• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.9
• /
• pp.2114-2120
• /
• 2015

Vehicle cloud technology is a fusion technology of vehicle communication technology and cloud computing used in wired and wireless Internet, and has attracted attention as a new IT paradigm. It is expected that it would contribute to resolve the road traffic problem with effective communication by providing computer, sensor, communication, device, and resource. but security is necessary to apply vehicle cloud environment and it have to resolve security threats and various attacks occurred in wired and wireless vehicle environment. Therefore, in this paper, we designed security framework to provide secure communication between vehicle and vehicle, and vehicle and the Road side in the vehicle cloud environment. Safety and security of the vehicle environment was satisfied with the security requirements of the vehicle and cloud-based environment, and increased efficiency than the conventional vehicle network communication protocols.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.10
• /
• pp.6310-6316
• /
• 2014

The increase in the Internet and smart device users requires high-level network security. Network security consists of Web Firewall, Network Firewall, IPS, DDoS system, UTM (Unified Treat Management), VPN, NAC (Network Access Control), Wireless security, Mobile security, and Virtualization. Most network security solutions running on IPv4, and IPv6 network services are not sufficiently ready. Therefore, in this paper, this study designed and implemented important functions of Network Access Control (NAC), which include IPv6 host detection, isolation, blocking and domain assignment for the IPv6 network. In particular, domain assignment function makes 128 bits IPv6 address management easy. This system was implemented on a KISA IPv6 test-bed using well known devices. Finally, the test result showed that all IPv6 based wired and wireless devices were well-controlled (detection, blocking, isolation and domain assignment).

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.447-451
• /
• 2003

특정 프로그램의 취약점 여부를 판단하기 위한 방법에는 프로그램의 버전이나 작동여부를 점검하는 방법과 해당 프로그램에 실제 침투를 수행하고 그 성공여부를 검증하는 방식이 있다. 후자를 이용한 방식은 침투 코드의 구현, 재사용, 확장이 어렵기 때문에 전자에 비해서 널리 사용되지 않지만, 정확한 결과를 얻을 수 있고 보안의 경각심을 높일 수 있는 장점이 있다. 본 논문에서는 최근에 널리 사용되는 원격 취약점 침투 코드들의 구조를 분석하여 다양한 취약점을 보다 정확하게 검증할 수 있고 새로운 취약점에 대해서도 쉽게 확장할 수 있는 원격 취약점 증명 프레임워크를 제시한 후 이를 바탕으로 원격 취약점 증명 도구를 설계하고 구현한다. 원격 취약성 증명 도구는 원격 취약점 침투코드들의 모듈화 및 재사용을 위한 프레임워크 부분과 사용자의 입력을 받아서 모의 침투를 수행하고 침투 성공 증거를 제공하는 GUI 부분으로 구성된다.

• Journal of Internet Computing and Services
• /
• v.5 no.6
• /
• pp.45-58
• /
• 2004

This paper consists of two parts, One is the ECC( GF(2/sup m/)) algorithm to improve the security strength and the processing time of SSL VPN and the other is the WLCAPT algorithm instead of LSNAT for the security strength of virtual server. In general when corporates use SSL protocol in order to build VPN, they use RSA algorithm with the problem of security and processing time about authentication and confidentiality, In this paper, a shared public key is generated with ECSPK which uses ECC( GF(2/sup m/)) algorithm to improve the security and processing time instead of RSA In addition, WLCAPT algorithm proposed in this paper is applied to virtual server which resides in the server side and then after NAT translation, the actual server of headquarter is securely communicated with it.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.5
• /
• pp.3086-3092
• /
• 2014

The FTP that provides file transfer capabilities to/from another station cannot provides data confidentialities. The FTPS and SFTP can support a security functionalities. The FTPS needs a SSL layer and SFTP use a functions of SSH. And therefore the FTPS or SFTP needs an additional modules such as SSL or SSH. In this paper, we propose a new Secured FTP protocol that can support the security functions without extra security system. The Secured FTP uses Diffie-Hellman key agreement algorithm for shared secret key generation and AES-Counter algorithm for data encryption algorithm. Our designed Secured FTP is implemented in Linux environments and the proper operations of implemented Secured FTP is verified.

• Journal of Korean Society of Water and Wastewater
• /
• v.33 no.5
• /
• pp.329-339
• /
• 2019

Recently, the advancement of information and communication technology(ICT) is expanding the connectivity through Internet of Things(IoT), and the media of connection is also expanding from wire/cable transmission to broadband wireless communication, which has significantly improved mobility. This hyperconnectivity has become a key element of the fourth industrial revolution, whereas the supervisory control network of purification plants in korea is operated as a communication network separated from the outside, thereby lagging in terms of connectivity. This is considered the best way to ensure security, and thus there is hardly any consideration of establishing alternatives to operate an efficient and stable communication network. Moreover, security for management of a commercialized communication network and network management solution may be accompanied by immense costs, making it more difficult to make new attempts. Therefore, to improve the conditions for the current supervisory control network of purification plants, this study developed a industrial security L2 switch that supports modbus TCP(Transmission Control Protocol) communication and encryption function of the transmission section. As a result, the communication security performance improved significantly, and the cost for implementing the network management system using Historical Trend and information of HMI(Human Machine Interface) could be reduced by approximately KRW 200 million. The results of this study may be applied to systems for gas, electricity and social safety nets that are infrastructure communication networks that are similar to purification plants.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.11 no.6
• /
• pp.778-783
• /
• 2018

With the rapid advancement of information and communication technology and industrial technologies, a hyper-connected society is being realized to connect human beings, all programs and things via the Internet. IoT (Internet of Thing), which connects a thing and another thing, and things and human beings, gathers information to realize the hyper-connected society. MQTT (Message Queuing Telemetry Transport) is a push-technology-based light message transmission protocol that was developed to be optimized to the limited communication environment such as IoT. In pursuing the hyper-connected society, IoT's sensor environment information is now being used as a wide range of information on people's diseases and health management. Thus, security problems of such MQTT include not only the leak of environmental information but also the personal information infringement. To resolve such MQTT security problems, we have designed a new security MQTT communication by applying the initial-value sensitivity and pseudorandomness of the chaotic system to the integrity and confidentiality. The encryption method using our proposed chaotic system offers a simple structure and a small amount of calculation, and it is deemed to be suitable to the limited communication environment such as IoT.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.3-9
• /
• 2019

Most of security countermeasures have been implemented to cope with continuous increase leakage of technology, but almost security countermeasures are focused on securing the boundary between inside and outside. This is effective for detecting and responding to attacks from the outside, but it is vulnerable to internal security incidents. In order to prevent internal leakage effectively, this study identifies activities corresponding to technology leakage activities and designes technology leakage activity detection items. As a design method, we analyzed the existing technology leakage detection methods based on the previous research and analyzed the technology leakage cases from the viewpoint of technology leakage activities. Through the statistical analysis, the items of detection of the technology leakage outcomes were verified to be appropriate, valid and reliable. Based on the results of this study, it is expected that it will be a basis for designing the technology leaking scenarios based on future research and leaking experiences.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.83-89
• /
• 2019

In accordance with information security compliance and security regulations, there is a need to develop regular and real-time concepts for cyber-infringement attacks against network system vulnerabilities in branch and periodic forms. Vulnerability Analysis Analysis It is judged that it will be a countermeasure against new hacking attack in case of concept validation by interworking with TOOL. Vulnerability check module is standardized in event attribute management and ease of operation. Opening in terms of global sharing of vulnerability data, owasp zap / Angry ip Etc. were investigated in the SIEM system with interlocking design implementation method. As a result, it was proved that the inspection events were monitored and transmitted to the SIEM console by the vulnerability module of web and network target. In consideration of this, ESM And SIEM system In this paper, we propose a new vulnerability analysis method based on the existing information security consultation and the results of applying this study. Refer to the integrated interrelationship analysis and reference Vulnerability target Goal Hacking It is judged to be a new active concept against invasion attack.

• Convergence Security Journal
• /
• v.18 no.4
• /
• pp.27-33
• /
• 2018

Stream cipher is an one-time-pad type encryption algorithm that encrypt plaintext using simple operation such as XOR with random stream of bits (or characters) as symmetric key and its security depends on the randomness of used stream. Therefore we can design more secure stream cipher algorithm by using mathematical analysis of the stream such as period, linear complexity, non-linearity, correlation-immunity, etc. The key stream in stream cipher is generated in linear feedback shift register(LFSR) having characteristic polynomial. The primitive polynomial is the characteristic polynomial which has the best security property. It is used widely not only in stream cipher but also in SEED, a block cipher using 8-degree primitive polynomial, and in Chor-Rivest(CR) cipher, a public-key cryptosystem using 24-degree primitive polynomial. In this paper we present the concept and various properties of primitive polynomials in Galois field and prove the theorem finding the number of irreducible polynomials and primitive polynomials over $F_p$ when p is larger than 2. This kind of research can be the foundation of finding primitive polynomials of higher security and developing new cipher algorithms using them.