• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.1
• /
• pp.466-483
• /
• 2017

Zen Cart is an open-source online store management system. It is used all over the world because of its stability and safety. Today, Zen Cart's session security mechanism is mainly used to verify user agents and check IP addresses. However, the security in verifying the user agent is lower and checking the IP address can affect the user's experience. This paper, which is based on the idea of session protection as proposed by Ben Adida, takes advantage of the HTML5's sessionStorage property to store the shared keys that are used in HMAC-SHA256 encryption. Moreover, the request path, current timestamp, and parameter are encrypted by using HMAC-SHA256 in the client. The client then submits the result to the web server as per request. Finally, the web server recalculates the HMAC-SHA256 value to validate the request by comparing it with the submitted value. In this way, the Zen Cart's open-source system is reinforced. Owing to the security and integrity of the HMAC-SHA256 algorithm, it can effectively protect the session security. Analysis and experimental results show that this mechanism can effectively protect the session security of Zen Cart without affecting the original performance.

• Journal of Information Processing Systems
• /
• v.16 no.4
• /
• pp.784-794
• /
• 2020

In order to effectively evaluate the urban water security, the study investigates a novel system to assess factors that impact urban water security and builds an urban water poverty evaluation index system. Based on the contribution rates of Resource, Access, Capacity, Use, and Environment, the study adopts the Water Poverty Index (WPI) model to evaluate the water poverty levels of 14 cities in Gansu during 2011-2018 and uses the least variance method to evaluate water poverty space drive types. The case study results show that the water poverty space drive types of 14 cites fall into four categories. The first category is the dual factor dominant type driven by environment and resources, which includes Lanzhou, Qingyang, Jiuquan, and Jiayuguan. The second category is the three-factor dominant type driven by Access, Use, and Capability, which includes Longnan, Linxia, and Gannan. The third category is the four-factor dominant type driven by Resource, Access, Capability, and Environment, which includes Jinchang, Pingliang, Wuwei, Baiyin, and Zhangye. The fourth category is the five-factor dominant type, which includes Tianshui and Dingxi. The driven types impacting the urban water security factors reflected by the WPI and its model are clear and accurate. The divisions of the urban water security level supply a reliable theoretical and numerical basis for an urban water security early warning mechanism.

• Journal of the Korea Convergence Society
• /
• v.11 no.3
• /
• pp.77-83
• /
• 2020

Recently, intelligent predictive surveillance system has emerged. It is a system that can probabilistically predict the future situation and event based on the existing data beyond the scope of the current object or object motion and situation recognition. Since such intelligent predictive monitoring system has a high possibility of handling personal information, security consideration is essential for protecting personal information. The existing video surveillance framework has limitations in terms of privacy. In this paper, we proposed a security framework for intelligent predictive surveillance system. In the proposed method, detailed components for each unit are specified by dividing them into terminals, transmission, monitoring, and monitoring layers. In particular, it supports active personal information protection in the video surveillance process by supporting detailed access control and de-identification.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.233-236
• /
• 2005

Our country compares with advanced nations by supply of super high speed network and information communication infra construction has gone well very. Many people by extension of on-line transaction and various internet services can exchange, or get information easily in this environment. But, virus or poisonous information used to Cyber terror such as hacking was included within such a lot of information and such poisonous information are threatening national security as well as individual's private life. There were always security and speed among a lot of items to consider networks equipment from these circumstance to now when develop and install in trade-off relation. In this paper, we present a high speed VPN Acceleration Board(VPN-AB) that balances both speed and security requirements of high speed network environment. Our VPN-AB supports two VPN protocols, IPsec and SSL. The protocols have a many cryptographic algorithms, DES, 3DES, AES, MD5, and SHA-1, etc.. The acceleration board process data packets into the system with In-line mode. So it is possible that VPN-AB processes inbound and outbound packets by 10Gbps. We use Nitrox-II CN2560 security processor VPN-AB is designed using that supports many hardware security modules and two SPI-4.2 interfaces to design VPN-AB.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.655-666
• /
• 2013

As the capacity of storage devices becomes larger, most users divide them into several logical partitions for convenience of storing and controlling data. Therefore, recovering partitions stably which are artificially hidden or damaged is the most important issue in the perspective of digital forensic. This research suggests partition recovery algorithm that makes stable and effective analysis using characteristics of each file system. This algorithm is available when partition is not distinguishable due to concealment of partition or damage in partition area.

• Journal of Internet Computing and Services
• /
• v.7 no.1
• /
• pp.31-38
• /
• 2006

The importance of the Security Risk Analysis has emerged as security breaches and information leaks has occurred in the companies and organization: threats toward information system and its vulnerabilities has grown up as the dependence on the information-communication systems goes higher as a result of technological advances in IT industry, A Risk Analysis Tool helps to mitigate overall risk of an organization by analysing and evaluating critical information systems and providing security measures against threats to systems and its vulnerabilities as a means to identify the inherent dangers and prevent security intrusion incident, This paper defines risk analysis process by introducing Common Criteria Scheme and suggest a risk analysis tool that can be easily implemented by an information security manager.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1055-1062
• /
• 2021

As face-to-face education becomes difficult due to the spread of COVID-19, the use of e-learning content and virtual training is increasing. In the case of information security education, practice to learn response techniques is important, so simulation hacking and vulnerability analysis activities have been supported as virtual training for a long time. In order to increase the educational effect, contents should be designed similar to real situation, and learning activities to achieve the learning goals should be designed. In addition, excellent functions and scalability of the system supporting learning activities are required. The researcher developed an LMS evaluation index that supports non-face-to-face education by considering the key elements of non-face-to-face education and training. The developed evaluation index was applied to the information security education platform to verify its practical utility.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37C no.10
• /
• pp.986-992
• /
• 2012

As the utilization of smart mobile devices such as smartphones increases, the desire to utilize such devices to control and monitor combat situations also arises. As smart mobile devices with various ICT get integrated with various weaponry system, a new phase of future warfare can be introduced. Moreover, smartphone-based real-time information technology for joint battle command system will be converged with surveillance control to become a leading example of convergence of cyber defense and information technology. Furthermore, mobile device security technology ideal for mobile wireless network environments can be applied to military robots. The following paper will give an overview of smart mobile device usage used for military purposes in battle command system, various security threats and the mobile device security technology to correspond to such security threats.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.8
• /
• pp.1577-1587
• /
• 2015

Privacy of financial customers is becoming important due to frequent leakage of personal information. Financial customers, who experience the leakage of personal information, feel threatened by their privacy and this changes customer's awareness about financial institutions or behavioral intentions. By examining the influence relation of personal information security vulnerability of the bank information system with usefulness, trust and attractiveness perceived by bank customers, this study aims to analyze the effect of each variable on bank customers' willingness to stay.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.4
• /
• pp.41-49
• /
• 2016

Smart Grid is a next generation of new power growth electrical grid which provide high quality of electrical service by using Information Technologies to increase intelligence and performance. By using Smart Grid system, it can support energy management such as increase quality of electrical power, decrease energy and decrease emissions. However, Smart Grid uses information of energy consumption and when Smart Grid collects information, it will create private information. In this thesis, it will address issues of security private information which caused by Smart Grid for administrative measure and efficiency of Smart Grid in domestic. Also, cryptographic module algorithm, latest security solutions and strong wireless security policy for network environment such as wireless communication Iinternet are require for Smart Grid perform successfully and protect national power network equipment from cyber-attack and can stop leakage of user's personal information. Finally, it is urgent to prepare protection measures of National industrial facilities and power grid which can prepare for a cyber terrorism and penetration attacks and build emergency countermeasure management team for Smart Grid are require for safe Smart Grid environment.