• 융합보안논문지
• /
• 제2권1호
• /
• pp.17-33
• /
• 2002

네트워크 구축의 각 단계별로 제시하는 분석단계의 정보요구, 기능요구, 성능요구, 보호요구, 접속요구, 다양한 서비스요구와 설계단계의 기능성, 확장성, 서비스계속성, 변경 가능성, 네트워크단순성, 실현가능성, 표준 및 시스템과의 호환성 목표 그리고 시험단계의 시기성, 대역폭, 신뢰성, 중요도, 비용 목표 마지막으로 구현 및 운용 단계의 단순성과 간편한 구성, 데이터전송량, 비용 대비 효과, 네트워크 관리 및 통제, 관리가능성, 보안, 교육 등의 목표를 제시하였고 구축된 네트워크의 보안성부문을 평가하기 위한 지표를 제시하고 있으며 지표별로 네트워크 감리 활동에 적용할 수 있는 기준값을 제시하였다.

• International Journal of Computer Science & Network Security
• /
• 제22권3호
• /
• pp.229-235
• /
• 2022

The process of correcting, upgrading, and improving software products after they have been handed over to the consumer is known as software maintenance. Offshore software maintenance outsourcing (OSMO) clients benefit from cost savings, time savings, and improved quality software through OSMO. In most circumstances, the OSMO vendor makes a lot of money but not in all the cases. Especially, when the OSMO project offer is not properly assessed. An efficient outsourcing contract might yield successful outcomes for outsourced projects. But before sending a detailed proposal to bid on the OSMO project the vendor must have to assess the client's project (business offer) requirements. The purpose of this study is to find out common trends within the assessment of a OSMO project. A case study approach along with semi-structured interviews from eight companies concluded ten common practices and several roles. Among these practices, four (code structure, requirements, communication barriers and required infrastructure) were consistent amongst the responses .The findings, limitations and future work are discussed.

• International Journal of Computer Science & Network Security
• /
• 제21권7호
• /
• pp.191-204
• /
• 2021

The software development life cycle (SDLC) is a procedure used to develop a software system that meets both the customer's needs and real-world requirements. The first phase of the SDLC involves creating a conceptual model that represents the involved domain in reality. In requirements engineering, building such a model is considered a bridge to the design and construction phases. However, this type of model can also serve as a basic model for identifying business processes and how these processes are interconnected to achieve the final result. This paper focuses on process modeling in organizations, per se, beyond its application in the SDLC when an organization needs further documentation to meet its growth needs and address regular changes over time. The resultant process documentation is created alongside the daily operations of the business process. The model provides visualization and documentation of processes to assist in defining work patterns, avoiding redundancy, or even designing new processes. In this paper, a proposed diagrammatic representation models each process using one diagram comprising five actions and two types of relations to build three levels of depiction. These levels consist of a static description, events, and the behavior of the modeled process. The viability of a thinging machine is demonstrated by re-modeling some examples from the literature.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권12호
• /
• pp.4987-5014
• /
• 2015

The bilinear pairing, also known as Weil pairing or Tate pairing, is widely used in cryptography and its properties help to construct cryptographic schemes for different applications in which the security of the transmitted data is a major concern. In remote login authentication schemes, there are two major requirements: i) proving the identity of a user and the server for legitimacy without exposing their private keys and ii) freedom for a user to choose and change his password (private key) efficiently. Most of the existing methods based on the bilinear property have some security breaches due to the lack of features and the design issues. In this paper, we develop a new scheme using the bilinear property of an elliptic point and the biometric characteristics. Our method provides many features along with three major goals. a) Checking the correctness of the password before sending the authentication message, which prevents the wastage of communication cost; b) Efficient password change phase in which the user is asked to give a new password after checking the correctness of the current password without involving the server; c) User anonymity - enforcing the suitability of our scheme for applications in which a user does not want to disclose his identity. We use BAN logic to ensure the mutual authentication and session key agreement properties. The paper provides informal security analysis to illustrate that our scheme resists all the security attacks. Furthermore, we use the AVISPA tool for formal security verification of our scheme.

• Journal of Communications and Networks
• /
• 제13권6호
• /
• pp.583-590
• /
• 2011

Full-mesh IPSec tunnels pass through a black ("unsecure") network (B-NET) to any red ("secure") networks (RNETs). These are needed in military environments, because they enable dynamically changing R-NETs to be reached from a BNET. A dynamically reconfiguring security policy database (SPD) is very difficult to manage, since the R-NETs are mobile. This paper proposes advertisement process technologies in association with the tunnel gateway's protocol that sends 'hello' and 'prefix advertisement (ADV)' packets periodically to a multicast IP address to solve mobility and security issues. We focus on the tunnel gateway's security policy (SP) adaptation protocol that enables R-NETs to adapt to mobile environments and allows them to renew services rapidly soon after their redeployment. The prefix ADV process enables tunnel gateways to gather information associated with the dynamic changes of prefixes and the tunnel gateway's status (that is, 'down'/restart). Finally, we observe two different types of performance results. First, we explore the effects of different levels of R-NET movements on SP adaptation latency. Next, we derive the other SP adaptation latency. This can suffer from dynamic deployments of tunnel gateways, during which the protocol data traffic associated with the prefix ADV protocol data unit is expected to be severe, especially when a certain tunnel gateway restarts.

• Journal of Information Processing Systems
• /
• 제7권1호
• /
• pp.111-120
• /
• 2011

The concept of Smart-Homes is becoming more and more popular. It is anticipated that Radio Frequency IDentification (RFID) technology will play a major role in such environments. We can find many previously proposed schemes that focus solely on: authentication between the RFID tags and readers, and user privacy protection from malicious readers. There has also been much talk of a very popular RFID application: a refrigerator/bookshelf that can scan and list out the details of its items on its display screen. Realizing such an application is not as straight forward as it seems to be, especially in securely deploying such RFID-based applications in a smart home environment. Therefore this paper describes some of the RFID-based applications that are applicable to smart home environments. We then identify their related privacy and security threats and security requirements and also propose a secure approach, where RFID-tagged consumer items, RFID-reader enabled appliances (e.g., refrigerators), and RFID-based applications would securely interact among one another. At the moment our approach is just a conceptual idea, but it sheds light on very important security issues related to RFID-based applications that are beneficial for consumers.

• JSTS:Journal of Semiconductor Technology and Science
• /
• 제17권3호
• /
• pp.465-472
• /
• 2017

Security has become one of the most important requirements for various devices for multi-sensor based embedded systems. The AES (Advanced Encryption Standard) algorithm is widely used for security, however, it requires high computing power. In order to reduce the CPU power for the data encryption of images, we propose a new image encryption module using hardware memoization, which can reuse previously generated data. However, as image pixel data are slightly different each other, the reuse rate of the simple memoization system is low. Therefore, we further apply an approximate concept to the memoization system to have a higher reuse rate by sacrificing quality. With the novel technique, the throughput can be highly improved by 23.98% with 14.88% energy savings with image quality loss minimization.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2017년도 추계학술발표대회
• /
• pp.271-274
• /
• 2017

점차 늘어나는 클라우드 서비스 이용률과 더불어 보안 위협 또한 증가하고 공격 방법 또한 다양해지고 있다. 하지만 클라우드 환경에서 보안사고가 발생했을 시 대응을 위한 조치나 정책은 여전히 미흡한 실정이다. 보안사고 대응을 위한 디지털 포렌식에 대한 연구를 통해 많은 해결 방법이 제시되고 있으나 클라우드 환경에서는 가상화 기술이 적용되어 있어 기존의 방법으로 증거의 수집 및 보관에 대한 무결성 증명이 까다롭다. 본 논문에서는 클라우드 서비스 이용자가 제공자로부터 서비스를 제공받는 클라우드 환경에서 보안사고 사후 대응을 위해 클라우드 환경에서 포렌식 절차를 수행 시 제안하는 참조모델을 바탕으로 필요한 역할 및 보안 고려사항에 대해 다루고자 한다.

• Journal of Information Processing Systems
• /
• 제12권3호
• /
• pp.489-501
• /
• 2016

As interest in the Internet increases, related technologies are also quickly progressing. As smart devices become more widely used, interest is growing in words are missing here like "improving the" or "figuring out how to use the" future Internet to resolve the fundamental issues of transmission quality and security. The future Internet is being studied to improve the limits of existing Internet structures and to reflect new requirements. In particular, research on words are missing here like "finding new forms of" or "applying new forms of" or "studying various types of" or "finding ways to provide more" reliable communication to connect the Internet to various services is in demand. In this paper, we analyze the security threats caused by malicious activities in the future Internet and propose a human behavior analysis-based security service model for malware detection and intrusion prevention to provide more reliable communication. Our proposed service model provides high reliability services by responding to security threats by detecting various malware intrusions and protocol authentications based on human behavior.

• 한국정보통신학회논문지
• /
• 제22권11호
• /
• pp.1554-1561
• /
• 2018

본 논문은 실시간 통신 미들웨어인 DDS에 대해 알아보고, DDS 보안통신의 성능을 향상하기 위한 방법을 제시한다. DDS는 OMG(Object Management Group)에서 지정한 통신 미들웨어 표준이다. OMG는 최근 발생하는 보안이슈들에 대응하기 위해 DDS Security 표준을 지정하였다. DDS의 보안의 성능은 기밀성의 유지와 전송 속도를 고려해야 한다. 기밀성 측면에서 현재 DDS Security 표준의 암호화 알고리즘인 AES-GCM은 강력한 암호화 알고리즘이지만 메시지 인증관련 부분에 약점이 존재한다. 속도 측면에서 보안기능을 위한 연산 부하는 실시간성이 요구되는 시스템에서 DDS를 사용하는데 제약사항이 된다. DDS의 보안기능을 개선하기 위해서는 AES-GCM보다 빠르고 암호화 강도가 높은 알고리즘이 필요하다. 본 논문에서는 이러한 요구사항을 충족하기 위해 AES-OCB 알고리즘을 적용한 DDS 메시지 암호화 방법을 제안하고 DDS와 전송성능을 비교해 최대 12%의 성능개선을 확인하였다.