• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.5
• /
• pp.111-116
• /
• 2007

An eSeal(Electrical Seal) is an active RFID device which installed on the door of a container. The main role of the tag is to make sure the seal is not breaking by unauthorized people. Because an eSeal uses RFID system, we need to prevent eavesdrop and impersonate. Moreover, an eSeal which uses a secure protocol must not be able to duplicate. If duplication resistant property is not provide to a eSeal, an attacker may replace a object in the sealed container and reseal the container with duplicated eseal to hide breaking of the eSeal. In this paper, we provide a protocol which resist duplicate an eSeal during prevent eavesdrop and impersonation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.782-785
• /
• 2007

If existing system need to expand security part, the security was established after paying much cost, processing of complicated installation and being patient with inconvenience at user's view because of closed structure. In this thesis, those defects could be overcome by using open security tools and constructing security server, which is firewall of 'bastion' form including proxy server, certification server and so on. Also each security object host comes to decide acceptance or denial where each packet comes from, then determines security level each hosts. Precisely it is possible choosing the packets from bastion host or following at the other policies. Although an intruder enter into inside directly, it is constructed safely because encryption algorithm is applied at communication with security object host. This thesis suggests more flexible, independent and open security system, which improves existing security through systematic linkage between system security and network security.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.4
• /
• pp.643-650
• /
• 2008

If existing system need to expand security part, the security was established after paying much cost, processing of complicated installation and being patient with inconvenience at user's view because of closed structure. In this thesis, those defects could be overcome by using open security tools and constructing security server, which is firewall of 'bastion' form including proxy server, certification server and so on. Also each security object host comes to decide acceptance or denial where each packet comes from, then determines security level each hosts. Precisely it is possible choosing the packets from bastion host or following at the other policies. Although an intruder enter into inside directly, it is constructed safely because encryption algorithm is applied at communication with security object host. This thesis suggests more flexible, independent and open security system, which improves existing security through systematic linkage between system security and network security.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.79-92
• /
• 2021

In a society where ICT technology is converged, the use of various network-connected devices such as IoT is spreading. Network-connected devices are inevitably exposed to the threat of hacking such as information leakage, and countermeasures need to be prepared to respond. Security certification system for IoT devices has been introduced to promote security of IoT products, and for this purpose, legalization and standardization of certification standards and methods are in progress. In line with this, in Korea, as the Information and Communication Network Act was revised in 2020, ICT convergence devices connected to the network were newly defined as "information and communication network connected devices," and the basis for the security certification system is being established. We summarized related domestic and foreign trends and suggest specific considerations for implementing the security certification system for IoT devices in South Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.903-910
• /
• 2016

As smart mobile devices having touchscreens are growingly deployed, a pattern lock system, which is one of the graphical password systems, has become a major authentication mechanism. However, a user's unlocking behaviour leaves smudges on a touchscreen and they are vulnerable to the so-called smudge attacks. Smudges can help an adversary guess a secret pattern correctly. Several advanced pattern lock systems, such as TinyLock, have been developed to resist the smudge attacks. In this paper, we study an automated smudge attack that employs machine learning techniques and its effectiveness in comparison to the human-only smudge attacks. We also compare Android pattern lock and TinyLock schemes in terms of security. Our study shows that the automated smudge attacks are significantly advanced to the human-only attacks with regard to a success ratio, and though the TinyLock system is more secure than the Android pattern lock system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.377-384
• /
• 2013

In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.

• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.69-75
• /
• 2020

The command control system, like the human brain and nervous system, is a linker that connects the Precision Guided Missile(PGR) in information surveillance and reconnaissance (ISR) and is the center of combat power. In establishing the future command and control system, the ROK military should consider not only technical but also institutional issues. The US Department of Defense establishes security policies, refines them, and organizes them into architectural documents prior to the development of the command and control system. This study examines the security architecture applied to the US military command control system and analyzes the current ROK military-related policies (regulations) to identify security requirements for the future control system. By grouping the identified security requirements, this study identifies and presents field-specific enhancements to existing security regulations.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.51-59
• /
• 2016

An internal and external threat against an information system has increased, and to reduce it, organization has spent a great deal of money and manpower. However, in spite of such investment, security threat and trouble have happened continuously. Organization has conducted information security activity through various policies. The study classified such activities into prevention-oriented activity and control-oriented activity, and researched how information security activity of organization affects members of an organization and obeys information security policy by using health belief model. As a result of the study, prevention-oriented activity has a meaningful impact on seriousness, and this seriousness affects compliance intention for information security. Control-oriented activity has a meaningful impact on benefits, and the benefits have an effect on compliance intention. When an organization conducts prior activities such as education, PR, and monitoring, this organization should emphasize negative results that can happened because of deviation. In addition, in case of exposure and punishment through post activities such as inspection and punishment, if the organization emphasizes the positive effects of exposure and punishment rather than emphasis of negative parts, information security activity will be more effective.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.635-637
• /
• 2021

Cybersecurity assessment is the process of assessing the risk level of a system through threat and vulnerability analysis to take appropriate security measures. Accurate security evaluation models are needed to prepare for the recent increase in cyberattacks and the ever-developing intelligent security threats. Therefore, we present a risk assessment model through a matrix-based security assessment model analysis that scores by assigning weights across security equipment, intervals, and vulnerabilities. The factors necessary for cybersecurity evaluation can be simplified and evaluated according to the corporate environment. It is expected that the evaluation will be more appropriate for the enterprise environment through evaluation by security equipment, which will help the cyber security evaluation research in the future.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.145-151
• /
• 2004

School Networks environment is implemented in many schools to support educational activities for networking resources required in teaching-teaming activities with government initiative. On the other hand, the open system in school which are used in internet in internet do considerable damage committed by intruder and cracker to the preservation of computer data and system due to second schools security state. Therefore this study is to present assortment in information resources of schools, security items and problem. finally, we give the effective and systematic metrics of estimates for security of secondary schools in information resources parts.