• Journal of Digital Contents Society
• /
• v.8 no.4
• /
• pp.483-489
• /
• 2007

The high availability of information security system shall be primarily studied in relation to the Next Generation Network(NGN) Information Security infrastructure, because it is very important to maintain availability at each moment as a variety of intrusions occur continuously. The high availability of the security system can be realized with the topology and configuration properly defined to fully utilize the recovery function of the security system in the thoroughly planned optimized method. The active-active high availability on the NGN information security infrastructure system in is assured by letting the failover mechanism operate upon the entire structure through the structural design and the implementation of functions. The proposed method reduces the system overload rating due to trouble packets and improves the status of connection by SNMP polling trap and the ICMP transport factor by ping packet.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.101-108
• /
• 2013

Sensor network configurations are for a specific situation or environment sensors capable of sensing, processing the collected information processors, and as a device is transmitting or receiving data. It is presently serious that sensor networks provide many benefits, but can not solve the wireless network security vulnerabilities, the risk of exposure to a variety of state information. u-Healthcare sensor networks, the smaller the sensor node power consumption, and computing power, memory, etc. restrictions imposing, wireless sensing through the kind of features that deliver value, so it ispossible that eavesdropping, denial of service, attack, routing path. In this paper, with a focus on sensing of the environment u-Healthcare system wireless security vulnerabilities factors u-Healthcare security framework to diagnose and design methods are presented. Sensor network technologies take measures for security vulnerabilities, but without the development of technology, if technology is not being utilized properly it will be an element of threat. Studies suggest that the u-Healthcare System in a variety of security risks measures user protection in the field of health information will be used as an important guide.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.975-985
• /
• 2014

As financial transactions with a smartphone has become increasing, a myriad of security threats have emerged against smartphones. Among the many types of security threats, Smishing has evolved to be more sophisticated and diverse in design. Therefore, financial institutions have recommended that users doesn't install applications with setting of "Unknown sources" in the system settings menu and install application which detects Smishing. Unfortunately, these kind of methods come with their own limitations and they have not been very effective in handling Smishing. In this paper, we propose a systematic method to detect Smishing, in which the RIL(Radio Interface Layer) collects a text message received and then, checks if message databases stores text message in order to determine whether Smishing malware has been installed on the system. If found, a system call (also known as a hook) is used to block the outgoing text message generated by the malware. This scheme was found to be effective in preventing Smishing as found in our implementation.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.38 no.4
• /
• pp.30-38
• /
• 2015

IT security service provides customers with the capability of protecting the networked information asset and infrastructures, and the scope of security service is expanding from a technology-intensive task to a comprehensive protection system for IT environment. To improve the quality of this service, a research model which help assess the quality is required. Several research models have been proposed and used in various service areas, but few cases are found for IT security service. In this work, a research model for the IT security quality has been proposed, based on research models such as SERVQUAL and E-S-QUAL. With the proposed model, factors which affect the service quality and the best quality measure have been identified. And the feasibility of using quantitative measures for quality has been examined. For analysis, structural equation modeling and various statistical methods such as principal component analysis were used. The result shows that satisfaction is the most significant measure affected by the proposed quality factors. Two quality factors, fulfillment and empathy, are the main determinants of the service quality. This leads to a strategy of quality improvement based on factors of emotion and perception, not of technology. The quantitative measures are considered as promising alternative measures, when combined with other measures. In order to design reliable quantitative measures, more work should be done on target processing time and users' expectation. It is hoped that work of this research will provide efficient tools and methods to improve the quality of IT security service and help future research works for other IT service areas.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.7
• /
• pp.1047-1059
• /
• 2022

With the development of cloud computing technology, container technology that provides services based on a virtual environment is also developing. Container orchestration technology is a key element for cloud services, and it has become an important core technology for building, deploying, and testing large-scale containers with automation. Originally designed by Google and now managed by the Linux Foundation, Kubernetes is one of the container orchestrations and has become the de facto standard. However, despite the increasing use of Kubernetes in container orchestration, the number of incidents due to security vulnerabilities is also increasing. Therefore, in this paper, we study the vulnerabilities of Kubernetes and propose a security policy that can consider security from the initial development or design stage through threat analysis. In particular, we intend to present a specific security guide by classifying security threats by applying STRIDE threat modeling.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.6
• /
• pp.1017-1029
• /
• 2023

A large amount of transactions are taking place through Blockchain. Among them, the proportion of transactions through smart contracts is increasing. Accordingly, problems such as vulnerability attacks on smart contracts and fraud using smart contracts are increasing. Through security audits of smart contracts, developers can discover and resolve vulnerabilities, and users can distinguish whether smart contracts are fraudulent. However, there are currently no regulations and standards for security auditing of smart contracts, so services that perform security auditing are uneven. In this paper, we analyze security audit trends for smart contracts and identify what services are being provided. We investigate what elements are analyzed from smart contracts, focusing on security audit reports. Also, investigate what vulnerabilities can be detected. Finally, we investigate quality indicators for smart contracts and visualization elements of design extraction. Through this, we hope to be able to find visualization elements specialized for smart contracts.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.35-42
• /
• 2024

Multi-tenancy architecture plays a crucial role in cloud-based services and applications, and data isolation within such environments has emerged as a significant security challenge. This paper investigates various data isolation methods including schema-based isolation, logical isolation, and physical isolation, and compares their respective advantages and disadvantages. It evaluates the practical application and effectiveness of these data isolation methods, proposing security considerations and selection criteria for data isolation in the development of multi-tenant websites. This paper offers important guidance for developers, architects, and system administrators aiming to enhance data security in multi-tenancy environments. It suggests a foundational framework for the design and implementation of efficient and secure multi-tenant websites. Additionally, it provides insights into how the choice of data isolation methods impacts system performance, scalability, maintenance ease, and overall security, exploring ways to improve the security and stability of multi-tenant systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.13-29
• /
• 2003

Web-mail system is worthy of note as a next generation e-mail system for its mobility and easiness. But many web-mail system does not have any kind of security mechanism. Even if web-mail system provides security services, its degree of strength is too low. Using these web-mail systems, the e-mail is tabbed, modified or forged by attacker easily. To solve these problems, we design and implement secure web-mail system based on the international e-mail security standard S/MIME in this thesis. This secure web-mail system is composed of server system and client system The server system performs basic mail functions - sending/receiving the mails, storing the mails, and management of user information, etc. And the client system performs cryptographic functions - encryption/decryption of the mails, digital signing and validation, etc. Because client system performs cryptographic functions this secure web-mail system gives its reliability and safety, and provides end-to-end security between mail users. Also, this secure web-mail system increase system efficiency by minimize server load.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.201-211
• /
• 2012

This paper addresses a Full Disk Encryption hardware processor for SATA HDD in a single FPGA design, and shows its experimental result using an FPGA board. The proposed processor mainly consists of two blocks: the first block processes XTS-AES block cipher which is the IEEE P1619 standard of storage media encryption and the second block executes the interface between SATA Host (PC) and Device (HDD). To minimize the performance degradation, we designed the XTS-AES block with the 4-stage pipelined structure which can process a 128-bit block per 4 clock cycles and has 4.8Gbps (max) performance. Also, we implemented the proposed design with Xilinx ML507 FPGA board and our experiment showed 140MB/sec read/write speed in Windows XP 32-bit and a SATA II HDD. This performance is almost equivalent with the speed of the direct SATA connection without FDE devices, hence our proposed processor is very suitable for SATA HDD Full Disk Encryption environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.23-35
• /
• 2009

Password-Authenticated Key Exchange (PAKE) Protocol is a useful tool for secure communication conducted over open networks without sharing a common secret key or assuming the existence of the public key infrastructure (PKI). It seems difficult to design efficient PAKE protocols using RSA, and thus many PAKE protocols are designed based on the Diffie-Hellman key exchange (DH-PAKE). Therefore it is important to design an efficient PAKE based on RSA function since the function is suitable for designing a PAKE protocol for imbalanced communication environment. In this paper, we propose a computationally-efficient key exchange protocol based on the RSA function that is suitable for low-power devices in imbalanced environment. Our protocol is more efficient than previous RSA-PAKE protocols, required theoretical computation and experiment time in the same environment. Our protocol can provide that it is more 84% efficiency key exchange than secure and the most efficient RSA-PAKE protocol CEPEK. We can improve the performance of our protocol by computing some costly operations in offline step. We prove the security of our protocol under firmly formalized security model in the random oracle model.