• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.260-263
• /
• 2018

현재까지 공항에서의 체크인 시스템은 기본적으로 서버-클라이언트(Server-Client)방식으로 구동되어져왔다. 서버-클라이언트 방식에서 서버는 단일실패지점이기 때문에 천재지변이나 공격자에 의해 서버마비와 같은 문제가 생기면 체크인 시스템 전체가 마비될 수 있다. 뿐만 아니라 실제 해커에 의해 항공사 중앙 서버가 공격을 받게 되면, 서버가 관리하는 항공사 데이터들의 무결성이 훼손될 수도 있다. 따라서 단일 실패지점에 대한 위협을 제거함과 동시에 저장된 데이터들의 무결성을 유지하는 방법을 논의할 필요가 있다. 그 중 하나로 블록체인 기술을 이용한 탈중앙화 시스템(Decentralized System) 모델을 적용하는 방법이 있다. 본 논문에서는 스마트 계약을 이용한 블록체인 기반 공항 체크인 시스템에 대한 모델을 제안한다.

• The Journal of Society for e-Business Studies
• /
• v.18 no.1
• /
• pp.1-12
• /
• 2013

With the increases of requirement for user identification in Internet services, we should let the service companies know my personal information. If the shared personal information with them are used in not-allowed area or delivered to un-authorized persons, we may have practical harms in several fields such as financial related operations. Korean Government has introduced new management method for personal information, but it is not hard to find the personal information management issues from Korean news papers. The proper measurement should be delivered to related companies to help them to decide investment for security. This paper review the indirect measurement method of demages by check the stock prices of related company for personal information management issue. We check the relationship between change of stock price and the information management issue. The result shows there are no changes in stock market. Korean government added strong regulations for personal information management though. To prevent further personal information issues, we should recognize the indirect damages properly and let the company pay higher reparations for any personal information abuse.

• Journal of Convergence for Information Technology
• /
• v.7 no.3
• /
• pp.83-90
• /
• 2017

The purpose of this study is to solve the limitations that the information security manager of company should recognize the personal information of all employees. In this study, we propose efficient personal information retention status management system to minimize information retention status of personal information and department by information security manager and departmental information security officer. To do this, we study the method of transferring the check result from the PVA system to the efficient personal information retention management system, also study ways to minimize the amount of personal information we hold. It is possible to minimize the possession of personal information by changing the one channel method managed by the information security administrator of the existing PVA system to the two channel method so that the information security manager and the information security officer can manage it.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.2029-2032
• /
• 2003

IT 시스템 평가과정은 시스템의 보안기능과 이에 적용된 보증수단이 요구사항들을 만족하는지에 대한 신뢰도를 확인하는 것이며, 평가결과는 소비자가 IT 제품이나 시스템이 주어진 환경에 적응하기에 충분히 안전한지, 사용상 내재하는 보안위험이 허용가능한지를 결정하는데 도움이 될 수 있다. 공통평가기준(정보통신부 고시 제2002-40호)에 기반한 평가를 통하여 평가보증등급(EAL) 3 이상의 등급을 인증받기 위해서는 ALC_DVS 패밀리의 요구사항을 고려하여야 하며, 국가기관에서 요구하고 있는 EAL 3+ 등급을 획득하기 위해서는 ALC_DVS.1 컴포넌트의 요구사항을 만족하여야 한다. ALC_DVS.1 컴포넌트의 요구사항 만족 여부를 확인하기 위해서는 개발현장에 대한 실사가 필요할 수 있으나, 공통평가 기준에는 이에 관하여 세부적인 요구사항이 명시되어 있지 않다. 본 논문에서는 평가자 및 개발자가 ALC_DVS.1 컴포넌트에서 요구하는 인적, 물리적, 절차적 보안 요소를 확인하는 데 도움을 줄 수 있는 점검항목들을 도출하였다.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.10
• /
• pp.512-519
• /
• 2005

E-BLP security model considers the reliability of the processes that are real subjects in systems. This paper deals with the implementation of the E-BLP model for secure embedded systems. Implemented EBSM(E-BLP Based Security Module) consists of three components: identification and authentication, access control and BRC(Dynamic Reliability Check) that checks the process behavior dynamically. Access Control of EBSM ensures unreliable processes not to access the sensitive objects and the DRC detects the buffer overflow attack by normal user. Besides, the performance overhead of the embedded system applying the EBSM is introduced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.5-14
• /
• 2017

Many web services which use OAuth Protocol offer users to log in using their personal profile information given by resource servers. This method reduces the inconvenience of the users to register for new membership. However, at the time a user finishes using OAuth client web service, even if he logs out of the client web service, the resource server remained in the login state may cause the problem of leaking personal information. In this paper, we propose a solution to mitigate the threat by providing an additional security behavior check: when a user requests to log out of the Web Client service, he or she can make decision whether or not to log out of the resource server via confirmation notification regarding the state of the resource server. By utilizing the proposed method, users who log in through the OAuth Protocol in the public PC environment like department stores, libraries, printing companies, etc. can prevent the leakage of personal information issues that may arise from forgetting to check the other OAuth related services. To verify our study, we implement a Client Web Service that uses OAuth 2.0 protocol and integrate it with our security behavior check. The result shows that with this additional function, users will have a better security when dealing with resource authorization in OAuth 2.0 implementation.

• Journal of KIISE:Information Networking
• /
• v.31 no.2
• /
• pp.207-216
• /
• 2004

IPsec protocol has been developed to provide security services to Internet. Recently IPsec is implemented on the various operating systems Hence, it is very important to evaluate the stability of the Ipsec protocol as well as other protocols that provide security services. However, there has been little effort to develop the tools that require to evaluate the stability of IPsec protocols. Therefore, in this paper, we develope the security requirements and suggest a security evaluation system for the Internet packet protection protocols that provide security services at the If level that can be used to check if the security protocols Provide the claimed services correctly This system can be used as debugging tool for developing IPsec based security system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.295-301
• /
• 2018

Smartphone can save many data because it provide various function such as call, message, calendar, document, camera, and so on. They include a number of important things like personal information. Thus it is necessary to backup the data to deal with smartphone change and a threat like ransomware. In this paper, we analyze the backup method using PC among several backup methods and check the possibility of leakage of personal information such as contacts from backup file. It is expected to be used to check the problems of the PC backup method or to strengthen the more secure backup technology.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.4
• /
• pp.117-125
• /
• 2018

Recently, VoIP technology is widely used in our daily life. Even VoIP has become a technology that can be easily accessed from services such as home phone as well as KakaoTalk.[1] Most of these Internet telephones use the RTP protocol. However, there is a vulnerability that the audio data of users can be intercepted through packet sniffing in the RTP protocol. So we want to create a tool to check the security level of a VoIP network using the RTP protocol. To do so, we capture data packet from and to these VoIP networks. For this purpose, we first configure a virtual VoIP network using Raspberry Pi and show the security vulnerability by applying our developed sniffing tool to the VoIP network. We will then analyze the captured packets and extract meaningful information from the analyzed data using the Google Speech API. Finally, we will address the causes of these vulnerabilities and possible solutions to address them.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.238-241
• /
• 2022

North Korea launched an ICBM and declared Moratorium for the September 19 military talks. The Armed Forces must protect military security for national defense and security. The Ministry of National Defense, which received a hacking attack from North Korea, must protect its military security even more. Recently, the leakage of military data through smartphones is occurring through smartphones. Officers and non-commissioned officers can use smartphones while working. Therefore, smartphone forensics is required to check information leakage of military data from smartphones. In this study, forensic leaks of military data from the Galaxy S20 model of S company. Research integrity verification for securing smartphone forensic evidence, securing metadata, and adopting evidence. This study will contribute to the development of military security and forensic technology.