• Title/Summary/Keyword: Security design

Search Result 3,411, Processing Time 0.036 seconds

A Study on Security Factors on Online Shopping - focus on internet bookshops -

  • Hua, Deng;Kim, Chang-Eun
    • Proceedings of the Safety Management and Science Conference
    • /
    • 2005.11a
    • /
    • pp.418-422
    • /
    • 2005
  • Electronic commerce has provided another access for consumers to purchase products, but some researches have pointed out that there are difficulties for companies to do business on web. For lack of trust, many people not prefer purchasing through virtual channels. Based on the literature review, this study aims at empirically testing the impact of website design on individual trust in internet firms. From statistic analysis, we will conclude that security, interaction, and navigation functionality will affect on-line trust.

  • PDF

Design of an Secure Internet Auction System (안전한 인터넷 경매시스템 설계)

  • 박진호;안성진
    • Convergence Security Journal
    • /
    • v.2 no.1
    • /
    • pp.69-76
    • /
    • 2002
  • Becoming Internet is public, various services using Web are created. Internet auction is not exceptional but make rapid progress. Internet auction system damages user because its security is not perfect and faultless. In this paper, we propose a design of internet auction system providing more secure and convenient environment.

  • PDF

Frame Design for Security Policy Design and Verification (보안정책 설계 및 검증을 위한 프레임 설계)

  • 이용석;최웅철;정광수;남택용;오승희
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2003.12a
    • /
    • pp.113-117
    • /
    • 2003
  • 네트워크에서 보안 기능을 전개하는데 있어 정책 기반 전개 방법이 널리 사용되고 있다. 본 논문에서는 정책 기반 보안 기능 전개에 있어 정책을 설정하고 검증하기 위한 프레임을 제시한다 정책 기반 기능 전개에 있어 중요하고도 어려운 문제는 설정한 정책의 정확성(correctness)과 완전성(completeness)을 검증하는 것이지만 이에 관한 기존의 방법은 주로 경험이나 혹은 감시에 의한 끊임없는 정책 갱신이다. 본 연구에서는 기존의 제안된 여러 보안 모델들을 검토해보고 이 모델들로부터 공통적으로 적용할 수 있는 정책의 정확성과 완전성을 위한 제어 프레임을 설계한다.

  • PDF

A Study on the construction of physical security system by using security design (보안디자인을 활용한 시설보안시스템 구축 방안)

  • Choi, Sun-Tae
    • Korean Security Journal
    • /
    • no.27
    • /
    • pp.129-159
    • /
    • 2011
  • Physical security has always been an extremely important facet within the security arena. A comprehensive security plan consists of three components of physical security, personal security and information security. These elements are interrelated and may exist in varying degrees defending on the type of enterprise or facility being protected. The physical security component of a comprehensive security program is usually composed of policies and procedures, personal, barriers, equipment and records. Human beings kept restless struggle to preserve their and tribal lives. However, humans in prehistoric ages did not learn how to build strong house and how to fortify their residence, so they relied on their protection to the nature and use caves as protection and refuge in cold days. Through the history of man, human has been establishing various protection methods to protect himself and his tribe's life and assets. Physical security methods are set in the base of these security methods. Those caves that primitive men resided was rounded with rock wall except entrance, so safety was guaranteed especially by protection for tribes in all directions. The Great Wall of China that is considered as the longest building in the history was built over one hundred years from about B.C. 400 to prevent the invasion of northern tribes, but this wall enhanced its protection function to small invasions only, and Mongolian army captured the most part of China across this wall by about 1200 A.D. European lords in the Middle Ages built a moat by digging around of castle or reinforced around of the castle by making bascule bridge, and provided these protections to the resident and received agricultural products cultivated. Edwin Holmes of USA in 20 centuries started to provide innovative electric alarm service to the development of the security industry in USA. This is the first of today's electrical security system, and with developments, the security system that combined various electrical security system to the relevant facilities takes charging most parts of today's security market. Like above, humankind established various protection methods to keep life in the beginning and its development continues. Today, modern people installed CCTV to the most facilities all over the country to cope with various social pathological phenomenon and to protect life and assets, so daily life of people are protected and observed. Most of these physical security systems are installed to guarantee our safety but we pay all expenses for these also. Therefore, establishing effective physical security system is very important and urgent problem. On this study, it is suggested methods of establishing effective physical security system by using system integration on the principle of security design about effective security system's effective establishing method of physical security system that is increasing rapidly by needs of modern society.

  • PDF

Trustworthy Smart Band: Security Requirements Analysis with Threat Modeling (위협 모델링을 통한 스마트밴드 보안 요구사항 분석)

  • Kang, Suin;Kim, Hye Min;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1355-1369
    • /
    • 2018
  • As smart bands make life more convenient and provide a positive lifestyle, many people are now using them. Since smart bands deal with private information, security design and implementation for smart band system become necessary. To make a trustworthy smart band, we must derive the security requirements of the system first, and then design the system satisfying the security requirements. In this paper, we apply threat modeling techniques such as Data Flow Diagram, STRIDE, and Attack Tree to the smart band system to identify threats and derive security requirements accordingly. Through threat modeling, we found the vulnerabilities of the smart band system and successfully exploited smart bands with them. To defend against these threats, we propose security measures and verify that they are secure by using Scyther which is a tool for automatic verification of security protocol.

System Hardening and Security Monitoring for IoT Devices to Mitigate IoT Security Vulnerabilities and Threats

  • Choi, Seul-Ki;Yang, Chung-Huang;Kwak, Jin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.2
    • /
    • pp.906-918
    • /
    • 2018
  • The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

Enhanced Security Scheme to Support Secure and Fast ASN-anchored Mobility in Mobile WiMAX

  • Park, Chang-Seop;Kang, Hyun-Sun
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.5 no.11
    • /
    • pp.2204-2220
    • /
    • 2011
  • Without providing a proper security measure to the handover procedure in Mobile WiMAX, several security attacks can be mounted. Even though security schemes have been previously proposed for this purpose, they are still vulnerable to several security attacks due to fatal design flaws. A newly proposed security scheme in this paper is based on the framework of authentication domain and concept of handover ticket. A method of establishing security associations within the authentication domain is proposed, and a lightweight security measure to protect the management messages associated with the handover is also proposed. Especially, using the handover ticket, the new security scheme can defend against a Redirection Attack arising from a compromised base station. The new security scheme is comparatively analyzed with the previous security schemes in terms of Replay, Session Hijacking, Man-In-The-Middle, and Redirection attacks.

Framework Design of Voltage Security Assessment(VSA) using QSS Analysis method (QSS 해석 기법을 이용한 Voltage Security Assessment(VSA) 프로그램 기반설계)

  • Hur, Jin;Lee, Sang-Ho;Kim, Tae-Hyun;Moon, Young-Hwan
    • Proceedings of the KIEE Conference
    • /
    • 2005.07a
    • /
    • pp.12-14
    • /
    • 2005
  • Security problem has been a fundamental issue in the operation and planning of power system. Voltage instability is widely recognized as an important issue of power system blackout. As far as real-time operation is concerned, there is a need for appropriate tools to identify dangerous contingencies, assess security margins and suggest corrective actions. In this paper, we propose the framework design of Voltage Security Assessment(VSA) using QSS(Quasi Steady-State) analysis method in order to implement fast time domain simulation engine as a major part of VSA.

  • PDF

The design of AAA server for Wireless LAN with 802.1x

  • Ham, Young-Hwan;Chung, Byung-Ho
    • Proceedings of the IEEK Conference
    • /
    • 2002.07c
    • /
    • pp.1944-1947
    • /
    • 2002
  • The importance of security in WLAN(Wireless LAN) service is very critical, so IEEE organization has made the IEEE 802.1x standard. The IEEE 802.1x standard uses the EAP as authentication protocol which requires AAA(Authentication, authorization, and Accounting) server for authentication & accounting. for the reliable and scalable AAA service, the Diameter protocol has more advanced characteristics than existing radius protocol. So the Diameter protocol can be used for WLAN service provider who has large scale WLAN system and a large number of subscriber. This paper proposes the design of Diameter AAA server for the authentication and accounting of WLAN system which is adopting IEEE 802.1x standard.

  • PDF

Design and Implementation of App Control System for Improving the Security of the Mobile Application (모바일 애플리케이션의 보안성 향상을 위한 App 제어 시스템 설계 및 구현)

  • Lee, Yu-Jun;Jang, Young-Hwan;Park, Seok-Cheon
    • The Journal of the Korea Contents Association
    • /
    • v.16 no.2
    • /
    • pp.243-250
    • /
    • 2016
  • Recently, with the rise of the mobile device, from mobile devices the user who owns the security, speed up the implementation of the guarantee management environment as businesses and individual equipment for the effcient management of the existing system, but the introduction of the MDM MDM App management features administrators to register the App until you can't prvent the security threat. Therefore, this paper addresses these issues in order to improve the security of your application for the control system. The proposed system is a function of the MDM authentication technology to design analysis, and system architecture to help prevent information disclosure within the design and implementation of Mobile-based application control system. Implementation of the control system to assess the security of the international common criteria security evaluation complete the test scenarios on the basis of the test items. An average of 40% of the test results to verify the results of this enhanced security.