• International Journal of Computer Science & Network Security
• /
• v.24 no.3
• /
• pp.23-28
• /
• 2024

The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.

• Journal of Information Processing Systems
• /
• v.2 no.2
• /
• pp.82-87
• /
• 2006

In spite of the rapid development of the public network, the variety of network-based developments currently raises numerous risks factors regarding copyright violation, the prohibition and distribution of digital media utilization, safe communication, and network security. Among these problems, multimedia data tend to increase in the distributed network environment. Hence, most image information has been transmitted in the form of digitalization. Therefore, the need for multimedia contents protection must be addressed. This paper is focused on possible solutions for multimedia contents security in the public network in order to prevent data modification by non-owners and to ensure safe communication in the distributed network environment. Accordingly, the Orthogonal Forward Wavelet Transform-based Scalable Digital Watermarking technique is proposed in this paper.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1503-1514
• /
• 2015

Non-face-to-face real name verification policy that financial authorities announced, in order to secure a face-to-face or more of accuracy, are in principle of multi check. The business model and legal entities of Internet banks is different from existing Internet banking. Relpacing real name verification from face-to-facd to non-face-to-face while maintaining the structure of identification can not only cause inconvenience to a first time member, but also can be more vulnerable to verious security risks. In this study, to evaluate a service level of a bank of the Internet, and provide an improved identification of the structure such that the registration and use of differentiated services is performed in accordance with the evaluation. In addition, the security that may occur with respect to Bank of the Internet to establish a vulnerability and attack model, the results of the analysis of the safety of the step-by-step security attributes and services of the authentication medium of each attack model, existing the safer than Internet banking, confirmed the usefulness in user registration guide.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.93-98
• /
• 2018

Korea Hydro & Nuclear Power Co., Ltd., Korea Electric Power Corporation, and Korea South-East Power Corporation are major infrastructure facilities of power supplying countries. If a malicious hacking attack occurs, the damage is beyond the imagination. In fact, Korea Hydro & Nuclear Power has been subjected to a hacking attack, causing internal information to leak and causing social big problems. In this paper, we propose a strategy and countermeasures for stabilization of various power generation control systems by analyzing the environment and the current status of power generation control system for convergence security research, which is becoming a hot issue. We propose a method to normalize and integrate data types from various physical security systems (facilities), IT security systems, access control systems, to control the whole system through convergence authentication, and to detect risks through fusion control.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.12
• /
• pp.123-132
• /
• 2014

In this paper, we study the verification techniques for OS integrity that can be more fatal than applications in case of security issues. The dissemination of smartphones is rapidly progressing and there are many similarities of smartphones and PCs in terms of security risks. Recently, in mobile network environment, there is a trend of increasing damages and now, there are active researches on a system that can comprehensively respond to this. As a way to prevent these risks, integrity checking method on operation system is being researched. As most integrity checking algorithms are classified by verification from the levels before booting the OS and at the time of passing on the control to the OS, in which, there are minor differences in the definitions of integrity checking or its methods. In this paper, we suggests the integrity verification technique of OS using a boot loader and a physically independent storing device in the mobile device.

• Journal of Platform Technology
• /
• v.11 no.6
• /
• pp.56-67
• /
• 2023

The increased demand for electronic components, spurred by the Fourth Industrial Revolution and the COVID-19 pandemic, has facilitated human life but also escalated the production of e-waste. Discussions on the impact of e-waste have primarily revolved around environmental, health, and social issues, with global legislations focusing on addressing these concerns. However, e-waste poses unique security risks, such as potential technological and personal information leaks, unlike conventional waste. Current discourse on e-waste security is notably insufficient. This study aims to empirically analyze the relatively overlooked trends in e-waste security, employing three methodologies. Firstly, it assesses the general trend in discussions on e-waste by analyzing year-wise documents and media reports. Secondly, it identifies key trends in e-waste security by examining documents on the subject. Thirdly, the study reviews national security guidelines related to e-waste disposal to assess the necessity of designing security strategies for e-waste management. This research is significant as it is one of the first in korea to address e-waste from a security perspective and offers a multi-dimensional analysis of e-waste security trends. The findings are expected to enhance domestic awareness of e-waste and its security issues, providing an opportunity for proactive response to these security risks.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.31-37
• /
• 2010

The risks and threats in IT security systems to protect, prevent damage and Risk should be minimized. Context of information security products such as information processing, storage, delivery, and in the process of information system security standards, That is the basic confidentiality, availability, integrity and secondary clarity, potential evidence, detection, warning and defense capabilities, to ensure sufficient and should be. Web services are the most important elements in the security, the web nature of port 80 for the service to keep the door open as a structure, Web applications, web sources and servers, networks, and to hold all the elements are fundamental weaknesses. Accordingly, these elements through a set of Web application development errors and set-up errors and vulnerabilities in Web applications using their own home pages and web servers to prevent hacking and to improve the efficiency of Web services is proposed methodology performs security BMT.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.447-463
• /
• 2022

Artificial Intelligence (AI) technology is a major technology that develops smart ships into autonomous ships in the marine industry. Autonomous ships recognize a situation with the information collected without human judgment which allow them to operate on their own. Existing ship systems, like control systems on land, are not designed for security against cyberattacks. As a result, there are infringements on numerous data collected inside and outside the ship and potential cyber threats to AI technology to be applied to the ship. For the safety of autonomous ships, it is necessary to focus not only on the cybersecurity of the ship system, but also on the cybersecurity of AI technology. In this paper, we analyzed potential cyber threats that could arise in AI technologies to be applied to existing ship systems and autonomous ships, and derived categories that require security risks and the security of autonomous ships. Based on the derived results, it presents future directions for cybersecurity research on autonomous ships and contributes to improving cybersecurity.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.193-203
• /
• 2022

After the everyday use of systems and applications of artificial intelligence in our world. Consequently, machine learning technologies have become characterized by exceptional capabilities and unique and distinguished performance in many areas. However, these applications and systems are vulnerable to adversaries who can be a reason to confer the wrong classification by introducing distorted samples. Precisely, it has been perceived that adversarial examples designed throughout the training and test phases can include industrious Ruin the performance of the machine learning. This paper provides a comprehensive review of the recent research on adversarial machine learning. It's also worth noting that the paper only examines recent techniques that were released between 2018 and 2021. The diverse systems models have been investigated and discussed regarding the type of attacks, and some possible security suggestions for these attacks to highlight the risks of adversarial machine learning.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.815-824
• /
• 2003

Many organizations operate security systems and manage them using the intergrated secutity management (ISM) dechnology to secyre their network environment effectively. But current ISM is passive and behaves post-event manner. To reduce cost and resource for managing security and to remove possbility of succeeding in attacks by intruder, the perventive security management technology is required. In this paper, we propose PRISM model that performs preventative security management with evaluating the security level of host or network and the sensitivity level of information asset from potential risks before security incidents occur. The PRISM can give concrete and effective security management in managing the current complex networks.