• Journal of IKEEE
• /
• v.22 no.2
• /
• pp.242-249
• /
• 2018

In this paper, we identify the code vulnerabilities that can be automatically detected through Visual Studio (VS) compiler and code analyzer based on a secure coding rule set which is optimized for development of battlefield information system. Then we describe a weak point item that can be dealt with at the implementation stage without depending on the understanding or ability of the individual programmer's secure coding through the implementation of the secure coding library. Using VS compiler and the code analyzer, the developers can detect only about 38% of security weaknesses. But with the help of the proposed secure coding library, about 48% of security weaknesses can be detected and prevented in the proactive diagnosis in the development stage.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.83-89
• /
• 2019

In accordance with information security compliance and security regulations, there is a need to develop regular and real-time concepts for cyber-infringement attacks against network system vulnerabilities in branch and periodic forms. Vulnerability Analysis Analysis It is judged that it will be a countermeasure against new hacking attack in case of concept validation by interworking with TOOL. Vulnerability check module is standardized in event attribute management and ease of operation. Opening in terms of global sharing of vulnerability data, owasp zap / Angry ip Etc. were investigated in the SIEM system with interlocking design implementation method. As a result, it was proved that the inspection events were monitored and transmitted to the SIEM console by the vulnerability module of web and network target. In consideration of this, ESM And SIEM system In this paper, we propose a new vulnerability analysis method based on the existing information security consultation and the results of applying this study. Refer to the integrated interrelationship analysis and reference Vulnerability target Goal Hacking It is judged to be a new active concept against invasion attack.

• Journal of Convergence for Information Technology
• /
• v.10 no.12
• /
• pp.22-30
• /
• 2020

With the development of information and communication technology, DDoS and DRDoS continue to become security issues, and gradually develop into advanced techniques. Recently, IT companies have been threatened with DRDoS technology, which uses protocols from normal servers to exploit as reflective servers. Reflective traffic is traffic from normal servers, making it difficult to distinguish from security equipment and amplified to a maximum of Tbps in real-life cases. In this paper, after comparing and analyzing the DNS amplification and Memcached amplification used in DRDoS attacks, a countermeasure that can reduce the effectiveness of the attack is proposed. Protocols used as reflective traffic include TCP and UDP, and NTP, DNS, and Memcached. Comparing and analyzing DNS protocols and Memcached protocols with higher response sizes of reflective traffic among the protocols used as reflective traffic, Memcached protocols amplify ±21% more than DNS protocols. The countermeasure can reduce the effectiveness of an attack by using the Memcached Protocol's memory initialization command. In future studies, various security-prone servers can be shared over security networks to predict the fundamental blocking effect.

• Information and Communications Magazine
• /
• v.27 no.1
• /
• pp.21-27
• /
• 2009

IT KOREA 미래전략 '5대 핵심과제'의 전략분야별 주요 이슈와 현재 R&D현장에서 추진 중이거나 추진 예정으로 있는 연구개발 방향과 유망기술에 대해 간략히 살펴보고자 한다. IT융합 부문은 IT와 상호 Win-Win 가능한 자동차 조선 의료 등 비(非)IT산업의 IT융합을 촉진하고, 시스템반도체 스마트SOC Green IT 등을 고도화한다는 전략을 토대로 4개 전략분야에서 23개의 유망기술을 발굴 제시하였다. SW 부문은 IT 분야 중 가장 취약한 것으로 평가되고 있는 SW산업을 하드웨어 인프라 등과 연계하여 세계시장 진출이 가능한 수준으로 동반성장 시킨다는 전략을 기반으로 R&D 연관성이 높은 2개 전략분야에서 11개의 유망기술을 발굴 제시하였다. 주력 IT기기 부문은 반도체 디스플레이 휴대폰 등 이미 세계 시장에서 독자적 위치를 차지하고 있는 하드웨어산업의 글로벌 주도권을 더욱 확고히 한다는 전략에 따라 5개 전략분야에서 유망기술 10개를 발굴 제시하였다. 방송통신 부문은 WiBro DMB 등 세계적 수준의 방송통신기술을 바탕으로 4G 3DTV 등 차세대 방송통신기술의 핵심원천기술을 개발하고, 국제표준을 확보한다는 전략을 기반으로 4개 전략분야에서 유망기술 8개를 발굴 제시하였다. 인터넷 부문은 UBcN 미래인터넷 정보보안 등을 대상으로 하고 있으며, 특히 미래인터넷의 경우, 초기 개발단계부터 핵심원천기술 확보를 목표로 시스코 구글 등과 같은 세계적인 기업들을 배출할 수 있는 여건을 조성한다는 전략에 따라 4개 전략분야에서 유망기술 8개를 발굴 제시하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.96-98
• /
• 2014

Wireless Sensor Network(WSN) is a wireless real-time information(Acquired from the sensor nodes that have the computing power and wireless communication capabilities.) collected, and to take advantage of processing techniques. Currently it is very diverse, such as environmental monitoring, health care, security, smart home, smart grid applications is that. Thus it is required in the wireless sensor network, the algorithm for the efficient use of the limited energy capacity. Suggested by the algorithm for selecting a cluster head node for a hybrid type and clustered, by comparing the amount of energy remaining and a connection between the nodes In this paper, we aim to increase efficiency and accuracy of the wireless sensor network.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.19 no.3
• /
• pp.551-562
• /
• 2024

This study relates to a method and device for extracting and tracking moving objects. In particular, objects are extracted using different images between adjacent images, and the location information of the extracted object is continuously transmitted to provide accurate location information of at least one moving object. It relates to a method and device for extracting and tracking moving objects based on tracking moving objects. People tracking, which started as an expression of the interaction between people and computers, is used in many application fields such as robot learning, object counting, and surveillance systems. In particular, in the field of security systems, cameras are used to recognize and track people to automatically detect illegal activities. The importance of developing a surveillance system, that can detect, is increasing day by day.

• Journal of Internet of Things and Convergence
• /
• v.2 no.3
• /
• pp.43-51
• /
• 2016

In this paper, we have developed Crypft+ as an enhanced file encryption/decryption system to improve the security of IoT system or individual document file management process. The Crypft+ system was developed as a core security module using Python, and designed and implemented a user interface using PyQt. We also implemented encryption and decryption function of important files stored in the computer system using AES based symmetric key encryption algorithm and SHA-512 based hash algorithm. In addition, Cx-Freezes module is used to convert the program as an exe-based executable code. Additionally, the manual for understanding the Cryptft+ SW is included in the internal program so that it can be downloaded directly.

• Annual Conference of KIPS
• /
• 2017.11a
• /
• pp.582-585
• /
• 2017

본 논문에서는 구글 드라이브, 드롭박스 등 여러 회사에서 제공하고 있는 클라우드들을 하나의 플랫폼으로 통합하여 체계적이고 효율적으로 관리할 수 있는 시스템을 제안한다. 또한 해당 시스템을 통한 파일 업로드 및 다운로드를 진행할 경우, 파일을 여러 개의 패킷으로 분할하여 등록 된 클라우드에 각각 저장함으로써, 사용자의 데이터를 안전하게 보호할 수 있는 환경을 구축하고자 한다. 이를 위해 활용된 오픈 API와 독자적으로 구축한 파일 시스템에 대해 설명하고, 실제 구현한 소프트웨어가 정상적으로 작동하는지 실험을 통해 검증하고자 한다. 최근 클라우드 보안 문제가 대두되는 시점에서 제안한 시스템이 향후 데이터를 보호하기 위한 기술로 활용될 수 있기를 기대한다.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.26 no.3
• /
• pp.281-301
• /
• 2023

The shipboard combat system is a key system for naval combat that supports a command and control process cycle consisting of Detect - Control - Engage in real time to ensure ship viability and conduct combat missions. Modern combat systems were developed on the basis of Open Architecture(OA) to maximize acceptance of latest technology and interoperability between systems, and actively introduced the COTS(Commercial-of-the-shelf). However, as a result of that, vulnerabilities inherent in COTS SW and HW also occurred in the combat system. The importance of combat system cybersecurity is being emphasized but cybersecurity research reflecting the characteristics of the combat system is still lacking in Korea. Therefore, in this paper, we systematically identify combat system threats by applying Data Flow Diagram, Microsoft STRIDE threat modelling methodology. The threats were analyzed using the Attack Tree & Misuse case. Finally we derived the applicable security requirements which can be used at stages of planning and designing combat system and verified security requirements through NIST 800-53 security control items.

• Journal of Platform Technology
• /
• v.12 no.2
• /
• pp.45-57
• /
• 2024

Smart cities are the product of modern urban planning that seeks to innovate information and communication technology and improve the quality of urban life. For the efficient operation of smart cities, data collected, stored, and processed in real time is a key resource. Therefore, data from smart cities collected in various fields must be managed safely, and personal information protection is paramount. In this study, a smart city data security model using blockchain technology was proposed to safely manage smart city data. The proposed model integrates IPFS into the blockchain network to distribute and store data to ensure data confidentiality and integrity, and encrypts data using CP-ABE to efficiently control access to data from users. In addition, privacy was guaranteed while enhancing the usability of data by using Homomorphic Encryption with data access control policies.