• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.6
• /
• pp.193-204
• /
• 2022

In a smart factory environment in a small and medium-sized enterprise (SME) environment, sensors and actuators operating on actual manufacturing lines, programmable logic controllers (PLCs) to manage them, human-machine interface (HMI) to control and manage such PLCs, and consists of operational technology server to manage PLCs and HMI again. PLC and HMI, which are in charge of control automation, perform direct connection with OT servers, application systems for factory operation, robots for on-site automation, and production facilities, so the development of security technology in a smart factory environment is demanded. However, smart factories in the SME environment are often composed of systems that used to operate in closed environments in the past, so there exist a vulnerable part to security in the current environment where they operate in conjunction with the outside through the Internet. In order to achieve the internalization of smart factory security in this SME environment, it is necessary to establish a process according to the IEC 62443-4-1 Secure Product Development Life cycle at the stage of smart factory SW and HW development. In addition, it is necessary to introduce a suitable development methodology that considers IEC 62443-4-2 Component security requirements and IEC 62443-3 System security requirements. Therefore, this paper proposes an application plan for the IEC 62443 based development security process to provide security internalization to smart factories in an SME environment.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.1B
• /
• pp.73-85
• /
• 2004

SIn this paper, we introduce our experience for designing and implementing new concept of a global XML-based Peer-to-Peer (P2P) engine to support various P2P applications, and interconnection among PC, Web and mobile computing environments. The proposed P2P engine can support to heterogeneous data exchanges and web interconnection by facilitating with the text-base XML while message exchange are necessary. It is also to provide multi-level security functions as well as to apply different types of security algorithms. The system consist of four modules; a message dispatcher to scheduling and filtering the message, a SecureNet to providing security services and data transmission, a Discovery Manager to constructing peer-to-peer networking, and a Repository Manager to processing data management including XML documents. As a feasibility test, we implement various P2P services such as chatting as a communication service, white-board as an authoring tool set during collaborative working, and a file system as a file sharing service. We also compared the proposed system to a Gnutella in order to measure performance of the systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.93-107
• /
• 2016

Game bot playing is one of the main risks in Massively Multi-Online Role Playing Games(MMORPG) because it damages overall game playing environment, especially the balance of the in-game economy. There have been many studies to detect game bot. However, the previous detection models require continuous maintenance efforts to train and learn the game bots' patterns whenever the game contents change. In this work, we have proposed a machine learning technique using the self-similarity property that is an intrinsic attribute in game bots and automated maintenance system. We have tested our method and implemented a system to major three commercial games in South Korea. As a result, our proposed system can detect and classify game bots with high accuracy.

• Journal of Korea Multimedia Society
• /
• v.5 no.6
• /
• pp.674-682
• /
• 2002

Nowadays economic and commercial businesses have been increased because of the Internet. As a result of this, electronic commerce is becoming one of the most Interesting topic of discussion. Electronic commerce is equal to a real market, only the place of business is the imaginary space supported by the Internet. There are a few conditions to consider, making electronic commerce work safely. The electronic commerce should be connected by a substantial system and an on-line Protocol. There are some conditions needed for information security, authentication, and payment by electronic currency etc. Although there are many kinds of existing systems, which create services successfully, further research for security is required. Therefore, this paper suggests an authenticated Agent management, which offers more convenience and security than before. Also, this paper shows many authenticated methods for a management system. An Agent that is one of interesting things to study can handle information problems and works related to electronic commerce.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.4
• /
• pp.683-690
• /
• 2016

In modern society, disasters frequently occur, and the effect is getting more massive. Also, unpredictable future increases anxiety about social security. Accordingly, in order to prevent national-scale emergency from happening, it is highly required governments' role as ICT power nation and transition to disaster management system using big data applied service. Thus, e-gov necessarily acquires disaster response system in order to predict and manage disasters. Disasters are linked with some attributes of modern society in diversity, complexity and unpredictability, so various approach and remedies of them will appease the nation's anxiety upon them. For this reason, this manuscript suggests epidemics preactive warning algorithm model as a mean of reduce national anxiety on disaster using big data for social security. Also, by recognizing the importance of e-gov and analyzing problems in weak disaster management system, it suggests political implication for disaster response.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.7
• /
• pp.175-184
• /
• 2012

The purpose of this study is to investigate the home trading system (HTS) of the security companies in order to examine the critical factors of HTS service quality and the effect of these factors on HTS customer satisfaction and loyalty. The results show : (1) the quality factors of HTS are assurance, reliability, tangible, responsiveness, and empathy, (2) and these quality factors significantly affect customer satisfaction on HTS and customer satisfaction and loyalty to the security company. (3) Also, customer satisfaction on HTS plays an important role in improving customer satisfaction and loyalty to the security company.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.859-865
• /
• 2013

Esmbedded devices such as smart cards and electronic passports highly demand security of sensitive data. So, the secure implementation of the cryptographic system against various side-channel attacks are becoming more important. In particular, the fault injection attack is one of the threats to the cryptosystem and can destroy the whole system only with single pair of the plain and cipher texts. Therefore, the implementors must consider seriously the attack. Several techniques for preventing fault injection attacks were introduced to a variety of the cryptosystem, But the countermeasures are still inefficient to be applied to the classical RSA cryptosystem. This paper introduces an efficient countermeasure against the fault injection attack for the classical RSA cryptosystem, which is based on the famous Fermat's theorem. The proposed countermeasure has the advantage that it has less computational overhead, compared with the previous countermeasures.

• The KIPS Transactions:PartC
• /
• v.9C no.4
• /
• pp.481-488
• /
• 2002

Guarantee of the data integrity is important to the Virtual Private Network (VPN) which can be improved cost decreasing and effective work by applying on Internet as the private network. Thus, the integrity function in the VPN must be maintained and the security manager must be check it occasionally. In this paper we propose the VPN Integrity Evaluation System (VIES) which is collecting, and evaluating automatically the vulnerable data of VPN against current hacking mechanisms in information security system. And this VIES obtain to the results which have objectivity and fairness of evaluation by driving off the evaluation scenario based on Common Criteria (CC), and general users or non-specialist can utilize easy the security evaluation of organization.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.2
• /
• pp.113-122
• /
• 2020

In this paper, we propose the terminal authentication system using blockchain and TOTP(Time-based One-time Password Algorithm) to sustain a continuous authentication between user device and service device. And we experiment this system by using door-lock as a terminal of IoT(Internet of Things). In the future, we can apply this result to several devices of IoT for convenience and security. Although IoT devices frequently used everyday require convenience and security at the same time, it is difficult for IoT devices having features of the low-capacity and light-weight to apply the existing authentication technology requiring a high amount of computation. Blockchain technology having security and integrity have been used as a storage platform, but its authentication cannot be performed when the terminal cannot access any network. We show the method to solve this problem using Blockchain and TOPT.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.11-27
• /
• 2005

To date, most identity-based key agreement protocols are based on a single PKG (Private Key Generator) environment. In 2002, Chen and Kudla proposed an identity-based key agreement protocol for a multiple PKG environment, where each PKG shares identical system parameters but possesses distinct master key. However, it is more realistic to assume that each PKG uses different system parameters including the PKG's master key. In this paper, we propose a new two party key agreement protocol between users belonging to different PKGs that do not share system parameters. We also extend this protocol to two types of tripartite key agreement protocols. We show that our two party protocol requires minimal amount of pairing computation for a multiple PKG environment and our tripartite protocol is more efficient than existing protocols. We also show that the proposed key agreement protocols satisfy every security requirements of key agreement protocol.