• The Transactions of the Korea Information Processing Society
• /
• v.7 no.2S
• /
• pp.608-620
• /
• 2000

A web based E-mail system consists of serves which supply mail accounts and service, and clients which take part of interfacing with users. The web browsers such as Netscape Navigator and Internet Explorer are the popular clients. Users who cannot afford to get an E-mail id in general mail servers are, therefore, able to reach a e-mailing service in the web environment by using client programs in connection with a mail server. Although the quality of service has been upgraded a lot in recent days, it doesn't provide with satisfactory services anymore. In this paper, we intend to design a mail agent system based on the web environment. Through this system we could reach a convenient user interface based on Internet Explorer and could easily access administratory environment on the basis of NT Server 4.0. Using the service engine dominent in mail agent system, it could provide with convenient user interfacing tools like responding the absence of users, mail filtering and refusing messages, etc. And it would ultimately make possible a constant system security, by preventing system failure phenomena caused by extraordinary uses beyond its capability.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.313-317
• /
• 2001

본 논문에서는 전자메일에 보안기능과 공중기능을 함께 부여하는 방법에 대해 기술하고 있다. MIME(Multipurpose Internet Mail Extensions)[8]에 대하여 메시지의 무결성과 전자서명 생성 및 검증, 메시지의 암호화 및 복호화, 부인방지 기능을 지원하기 위해S/MIME(Secure/Multipurpose Internet Mail Extensions)[1][2]을 적용하고 또한 문서에 대한 공증기능을 부여하기 위하여 서명 생성 후 오랜 기간 뒤에도 서명과 서명 생성 시 사용된 인증서의 유효성과 폐지여부를 검증 할 수 있도록 제 3 신뢰기관에 의해 발행된 Timestamp[7]를 적용하였다. 그리고 서명된 메일 형식에 receiptRequest[4] 식별자를 사용하여 수신자의 서명을 포함한 signed receipt[4]를 송신자에게 다시 보내게 하여 메일 수신여부를 검증 할 수 있도록 하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.465-468
• /
• 2003

E-mail, one of the oldest services in internet becomes very important and essential way to communicate with development of internet. Due to E-mail has a property which is not complete for security, sometimes it is used for purpose of commercial or bad things, therefore it becomes the latest problem to keep off a Spam-mail and commercial advertising E-mail, many ways to keep off were perposed for it. In this paper, I explained how to sort and keep off these Spam-mail and commercial advertising E-mail with three way, prevention by server level, prevention by construction of network level, prevention by client level. we designed a prevention system for Spam-mail and implemented it by Visual Basic.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.11a
• /
• pp.413-417
• /
• 2002

E-mail was very particular way of communication in the past, but it becomes one of daily communication methods now. Due to E-mail has a property which is not complete for security, sometimes it is used for purpose of commercial or badthings, therefore it becomes the latest problem to keep off a Spam-mail and commercial advertising E-mail, many ways to keep off were perposed for it. In this paper, I explained how to sort and keep off these Spam-mail and commercial advertising E-mail with three way, prevention by server level, prevention by construction of network level, prevention by client level. we designed a prevention system for Spam-mail and implemented it by Visual Basic.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.91-97
• /
• 2020

Recently, phishing attacks targeting those involved in defense, security and unification have been on the rise. In particular, hacking attack organization Kimsuky has been engaged in activities to collect important information from public organizations through phishing attacks since 2013. In this paper, profiling analysis of phishing mail attack organization was performed. Through this process, we estimated the purpose of the attack group and suggested countermeasures.

• Journal of the Korea Society for Simulation
• /
• v.11 no.2
• /
• pp.1-16
• /
• 2002

The need for network security is being increasing due to the development of information communication and internet technology. In this paper, firewall models, operating system models and other network component models are constructed. Each model is defined by basic or compound model, referencing DEVS formalism. These models and the simulation environment are implemented with MODSIM III, a general purpose, modular, block-structured high-level programming language which provides direct support for object-oriented programming and discrete-event simulation. In this simulation environment with representative attacks, the following three attacks are generated, SYN flooding and Smurf attack as an attack type of denial of service, Mail bomb attack as an attack type of e-mail. The simulation is performed with the models that exploited various security policies against these attacks. The results of this study show that the modeling method of packet filtering system, proxy system, unix and windows NT operating system. In addition, the results of the simulation show that the analysis of security performance according to various security policies, and the analysis of correlation between availability and confidentiality according to security empowerment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.1
• /
• pp.149-157
• /
• 2003

Recently, the Internet enhanced by development of IT makes the processing and exchanging of information, As the Internet is sending and receiving digitized documents over the Internet e-mail system. The security of document information is being threated when exchanging digitized documents over an open network such as the Internet. The degree of threat is even higher when sensitive documents are involved Therefore, in this paper, the secure e-mail system on a client is designed and implemented in order to make secure exchanging of digitized documents. By using the public key infrastructure in which encrypted mail transmission, proof of delivery and integrity of the message are garanted, unauthorized manipulation, illegal acquisition and mutual authentication problem can be prevented in order to secure the document information which is crucial and sensible when exchanging the digitized document over the Internet. Futhenmore, by using the SET protocol based on public key cryptography, the secure mail system is designed and implemented in order for the users not having any professional knowledge to deal with the system easily and friendly in GUI environment.

• Journal of KIISE:Information Networking
• /
• v.29 no.5
• /
• pp.482-494
• /
• 2002

In E-mail based accounting system, the remitter does not have need to find collector's account number. To transfer money to a collector's account, what remitter need is just a collector's E-mail address. But the current E-mail based accounting systems are built on SSL technology. Basically SSL provides some security services - confidentiality, user authentication and data integrity, but does not provide non-repudiation. So, in the current E-mail based accounting system, it is possible to deny transaction. And there is no receipt of transaction. In this paper, we design and implementation of a S/MIME applied Secure Payment Mechanism. In our system, every account information - account number, receiver name, amount of money, etc. - is included in a 'check' message. And this message is protected under the Secure Web-mail using S/MIME. In a view point of the convenience, users using our system do not have need to find collector's account number. And in a view point of the security, our system provides confidentiality, user authentication, data integrity and non-repudiation. Moreover our system provides a receipt.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.1
• /
• pp.86-94
• /
• 2003

Certified e-mail system guarantees that recipient will get mail content if and only if mall originator receives a receipt. Unlike previous schemes, Optimistic protocols recently published generate a receipt when it meets the condition that the mail content can be accessed by recliner at any time. So originator cannot assure the delivery of e-mail although he can get a receipt. In this paper, we show some flaws in optimistic protocols and propose improved schemes using delivery deadline. Modified protocols guarantee proof-of-receipt and eliminate the problem mentioned above. Furthermore, proposed modification technique can be applicable to most optimistic protocols and is efficient in the sense that modified schemes do not increase the number of messages.

• Journal of Korea Society of Industrial Information Systems
• /
• v.26 no.5
• /
• pp.69-77
• /
• 2021

This study aims to identify security-based threat information for an organization. This is because protecting the threat for IT systems plays an important role for an corporate's intangible assets. Security monitoring systems determine and consequently respond threats by analyzing them in a real time situation, focusing on events and logs generated by security protection programs. The security monitoring task derives priority by dividing threat information into reputation information and analysis information. Reputation information consisted of Hash, URL, IP, and Domain, while, analysis information consisted of E-mail, CMD-Line, CVE, and attack trend information. As a result, the priority of reputation information was relatively high, and it is meaningful to increase accuracy and responsiveness to the threat information.