• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.2
• /
• pp.287-293
• /
• 2012

It has been only few years that various contents information subject for information processing system has been remarkably increased in online. If we say the year 2000 is the technology based year when deluge of information and data such as real time sharing, the time since after 2000 until 2011 has been a period plentiful of application based functions and solutions. Also, as the applicable range of these information process systems extends, individual information effluence has been social issues twice in 2009 and 2010. Thus now there are continuous efforts made to develop technologies to secure and protect information. However, the range problem has been extended from the illegal access from outside to the legal access from internal user and damages by agents hidden in internal information process system and client system. Therefore, this study discusses the necessity for the studies on efficiency based information security by control of access to internal information and authority setting for administrator and internal users. Based on the result of this study, it provides data that can be used from SOHO class network to large scale for information security method.

• Korean Security Journal
• /
• no.58
• /
• pp.107-135
• /
• 2019

The purpose of this paper is to compare and analyze the similarities and differences between the security environment, information organization and information activities of Korea and the United States. The comparison will provide insight into Korea and other national intelligence agencies, as well as methodological advances in information research, by providing insight into the overall information and a broad understanding As the history, culture and national power of Korea and the U.S. are different, the organization and activities of intelligence agencies are also different. First of all, in terms of environment, the U.S. carries out intelligence activities for national interest and security in a wide range of areas ranging from North American continental countries to South America, the Middle East, Asia and Asia, while South Korea's intelligence activities are mainly aimed at North Korea and neighboring countries around the Korean Peninsula. In terms of information organization, U.S. intelligence agencies are separate, whereas domestic and foreign intelligence agencies are separate, whereas Korean intelligence agencies are a type of integrated intelligence agency that combines information and investigation, unlike the U.S. In the U.S., the U.S. also operates as an intelligence community, and there are many flexible organizations such as non-tier organizations and centers. Intelligence activities by U.S. intelligence agencies are mainly focused on analysis and overseas processing activities, while Korean intelligence agencies still account for a large portion of domestic information activities. Despite these differences, Korea's intelligence agency was created by imitating U.S. intelligence agencies, and thus has similar aspects in terms of evaluation of security, organization and activities. However, this similarity is shared by all intelligence agencies, so the article will focus on analyzing differences. Finally, for the development of Korean intelligence agencies, the establishment of an intelligence community and efficient control of the National Assembly will be proposed.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.297-302
• /
• 2004

Internet becomes absolutely necessary tools due to rapid progress of information technology. Educational correspondence abount an age of information demand is a education focused on a learner and remote education based on information technology. WBI(Web Based Instruction) is a formation that remotly educate a learner using web, possible mutual reaction between instructor and learner, submint various studying material, has a good point to overcome spatial restriction. Internal and external standardization working is accelerated and recently XML security studies are activated using XML which is next generation web standard document format. And XML electronic signature raise interworking between digital signature systems used by various field of using XML document. Using these merit and complementing defect are main contents that users have to pay about Certification service to get CA certificate from 2004 june. This paper propose multiplex Certification remote education agent system using XML digital signature to satisfy security requirement.

• Journal of Information Processing Systems
• /
• v.5 no.1
• /
• pp.33-40
• /
• 2009

Ever since the network-based malicious code commonly known as a 'worm' surfaced in the early part of the 1980's, its prevalence has grown more and more. The RCS (Random Constant Spreading) worm has become a dominant, malicious virus in recent computer networking circles. The worm retards the availability of an overall network by exhausting resources such as CPU capacity, network peripherals and transfer bandwidth, causing damage to an uninfected system as well as an infected system. The generation and spreading cycle of these worms progress rapidly. The existing studies to counter malicious code have studied the Microscopic Model for detecting worm generation based on some specific pattern or sign of attack, thus preventing its spread by countering the worm directly on detection. However, due to zero-day threat actualization, rapid spreading of the RCS worm and reduction of survival time, securing a security model to ensure the survivability of the network became an urgent problem that the existing solution-oriented security measures did not address. This paper analyzes the recently studied efficient dynamic network. Essentially, this paper suggests a model that dynamically controls the RCS worm using the characteristics of Power-Law and depth distribution of the delivery node, which is commonly seen in preferential growth networks. Moreover, we suggest a model that dynamically controls the spread of the worm using information about the depth distribution of delivery. We also verified via simulation that the load for each node was minimized at an optimal depth to effectively restrain the spread of the worm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.5
• /
• pp.3-16
• /
• 2001

With the development of Internet, it is widely spreaded to a Intranet based on Internet technology. Intranet is a private, unique network to share the information of organization such as incorporate, research institute and university. With the increase of Intranet using, Intranet environment is developing into Extranet environment which is connected many Intranet. Currently such Intranet and Extranet environments, above all, it is important to solve security problems which can appear through use of information between domains. Thus, in this paper, we propose SSO(Single Sign-on System) model with authorization management and single sign-on operation, and we extend it to enable mutual authentication through inter-working based on PKI(Public Key Infrastructure) in Extranet environments.

• Journal of Digital Convergence
• /
• v.19 no.7
• /
• pp.209-215
• /
• 2021

This study is a system development for voice information protection equipment in major meetings and places requiring security. Security performance and stability were secured with information leakage prevention technology through generation of false noise and ultrasonic waves. The cutoff frequency band for blocking the leakage of voice information, which has strong straightness due to the nature of the radio wave to the recording prevention module, blocks the wideband frequency of 20~20,000Hz, and the deception jamming technology is applied to block the leakage of voice information, greatly improving the security. To solve this problem, we developed a system that blocks the recording of a portable smartphone using a battery, and made the installation of a separate device smaller and lighter so that customers do not recognize it. In addition, it is necessary to continuously study measures and countermeasures for efficiently using the output of the anti-recording speaker for long-distance recording prevention.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.801-811
• /
• 2023

With the cyber incidents increasing every year, opinions are being raised that legal system relating to incident reporting needs to be revised to improve the cyber incident reporting rate, etc. Accordingly, this paper suggests a legal improvement to enhance the effectiveness of cyber incident reporting. First, by analyzing domestic media coverage, this paper defines the problems which need to be improved regarding an incident reporting system as "unreported" and "not timely reporting". Then, this paper finds four requirements for legal improvement like "a reporting entity", "a starting point of reporting", "a reporting deadline" and "a protection of reporting information" by analyzing the relationship between reporting relating problems and issues published by overseas institutions and additionally by analyzing the need to revise the law. Finally, through an analysis of legislative cases, this paper suggests a legal improvement for the requirements.

• 한국사회정책
• /
• v.25 no.1
• /
• pp.161-194
• /
• 2018

The purpose of this study is to investigate the factors that interrupt the use of social security of elderly North Korean refugees. As a result of qualitative content analysis using interview data, it is found that the elderly North Korean defectors have a lower access to the social security system. The main reason for hindering the use of social security system is low awareness due to limited information channels, psychological distance to South Korean society and residents. Moreover, this psychological distance is a factor that reduces the geographical accessibility of elderly North Korean defectors by preferring to use services in specific institutions for North Korean, while South Korean elderly people can use the service elsewhere. In addition, there are many cases in which the elderly in North Korean defectors do not receive sufficient social security due to low income. On the other hand, social security systems with high accessibility of older North Korean refugees are characterized by the fact that they are provided by experts who have formed sufficient rapport with North Korean refugees. Therefore, it seems possible to improve the accessibility of elderly defectors' friendly system by professional workers with cultural competence. In addition, a multidimensional approach is needed to fully cope with the complex desires of elderly North Korean defectors and a mechanism should be set up to reflect their opinion in system operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.439-448
• /
• 2015

IoT (Internet of Things) propels current networked communities into a advanced hyper-connected society/world where uniquely identifiable embedded computing devices are associated with the existing internet infrastructure. Therefore, the IoT services go beyond mere M2M (Machine-to-Machine communications) and should be able to empower users with more flexible communication capabilities over protocols, domains, and applications. In addition, The access control in IoT need a differentiated methods from the traditional access control to increase a security and dependability. In this paper, we describe implementation and design of the capability token based system for secure access control in IoT environments. In the proposed system, Authorities are symbolized into concepts of the capability tokens, and the access control systems manage the tokens, creation, (re)delegation and revocation. The proposed system is expected to decrease the process time of access control by using capability tokens.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1271-1280
• /
• 2017

The android packer service using runtime execution compression technology switches to the original application using DexClassLoader. However the API interface of the DexClassLoader receives the path of the loaded DEX(Dalvik EXcutable) and the path of the compiled file. So there is a problem that the original file is exposed to the file system. Therefore, it is not safe to use the API for the packer service. In this paper, we solve this problem by changing the compile and load flow of the DexClassLoader API. Due to this changed execution flow, the complied file can be encrypted and stored in the file system or only in the memory and it can be decrypted or substituted at the time of subsequent loading to enable the original application conversion. we expected that the stability of the packer will increase beacause the proposed method does not expose the original file to the file system.