• Smart Media Journal
• /
• v.7 no.4
• /
• pp.70-78
• /
• 2018

Current trends in information system have led many companies to adopt security solutions. However, even with a large budget, they cannot function properly without proper security monitoring that manages them. Security monitoring necessitates a quick response in the event of a problem, and it is needed to design appropriate visualization dashboards for monitoring purposes so that necessary information can be delivered quickly. This paper shows how to visualize a security log using the open source program Elastic Stack and demonstrates that the proposed method is suitable for network security monitoring by implementing it as a appropriate dashboard for monitoring purposes. We confirmed that the dashboard was effectively exploited for the analysis of abnormal traffic growth and attack paths.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.75-82
• /
• 2009

In this paper, we test for security targeting on APIs of Windows as that is used by many people worldwide. In order to test APIs in DLL fils of Windows OS, we propose Automated Windows API Fuzz Testing(AWAFT) that can execute fuzz testing automatically and implemented the practical tool for AWAFT. AWAFT focuses on buffer overflows and parsing errors of function parameters. Using the tool, we found 177 errors in the system folder of Windows XP SP2. Therefore, AWAFT is useful for security testing of Windows APIs. AWAFT can be applied to libraries of third party software in Windows OS for the security.

• International journal of advanced smart convergence
• /
• v.12 no.1
• /
• pp.41-52
• /
• 2023

The purpose of this study is to review the proposed solutions to the Blockchain trilemma put forward by various research scholars and to draw conclusions by comparing the findings of each study. We found that the models so far developed either compromise scalability, decentralization, or security. The first model compromises decentralization. By partially centralizing the network, transaction processing speed can be improved, but security strength is weakened. Examples of this include Algorand and EOS. Because Algorand randomly selects the node that decides the consensus, the security of Algorand is better than EOS, wherein a designated selector decides. The second model recognizes that scalability causes a delay in speed when transactions are included in a block, reducing the system's efficiency. Compromising scalability makes it possible to increase decentralization. Representative examples include Bitcoin and Ethereum. Bitcoin is more vital than Ethereum in terms of security, but in terms of scalability, Ethereum is superior to Bitcoin. In the third model, information is stored and managed through various procedures at the expense of security. The application case is to weaken security by applying a layer 1 or 2 solution that stores and reroutes information. The expected effect of this study is to provide a new perspective on the trilemma debate and to stimulate interest in continued research into the problem.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.53-58
• /
• 2011

There is increasing use of common commercial operation system and standard PCs to control industrial production systems, and cyber security threat for industrial facilities have emerged as a serious problem. Now these network connected ICS(Industrial Control Systems) stand vulnerable to the same threats that the enterprise information systems have faced and they are exposed to malicious attacks. In particular Stuxnet is a computer worm targeting a specific industrial control system, such as a gas pipeline or power plant and in theory, being able to cause physical damage. In this paper we present an overview of the general configuration and cyber security threats of a SCADA and investigate the attack tree analysis to identify and assess security vulnerabilities in SCADA for the purpose of response to cyber attacks in advance.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.10
• /
• pp.1397-1402
• /
• 2021

The overlay2 file system is one of the union file systems that mounts multiple directories into one. The source directory used for this overlay2 file system mount has a characteristic that it operates independently of the write-able layer after mounting, so it is often used for container platforms for application delivery. However, the overlay2 file system has a security vulnerability that the write-able layer is also modified when file in the source directory is modified. In this study, I proposed the overlay2 file system protection technology to remove the security vulnerabilities of the overlay2 file system. As a result of empirically implementing the proposed overlay2 file system protection technology and verifying the function, the protection technology proposed in this study was verified to be effective. However, since the method proposed in this study is a passive protection method, a follow-up study is needed to automatically protect it at the operating system level.

• The Journal of the Korea Contents Association
• /
• v.12 no.2
• /
• pp.69-77
• /
• 2012

In the case of the password-based PKI technology, because it protects by using the password which is easy that user memorizes the private key, he has the problem about the password exposure. In addition, in the system of electronic bidding, the illegal use using the authentic certificate of the others increases. Recently, in order to solve this problem, the research about the PKI technology using the biometrics is actively progressed. If the bio information which the user inputs for the bio authentication is converted to the template, the digest access authentication in which the security is strengthened than the existing authentication technology can be built. Therefore, in this paper, we had designed and developed the system of electronic bidding which it uses the most widely used fingerprint information in the biometrics, it stores the user fingerprint information and certificate in the fingerprint security token and can authenticate the user. In case of using the system of electronic bidding of the public key infrastructure using the fingerprint information proposed in this paper the agent bid problem that it uses the certificate of the others in not only user authentication intensification but also system of electronic bidding can be concluded.

• Journal of Information Processing Systems
• /
• v.8 no.3
• /
• pp.495-520
• /
• 2012

A secure Electronic Payment System (EPS) is essential for the booming online shopping market. A successful EPS supports the transfer of electronic money and sensitive information with security, accuracy, and integrity between the seller and buyer over the Internet. SET, CyberCash, Paypal, and iKP are the most popular Credit Card-Based EPSs (CCBEPSs). Some CCBEPSs only use SSL to provide a secure communication channel. Hence, they only prevent "Man in the Middle" fraud but do not protect the sensitive cardholder information such as the credit card number from being passed onto the merchant, who may be unscrupulous. Other CCBEPSs use complex mechanisms such as cryptography, certificate authorities, etc. to fulfill the security schemes. However, factors such as ease of use for the cardholder and the implementation costs for each party are frequently overlooked. In this paper, we propose a Web service based new payment system, based on ANSI X9.59-2006 with extra features added on top of this standard. X9.59 is an Account Based Digital Signature (ABDS) and consumer-oriented payment system. It utilizes the existing financial network and financial messages to complete the payment process. However, there are a number of limitations in this standard. This research provides a solution to solve the limitations of X9.59 by adding a merchant authentication feature during the payment cycle without any addenda records to be added in the existing financial messages. We have conducted performance testing on the proposed system via a comparison with SET and X9.59 using simulation to analyze their levels of performance and security.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2013.01a
• /
• pp.325-326
• /
• 2013

최근 들어 스마트폰이 급격하게 보급됨에 따라 스마트폰과 다른 모듈을 이용한 시스템이 많이 개발되고 있다. 현재 보안 카메라는 cctv카메라가 주를 이루고 있는데, 보통 그 정보를 컴퓨터에 받아 저장하거나 휴대폰으로 현재 영상을 확인하는 것이 대부분이다. 우리는 계속 화면을 동영상으로 저장하지 않고 전방에 사물이 인식 되었을 때 스틸 이미지 한 장을 찍어 휴대전화에 무언가가 찍혔다는 알람을 남겨준다. 이는 집안이나 인적이 드문 창고에 설치하면 유용하게 사용될 수 있을 것으로 생각된다.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.67-75
• /
• 2002

The purpose of this study is to reflect the risk analysis results acquired while building an information system of an organization by applying a risk analysis model capable of analyzing the confronted risk, on the information system build methodology. Risk analysis, a method of utilizing the functional relation between risk, vulnerability and countermeasure of information assets, is used to evaluate the overall information risk level by analyzing the influence range of vulnerability imposed in the information asset of an organization, and the applications of the countermeasures on the frequency and intensity of the corresponding risk.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.69-79
• /
• 2003

We analyze key business process by using IDEF method in the perspective of business continuity, identify key information assets by using Skandia model, and use Nessus Version 1.4.2 to assess vulnerability about the sever of library information system according to OCTAVE(The Operationally Critical Threat, Asset, and Vulnerability Evaluation) approach. We suggest the vulnerability assessment case for introducing improved OCTAVE method including IDEF method and Skandia model.