• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.131-144
• /
• 2010

IT developed countries since the late 1980s are used to develop IT security evaluation criteria to ensure safety and reliability of information protection products. Currently a variety of products used for the evaluation based on CC and it takes a long period of product evaluation is required to reduce the developers and users. In this paper refer to the published standard evaluation schedule for the EAL4 calculation model offers a trial period. In addition, based on this commitment by adjusting the number of evaluaters to evaluate the applicant in the evaluation period to minimize the position offers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.259-273
• /
• 2016

After realizing through the three large-scale data leakage incidents that intentional or accidental insider jobs are more serious than external intrusions, financial companies in Korea have been taking measures to prevent data leakage from occuring again. But, the IT system architecture reflecting the domestic financial environment is highly complicated and thereby difficult to grasp. It is obvious that despite administrative, physical, and technical controls, insider threats are likely to cause personal data leakage. In this paper, we present a process that based on metadata defines and manages personally identifiable attribute data, and that through inter-table integration identifies personal information broadly and controls access. This process is to decrease the likelihood of violating compliance outlined by the financial supervisory authority, and to reinforce internal controls. We derive and verify a decision-making model that reflects the proposed process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.155-163
• /
• 2009

DRM system with streaming scheme has obtained it's priority due to generalized production and distribution of digital contents by development of multimedia device and internet. Previous DRM system with streaming scheme over-burdened the system by encrypting every data of the contents. This paper presents DRM system with new streaming scheme that is able to independently transmit encrypted contents to network protocol and maximize system function by encrypting only certain parts of data. Also, performance is analyzed through designing and implementing the proposed system.

• Journal of Korea Society of Industrial Information Systems
• /
• v.15 no.5
• /
• pp.1-9
• /
• 2010

Abstract The DHCP power saving system provides advantage to driving active participation in which users installs the power saving software by restricting IP address through the power management server. However, the problem with this approach is the vulnerability to IP spoofing attacks, therefore we need to solve the mistake that disrupt the entire network system rather than saving electric power. In this paper, we propose the authentication system that can implement the efficiency saving power by providing high security for the members' computer system of the public institutions based on the saving power system.

• Korean Security Journal
• /
• no.19
• /
• pp.225-244
• /
• 2009

Electronic security system is composed mainly of electronic-information-communication device, so system technology, configuration and management of the electronic security system could be affected by the change of information-communication environment. This study is to propose the future prospect on the development of technique for electronic security system through the analysis of the trend and the actual condition on the development of technique. This study is based on literature study and interview with user and provider of electronic security system, also survey was carried out by system provider and members of security integration company to come up with more practical result. Hybrid DVR technology that has multi-function such as motion detection, target tracking and image identification is expected to be developed. And 'Embedded IP camera' technology that internet server and image identification software are built in. Those technologies could change the configuration and management of CCTV system. Fingerprint identification technology and face identification technology are continually developed to get more reliability, but continual development of surveillance and three-dimension identification technology for more efficient face identification system is needed. As radio identification and tracking function of RFID is appreciated as very useful for access control system, hardware and software of RFID technology is expected to be developed, but government's support for market revitalization is necessary. Behavior pattern identification sensor technology is expected to be developed and could replace passive infrared sensor that cause system error, giving security guard firm confidence for response. The principle of behavior pattern identification is similar to image identification, so those two technology could be integrated with tracking technology and radio identification technology of RFID for total monitoring system. For more efficient electronic security system, middle-ware's role is very important to integrate the technology of electronic security system, this could make possible of installing the integrated security system.

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.1-6
• /
• 2005

Today the malicious approach and information threat against a network system increase and, the demage about this spread to persnal user from company. The product which provides only unit security function like an infiltration detection system and an infiltration interception system reached the limits about the composition infiltration which is being turn out dispersion anger and intelligence anger Necessity of integrated security civil official is raising its head using various security product about infiltration detection, confrontation and reverse tracking of hacker. Because of the quantity to be many analysis of the event which is transmitted from the various security product and infiltration alarm, analysis is difficult. So server is becoming the charge of their side. Consequently the dissertation will research the method to axis infiltration alarm data to solve like this problem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.709-720
• /
• 2013

Virtualization obfuscation makes hard to analyze the code by applying virtualization to code section. Protected code by common used virtualization obfuscation technique has become known that it doesn't have restored point and also it is hard to analyze. However, it is abused to protect malware recently. So, It is been hard to analyze and take action for malware. Therefore, this paper's purpose is analyze and take action for protected malware by virtualization obfuscation technique through implement tool which can extract virtualization structure automatically and trace execution process. Hence, basic structure and operation process of virtualization obfuscation technique will be handled and analysis result of protected malware by virtualization obfuscation utilized Equation Reasoning System, one kind of program analysis. Also, we implement automatic analysis tool, extract virtualization structure from protected executable file by virtualization obfuscation technique and deduct program's execution sequence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.331-340
• /
• 2021

As the communication industry develops, the development of SoC (System on Chip) is increasing. Accordingly, the paradigm of technology design of industries and companies is changing. In the existing process, companies purchased micro-architecture, but now they purchase ISA (Instruction Set Architecture), and companies design the architecture themselves. RISC-V is an open instruction set based on a reduced instruction set computer. RISC-V is equipped with ISA, which can be expanded through modularization, and an expanded version of ISA is currently being developed through the support of global companies. In this paper, we present benchmarking frameworks ARIA, LEA, and PIPO of Korean block ciphers in RISC-V. We propose implementation methods and discuss performance by utilizing the basic instruction set and features of RISC-V.

• Journal of Korea Society of Industrial Information Systems
• /
• v.10 no.2
• /
• pp.67-75
• /
• 2005

In this paper, we design and implement real time IP security packet analyzer on IPv4 and IPv6 network. This packet analyzer sniffs and analyzes the packets generated by the protocols that are used by IPsec, IKE, IPv4 and IPv6 such as AH, ESP, ISAKMP, IP, ICMP and so on. The purpose of this analyzer is to check current security status of the network automatically. In this paper we provide implementation details and the examples of security evaluation by using our security packet analyzer system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.213-219
• /
• 2011

Due to the rapid growth of smartphone market, the security threats are also increased. One of the smartphone security threats is that w1Verified applications are distributed on the smartphone market. In the case of Andoroid market, Google have no Application Approval Process that can detect malicious android application so many malicious android applications are distributed in the Android market. To reduce this security threat, it is essential the skill to detect the malicious activities of application. In this paper, we propose the android application analysis method for malicious activity detection and we introduce the implementation of our method which can automatically analyze the android application.