• The KIPS Transactions:PartD
• /
• v.9D no.6
• /
• pp.1063-1070
• /
• 2002

With a remarkable growth and expansion of Internet, the security issues emerged from intrusions and attacks such as computer viruses, denial of services and hackings to destroy information have been considered as serious threats for Internet and the private networks. To protect networks from intrusions and attacks, many vendors have developed various security systems such as firewalls and intrusion detection systems. However, managing these systems individually demands too much work and high cost. Thus, integrated and autonomous security management for various security products has become more important. In this paper, we present the architecture of the WISMSF (Web-based Integrated Security Management System for Firewalls) and the merits of centralized approach for managing heterogeneous firewalls and implement the prototype of the central policy database that is a component of the WISMSF engine. The WISMSF engine supports an integrated view for policies, the integrity of polities and the easy recovery and addition of policies. And also, we define the policy conflicts of WISMSF and present the policy recovery process to support to the policies consistence.

• Journal of the Society of Disaster Information
• /
• v.11 no.4
• /
• pp.615-621
• /
• 2015

Man-made disasters are disastrous event, which can be reduced the damage through preventive measures and thorough inspections, unlike natural disasters. Thus, safety consciousness of citizens is not only important, but also safety consciousness of security guard who are involved with facility safety management. In other words, safety consciousness and fostering professionalism of security guards could reduce the damage, including human disaster and it enables the effective safety management. Therefore, this study selected the training and the organizational safety as variables with the influencing factors for improving the disaster safety consciousness of facility guard. After the analysis, the following results were confirmed. First, the training content and its environment would have a significant impact on the disaster safety consciousness. Second, organizational safety would have a significant impact on disaster safety consciousness. In other words, the improvement of training program and the formation of safety culture in organizational level will have a positive impact on the disaster safety awareness and enable effective safety management.

• Journal of the Korea Convergence Society
• /
• v.5 no.3
• /
• pp.23-27
• /
• 2014

In recent times, there is an increasing interest in wireless charge of smartphones and devices, and many companies are developing wireless charges. The range of application of wireless charge would be expanded to almost all electronics, including not only mobile devices, but also notebook computers and vacuum cleaners. On-line electric vehicles are to be launched in the market this year in a massive scale. As such wireless charge-related markets are inexhaustible. Wireless charge is included in the world's top 10 promising technologies, and its rapid growth is expected to have annual growth by more than 100%. However, there's a need to establish a safe environment, by analyzing security threats to technical limitations and harmfulness to human body, and arrange institutional compliments. The development of communication method for a variety of wireless charging are delivering comfortable and safe information. This paper aims to examine the factors to threaten electric vehicle, which are usually intruded through network system and analyzes security threats to and security requirements for magnetic resonance mode-based wireless charge in mobile devices, and suggests security requirements.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.11
• /
• pp.163-171
• /
• 2011

Because RFID systems use radio frequency, they have many security problems such as eavesdropping, location tracking, spoofing attack and replay attack. So, many mutual authentication protocols and cryptography methods for RFID systems have been proposed in order to solve security problems, but previous proposed protocols using AES(Advanced Encryption Standard) have fixed key problem and security problems. In this paper, we analyze security of proposed protocols and propose our protocol using OTP(One-Time Pad) and AES to solve security problems and to reduce hardware overhead and operation. Our protocol encrypts data transferred between RFID reader and tag, and accomplishes mutual authentication by one time random number to generate in RFID reader. In addition, this paper presents that our protocol has higher security and efficiency in computation volume and process than researched protocols and S.Oh's Protocol. Therefore, our protocol is secure against various attacks and suitable for lightweight RFID tag system.

• Journal of Information Technology Services
• /
• v.16 no.1
• /
• pp.99-118
• /
• 2017

Growing importance of online security on certification, many of the web-related security technology introduced day by day. Especially, using smart certificate (USIM) is recognized as one of the most safe and convenient method for the security of public certificate. The purpose of this study is to find the factors that affect the Intention of switching to smart certificate for the general public who use public certificate service. Based on migration theory, this study determined the relationship between pull factors, push factors and mooring factors which can affect the intention of switching to smart certificate. To empirically analyze the proposed hypothesis, the statistical analysis were conducted based on the response from 350 public certificate service users using SPSS 22.0 and Smart PLS 2.0. The results of this study can be summarized as follows. First, system quality, one of the pull factors has positive influence on perceived ease of use. On the other hand, the other pull factor, service quality has positive influence on both perceived ease of use and perceived usefulness. Second, push factors, user experience and information security awareness have positive influence on perceived ease of use only. Third, mooring factor, switching cost does not have influence on switching intention while perceived usefulness has positive influence on. The results of this research can be used for whom has interest to the switching intention of public certificate service for online security and provide the proper understanding about smart certificate service mechanism.

• Journal of Industrial Convergence
• /
• v.16 no.2
• /
• pp.25-31
• /
• 2018

An APT attack is a new hacking technique that continuously attacks specific targets and is called an APT attack in which a hacker exploits various security threats to continually attack a company or organization's network. Protect employees in a specific organization and access their internal servers or databases until they acquire significant assets of the company or organization, such as personal information leaks or critical data breaches. Also, APT attacks are not attacked at once, and it is difficult to detect hacking over the years. This white paper examines ongoing APT attacks and identifies, educates, and proposes measures to build a security management system, from the executives of each organization to the general staff. It also provides security updates and up-to-date antivirus software to prevent malicious code from infiltrating your company or organization, which can exploit vulnerabilities in your organization that could infect malicious code. And provides an environment to respond to APT attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.167-174
• /
• 2008

As both a digital camera and a digital camcorder are popularized in recent years, UCC created by general users is also popularized. Unfortunately, according to that, the lack of privacy is also increasing more and more. The UCC is saved on the recordable media(Media) like DVD and deposited personally as well as distributed through Internet portal service. If you use Internet portal service to put up your contents, you can partially prevent the violation of privacy using security technologies such as authentication and illegal copy protection offered by internet portal service providers. Media also has technologies to control illegal copy. However, it is difficult to protect your privacy if your Media having personal contents is stolen or lost. Therefore, it is necessary to develope an additional security mechanism to guarantee privacy protection when you use Media. In this paper, we describe AACS framework for Media Security and propose improved AACS framework to control the access to personal contents saved on Media.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.149-160
• /
• 2011

Smart Grid is the next-generation intelligent power grid that maximizes energy efficiency with the convergence of IT technologies and the existing power grid. It enables consumers to check power rates in real time for active power consumption. It also enables suppliers to measure their expected power generation load, which stabilizes the operation of the power system. However, there are high possibility that various kinds of security threats such as data exposure, data theft, and privacy invasion may occur in interactive communication with intelligent devices. Therefore, to establish a secure environment for responding to such security threat with the smart grid, the key management technique, which is the core of the development of a security mechanism, is required. Using a hash chain, this paper suggests a group key management mechanism that is efficiently applicable to the smart grid environment with its hierarchical structure, and analyzes the security and efficiency of the suggested group key management mechanism.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.77-84
• /
• 2011

While The passwords that combined with characters and numbers are easy to memorize and use, they have low complexity. Therefore they can easily be revealed by the shoulder-surfing attack when they are inputted through the input devices such like keyboard. To overcome these problems, many new authentication schemes, which change the user secret different form or let users input their secrets through the more complex manners, have been suggested, but it is still hard to find the balanced point between usability and security. S3PAS is one of well-known schemes which had both usability and security against shoulder-surfing attack. However, this scheme was not considered about intersection attack that the attacker tried to pass the authentication system after observing several authentication sessions. In this paper, we consider the security problem of S3PAS; what the attacker can do when he can observe the authentication sessions in several times. We confirm it through user study and experiments. And also we consider the alternative that overcomes the problem.

• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.135-140
• /
• 2022

Scientific and technological progress is also fundamental to the evolving merchant shipping industry, both in terms of the size and speed of modern ships and in the level of their technical capabilities. While the freight performance of ships is growing, the number of crew on board is steadily decreasing, as more work processes are being automated through the implementation of information technologies, including ship management systems. Although there have been repeated appeals from international maritime organizations to focus on building effective maritime security defenses against cyber attacks, the problems have remained unresolved. Owners of shipping companies do not disclose information about cyberattack attempts or incidents against them due to fear of commercial losses or consequences, such as loss of image, customer and insurance claims, and investigations by independent international organizations and government agencies. Issues of cybersecurity of control systems in the world today have gained importance, due to the fact that existing threats concern not only the security of technical means and devices, but also issues of environmental safety and safety of life at sea. The article examines the implementation of cyber risk management in the shipping industry, providing recommendations for the safe ship operation and its systems in order to improve vulnerability to external threats related to cyberattacks, and to ensure the safety and security of such a technical object as a seagoing ship.