• Annual Conference of KIPS
• /
• 2019.10a
• /
• pp.432-435
• /
• 2019

인터넷 이용률이 증가하고 정보통신 기술이 발달하면서 다양한 해킹 기법과 보안 기술이 등장하고 있다. 그러나 네트워크상의 보안이 잘 이뤄지더라도 PC의 보안이 잘 이뤄지지 않는다면 그것을 이용해 전달되는 데이터는 결코 안전하다고 할 수 없다. 이 논문에서는 PC의 사용자가 본인이 맞는지에 대한 인증에 주목하여 OTP를 이용한 PC 인증 시스템을 제안한다. OTP를 이용해 사용자를 인증하는 시스템을 설계 및 구현하고, 분석하여 최종적으로 시스템의 보안성을 확인한다.

• Annual Conference of KIPS
• /
• 2009.11a
• /
• pp.673-674
• /
• 2009

전자신분증 시스템을 구현하기 위해서는 여러 가지 보안요소들이 고려되어야 한다. 본 논문에서는 Hash Tree와 Keyed Hash를 이용하여 전자신분증 시스템에 효율적으로 적용될 수 있는 메시지 인증(Message Authentication) 프토토콜을 제안한다.

• Annual Conference of KIPS
• /
• 2020.11a
• /
• pp.339-342
• /
• 2020

본 논문에서는 공용 세탁기의 작동 현황을 사용자에게 전달하여 불필요한 시간을 줄이는 시스템을 제안하고 있다. 제안하는 시스템은 아두이노와 전류 측정 센서를 연결하여 전류를 측정하고, 측정한 전류량을 이용하여 세탁기가 작동 중인지 판단하고, 사용자의 애플리케이션으로 사용 현황을 전달해준다. 사용자의 관점에서 효율성과 편리성을 중점에 두고 연구를 진행하였다.

• Journal of Internet Computing and Services
• /
• v.7 no.4
• /
• pp.115-122
• /
• 2006

The purpose of this paper is to suggest the improving plans about the system as searching an effective managing devices for NEIS with analysis of managing condition. For the plans, questionnaire was performed in the five sections to primary and secondary school teachers. Those were recognition about C/S, Introduction and conductive processing of NEIS, Satisfaction of specific task on school affairs and educational matters, its function, efficiency and security as well as technical problem. Those were recognition about C/S, Introduction and conductive processing of NEIS, Satisfaction of specific task on school affairs and educational matters, its function, efficiency and security as well as technical problem. The results are following: First. in spite of satisfaction with function of C/S, it have been some problems such as frequent patch and down of server. Secondly, although the introduction of NEIS was done in hurry without gathering teachers' opinions and sufficient research of system, it has been expected to settle down normally with correction and security. Thirdly, positive reaction was generally showed in research on satisfaction of specific task for school affairs and educational matters. Fourthly, most of teachers have known the functions of NEIS and recognized its convenience. Although they has not thought it reduced their work, they have realized it's convenient for dealing with statistics. Lastly, they think of NEIS as the essential system for the age of information, in spite of problems such as reveal of personal data and security. Therefore, we should keep eyes to problem of an invasion of human right. In addition, study deep into NEIS should be conducted with consistent security for the system. In order to it. technical and legal system should be carried out side by side.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.859-866
• /
• 2019

Cybersecurity attack targeting a specific user is rising in number, even enterprises are trying to strengthen their cybersecurity. Network segmentation environment where public network and private network are separated could block information coming from the outside, however, it is unable to control outside information for business efficiency and productivity. Even if enterprises try to enhance security policies and introduce the network segmentation system and a solution incorporating CDR technology to remove unnecessary data contained in files, it is still exposed to security threats. Therefore, we suggest a system that uses file format conversion to transmit a secure file in the network separation environment. The secure file is converted into an image file from a document, as it reflects attack patterns of inserting malicious code into the document file. Additionally, this paper proposes a system in the environment which functions that a document file can keep information for incident response, considering forensic readiness.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.6
• /
• pp.1447-1452
• /
• 2010

Ubiquitous society to build basic infrastructure in the power supply and power equipment safety is important. u-City in order to prevent the disaster of u-IT Power Equipment Performance Module and the security for the safety of the u-City is necessary. In this paper, the power unit of u-IT module, temperature sensor, humidity sensor, equipped with sensors arranged throughout the fire, and home distribution boards, Home Network Wall-Pad, Blocker, MPNP black boxes, arc detection, arc safety equipment, outlet of the modular performance evaluation methods and security methods will be studied. u-IT power devices and sensors to analyze the information conveyed by proactive risk and ensure safety, access control, authentication, security safeguards, such as u-IT integrated management system for electrical safety and strengthen the security, safety and security with a u-City will contribute to the construction and operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.703-713
• /
• 2015

The linking system between the control system and the field devices in the existing EMS/SCADA, in order to increase the reliability of the data, and access control through the separation of external network. Currently, There is a tendency that the need for connection to an external network that takes into account the economic aspect, systematic management and efficiency of operations is increasing. Such is evolved linkage section, is to have more security vulnerabilities than in the past, Eventually communication EMS/SCADA linkage section requires special management method. In this paper, taking into account the domestic environment, were presented the security Certification and Accreditation technology that was applied to serial DNP3 and TCP/IP based DNP3 that are mainly used in EMS/SCADA linkage section. Presented to security of Certification and Accreditation technology, divided into Resource Robustness Test and Malicious Packet Test for evaluate the safety. Each of the security requirements and evaluation method in proposed technology, is an attempt to present the differentiation of the existing Certification and Accreditation technology.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.101-108
• /
• 2013

Sensor network configurations are for a specific situation or environment sensors capable of sensing, processing the collected information processors, and as a device is transmitting or receiving data. It is presently serious that sensor networks provide many benefits, but can not solve the wireless network security vulnerabilities, the risk of exposure to a variety of state information. u-Healthcare sensor networks, the smaller the sensor node power consumption, and computing power, memory, etc. restrictions imposing, wireless sensing through the kind of features that deliver value, so it ispossible that eavesdropping, denial of service, attack, routing path. In this paper, with a focus on sensing of the environment u-Healthcare system wireless security vulnerabilities factors u-Healthcare security framework to diagnose and design methods are presented. Sensor network technologies take measures for security vulnerabilities, but without the development of technology, if technology is not being utilized properly it will be an element of threat. Studies suggest that the u-Healthcare System in a variety of security risks measures user protection in the field of health information will be used as an important guide.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.401-415
• /
• 2019

Recently, there has been a lot of studies and efforts to strengthen the stability of critical infrastructures against increasing cyber attacks to critical infrastructures. In this thesis, I defined what cyber threats are, after showing you various definitions about what cyber threats are and what the types are. After studying about significant cyber threats from China, I showed you the realities of cyber threats with the analysis about starting points, types of cyber threats, ratios of attacks and so on. At last, I defined guidelines about unnecessary oversea IP range blocking. Also, I proposed unnecessary oversea IP range blocking methodologies with per information system and per network system. Furthermore, I proposed blocking characteristics per security equipment and security operation improvement and blocking effects and service process to normal oversea users.

• The Journal of Society for e-Business Studies
• /
• v.23 no.4
• /
• pp.153-169
• /
• 2018

Previous e-financial anomalies analysis and detection technology collects large amounts of electronic financial transaction logs generated from electronic financial business systems into big-data-based storage space. And it detects abnormal transactions in real time using detection rules that analyze transaction pattern profiling of existing customers and various accident transactions. However, deep analysis such as attempts to access e-finance by insiders of financial institutions with large scale of damages and social ripple effects and stealing important information from e-financial users through bypass of internal control environments is not conducted. This paper analyzes the management status of e-financial security programs of financial companies and draws the possibility that they are allies in security control of insiders who exploit vulnerability in management. In order to efficiently respond to this problem, it will present a comprehensive e-financial security management environment linked to insider threat monitoring as well as the existing e-financial transaction detection system.