• Journal of Korea Multimedia Society
• /
• v.23 no.8
• /
• pp.1030-1039
• /
• 2020

The biggest feature of the online environment is anonymity. So it is difficult to identify the sender accurately in Email. So we use PGP to enhance the security of email. PGP is an e-mail encryption program that has become the standard for email security worldwide. But PGP has a weak point in security. PGP can identify users, but it is difficult to verify reliability. In PGP, the more reliable other users guarantee that user are, the more reliable they are. In the previous study, the PGP structure was implemented by utilizing the block chain to lay the foundation, and in this paper, the structure of the previous article is applied to the e-mail environment to measure up the sender's reliability, and a system is proposed that allows users to distinguish the reliability of the message.

• Korean Security Journal
• /
• no.7
• /
• pp.29-59
• /
• 2004

This is a study on hostage crisis and effective resolution of the crisis. First, we surveyed the theoretical guidance for our study: definition, patterns, of hostage crisis; psychology of hostage-takers. And we explores a great variety of hostage crisis cases to develop principles and methods for negotiation and subjugation. We suggest, throughout this study, some action program to be developed, as follow: First, we need to broaden and deepen the understanding on the issue of hostage-crisis by expanding educational opportunity on the issue, while raising hostage negotiators. Second, information sharing system among hostage management related offices, and complete training for SWAT team are required. Third, when a hostage-crisis is raised, police enforcement must corporate with mass-media in a way of close manner. Fourth, in a critical hostage crisis, the commander should appear on site for effective command. Lastly, the top-priority for the commander who is in charge of the crisis should be put on the security of hostage and hostage-taker, as well.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2237-2253
• /
• 2017

For the existing security problem based on Fuzzy Vault algorithm, we propose a cancelable fingerprint template encryption scheme in this paper. The main idea is to firstly construct an irreversible transformation function, and then apply the function to transform the original template and template information is stored after conversion. Experimental results show it effectively prevents the attack from fingerprint template data and improves security of the system by using minutiae descriptor to encrypt abscissa of the vault. The experiment uses public FVC2004 fingerprint database to test, result shows that although the recognition rate of the proposed algorithm is slightly lower than the original program, but the improved algorithm security and complexity are better, and therefore the proposed algorithm is feasible in general.

• Proceedings of the KIEE Conference
• /
• 2001.05a
• /
• pp.245-247
• /
• 2001

This paper presents a series of simulation results of transient stability on SCOPF operated power system whose transmission capabilities are limited by voltage stability. Three steps of voltage security guidelines, 5[%], 7[%], 10[%] are introduced to increase power transfer from generation centers to load center and observed the effects of voltage guidelines to transient stability for three kinds of load level(peak, medium, off-peak). As a result, dynamic characteristics weren't affected by the voltage security limits in model system, but became worse for the off-peak level than peak case, and sustain oscillations are observed for the all load level. This gives us some intitutions for the development and applications of security limits to use SCOPF program in open electric market.

• Proceedings of the IEEK Conference
• /
• 1999.06a
• /
• pp.993-996
• /
• 1999

A mobile agent is a program which is capable of migrating autonomously from host to host in the heterogeneous network, to perform some computation on behalf of the user. Mobile agents have many advantages in the distributed computing environment. But they are likely to suffer many attacks on the security due to the mobility. In order to make use of a mobile agent in the real applications, the security issues must be addressed. We deal with the problem which is concerned with protecting a mobile agent in transit and detecting a mobile agent clone. In this paper we propose a trust center based secure mobile agent transfer protocol. This protocol transfers a mobile agent securely from host to host and detects a mobile agent clone. We further show the security of the protocol against many attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.756-758
• /
• 2015

사물인터넷 환경에서 접근제어는 다양한 단말간 통신이 발생하고, 더 많은 객체간의 통신이 이루어지기 때문에 전통적인 접근제어와 차별화된 방법이 필요하다. 본 논문에서는 사물인터넷 환경에서 접근제어를 위하여 사용자 및 서비스 요청자의 인증정보 및 접근 권한 정보를 하나의 토큰으로 제공하며, 한번의 인증으로 세션을 유지하여 리소스 서비스에 접근할 수 있는 토큰 구조 및 관리 기술에 대해 연구하였다.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.12
• /
• pp.89-94
• /
• 2018

In this paper, we implemented a static analysis tool for weakness. We implemented on JavaCC using syntax information and control flow information among various information. We also tested the performance of the tool using Juliet-test suite on Eclipse. We were classified using information necessary for diagnosis and diagnostic methods were studied and implemented. By mapping the information obtained at each compiler phase the security weakness, we expected to link the diagnostic method with the program analysis information to the security weakness. In the future, we will extend to implement diagnostic tools using other analysis information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.27-40
• /
• 2004

Nowadays most web rages provide various services by downloading the applications program such as ActiveX Control or Java Applet. To provide code integrity and publisher authentication of downloaded software in internet, we need code signing technology. In this paper, Authenticode technology of Microsoft is lust analyzed. Based on the analysis, we propose code signing certificate profile and applying method for National Public Key Infrastructure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.141-153
• /
• 2009

Recently, public and national institutions establish secure system with installed and operational by IT products for security. They required the Common Criteria for assurance of IT products. However, many company hard to decide when IT products release and develop investment because of cost and spend-time problem. Therefore, in this paper, we analyze domestic and international IT products evaluation services, and proposes simplification IT products evaluation service compared with previous services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1159-1168
• /
• 2012

Control Flow Integrity(CFI) and Control Flow Locking(CFL) prevent unintended execution of software and provide integrity in control flow. Attackers, however, can still hijack program controls since CFI and CFL does not support fine-granularity, context-sensitive protection. In this paper, we propose a new CFI scheme, Source-code CFI(SCFI), to overcome the problems. SCFI provides context-sensitive locking for control flow. Thus, the proposed approach protects software against the attacks on the previous CFI and CFL schemes and improves safety.