• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.281-292
• /
• 2017

It is demanded to promote research and development of cyber weapons system and core technology in response to the ongoing cyber attack of North Korea. In this paper, core technologies of the future cyber weapon system are developed and the factors affecting the realization timing of core technologies were analyzed. 9 core technology groups and 36 core technologies are derived. Afterwards, these core technology groups are compared to the operation phase of the joint cyber warfare guideline and the cyber kill chain of Lockheed Martin. As a result of the comparison, it is confirmed that the core technology groups cover all phases of the aforementioned tactics. The results of regression analyses performed on the degree of influence by each factor regarding the moment of core technology realization show that the moment of core technology realization approaches more quickly as factors such as technology level of the most advanced country, technology level of South Korea, technology transfer possibility from the military sector to the non-military sector(spin-off factor), and technology transfer possibility from the non-military sector to the military sector(spin-on factor) increase. On the contrary, the moment of core technology realization is delayed as the degree at which the advanced countries keep their core technologies from transferring decrease. The results also confirm that the moment of core technology realization is not significantly correlated to the economic ripple effect factor. This study is meaningful in that it extract core technologies of cyber weapon system in accordance with revision of force development directive and join cyber warfare guideline, which incorporated cyber weapon system into formal weapon system. Furthermore, the study is significant because it indicates the influential factor of the moment of core technology realization.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.5 no.4
• /
• pp.45-53
• /
• 2015

In this paper, an approach of temporal certification system that can be easily added on current character-based certification system is newly introduced. This technique enhances the security of the password certification process by exploiting temporal information for each character's stroke timing, and using them as another feature of certification information, on top of character comparison process. There are three different temporal conditions: maximum, minimum and no-option. The maximum condition along with a time number (usually 0.2 second or less) means that the next key input should be punched within the time limit, while the minimum condition means the next key stroke should be typed after the time lapse specified. With no-option condition chosen, user can punch the password without any timing constraints. Prototype was developed and tested with four number password case. In comparison with 104 cases, this new approach increases the cases more than 10 digits, enhancing the security of the certification process. One big advantage of this new approach is that user can update his/her password only with different timing constraints, still keeping the same characters, that will enhance the security system management efficiency in a very simple way. Figures and pictures along with process flow are included for the validity of the idea.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.10
• /
• pp.5039-5061
• /
• 2017

Cloud storage becomes a new trend that more and more users move their data to cloud storage servers (CSSs). To ensure the security of cloud storage, many cloud auditing schemes are proposed to check the integrity of users' cloud data. However, most of them are based on public key infrastructure, which leads to complex certificates management and verification. Besides, most existing auditing schemes are inefficient when user uploads a large amount of data or a third party auditor (TPA) performs auditing for multiple users' data on different CSSs. To overcome these problems, in this paper, we propose an efficient and secure auditing scheme based on identity-based cryptography. To relieve user's computation burden, we introduce a proxy, which is delegated to generate and upload homomorphic verifiable tags for user. We extend our auditing scheme to support auditing for dynamic data operations. We further extend it to support batch auditing in multiple users and multiple CSSs setting, which is practical and efficient in large scale cloud storage system. Extensive security analysis shows that our scheme is provably secure in random oracle model. Performance analysis demonstrates that our scheme is highly efficient, especially reducing the computation cost of proxy and TPA.

• Proceedings of the KIEE Conference
• /
• 1998.07g
• /
• pp.2445-2447
• /
• 1998

For increasing the quality of SCADA system, the application of image information is demanded from typical SCADA system based on data information. Until now, the remote control and monitoring systems combine data information but now gradually have trends to combine voice, data and image information. So multimedia technology is applied to realize new SCADA system. Depends on these requires, we apply new concepts of communication network and multimedia technology to the SCADA system for electric facility. In this paper, we aim at developing multi media supervisory control and data acquisition system based on data and image information, which used electric power system and security system.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.11
• /
• pp.139-146
• /
• 2020

Cloud computing technology provides economic and efficient system operation and management features to deal with rapidly changing IT technologies. However, this is less used in institutes and companies due to low security of cloud computing service. It is recognized that storing and managing important information, which is confidential in external systems is vulnerable to security threats. In order to enhance security of this cloud computing service, this paper suggests a system and user authentication reinforcement model. The suggested technology guarantees integrity of user authentication information and provides users with convenience by creating blocks for each cloud service and connecting service blocks with chains. The block chain user authentication model offers integrity assurance technology of block chains and system access convenience for SSO users. Even when a server providing cloud computing is invaded, this prevents chained invasions not to affect other systems.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.25-31
• /
• 2013

Looking at the recent value change of users and the usage pattern of network users, it is changing from simple web information, one-way information acquisition and data transmission to increase of usage of multimedia, increasing demand for security and customization, and increasing demands for free mobility. Due to this change of demand, the services which were provided individually, developed into a form which is merged, the network also seems to develop into the combined network from the individual network for individual service, and the communication network control technology which is the core technology is also rapidly developing. To reflect the users' demands, the next generation network created the multi-layer network which is based on the WDM/IP transmission system and added the to make it easy to restructure. P-OTS (Packet-Optical Transport System) can be defined as a platform that combines SONET/SDH, Ethernet, DWDM, optical transport network (OTN) switching and reconfigurable optical add-drop multiplexers (ROADMs). In this paper, we suggested that the optimum path choice be performed through diversification of the PCE-based path selection using the information of various layers altogether in the multi-layer environment, compared with the established path selection method when the path was selected using the information of each layers.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.3
• /
• pp.179-187
• /
• 2003

This study investigate the reasons of organizational failure in detection and appropriate response to risk signal. The Crisis does not come true suddenly, there is some risk signals in crisis. If Organization detect the risk signals the crisis is come true opportunities, if not the crisis is come true disastrous outcome. This is use the system dynamics approach. System Dynamics assume the system as a collection of causal feedback loop, so we understand the dynamics around the problems. This investigate suggest that, the focus on growth is the a kind of promotional pressure and the pressure drive the organization to less attention the risk signal, so the risk is underestimate In proportion to real risk. Ultimate, the organization entrap the promotional climate and insensible to security. This study is a kind of hypothesis-discovering research, in the further study, the discovered hypothesis will be empirically tested.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.77-87
• /
• 2008

Recently, many hash-based authentication protocols were presented to guarantee mutual authentication between tag and DB in RFID system. To be suitable for distributed DB environment, one generally uses fixed constant value as a tag ID. However, some existing protocols have security flaws or heavy computational loads in DB in order to search a tag ID. We propose a secure authentication protocol which is suitable for distributed DB environment by using unchangeable tag ID. The storage method of pre-synchronized information in DB at previous session is core idea of our proposal which gives low-cost ID search of DB at next session. In normal synchronization state, our protocol only requires 3 hash operations in tag and DB respectively.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2595-2618
• /
• 2018

In this paper, we investigate secure communication with the presence of multiple eavesdroppers (Eves) in a two-tier downlink dense heterogeneous network, wherein there is a macrocell base station (MBS) and multiple femtocell base stations (FBSs). Each base station (BS) has multiple users. And Eves attempt to wiretap a macrocell user (MU). To keep Eves ignorant of the confidential message, we propose a physical-layer security scheme based on cross-layer cooperation to exploit interference in the considered network. Under the constraints on the quality of service (QoS) of other legitimate users and transmit power, the secrecy rate of system can be maximized through jointly optimizing the beamforming vectors of MBS and cooperative FBSs. We explore the problem of maximizing secrecy rate in both non-colluding and colluding Eves scenarios, respectively. Firstly, in non-colluding Eves scenario, we approximate the original non-convex problem into a few semi-definite programs (SDPs) by employing the semi-definite relaxation (SDR) technique and conservative convex approximation under perfect channel state information (CSI) case. Furthermore, we extend the frame to imperfect CSI case and use the Lagrangian dual theory to cope with uncertain constraints on CSI. Secondly, in colluding Eves scenario, we transform the original problem into a two-tier optimization problem equivalently. Among them, the outer layer problem is a single variable optimization problem and can be solved by one-dimensional linear search. While the inner-layer optimization problem is transformed into a convex SDP problem with SDR technique and Charnes-Cooper transformation. In the perfect CSI case of both non-colluding and colluding Eves scenarios, we prove that the relaxation of SDR is tight and analyze the complexity of proposed algorithms. Finally, simulation results validate the effectiveness and robustness of proposed scheme.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.10
• /
• pp.339-346
• /
• 2016

1 person media is becoming the leading trend among several media in the Internet era exploiting the individual desire of showing off. But, the vast accessibility of Internet produces the worry about privacy risk, which concludes in the increasement of closed SNS. In this paper, we propose a system based on PWW (Person Wide Web) where a person is producing a media and share it with other persons. PWW is an information system which consists of a smart-phone, mobile anchors, a standard web document, and his own cloud storage. An information consumer gets the link using his smart-phone from the mobile anchors attached on the objects in the field. The web browser in the smart-phone obtains the web documents designated by the link and presents it. We also explains the 1 person media system based on PWW and presents the example utilized in the field. We compared and analyzed the security factor of the system based on between WWW and PWW, and concluded that PWW is better than WWW in the aspect of security.