• Journal of Information Processing Systems
• /
• 제13권1호
• /
• pp.152-173
• /
• 2017

Mobile phones are the most common communication devices in history. For this reason, the number of mobile subscribers will increase dramatically in the future. Therefore, the determining the location of a mobile station will become more and more difficult. The mobile station must be authenticated to inform the network of its current location even when the user switches it on or when its location is changed. The most basic weakness in the GSM authentication protocol is the unilateral authentication process where the customer is verified by the system, yet the system is not confirmed by the customer. This creates numerous security issues, including powerlessness against man-in-the-middle attacks, vast bandwidth consumption between VLR and HLR, storage space overhead in VLR, and computation costs in VLR and HLR. In this paper, we propose a secure authentication mechanism based new mobility management method to improve the location management in the GSM network, which suffers from a lot off drawbacks, such as transmission cost and database overload. Numerical analysis is done for both conventional and modified versions and compared together. The numerical results show that our protocol scheme is more secure and that it reduces mobility management costs the most in the GSM network.

• International Journal of Computer Science & Network Security
• /
• 제22권3호
• /
• pp.29-36
• /
• 2022

In deep learning classification tasks, most models frequently assume that all labels are available for the training datasets. As such strategies to learn new concepts from unlabeled datasets are scarce. In fingerprint classification tasks, most of the fingerprint datasets are labelled using the subject/individual and fingerprint datasets labelled with finger type classes are scarce. In this paper, authors have developed approaches of classifying fingerprint images using the majorly known fingerprint classes. Our study provides a flexible method to learn new classes of fingerprints. Our classifier model combines both the clustering technique and use of deep learning to cluster and hence label the fingerprint images into appropriate classes. The K means clustering strategy explores the label uncertainty and high-density regions from unlabeled data to be clustered. Using similarity index, five clusters are created. Deep learning is then used to train a model using a publicly known fingerprint dataset with known finger class types. A prediction technique is then employed to predict the classes of the clusters from the trained model. Our proposed model is better and has less computational costs in learning new classes and hence significantly saving on labelling costs of fingerprint images.

• ETRI Journal
• /
• 제28권5호
• /
• pp.692-695
• /
• 2006

Recently, there has been a constant barrage of worms over the Internet. Besides threatening network security, these worms create an enormous economic burden in terms of loss of productivity not only for the victim hosts, but also for other hosts, as these worms create unnecessary network traffic. Further, measures taken to filter these worms at the router level incur additional network delays because of the extra burden placed on the routers. To develop appropriate tools for thwarting the quick spread of worms, researchers are trying to understand the behavior of worm propagation with the aid of epidemiological models. In this study, we present an optimization model that takes into account infection and treatment costs. Using this model we can determine the level of treatment to be applied for a given rate of infection spread.

• 한국산업정보학회논문지
• /
• 제20권4호
• /
• pp.55-65
• /
• 2015

손상 사고 중독과 관련해 환자의 의료비 증가는 국가건강보장체계의 지속가능성을 제고하기 위한 중대한 과제이며, 제도의 개선이나 건강보험의 관리 운영 효율화를 통한 의료비 증가를 억제할 필요가 있다. 따라서 손상 발생과 사망률이 높은 우리나라에서 손상 문제를 사회적으로 강조하기 위해서는 손상의 사회경제적 비용을 추계하는 것이 필요하다. 본 연구는 2008년도 한국의료패널 조사 중 외래 손상 사고 중독 환자를 대상으로 이용실태와 의료비지출을 전반적으로 파악하여, 손상으로 외래 서비스 이용 시 환자의 직접비용과 생산차질 등으로 인한 생산손실비용을 추계하였고, 궁극적으로 손상의 사회경제적 손상 비용을 추계하였다.

• 한국항공운항학회지
• /
• 제26권3호
• /
• pp.55-65
• /
• 2018

The SBD systems have made it possible that all boarding procedures are completed by passengers. With the SBD, air tickets can be issued and baggage can be consigned without the help of airline officers. This way, the SBD can improve the passenger circulation speed as well as decrease the time for passengers to wait for check-in, which is connected to the reduction of airlines' operaitonal costs. However, given that the SBD is a new technology, it has potentials to be used as a tool for air terrorism. This study purposes to determine methods to enhance the security and operation of SBD systems. With the aim, this paper investigated the existing literature on SBDs, self-check-in, airport security, air terrorism, risk management, aviation accidents, and information security. In order to compile real-time information about the SBD operations, twelve airports in North America, Europe, and Asia were analyzed based on existing studies on international SBD trends.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권12호
• /
• pp.6169-6187
• /
• 2017

With the fast growth of mobile services, Mobile Cloud Computing(MCC) has gained a great deal of attention from researchers in the academic and industrial field. User authentication and privacy are significant issues in MCC environment. Recently, Tsai and Lo proposed a privacy-aware authentication scheme for distributed MCC services, which claimed to support mutual authentication and user anonymity. However, Irshad et.al. pointed out this scheme cannot achieve desired security goals and improved it. Unfortunately, this paper shall show that security features of Irshad et.al.'s scheme are achieved at the price of multiple time-consuming operations, such as three bilinear pairing operations, one map-to-point hash function operation, etc. Besides, it still suffers from two minor design flaws, including incapability of achieving three-factor security and no user revocation and re-registration. To address these issues, an enhanced and provably secure authentication scheme for distributed MCC services will be designed in this work. The proposed scheme can meet all desirable security requirements and is able to resist against various kinds of attacks. Moreover, compared with previously proposed schemes, the proposed scheme provides more security features while achieving lower computation and communication costs.

• 융합보안논문지
• /
• 제22권4호
• /
• pp.179-188
• /
• 2022

패스워드 인증 체계 (PAS)는 개방형 네트워크에서 안전한 통신을 보장하는데 사용되는 가장 일반적인 메커니즘이다. 인수분해와 이산 로그 등의 수학적 기반의 암호 인증 체계가 제안되고 강력한 보안 기능을 제공하였으나, 암호를 구성하는데 필요한 계산 및 메시지 전송 비용이 높다는 단점을 가지고 있었다. Fairuz et al.은 스마트 카드 체계를 이용한 세션 키 동의와 관련하여 인수분해 및 이산 로그 문제를 기반으로 한 개선된 암호 인증 프로토콜을 제안했다. 하지만 본 논문에서는 취약성 분석을 통하여, Fairuz et al.의 프로토콜이 Privileged Insider Attack, Lack of Perfect Forward Secrecy, Lack of User Anonymity, DoS Attack, Off-line Password Guessing Attack에 관한 보안 취약점을 가지고 있다는 것을 확인하였다.

• Journal of Information Technology Applications and Management
• /
• 제11권1호
• /
• pp.39-51
• /
• 2004

Application systems outsourcing is an important part of IT outsourcing services. Application systems outsourcing costs is determined by service levels of outsourcers. Recent researches show there is a strong need to build industry-specific cost estimation models. In this study, an industry-specific application systems operation cost estimation model is suggested. We reviewed operation cost models of previous researches, and proposed a cost estimation model for security industry. Industry-specific service factors are defined and service levels are determined by Interviews with experts. The proposed model is tested and adjusted with empirical data. The new model shows more accurate prediction than previous general models. Future research will be needed to develop outsourcing cost estimation models for other industries and to refine cost models developed in this study.

• International Journal of Computer Science & Network Security
• /
• 제23권6호
• /
• pp.169-175
• /
• 2023

Ethical hackers are using different tools and techniques to encounter malicious cyber-attacks generated by bad hackers. During the software development process, development teams typically bypass or ignore the security parameters of the software. Whereas, with the advent of online web-based software, security is an essential part of the software development process for implementing secure software. Security features cannot be added as additional at the end of the software deployment process, but they need to be paid attention throughout the SDLC. In that view, this paper presents a new, Ethical Hacking - Software Development Life Cycle (EH-SDLC) introducing ethical hacking processes and phases to be followed during the SDLC. Adopting these techniques in SDLC ensures that consumers find the end-product safe, secure and stable. Having a team of penetration testers as part of the SDLC process will help you avoid incurring unnecessary costs that come up after the data breach. This research work aims to discuss different operating systems and tools in order to facilitate the secure execution of the penetration tests during SDLC. Thus, it helps to improve the confidentiality, integrity, and availability of the software products.

• 정보보호학회논문지
• /
• 제24권6호
• /
• pp.1225-1241
• /
• 2014

고객정보 유출 방지를 위해 금융기관은 DLP(Data Leaks Prevention) 관련 정보보호 제품을 도입하고 내부통제 정책을 강화하고 있다. 그러나 정보의 수집, 제공, 이용, 저장 과정의 핵심적 역할을 담당하는 응용프로그램에 대한 관리 및 기술적 통제는 매우 미흡한 실정이며, 응용프로그램을 통한 정보유출 사고를 예방하거나 대책 마련을 위한 내부통제 정책의 이행에 어려움을 겪고 있다. 본 논문에서는 금융기관의 개인정보 취급 및 주요 유통 경로 현황 분석을 통해 문제점을 제기하고 정보유출 방지를 위한 효율적인 내부통제 보안기술의 필요성을 제시하였다. 이에 따라 가상화 및 모바일 분야에서 부분적으로 사용되고 있는 컨테이너 기술을 응용하여 클라이언트 PC 응용프로그램의 보안 취약점을 보완하고 정보유출 방지 기능을 제공하는 새로운 보안 컨테이너를 설계 구현하였으며, 실제 금융기관 업무시스템에 적용하여 정보유출 방지 및 IT 컴플라이언스 내부통제와 관련된 정책 수행능력의 효과성을 검증하였다. 또한 정책 설정을 통해 보안 컨테이너에 추가 보안 기능을 제공하고 보안 컨테이너를 재사용함으로써 보안 취약점 대응 비용 및 시간을 줄여 IT 컴플라이언스 규제 준수를 위한 보안 컨테이너의 효용 가치를 높였다.