• Convergence Security Journal
• /
• v.3 no.3
• /
• pp.99-107
• /
• 2003

One of the most important part in next generation VoIP is security management. When we develop a protocol stack based on SIP (Session Initiation Protocol), it is necessary to develop test scenario, test environment, adaptation test technology for security test of the system. In this paper, we design and implement security test environment and test program for SIP. This system also can be used as a fundamental system when someone develop a communication system based on SIP.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.7C
• /
• pp.584-591
• /
• 2012

Distributing a Certificate Revocation List (CRL) quickly to all vehicles in the system requires a very large number of road side units (RSUs) to be deployed. In reality, initial deployment stage of vehicle networks would be characterized by limited infrastructure as a result in very limited vehicle to infrastructure communication. However, every vehicle wants the most recent CRLs to protect itself from malicious users and malfunctioning equipments, as well as to increase the overall security of the vehicle networks. To address this challenge, we design and implement a nomadic device based CRL acquisition method using nomadic device's communication capability with cellular networks. When a vehicle could not directly communicate with nearby RSUs, the nomadic device acts as a security mediator to perform vehicle's security functions continuously through cellular networks. Therefore, even if RSUs are not deployed or sparsely deployed, vehicle's security threats could be minimized by receiving the most recent CRLs in a reasonable time.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.12
• /
• pp.387-402
• /
• 2020

Conventional automotive development has mainly focused on ensuring correctness and safety and security has been relatively neglected. However, as the number of automotive hacking cases has increased due to the increased Internet connectivity of automobiles, international organizations such as the United Nations Economic Commission for Europe(UNECE) are preparing cybersecurity regulations to ensure security for automotive development. As with other IT products, automotive cybersecurity regulation also emphasize the concept of "Security by Design", which considers security from the beginning of development. In particular, since automotive development has a long lifecycle and complex supply chain, it is very difficult to change the architecture after development, and thus Security by Design is much more important than existing IT products. The problem, however, is that no specific methodology for Security by Design has been proposed on automotive development process. This paper, therefore, proposes a specific methodology for Security by Design on Automotive development. Through this methodology, automotive manufacturers can simultaneously consider aspects of functional safety, and security in automotive development process, and will also be able to respond to the upcoming certification of UNECE automotive cybersecurity regulations.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.471-484
• /
• 2004

Recently. many projects have been actively implementing IPsec on the various Operating Systems for security of IPv6 network. But there is no existing tool that checks the IPsec-based systems, which provide IPsec services, work Properly and provide their network security services well In the IPv6 network. In this paper, we design SERDL(Security Evaluation Rule Description Language) and rule execution tool for evaluating security of the IPv6 network, and we provide implementation details. The system Is divided into following parts : User Interface part, Rule Execution Module part, DBMS part and agent that gathering information needed for security test.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.69-78
• /
• 2006

ID security policy is generally formulated from the input of many members of an organization, including security officials, line managers, and ID resource specialists. However, policy is ultimately approved and issued by the organization's senior management. In environments where employees feel inundated with policies, directives, guidelines and procedures, an ID security policy should be introduced in a manner that ensures that management's unqualified support is clear. This paper will discuss Next Generation Cyber Certificate security policy in terms of the different types program-level and issue-specific, components, and Design and Implementation of Security Algorithm Simulation based on 4GL, PowerBuilder7.0.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1602-1605
• /
• 2005

An audit tracer is one of the last ways to defend an attack for network equipments. Firewall and IDS which block off an attack in advance are active way and audit tracing is passive way which analogizes a type and a situation of an attack from log after an attack. This paper explains importance of audit trace function in network equipment for security and defines events which we must leave by security audit log. We design and implement security audit system for secure router. This paper explains the reason why we separate general audit log and security audit log.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1994.11a
• /
• pp.99-107
• /
• 1994

For the secure control of the communication satellite, security mechanisms should be employed on the ground station as well as on the spacecraft. In this paper, we present a security architecture fur the spacecraft command security of the communication satellite. An authentication mechanism is also proposed using message authentication code (MAC) based on the Data Encryption Standard (DES) cryptosystem.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.6
• /
• pp.2062-2071
• /
• 2010

This research has been started with the goal of design and implementation of more innovative next generation security equipment system by understanding and reviewing the technological trend and status of security equipment system. The importance of environmental protection and management is ever increasing recently. Various types of equipment and system solutions are used according to the development of CCTV technology, but more efficient environmental protection and management are not in place because of situational restrictions such as expensive equipment and hard to install. Next generation security equipment system is designed and implemented to compensate and innovate these problem, and it is expected to utilize more effectively with lower cost through this research. In addition, methodology to inquire this system is proposed for security equipment system solution.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.1
• /
• pp.123-128
• /
• 2010

Graph expression of attack scenarios is a necessary method for analysis of vulnerability in server as well as the design for defence against attack. Although various requirement analysis model are used for this expression, they are restrictive to express combination of complex scenarios. Role Based Petri Net suggested in this paper offer an efficient expression model based role on Petri Net which has the advantage of concurrency and visuality and can create unknown scenarios.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.6
• /
• pp.63-70
• /
• 2013

In accordance with the advancement of IT, application systems with various and complex functions are being required. Such application systems are typically built based on database in order to manage data efficiently. But most object-oriented analysis design methodologies for developing web application systems have not been providing interconnections with the database. Since the requirements regarding the security issues increased, the importance of security has become emphasized. However, since the security is usually considered at the last step of development, it is difficult to apply the security during the whole process of system development, from the requirement analysis to implementation. Therefore, this paper suggests an object-oriented analysis and design methodology for secure database design from the requirement analysis to implementation. This object-oriented analysis and design methodology for secure database design offers correlations with database that most existing object-oriented analysis and design methodologies could not provide. It also uses UMLsec, the modeling language, to apply security into database design. In addition, in order to implement security, RBAC (Role Based Access Control) of relational database is used.