• 대한전기학회:학술대회논문집
• /
• 대한전기학회 2003년도 추계학술대회 논문집 전력기술부문
• /
• pp.28-30
• /
• 2003

Probabilistic Load Flow(PLF) solution based on the method of moments is used for security assessment of bus voltages in power systems. Bus voltages, line currents, line admittances, generated real and reactive power, and bus loads are treated as complex random variables. These complex random variables are known in terms of probability density functions(PDF). Also, expressions for the convolutions of complex random variables in terms of moments and cumulants have been derived. Proposed PLF solution using the method of moments is fast, because the process of convolution of various complex random variables is performed in moment and cumulant domain. Therefore, the method is applied to security assessment of power systems in this paper. Finally, system operator also can be used information of security assessment to improve reliability of power systems.

• 한국IT서비스학회지
• /
• 제18권5호
• /
• pp.155-164
• /
• 2019

With the emergence of new ICT technologies, information security threats are becoming more advanced, intelligent, and diverse. Even though the awareness of the importance of information security increases, the information security budget is not enough because of the lack of effectiveness measurement of the information security investment. Therefore, it is necessary to optimize the information security investment in each business environment to minimize the cost of operating the information security countermeasures and mitigate the damages occurred from the information security breaches. In this paper, using genetic algorithms we propose an investment optimization model for information security countermeasures with the limited budget. The optimal information security countermeasures were derived based on the actual information security investment status of SMEs. The optimal solution supports the decision on the appropriate investment level for each information security countermeasures.

• 한국정보과학회:학술대회논문집
• /
• 한국정보과학회 2001년도 가을 학술발표논문집 Vol.28 No.2 (1)
• /
• pp.364-366
• /
• 2001

Sun Microsystems에 의해서 개발된 Jini 네트워킹 기술은 자바 프로그램밍 언어를 기반으로 하여 분산환경을 만드는데 좋은 아키텍쳐를 제공한다. 그러나 현재의 자바 security solution 만으로는 분산환경에서의 보안 요구사항을 충족시키기에 충분하지 않다. 이를 해결하기 위한 여러 방법들이 있지만, 대부분이 centralized computing을 기반으로 하여 분산환경에는 맞지 않다. 이 논문에서는 PKDA(Public key based Kerberos for Distributed Authentication)를 사용하여 Jini의 security를 확장함으로써 분산환경에서의 security 요구사항을 충족시킬 수 있음을 보인다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권3호
• /
• pp.1212-1228
• /
• 2016

Secure communication is an important aspect of today's interconnected environments and it can be achieved by the use of cryptographic algorithms and protocols. However, many existing cryptographic mechanisms are tightly integrated into communication protocols. Issues emerge when security vulnerabilities are discovered in cryptographic mechanisms because their replacement would eventually require replacing deployed protocols. The concept of cryptographic agility is the solution to these issues because it allows dynamic switching of cryptographic algorithms and keys prior to and during the communication. Most of today's secure protocols implement cryptographic agility (IPsec, SSL/TLS, SSH), but cryptographic agility mechanisms cannot be used in a standalone manner. In order to deal with the aforementioned limitations, we propose a lightweight cryptographically agile agreement model, which is formally verified. We also present a solution in the Agile Cryptographic Agreement Protocol (ACAP) that can be adapted on various network layers, architectures and devices. The proposed solution is able to provide existing and new communication protocols with secure communication prerequisites in a straightforward way without adding substantial communication overhead. Furthermore, it can be used between previously unknown parties in an opportunistic environment. The proposed model is formally verified, followed by a comprehensive discussion about security considerations. A prototype implementation of the proposed model is demonstrated and evaluated.

• 정보보호학회논문지
• /
• 제25권1호
• /
• pp.39-48
• /
• 2015

최근 개인정보보호에 관심이 증대되면서 암호화 솔루션 사용이 증가하고 있다. 또한, Windows XP 서비스 지원 종료와 함께 사용자의 운영체제 사양이 향상되면서, Bitlocker와 같은 Full Disk Encryption 솔루션의 활용도가 높아질 것으로 예상된다. 따라서 앞으로의 디지털 포렌식 조사는 Full Disk Encryption 환경에 대한 대응이 필요하다. 본 논문에서는 Full Disk Encryption 환경에 대응하는 디지털 증거 수집 절차를 제안하고 Full Disk Encryption 솔루션 중 사용률이 높은 제품들의 대응 방법 및 탐지 도구를 소개한다.

• 한국산학기술학회논문지
• /
• 제11권4호
• /
• pp.1449-1457
• /
• 2010

침입방지시스템 솔루션은 차세대에 각광받는 보안시스템으로 국내 외 시장에서 매우 활발한 보안 분야 시장을 형성할 것으로 전망된다. 아울러 국제 시장에 진출하고자 하는 국내 업체들은 검증된 제품임을 증명하는 품질 평가를 요구하고 있으며, 일반 사용자들도 검증된 제품을 선호하고 있다. 본 연구에서는 침입방지시스템 솔루션이 갖추어야할 보안성 품질평가 항목을 도출하여 분석을 통해서 품질평가항목을 세분화하고 침입방지시스템에 대한 보안성 품질평가 모델을 구축하였다. 도출된 품질평가 모델은 침입방지 시스템의 품질을 평가하고 향상시키는데 중요한 역할을 하게 된다.

• 정보보호학회논문지
• /
• 제23권3호
• /
• pp.491-500
• /
• 2013

빅 데이터 시대의 도래와 함께, SSD(HDD) 도입 비용의 증가 등에 따라 최근 국내외 PC방 및 기관에서는 NDS(No Disk System) 솔루션을 도입해 오고 있다. NDS는 일종의 클라우드 컴퓨팅 기반의 스토리지 가상화 솔루션으로서 기존의 개별 컴퓨터에 설치되어 관리하였던 운영체제와 응용 프로그램을 중앙 서버에서 관리하는 방식이다. 본 논문에서는 NDS 환경에서의 사용자 행위 분석에 대한 방법에 대하여 알아보도록 하겠다.

• Journal of Communications and Networks
• /
• 제11권6호
• /
• pp.615-625
• /
• 2009

Worldwide inter-operability for microwave access (WiMAX) is a promising technology that provides high data throughput with low delays for various user types and modes of operation. While much research had been conducted on physical and MAC layers, little attention has been paid to a comprehensive and efficient security solution for WiMAX. We propose a hybrid security solution combining identity-based cryptography (IBC) and certificate based approaches. We provide detailed message exchange steps in order to achieve a complete security that addresses the various kind of threats identified in previous research. While attaining this goal, efficient fusion of both techniques resulted in a 53% bandwidth improvement compared to the standard's approach, PKMv2. Also, in this hybrid approach, we have clarified the key revocation procedures and key lifetimes. Consequently, to the best of knowledge our approach is the first work that unites the advantages of both techniques for improved security while maintaining the low overhead forWiMAX.

• 정보보호학회논문지
• /
• 제29권1호
• /
• pp.187-194
• /
• 2019

2014년 3월, 세계 최대의 비트코인 거래소였던 마운트곡스(Mt. Gox)가 해킹 공격으로 폐쇄된 사건 이래로 최근까지 국내 암호 화폐 거래소인 코인레일(Coinrail)이 해킹되는 등 사건이 잇달아 발생하고 있다. 이러한 거래소 해킹 사건은 단순한 시스템 해킹 수준을 넘어 사용자들의 자산이 탈취되는 자산 손실로까지 피해가 확산되고 있어, 암호 화폐 거래소에 대한 보안 이슈가 발생하였다. 위와 같은 문제를 해결하기 위해 탈중앙화 거래소(DEX, Decentralized Exchange)가 활발히 연구되고 있으나 이 또한 문제를 완화시킬 뿐 해결방안으로서는 부족한 실정이다. 따라서 본 논문에서는 기존의 암호 화폐 거래소들에 대한 보안위협을 분석하고 이에 대한 보안 요구사항을 도출한다. 또한 개인용 보안장치를 통한 안전한 분산형 암호 화폐 거래 모델을 제안하여 본 논문에서 제안하는 거래 모델이 앞선 보안위협에 대한 해결책임을 입증한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권1호
• /
• pp.240-263
• /
• 2021

One of the biggest challenges that the software industry is facing today is to create highly efficient applications without affecting the quality of healthcare system software. The demand for the provision of software with high quality protection has seen a rapid increase in the software business market. Moreover, it is worthless to offer extremely user-friendly software applications with no ideal security. Therefore a need to find optimal solutions and bridge the difference between accessibility and protection by offering accessible software services for defense has become an imminent prerequisite. Several research endeavours on usable security assessments have been performed to fill the gap between functionality and security. In this context, several Multi-Criteria Decision Making (MCDM) approaches have been implemented on different usability and security attributes so as to assess the usable-security of software systems. However, only a few specific studies are based on using the integrated approach of fuzzy Analytic Network Process (FANP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) technique for assessing the significant usable-security of hospital management software. Therefore, in this research study, the authors have employed an integrated methodology of fuzzy logic, ANP and TOPSIS to estimate the usable - security of Hospital Management System Software. For the intended objective, the study has taken into account 5 usable-security factors at first tier and 16 sub-factors at second tier with 6 hospital management system softwares as alternative solutions. To measure the weights of parameters and their relation with each other, Fuzzy ANP is implemented. Thereafter, Fuzzy TOPSIS methodology was employed and the rating of alternatives was calculated on the foundation of the proximity to the positive ideal solution.