• The KIPS Transactions:PartD
• /
• v.9D no.5
• /
• pp.931-938
• /
• 2002

We implement the PBSM (Protocol-Based Security Module) system which guarantees the secure data transmission under web circumstances. There are two modules to implement for the PBSM architecture. One is Web Server Security Module (WSSM) which is working on a web server, the other is the Winsock Client Security Module (WSCSM) which is working on a client. The WSCSM security module decrypts the encrypted HTML document that is received from the security web server The decrypted HTML document is displayed on the screen of a client. The WSSM module contains the encryption part for HTML file and the decryption part for CGI (Common Gateway Interface). We also implement the proposed idea at the web system.

• Knowledge Management Research
• /
• v.16 no.4
• /
• pp.35-45
• /
• 2015

Fintech, which means the convergence of finance and information technology, becomes a hot topic in the financial sector. Through innovative activities on financial services, ICT(Information and Communication Technology) is integrated into the overall financial industry, and a new form of financial services could be expected to improve the existing financial system. On the other hand, fintech services are relatively vulnerable to security issues. Due to the process simplication and the channel fusion, the leakage of personal and financial informations, authentication bypass, phishing, and pharming are getting more concerned. In this study we investigated the security risk of fintech services in the viewpoints of service provider, technology adoption, and security policy. The possible countermeasures to reduce those risks are suggested because security is an important criterion for selecting financial services. This study basically offers quantification of the potential security risks and step-by-step control measures about business processes in the fintech services. The suggested security model includes user authentication, terminal security, payment information protection, API(Application Programming Interface) security, and abnormal transaction monitoring. This study might contribute to an understanding of the security risks and some possible measures for mitigating those risks on the practical perspective.

• Korean Journal of Computational Design and Engineering
• /
• v.11 no.5
• /
• pp.327-334
• /
• 2006

Recently, security incidents are growing rapidly in which internal employees let the drawing leak out to competitors or other countries. This type of security incidents has a characteristic that it occurs less frequently than other types of security incidents such as network or server security incident, but the damage is a lot more serious. The existing information security technologies to prevent internal information from being leaked out are only applicable to general documents(office documents, web pages and image files in which data are encrypted one by one). However, architectural drawings made up of collection of files with various formats(extensions) have problems with the process speed of en(de) cryption and accuracy, so the developments of security technologies by new methods are required. In this study, we design and develop a security technology based on work area with which users can protect the leakage of critical information in the kernel level while maintaining their work environment when they have to use sharing information that cannot be managed by the unit of file. As a result, we developed the "Virtual Secure Disk" which allows only authorized users and applications to have an access to drawings, and have verified its security by applying it to the actual company.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.808-810
• /
• 2013

최근 인터넷 사용이 보편화됨과 더불어 정치적, 경제적인 목적으로 웹사이트와 이메일을 악용한 악성 코드가 급속히 유포되고 있다. 유포된 악성코드의 대부분은 기존 악성코드를 변형한 변종 악성코드이다. 이에 변종 악성코드를 탐지하기 위해 유사 악성코드를 분류하는 연구가 활발하다. 그러나 기존 연구에서는 정적 분석을 통해 얻어진 정보를 가지고 분류하기 때문에 실제 발생되는 행위에 대한 분석이 어려운 단점이 있다. 본 논문에서는 악성코드가 호출하는 API(Application Program Interface) 정보를 추출하고 유사도를 분석하여 악성코드를 분류하는 기법을 제안한다. 악성코드가 호출하는 API의 유사도를 분석하기 위해서 동적 API 후킹이 가능한 악성코드 API 분석 시스템을 개발하고 퍼지해시(Fuzzy Hash)인 ssdeep을 이용하여 비교 가능한 고유패턴을 생성하였다. 실제 변종 악성코드 샘플을 대상으로 한 실험을 수행하여 제안하는 악성코드 분류 기법의 유용성을 확인하였다.

• Journal of Electrical Engineering and Technology
• /
• v.6 no.4
• /
• pp.484-492
• /
• 2011

Power system analyses, which involve the handling of massive data volumes, necessitate the use of effective visualization methods to facilitate analysis and assist the user in obtaining a clear understanding of the present state of the system. This paper introduces an interface that compensates for the limitations of the visualization modules of dynamic security assessment tools, such as PSS/e and TSAT, for power system variables including generator rotor angle and frequency. The compensation is made possible through the automatic provision of dynamic simulation data in visualized and tabular form for better data intuition, thereby considerably reducing the redundant manual operation and time required for data analysis. The interface also determines whether the generators are stable through a generator instability algorithm that scans simulation data and checks for an increase in swing or divergence. The proposed visualization methods are applied to the dynamic simulation results for contingencies in the Korean Electric Power Corporation system, and have been tested by power system researchers to verify the effectiveness of the data visualization interface.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.61-70
• /
• 2007

In Windows operating system, CSPs(Cryptographic Service Providers) are provided for offering a easy and convenient way of using an various cryptographic algorithms to applications. The applications selectively communicate with various CSPs through a set of functions known as the Crypto API(Cryptographic Application Program Interface). During this process, a secure method, accessing data using a handle, is used in order to prevent analysis of the passing parameters to function between CryptoAPI and CSPs. In this paper, our experiment which is using a novel memory traceback method proves that still there is a vulnerability of private key and secret key disclosure in spite of the secure method above-mentioned.

• Convergence Security Journal
• /
• v.15 no.1
• /
• pp.83-89
• /
• 2015

In the wide area surveillance system including many CCTVs, application for remote realtime monitoring is designed and implemented. The applications using Xcode provide secure administrator interface from headquarters. Through the efficient and intuitive interface, it delivers real-time context reports and inference results. For the user convenience, it includes push alarm of events, SNS, Media streaming service for real-time monitoring uses Wirecast and Wowza media server. Wowza stream engine provides URL accommodating development specification. Mobile devices can receive real-time stream data. Performance evaluation in the processing is provided.

• Korean Journal of Computational Design and Engineering
• /
• v.5 no.1
• /
• pp.88-94
• /
• 2000

This paper presents new type remote home automation that can control and manage hi-directionally and efficiently home appliances and home security systems in home through Internet. The system is used virtual reality technology to construct very easy user interface and used Internet as network for remote control. Here, the user interface is 3D GUI which gives user feeling to be at his home on web-browser, and also shows him present state of control objects at home. This system has been implemented on the basis of Java and VRML. In this paper we propose the internet-based remote control system, and show usefulness of the suggested system by applying to home automation system.

• Review of KIISC
• /
• v.17 no.2
• /
• pp.9-23
• /
• 2007

The air interface supports a security layer which provides the key exchange protocol, authentication protocol, and encryption protocol. The authentication is performed on the encryption protocol packet. The authentication protocol header or trailer may contain the digital signature that is used to authenticate a portion of the authentication protocol packet that is authenticated. The encryption protocol may add a trailer to hide the actual length of the plaintext of padding to be used by the encryption algorithm. The encryption protocol header may contain variables such as the initialization vector (IV) to be used by the encryption protocol. It is our aim to firstly compute the session key created from the D H key exchange algorithm, and thereof the authenticating key and the encryption key being generated from the session key.

• International Journal of Computer Science & Network Security
• /
• v.22 no.1
• /
• pp.129-138
• /
• 2022

With the increasing reliance of computing systems in our everyday life, there is always a constant need to improve the ways users can interact with such systems in a more natural, effective, and convenient way. In the initial computing revolution, the interaction between the humans and machines have been limited. The machines were not necessarily meant to be intelligent. This begged for the need to develop systems that could automatically identify and interpret our actions. Automatic gesture recognition is one of the popular methods users can control systems with their gestures. This includes various kinds of tracking including the whole body, hands, head, face, etc. We also touch upon a different line of work including Brain-Computer Interface (BCI), Electromyography (EMG) as potential additions to the gesture recognition regime. In this work, we present an overview of several applications of automated gesture recognition systems and a brief look at the popular methods employed.