• Review of KIISC
• /
• v.3 no.3
• /
• pp.31-39
• /
• 1993

IOS/IEC JTC1/SC27의 국제표준소개의 첫번째 편으로 DIS 9797을 소개한다. 이것은 1989년에 1차로 국제표준이 되었다가 결함이 발견되어 다시 작업이 시작되어 1992년 10월 SC27정기총회에서 CD(Committee Draft)에서 수정후 DIS(Draft Internationa Standard) 수준으로 올리기로 하여 1993년 3월 DIS로서 표결에 부쳐진 문서이다. 이해를 돕기 위하여 국문뒤에 원문을 덧붙였다. 번역이 적절하지 않거나 더 좋은 표현이 있으면 역자에게 알려주면 참고하여 추후의 수정본에 반영하겠다.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.157-164
• /
• 2022

The proposed privacy preserving scheme has identified the drawbacks of existing schemes in Vehicular Networks. This prototype enhances the number of nodes by decreasing the cluster size. This algorithm is integrated with the whale optimization algorithm and Block Chain Technology. A set of results are done through the NS-2 simulator in the direction to check the effectiveness of proposed algorithm. The proposed method shows better results than with the existing techniques in terms of Delay, Drop, Delivery ratio, Overhead, throughout under the denial of attack.

• Journal of Korea Society of Industrial Information Systems
• /
• v.10 no.2
• /
• pp.67-75
• /
• 2005

In this paper, we design and implement real time IP security packet analyzer on IPv4 and IPv6 network. This packet analyzer sniffs and analyzes the packets generated by the protocols that are used by IPsec, IKE, IPv4 and IPv6 such as AH, ESP, ISAKMP, IP, ICMP and so on. The purpose of this analyzer is to check current security status of the network automatically. In this paper we provide implementation details and the examples of security evaluation by using our security packet analyzer system.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• Smart Media Journal
• /
• v.6 no.1
• /
• pp.61-67
• /
• 2017

A large number of people living in modern times prefer remaining unmarried or living alone independently for the reason of their own will or another person's will. This is because they dislike being interfered with by other persons or because there is a financial problem. This behavior has become mainstream in persons working for professional jobs, persons having a strong disposition toward individual activity or college students. In particular, career women pursuing their own comfortable life have the tendency to prefer single life. However, sometimes, they become a target of crime that targets and makes bad use of this point. For these reasons. Consequently, sometimes, they additionally install and use a security system such as door security guard at front door and so on. It is not so difficult to lock the door security guard at the front door. However, it is apt to be forgotten. And when they are on the bedspread before falling asleep, in case they should check whether the door security guard is locked or in case they should lock it, they should get up, go to the entrance, and check and lock the door security guard. They often don't lock the door security guard due to their feeling that it is all right because of annoyance and inconvenience. This paper is intended to work for safety from crime such as illegal housebreaking by more conveniently using the door security guard after designing and implementing a system that can remotely control the door security guard, using a smartphone as a method of resolving this annoyance and keeping life more safe.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.5-14
• /
• 2017

Many web services which use OAuth Protocol offer users to log in using their personal profile information given by resource servers. This method reduces the inconvenience of the users to register for new membership. However, at the time a user finishes using OAuth client web service, even if he logs out of the client web service, the resource server remained in the login state may cause the problem of leaking personal information. In this paper, we propose a solution to mitigate the threat by providing an additional security behavior check: when a user requests to log out of the Web Client service, he or she can make decision whether or not to log out of the resource server via confirmation notification regarding the state of the resource server. By utilizing the proposed method, users who log in through the OAuth Protocol in the public PC environment like department stores, libraries, printing companies, etc. can prevent the leakage of personal information issues that may arise from forgetting to check the other OAuth related services. To verify our study, we implement a Client Web Service that uses OAuth 2.0 protocol and integrate it with our security behavior check. The result shows that with this additional function, users will have a better security when dealing with resource authorization in OAuth 2.0 implementation.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.3
• /
• pp.49-57
• /
• 2013

Power-saving PC software enables the inexpensive power control, but the installation of the power-saving software in all computers in the organization is not an easy task. Computer users in the organization are usually not cooperative as they do not think the power-saving cost is directly related to themselves. The PC power-saving system provides advantage to driving active participation in which users installs the power saving software by restricting IP address through the power management server. However, the problem with this approach is the security vulnerability to IP spoofing attacks, therefore we need to solve the problem that disrupt the entire network system rather than saving electric power. This paper proposes the security authentication system that can implement the efficiency saving power by providing high security for the members' computer system of the public institutions based on the PC power-saving system. Also, by analyzing it in comparison with other method, it is possible to check that the prospects of safety and efficiency are strengthened.

• Convergence Security Journal
• /
• v.3 no.3
• /
• pp.81-90
• /
• 2003

Risk analysis and internal control evaluation are key security management activities for securing organizational assets. Risk analysis is used to identify areas that need safeguarding while internal control evaluation is used to check whether the current control system is effective with a reasonable degree of assurance. Risk analysis usually focuses on unauthorised activities of unauthorised people and has not paid much attention to threats that could be committed by authorized users. As attention to fraud increases, these threats should be appropriately treated within organizations. This paper compares the difference between these two approaches.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2219-2236
• /
• 2017

With cloud storage services, users can handle an enormous amount of data in an efficient manner. However, due to the widespread popularization of cloud storage, users have raised concerns about the integrity of outsourced data, since they no longer possess the data locally. To address these concerns, many auditing schemes have been proposed that allow users to check the integrity of their outsourced data without retrieving it in full. Yuan and Yu proposed a public auditing scheme with a deduplication property where the cloud server does not store the duplicated data between users. In this paper, we analyze the weakness of the Yuan and Yu's scheme as well as present modifications which could improve the security of the scheme. We also define two types of adversaries and prove that our proposed scheme is secure against these adversaries under formal security models.

• Journal of the Korea Safety Management & Science
• /
• v.12 no.4
• /
• pp.107-116
• /
• 2010

To give a solution to solve personal information problems issued in this study, the domestic and overseas cases about information security management system including an authentication technique are analyzed. To preserve the outflow of personal information, which is such a major issue all over the world, a new security audit check list is also proposed. We hope this study to help information system developers construct and operate confidential information systems through the three steps: Analysis of risk factors that expose personal information, Proposal to solve the problem, Verification of audit checking items.