketing business is surely one of the most successful emerging business but it poses a threat to personal privacy. Between the service provider and the user there are many contrary issues to each other. The enterprise asserts that to abuse the privacy data which is anonymous there is not a problem. The individual only will not be able to willingly submit the problem which is latent. Web traffic analysis technology itself doesn't create issues, but this technology when used on data of personal nature might cause concerns. The most criticized ethical issue involving web traffic analysis is the invasion of privacy. So we need to inspect how many and what kind of personal informations being used and if there is any illegal treatment of personal information. In this paper, we inspect the operation of consumer-centric marketing tools such as web log analysis solutions and data gathering services with web browser toolbar. Also we inspect Microsoft explorer-based toolbar application which records and analyzes personal web browsing pattern through reverse engineering technology. Finally, this identified and explored security and privacy requirement issues to develop more reliable solutions. This study is very important for the balanced development with personal privacy protection and web traffic analysis industry.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.151-156
• /
• 2013

Android that was made by Google and Open Handset Alliance is the open source software toolkit for mobile phone. In a few years, Android will be used by millions of Android mobile phones and other mobile devices, and become the main platform for application developers. In this paper, the integrated login application based on Google's Android platform is developed. The main features of the mobile combination login application content based on Android are as follows. First, the application has more convenient login functionality than the functionality of general web browser as the web browser of the mobile-based applications(web browser style applications) as well as security features and faster screen(view) capability by reducing the amount of data transfer. Second, the application is so useful for management of ID and Password, and it can easily manage multiple ID information such as message, mail, profile. The results of performance evaluation of the developed application show the functionality that can login many kinds of portal sites simultaneously as well as the ability that can maintain login continuously. Currently, we are trying to develope a couple of the technologies that can insert multiple accounts into one ID and check all information on one screen.

• Journal of Digital Contents Society
• /
• v.9 no.4
• /
• pp.607-616
• /
• 2008

By the advancement of computer & network technology, the paridigm of 'Network Computer' has been realizing`. In what is called network computer, computer system and computing resource is incomparably seem to be expanded compared with conventional network technology[1]. Network connected computer system consitute a massive virtual computer, it is possible for people to use an enourmous amout of computing resource distributed widely through the network. It is also possible that we make client lightweight by the use of computer system & all shared computing resources on the network in our computer processing and we call this type of client system as thin-client. Thin-client and network computer are on and the same network paradigm in that both paradigm featuring the active use of computer system and resource on the network[2]. In network computer paragem, network itself is regarded as a basic platform for the transfer of application, so it is possible that client access remote serve system to run remote applications through the network[3]. In this paper, we propose the system architecture for the implementation of network computer by the use of Web browser, X window system and Pyjamas. By the use of network computer proposed in this paper, it is possible for people to run application on the server system as if he run local application, and it is expected to improve the security and maintenance efficiency.

• Journal of Internet Computing and Services
• /
• v.16 no.4
• /
• pp.51-59
• /
• 2015

JavaScript is a popular technique for activating static HTML. JavaScript has drawn more attention following the introduction of HTML5 Standard. In proportion to JavaScript's growing importance, attacks (ex. DDos, Information leak using its function) become more dangerous. Since these attacks do not create a trail, whether the JavaScript code is malicious or not must be decided. The real attack action is completed while the browser runs the JavaScript code. For these reasons, there is a need for a real-time classification and determination technique for malicious JavaScript. This paper proposes the Analysis Engine for detecting malicious JavaScript by adopting the requirements above. The analysis engine performs static analysis using signature-based detection and dynamic analysis using behavior-based detection. Static analysis can detect malicious JavaScript code, whereas dynamic analysis can detect the action of the JavaScript code.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1047-1057
• /
• 2018

As the number of services offered on the Internet exponentially increases, password managers are increasing popular applications that store several passwords in an encrypted database (or password vault). Browser-integrated password managers or locally-installed password managers store the password vault on the user's device. Although a web-based password manager stores the password vault on the cloud server, a user can store the master password used to sign in the cloud server on her device. An attacker that steals a user's encrypted vault stored in the victim's device can make an offline attack and, if successful, all the passwords in the vault will be exposed to the attacker. This paper investigates the vulnerability of the password vault stored in the device and develops attack programs to verify the vulnerability of the password vault.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.10
• /
• pp.339-346
• /
• 2016

1 person media is becoming the leading trend among several media in the Internet era exploiting the individual desire of showing off. But, the vast accessibility of Internet produces the worry about privacy risk, which concludes in the increasement of closed SNS. In this paper, we propose a system based on PWW (Person Wide Web) where a person is producing a media and share it with other persons. PWW is an information system which consists of a smart-phone, mobile anchors, a standard web document, and his own cloud storage. An information consumer gets the link using his smart-phone from the mobile anchors attached on the objects in the field. The web browser in the smart-phone obtains the web documents designated by the link and presents it. We also explains the 1 person media system based on PWW and presents the example utilized in the field. We compared and analyzed the security factor of the system based on between WWW and PWW, and concluded that PWW is better than WWW in the aspect of security.