• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.5
• /
• pp.27-35
• /
• 2002

In this paper, we present the structure and interaction flow between IKE server and the other modules for our IPsec System's efficiency. Our IPsec systems have several components for IP-based end-to-end security services. They are IKE, SADB and SPDB and so on, not to speak of IPsec Protocol Engine. Therefore the efficient interaction structure between them has an much influence on total system efficiency. Especially, in case of IPsec engine integrated with kernel, it is very important how IPsec engine can refer to SPDB and SADB entries efficiently according to the location of the implementation of SPDB and SADB. To solve the above problem, we use the SPI generated by IKE. Finally, we propose the interaction structure between IKE server and the other modules according to the optimization for referring to SPDB and SADB entries.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.961-972
• /
• 2024

As IT and OT systems become integrated into ship operations, the security of propulsion, control, communication, and navigation systems has become increasingly critical. In response, the International Association of Classification Societies (IACS) will enforce cybersecurity requirements starting from July 2024. IACS No. 171 (Recommendations on Incorporating Cyber Risk Management into Safety Management Systems) presents quantitative assessment methods; however, there is room for improvement. This study aims to address these issues by applying the TARA framework, outlined in ISO/SAE 21434 for connected vehicles, to identify attack surfaces and conduct risk assessments of the Ballast Water Treatment System(BWTS), which is crucial for navigational safety. Moreover, the study conducts a comparative analysis of the quantitative risk assessments of IACS No. 171 and the TARA framework, proposing the need for and considerations of a new risk assessment framework, VeTARA, specifically tailored for ships. This research is expected to contribute to the enhancement of cyber risk management in maritime operations.

• International Journal of Contents
• /
• v.2 no.4
• /
• pp.12-18
• /
• 2006

The number of wireless public network user is increasing rapidly. Security problem for user authentication has been increased on existing wireless network such as IEEE802.11 based Wireless LAN. As a solution, IEEE802.1x (EAP-MD5, EAP-TLS, EAP-TTLS), X.509, protocol or security system was suggested as a new disposal plan on this problem. In this study, we overview main problem on existing EAP-MD5 authentication mechanism on Wireless LAN and propose a SMS(Short Message Service) based secure authentication and accounting mechanism for providing security enhanced wireless network transactions.

• Korean Security Journal
• /
• no.7
• /
• pp.29-59
• /
• 2004

This is a study on hostage crisis and effective resolution of the crisis. First, we surveyed the theoretical guidance for our study: definition, patterns, of hostage crisis; psychology of hostage-takers. And we explores a great variety of hostage crisis cases to develop principles and methods for negotiation and subjugation. We suggest, throughout this study, some action program to be developed, as follow: First, we need to broaden and deepen the understanding on the issue of hostage-crisis by expanding educational opportunity on the issue, while raising hostage negotiators. Second, information sharing system among hostage management related offices, and complete training for SWAT team are required. Third, when a hostage-crisis is raised, police enforcement must corporate with mass-media in a way of close manner. Fourth, in a critical hostage crisis, the commander should appear on site for effective command. Lastly, the top-priority for the commander who is in charge of the crisis should be put on the security of hostage and hostage-taker, as well.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.209-216
• /
• 2002

This treatise deals with designing a database encryption model that interworks with Intranet within a system. Today attempts are being made to substitute legacy client/server computing environment with what interworks with web and database, and thus the question how the security for the database that interworks with Intranet can be secured is emerging as a matter of great importance. This treatise, therefore, offers an encryption model which offers how to create an encryption key using an ID and a password most widely used in Intranet access and by using this key, how to encipher information ill a DB table, providing a maintenance scheme for the Key as well.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.4
• /
• pp.11-18
• /
• 2016

Due to open source policy, Android systems are exposed to a variety of security problems. In particular, app reuse attacks are detrimental threat to the Android system security. This is because attacker can create core malign components and quickly generate a bunch of malicious apps by reusing these components. Hence, it is very imperative to discern whether Android apps contain reused components. To meet this need, we propose an Android app reuse analysis technique based on the Sequential Hypothesis Testing. This technique quickly makes a decision with a few number of samples whether a set of Android apps is made through app reuse. We performed experimental study with 6 malicious app groups, 1 google and 1 third-party app group such that each group consists of 100 Android apps. Experimental results demonstrate that our proposed analysis technique efficiently judges Android app groups with reused components.

• Proceedings of the IEEK Conference
• /
• 1999.06a
• /
• pp.958-961
• /
• 1999

A new image encoding and identification scheme is proposed for security verification by using CGH(computer generated hologram), random phase mask, and correlation technique. The encrypted image, which is attached to the security product, is made by multiplying QPH(quadratic phase hologram) using SA(simulated annealing) algorithm with a random phase function. The random phase function plays a role of key when the encrypted image is decrypted. The encrypted image could be optically recovered by 2-f system and automatically verified for personal identification. Simulation results show the proposed method cand be used for the reconstruction and the recognition of the encrypted. Image.

• Journal of Communications and Networks
• /
• v.14 no.6
• /
• pp.597-605
• /
• 2012

With the smart grid coming near, wide-area supervisory control and data acquisition (SCADA) becomes more and more important. However, traditional SCADA systems are not suitable for the openness and distribution requirements of smart grid. Distributed SCADA services should be openly composable and secure. Event-driven methodology makes service collaborations more real-time and flexible because of the space, time and control decoupling of event producer and consumer, which gives us an appropriate foundation. Our SCADA services are constructed and integrated based on distributed events in this paper. Unfortunately, an event-driven SCADA service does not know who consumes its events, and consumers do not know who produces the events either. In this environment, a SCADA service cannot directly control access because of anonymous and multicast interactions. In this paper, a distributed security framework is proposed to protect not only service operations but also data contents in smart grid environments. Finally, a security implementation scheme is given for SCADA services.

• Proceedings of the IEEK Conference
• /
• summer
• /
• pp.355-360
• /
• 2004

With the growing acceptance of XML technologies, XML will be the most common tool for all data manipulation and data transmission. Meeting security requirements for privacy, confidentiality and integrity is essential in order to move business online and it is important for security to be integrated with XML solutions. Many policies require certain conditions to be satisfied and actions to be performed before or after a decision is made. Binary yes/no decision to an access request is not enough for many applications. These issues were addressed and formalized as provisions and obligations by Betti et Al. In this paper, we propose an authorization model with provisions and obligations in XML. We introduce a formal definition of authorization policy and the issues involving obligation discussed by Betti et Al. We use the formal model as a basis to develop an authorization model in XML. We develop DTDs in XML for main components such as authorization request, authorization policy and authorization decision. We plan to develop an authorization system using the model proposed.

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.49-58
• /
• 2005

We propose a specific ubiquitous sensor network (USN) architecture as a promising candidate of the future telemedicine model which offers the patient's mobility and more cost-efficient medical care system. This new USN architecture is a kind of cell-based secure sensor network supporting encrypted multi-casting communications and it has a hybrid routing protocol by adapting flat routing to hierarchical routing. For the patient's privacy and the protection of patient's vital information from eavesdropping, we adopt a lightweight PKI-based secure communication protocol with some formal presentation on its core procedure.