• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.538-542
• /
• 2006

본 논문에서는 Awasthi-Lal 이 제안한 프로토콜[1]에 대하여 살펴보고 그들이 제안한 새로운 원격사용자인증 프로토콜의 취약점에 대하여 분석한 다음, 이 취약점을 보완하기위해 신용카드 복제로 부터 안전한 스마트카드를 이용한 원격사용자 및 리더기 상호인증 프로토콜을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.147-155
• /
• 2010

It has been widely addressed that static analysis techniques can play important role in identifying potential security vulnerability reside in source code. This paper proposes the design and application of security metrics that use both vulnerability information extracted from the static analysis, and significant factors of information that software handles. The security metrics are useful for both developers and evaluators in that the metrics help them identity source code vulnerability in early stage of development. By effectively utilizing the security metrics, evaluators can check the level of source code security, and confirm the final code depending on the characteristics of the source code and the security level of information required.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.69-78
• /
• 2008

We propose to analyze a weakness of quantum key distribution and quantum authentication which use entangled state were proposed by Bao-sen Shi(2001) and to improve the security of the protocol. The existing protocol had a weakness against an impersonation attack of an eavesdropper, because of a only process which authenticated a third party(Center) by users. In this paper, we propose improving the security of the protocol that authenticates users by a third party using check mode which applies CHSH inequality.

• Journal of Information Technology Applications and Management
• /
• v.26 no.4
• /
• pp.19-30
• /
• 2019

Many organizations need to comply with ISMS-P for information systems and personal information management for ISMS-P certification. Organizations should safeguard vulnerablities to information systems. However, as the kinds of information systems are diversified and the number of information systems increases, management of such vulnerabilities manually accompanies with many difficulties. SCAP is a protocol to manage the vulnerabilities of information system automatically with security standards. In this paper, for the introduction of SCAP in domestic domains we verify the applicability of server-oriented system which is one of ISMS-P certification targets. For SCAP applicability, For obtaining this goal, we analyze the structures and functions of SCAP. Then we propose schemes to check vulnerabilities of the server-oriented system. Finally, we implement the proposed schemes with SCAP to show the applicability of SCAP for verifying vulnerabilities of the server-oriented system.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.1
• /
• pp.11-18
• /
• 2011

This study developed a digital security device which power is on/off by the RFID card. This device is based on the wireless data transmit/receive circuits, built in RS-232C chip and applied to computer and other digital devices. We can check whether this device is operated or not by connecting the LED. In this system, 13.56MHz frequency circuit supplies power with ID card, and DC inputs check the proximity operating distance of the card field for verifying the existence of a card. The security level of this system is much stronger than that of a compared system[13]. Anyone cannot use the system without RFID card. All illegal access is prevented except for authorized path.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.85-94
• /
• 2014

Information Security Check System was Introduced in 2004, higher than in 2013, the effectiveness of Information Security Management System(ISMS) certification scheme was to unification. This is incident to the Internet affecting people's lives telecommunications service provider to target accountability because, considering the subject's duty selection criteria need to be clarified. however, Obligations under the current legislation, subject selection criteria applying the law itself is ambiguous, the result being a significant problem. Moreover, the regulatory system of certification systems subjects, although selection criteria should be clear and objectively not the obligation not to distrust the system itself and the subject was raised many issues for you. In this study, with SMART Technic in order to improve this certification you can easily determine whether a medical person authorized to develop a model for selection of medical subjects, The developed model is verified through empirical ways to improve the system by presenting the system to help, to secure the effectiveness.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1154-1157
• /
• 2007

최근 몇 년 동안 피싱, 파밍, 크라임웨어에 의한 피해 사례 발생이 증가되고 있다. 현재까지의 피싱 관련 솔루션이 대부분 블랙리스트 방식이고 아직까지 피싱 사이트 판단 기준이 없으며 사람들이 이에 대한 인식의 부족으로 인해 이러한 위협을 대처하는데 많은 한계를 가지고 있다. 이에 본 연구에서는 화이트 리스트 기반 웹사이트 보안수준 확인 시스템을 설계하고 이의 파일럿 시스템을 개발하였다. 각 사이트에 대해 피싱 관련 보안수준을 확인하여 신뢰할 수 있는 사이트들을 선별하고 보안수준 정보를 제공함으로써 안전한 인터넷 이용 기반을 제공할 수 있는 방안이 마련될 것으로 기대한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.2
• /
• pp.515-528
• /
• 2012

The aim of this article is to provide a study on the issue of inventory inaccuracy and to show the manner in which RFID technology can improve the inventory management performance. The objective of inventory control is to monitor the stock flow of merchandises in order to understand the operating profit and loss. A proper mechanism of inventory control could be made to help the profitability. As RFID is applied to inventory control, it can improve efficiency, enhance accuracy and achieve security. In this paper, we introduce the evolution of different mechanisms of inventory control with RFID system-counting method, collect-all method, and continuous monitoring method. As for improving the accuracy of inventory check during business hours, continuous monitoring is the solution. We introduce the infrastructure of the RFID inventory management system based on M2M architecture can make the inventory be efficiently monitored with instant warnings.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.9
• /
• pp.85-91
• /
• 2014

Encryption is a method to convert information to no-sense code in order to prevent data from being lost or altered by use of illegal means. Audit logging creates audit log of users' activities, exceptions, and information security events, and then conserves it for a certain period for investigation and access-control auditing. Our paper suggests that confidentiality and integrity of information should be guaranteed when transmitting and storing important information in encryption. Encryption should consider both one-way encryption and two-way one and that encryption key should assure security. Also, all history related to electronic financial transactions should be logged and kept. And, it should be considered to check the details of application access log and major information. In this paper, we take a real example of encryption and log audit for safe data transmission and periodic check.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.3
• /
• pp.119-127
• /
• 2013

The merits of Smartphone are portability, convenience and especially a lot of information can be stored in the device. Especially in Smartphone, users can install programs that cannot install to normal cell phone and users can use many different services through these Smartphone programs. Also Smartphone can connect to Internet through network, so it can access information anytime, anywhere easily. Security of personal information and variety of information which stored in Smartphone are in risk. In Chapter 2 of thesis, it will discuss the definition and features of the Smartphone and market trends. In Chapter 3 of thesis, it will discuss security vulnerabilities of Smartphone and it will analyze and research security vulnerabilities of Smartphone in Chapter 4. In conclusion, it will check users' identification twice in useful application especially application that relate to finance and mobile payment. By checking users' identification several times, it will help to defend from security threats. Users can use Smartphone safely and convenience by know how to prevent from mobile hacking for personal and private information. the quality of APIs matching by the clustering and hierarchical relationships mechanism.