• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2005.05a
• /
• pp.664-668
• /
• 2005

ERP(Enterprise Resource Planning) 시스템은 급여, 회계, 인사, 생산, 판매, 물류 등을 포함한 핵심 비즈니스 프로세스를 담고 있는 소프트웨어이다. 인터넷의 등장으로 ERP 시스템이 WEB 기반으로 전환되었고 ERP의 영역도 기업내부에 국한된 것이 아니라 기업간의 거래를 모두 포함하기에 이르렀다. 그러나 ERP 시스템은 회사의 중요한 의사결정 데이터들과 한 Application 안에서 일어나는 Transaction 처리 등의 정보 보안에 대한 취약성을 가지고 있다. 이에 ERP 시스템에도 보안에 대한 필요성이 대두되었으나 ERP 업체들의 대다수는 아직도 구체적인 보안에 대한 방안을 제시하지 않고 있는 실정이다. 결국 비즈니스의 성공도 취약한 기업의 자원을 인증되지 않은 다른 사용자로부터 보호하는 능력에 달려 있으며, 이 연구의 목적은 ERP 시스템의 보안 이슈를 어떻게 다룰 것이며, ERP 보안 요구 사항을 어떻게 모델링 할 것인가에 대한 연구 이다. 현재 나와있는 SAP R/3와 EAGLE ERP의 제품 보안 모델을 비교함으로써 외산 제품과 국산 제품의 보안 요구 사항을 분석 하고, ERP시스템 보안에 대한 고려사항 및 접근 방법을 모델링 할 것이다. 본 연구에서는 UML을 이용하여 ERP 시스템 안에서 찾을 수 있는 모든 보안 사항을 점검 하고,UML의 물리적 요소와 논리적 요소를 이용함으로써 ERP 보안을 모델링 하고자 한다. 이 논문을 통하여 ERP 시스템의 각 분야의 담당자가 ERP 보안을 개념적으로 접근 할 수 있도록 할 것이다. 차후 연구 과제는 좀더 구체적인 모델링을 통한 ERP 보안 solution 개발이다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.55-63
• /
• 2016

SOA(service oriented architecture) based ESB(enterprise service bus) model is widely adopted in many companies for the safe processing of enormous data and the integration of business system. The existing web service technologies for the construction of SOA, however, show unsatisfactory in practical applications though the standardization of web service security technologies is in progress due to their limitations in safe exchange of data. Internal end users using a large business system based on such environment are composed of the variety of organizations and roles. Companies might receive more serious damage from insider threat than that from external one when internal end users get unauthorized information beyond the limits of their authority for private profit and bad purposes. In this paper, we propose a security architecture capable of identifying and coping with the security threats of web service technologies arouse from internal end users.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.6
• /
• pp.599-603
• /
• 2016

Recently the wireless LAN system is substituting wired LAN system notably as the number of mobile users increases greatly along the advancement of technology. But the wireless LAN has a critical weakness in the security such as data leakage. Thus a safe security system is imperative to avoid threatening from hackers with offering the best convenience to inner users. In this research, we have developed a RADIUS wireless LAN security system for industrial applications, which performs the EAP authentication with the compatibility for any maker of wireless LAN. The system has interfaces based on WEB, providing DB access function for user management so that users can perform authentication of 802.1x in their computers.

• Convergence Security Journal
• /
• v.8 no.1
• /
• pp.1-7
• /
• 2008

The hacking method came to be more complicated, became program ant it was automated. That is hacking trend of recent times. Before, The password crack, catch root authority is trend of hacking which uses the vulnerability of server. Hacker attack network or all of domain not some host. Web application system at hacking technique develops and improve transmitted data through the network shows many vulnerability. The massive data are transmitted through the network without encipherment filtering. It will be able to bring about the neck of a bottle actual condition which is serious in security system because of the network where the user comes to be many it leads and the data which is delivered comes to be many. In this paper, we propose web application system to prevent overload from bottleneck in encipherment system. It can solve security key trust problem in encoding and decoding with public key infrastructure.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.10a
• /
• pp.850-853
• /
• 2008

As th Internet grew rapidly, the Electronic Commerce that is based on Internet increased. The Electronic Commerce is unsubstantial in the mutual authentication between the parties and a commerce As a solution to this issue, a Web server uses a Client Message technology. The purpose of Client Message is to validate the user and the electronic commercial transaction. Further, it increases efficiency and offers several ability at various purposes. However, the Client Message is transferred and stored as an unencrypted text file, the information can be exposed easily to the network threats, end system threats, and Client Message harvesting threats. In this paper designed by used crypto algorithm a Secure Message as a solution to the issue have proposed above. Further, designed a security service per Network transmitting message to transfer client's user input information to a Web server safety.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1489-1497
• /
• 2018

Web application services have diversified. At the same time, research on intrusion detection is continuing due to the surge of cyber threats. Also, As a single-defense system evolves into multi-level security, we are responding to specific intrusions by correlating security events that have become vast. However, it is difficult to check the OS, service, web application type and version of the target system in real time, and intrusion detection events occurring in network-based security devices can not confirm vulnerability of the target system and success of the attack A blind spot can occur for threats that are not analyzed for problems and associativity. In this paper, we propose the validation of effectiveness for intrusion detection events using TF-IDF. The proposed scheme extracts the response traffics by mapping the response of the target system corresponding to the attack. Then, Response traffics are divided into lines and weights each line with an TF-IDF weight. we checked the valid intrusion detection events by sequentially examining the lines with high weights.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.16 no.1
• /
• pp.101-108
• /
• 2021

This paper builds a real-time home security system based on the OneNet cloud platform to control the status of the house through a smartphone. The system consists of a local part and a cloud part. The local part has I/O devices, router and Raspberry Pi (RPi) that collects and monitors sensor data and sends the data to the cloud, and the Flask web server is implemented on a Rasberry Pi. When a user is at home, the user can access the Flask web server to obtain the data directly. The cloud part is OneNet in China Mobile, which provides remote access service. The hybrid App is designed to provide the interaction between users and the home security system in the smartphone, and the EDP and RTSP protocol is implemented to transmit data and video stream. Experimental results show that users can receive sensor data and warning text message through the smartphone and monitor, and control home status through OneNet cloud.

• Proceedings of the IEEK Conference
• /
• 2002.06c
• /
• pp.165-168
• /
• 2002

This paper has been designed and implemented of web security system using RF card A security mechanism that was proposed in this paper provides web services on card reader reads RF card of user only. In this paper, user authentication and server authentication was provided by challenge/response mechanism. Also, this system was provides confidentiality of communication messages.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2014.07a
• /
• pp.365-367
• /
• 2014

최근 웹 서비스의 증가와 악성코드는 그 수를 판단 할 수 없을 정도로 빠르게 늘어나고 있다. 매년 늘어나는 악성코드는 금전적 이윤 추구가 악성코드의 주된 동기가 되고 있으며 이는 공공기관 및 보안 업체에서도 악성코드를 탐지하기 위한 연구가 활발히 진행되고 있다. 본 논문에서는 실시간으로 패킷을 분석할수 있는 필터링과 웹 크롤링을 통해 도메인 및 하위 URL까지 자동적으로 탐지할 수 있는 악성코드 탐지 시스템을 제안한다.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.77-84
• /
• 2012

Recent Security Programs are widely used to improve the security of Client Systems in the Web authentication. Security Program is provide the function of the Keyboard Security and Certificate Management, Vaccines, Firewall. in particular, This Security Program has been used Financial Institutions and Government Agencies, and some private corporate Home Page. and ActiveX is used to install the Security Program. but Security Programs caused by several security vulnerabilities and problems as they appear, are threat to the stability of the Client System. Therefore, This paper will be analyzed through Case Studies and Experiments to the Vulnerabilities and Problems of Security Program and This Is expected to be utilized to further improve the performance of the Security Program and the building of a new Certification Scheme for material in the future.