• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.7
• /
• pp.1047-1059
• /
• 2022

With the development of cloud computing technology, container technology that provides services based on a virtual environment is also developing. Container orchestration technology is a key element for cloud services, and it has become an important core technology for building, deploying, and testing large-scale containers with automation. Originally designed by Google and now managed by the Linux Foundation, Kubernetes is one of the container orchestrations and has become the de facto standard. However, despite the increasing use of Kubernetes in container orchestration, the number of incidents due to security vulnerabilities is also increasing. Therefore, in this paper, we study the vulnerabilities of Kubernetes and propose a security policy that can consider security from the initial development or design stage through threat analysis. In particular, we intend to present a specific security guide by classifying security threats by applying STRIDE threat modeling.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.6 no.2
• /
• pp.81-88
• /
• 2016

Machine-to-Machine (M2M) communication provides each component (machine) with access to Internet, evolving into the IoT technology. IoT is a trend where numbers of devices provide the communication service, using the Internet protocol. As spreading the concept of IoT(Internet of Things), various objects become home information sources. According to the wide spread of various devices, it is difficult to access data on the devices with unified manners. Under this environment, security is a critical element to create various types of application and service. In this paper propose the inter-device authentication and Centralized Remote Security Provisioning framework in Open M2M environment. The results of previous studies in this task is carried out by protecting it with the latest information on M2M / IoT and designed to provide the ultimate goal of future M2M / IoT optimized platform that can be integrated M2M / IoT service security and security model presents the information.

• Journal of Internet of Things and Convergence
• /
• v.6 no.1
• /
• pp.39-43
• /
• 2020

The Internet of Things plays a role as an important element technology of the 4th Industrial Revolution. This study is currently developing intelligent cars with IT technology, and is at a time when the development of intelligent cars is active and network data communication is possible. However, security solutions are needed as security is still at a weak stage, which can be threatened by intrusions into the network from outside. In this paper, in order to improve security of intelligent cars without causing security problems, we will apply blockchain technology, propose biometric authentication techniques using users' biometric information, and continue to study them in the future.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.12
• /
• pp.3078-3087
• /
• 1997

The information security is very important in computer communication network, and the security system has been developed in many aspects to provide secure communication. The secret key distribution and mutual user authentication are essential element in designing security system, then many algorithms and implementation schemes have been proposed. But they don't consider communication protocol, so they are not easy to adapt a real communication network' In this paper, we propose a key distriburion and mutual user authentication scheme based on X.25 protocol which is the most popular in packet communication, and the proposed scheme maintains a protocol transparency and can select communication mode, so the security system is more capable.

• The Journal of Society for e-Business Studies
• /
• v.5 no.1
• /
• pp.55-73
• /
• 2000

Recently; EC(Electronic Commerce) is increasing with high speed based on the expansion of Internet. EC which is done on the cyber space through Internet has strong point like independence from time and space. On the contrary, it also has weak point like security problem because anybody can access easily to the system due to open network attribute of Internet. Therefore, we need the solutions that protect the security problem for safe and useful EC activity. One of these solutions is the implementation of strong cipher algorithm. NC(Nonpolynomial Complete) cipher algorithm proposed in this paper is good for the security and it overcome the limit of current 64bits cipher algorithm using 128bits key length for input, output and encryption key, Moreover, it is designed for the increase of calculation complexity and probability calculation by adapting more complex design for subkey generation regarded as one of important element effected to encryption. The result of simulation by the comparison with other cipher algorithm for capacity evaluation of proposed NC cipher algorithm is that the speed of encryption and decryption is 7.63 Mbps per block and the speed of subkey generation is 2,42 μ sec per block. So, prosed NC cipher algorithm is regarded as proper level for encryption. Furthermore, speed of subkey generation shows that NC cipher algorithm has the probability used to MAC(Message Authentication Code) and block implementation of Hash function.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.3
• /
• pp.437-445
• /
• 2006

The security key management function is a key element to secure network environment, and many protocols include IPSec, HIP, etc. demand this function. There are two solutions to provide the key management function in the network layer, one is a method for storing security key material in the directory, and the other is a method for storing security key material in DNS. In this paper we present an implementation of key management system by LDAP. We deployed the open source solutions for directory service(OpenLDAP), cryptographic algorithm (FLINT/C), IPSec(FreeS/WAN), and verified the key management system by the encrypted message exchange and the interoperability test by un daemon.

• Journal of Broadcast Engineering
• /
• v.13 no.1
• /
• pp.92-98
• /
• 2008

Network data modeling is a essential research for the evaluation for intrusion detection systems performance, network modeling and methods for analyzing network data. In network data modeling, real data from the network must be analyzed and the modeled data must be efficiently composed to reflect a sufficient amount of the original data. In this parer the useful elements of real network data were quantified from packets captured from a huge network. Futhermore, a statistical analysis method was used to find the most effective element for efficiently classifying the modeled data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1179-1189
• /
• 2019

Cyber security evaluation is a series of processes that estimate the level of risk of assets and systems through asset analysis, threat analysis and vulnerability analysis and apply appropriate security measures. In order to prepare for increasing cyber attacks, systematic cyber security evaluation is required. Various indicators for measuring cyber security level such as CWSS and CVSS have been developed, but the quantitative method to apply appropriate security measures according to the risk priority through the standardized security evaluation result is insufficient. It is needed that an Scoring system taking into consideration the characteristics of the target assets, the applied environment, and the impact on the assets. In this paper, we propose a quantitative risk assessment model based on the analysis of existing cyber security scoring system and a method for quantification of assessment factors to apply to the established model. The level of qualitative attribute elements required for cyber security evaluation is expressed as a value through security requirement weight by AHP, threat influence, and vulnerability element applying probability. It is expected that the standardized cyber security evaluation system will be established by supplementing the limitations of the quantitative method of applying the statistical data through the proposed method.

• Korean Security Journal
• /
• no.22
• /
• pp.145-168
• /
• 2010

Since Alarm Monitoring Service was introduced in Korea in 1981, the market has been increasing and is expected to increase continually. Some factors such as the increase of social security need and the change of safety consciousness, increase of persons who live alone could be affected positively on Alarm Monitoring Service industry. As Alarm Monitoring Service come into wide use, the understanding of electronic security service is spread and consumer's demand is difficult, so consideration about new developmental plan is need to respond to the change actively. Electronic security system is consist of various kinds of element, so every element could do their role equally. Alarm Monitoring Service should satisfy consumer's various needs because it is not necessary commodity, also electronic security device could be easily operated and it's appearance has to have a good design. To solve the false alarm problem, detection sensor's improvement should be considered preferentially and development of new type of sensor that operate dissimilarly to replace former sensor is needed. On the other hand, to settle the matter that occurred by response time, security company could explain the limit on Alarm Monitoring System to consumer honestly and ask for an understanding. If consumer could be joined into security activity by security agent's explanation, better security service would be provided with mutual confidence. To save response time the consideration on the introduction of GIS(Global Information System) is needed rather than GPS(Global Positioning System). Although training program for security agents is important, several benefits for security agents should be considered together. The development of new business model is required for preparation against market stagnation and the development of new commodity to secure consumer for housing service rather than commercial facility service. for the purpose of those, new commodity related to home-network system and video surveillance system could be considered, also new added service with network between security company and consumer for a basis is to be considered.

• Korean Security Journal
• /
• no.16
• /
• pp.119-135
• /
• 2008

This study is concerned on how much effect to activate private security officers from the attitude of CEO in private security companies. Of course the philosophy of CEO at the work is much important element on the company activity. And in small-medium size private security company the effect of CEO is tremendous because most of decision making comes from CEO and company is operated. The result of the analysis of the survey on the CEO in private security business is as belows. a) Most of them are not satisfied and negative from current situation of private security industry because too many companies are scattered and the expected social understanding is too low even though the company was established by their own decision due to it was fit to their aptitude. b) The job position is estimated not high by socio-economical perspective, which would be improved to get higher because this industry is very future business. c) Most of members of the korea security association are in negative on the policy of the korea security association but to enhance of the activity all the members should be in union. d) Must make and settle down a channel to communicate and cooperate each other between public and private sector of security business.