• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.81-90
• /
• 2003

Existing web-based system management software solutions show some limitations in time and space. Moreover, they possess such as shortcomings unreliable error message announcements and difficulties with real-time assistance suppers and emergency measures. In order to solve these deficiencies, Wireless Remote Control System was designed and implemented. Wireless Remote Control System is able to manage and monitor remote systems by using mobile communication devices for instantaneous control. The implementation of Wireless Remote Control System leads to these security Problems as well as solutions to aforementioned issues with existing web-based system management software solutions. Therefore, this paper has focused on the security matters related to Wireless Remote Control System. The designed security functions include mobile device user authentication and target system access control. For security verification of these security functions introduced CPN(Coloured Petri Nets) which is capable of expressing every possible state for each stage. And then in this paper was verified its security through PI(Place Invariant) based on CPN(Coloured Petri Nets). The CPN expression and analysis method of the proposed security function can also be a useful method for analyzing other services in the future.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.6
• /
• pp.599-603
• /
• 2016

Recently the wireless LAN system is substituting wired LAN system notably as the number of mobile users increases greatly along the advancement of technology. But the wireless LAN has a critical weakness in the security such as data leakage. Thus a safe security system is imperative to avoid threatening from hackers with offering the best convenience to inner users. In this research, we have developed a RADIUS wireless LAN security system for industrial applications, which performs the EAP authentication with the compatibility for any maker of wireless LAN. The system has interfaces based on WEB, providing DB access function for user management so that users can perform authentication of 802.1x in their computers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.373-381
• /
• 2017

Currently, various types of user authentication methods based on public certificates are used in domestic financial transactions. Such an authorized certificate method has a problem that a different security module must be installed every time a user connects an individual financial company to a web server. Also, the financial company relying on this authentication method has a problem that a new security module should be additionally installed for each financial institution whenever a next generation authentication method such as biometric authentication is newly introduced. In order to solve these problems, we propose an integrated authentication system that handles user authentication on behalf of each financial institution in financial transactions, and proposes an integrated authentication protocol that handles secure user authentication between user and financial company web server. The new authentication protocol is a modified version of OAuth2.0 that increases security and efficiency. It is characterized by performing a challenge-response protocol with a pre-shared secret key between the authentication server and the financial company web server. This gives users a convenient and secure Single Sign-On (SSO) effect.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.2
• /
• pp.3-11
• /
• 2005

As the usage of Internet grows, we share many informations among the others and use more database systems for a various type of data. However, secure database system, which prevents the unauthorized users from modification, deletion, and access, is urgently required for sharing data in Internet. Conventional technologies of a data security are passive methods which depend on several steps with an access control, and these methods are vulnerable against the illegal attack because attacker can see the plain text that is private message. To prevent private data item for the special security from the malicious attack in web database, this paper is devoted to implement database system using steganography method, so we can protect the data item completely because attacker cannot know the secure message although he get the content of database.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.181-190
• /
• 2009

DBMS access that used high speed internet web service through WAS is increasing. Need application of DB security technology for 3-Tier about DBMS by unspecified majority and access about roundabout way connection and competence control. If do roundabout way connection to DBMS through WAS, DBMS server stores WAS's information that is user who do not store roundabout way connection user's IP information, and connects to verge system. To DBMS in this investigation roundabout way connection through WAS do curie information that know chasing station security thanks recording and Forensic data study. Store session about user and query information that do login through web constructing MetaDB in communication route, and to DBMS server log storing done query information time stamp query because do comparison mapping actuality user discriminate. Apply making Rule after Pattern analysis receiving log by elevation method of security authoritativeness, and develop Module and keep in the data storing place through collection and compression of information. Kept information can minimize false positives of station chase through control of analysis and policy base administration module that utilize intelligence style DBMS security client.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.11-19
• /
• 2006

Web service is giving an equal privilege to all user for sharing their resources. Under this situation, a lot of vulnerability against the various attacks through the Internet is possible, more sophisticated security services are necessary. In this paper, we propose an access control scheme using SPKI (Simple Public Infrastructure). The scheme designates an access control by providing the certificate to users who request a connection for resource sharing and limits the resource usage of information provider according to the access right that is given to their own rights.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.11a
• /
• pp.1055-1058
• /
• 2005

최근 웹(World Wide WEb)은 전자상거래, e-commerce의 눈부신 성장과 더불어 그 이용률이 급격히 증가하였고, 이와 더불어 웹 취약점을 이용한 해킹사례도 증가하고 있다. 이 해킹 사례의 대부분은 웹 어플리케이션의 취약점을 이용한 것이다. 기존의 네트워크 침입탐지 시스템에서는 침입을 탐지하기 위해 시그너쳐 방법이 주로 사용되었다. 시그너쳐 방식은 시그너쳐를 기반으로 우수한 탐지율을 보인다. 그러나 웹 어플리케이션 공격은 다양한 원인과, 변형된 특성들을 가지고 있기 때문에 기존의 시그너쳐 기반의 방법으로는 특정한 패턴을 찾아내기가 곤란하다. 본 논문에서는 이를 보완할 수 있는 방법으로 프로파일 기반의 탐지방법을 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.464-465
• /
• 2014

Analysis of characteristics in software vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerability discovered. Being a new research area, the quantitative aspects of software vulnerabilities and risk assessments have not been fully investigated. However, further detailed studies are required related to the security risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers (Internet Explorer (IE), Firefox (FX), Chrome (CR) and Safari (SF)) with respect to the Common Vulnerability Scoring System (CVSS). The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems, and exploitation aftermath is getting worse.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.9
• /
• pp.73-80
• /
• 2018

In this paper, we propose a new type of client server environment to improve the architecture vulnerable to hacking in an existing client server environment. On the server side, move the existing Web server to the client side and This is a way for clients to communicate only the data they need and suggests a structure that completely blocks the web attack itself to the server. This can completely prevent a server from being hacked, spreading malicious code and hacking data on a server. It also presents a new paradigm that will not affect servers even if malware is infected with client PCs. This paper validates the proposed environment through BBS (Big Bad Stick) hardware in the form of USB on the client side. This study proof that secure services are provided through encryption communication with server-side security equipment, indicating that this study is a system with new security.

• International Journal of Computer Science & Network Security
• /
• v.22 no.1
• /
• pp.234-240
• /
• 2022

One of the most discussed topics is cyber security when it comes to web application and how to protect it and protect databases. One of the most widely used and widespread techniques is SQLI, and it is used by hackers and hackers. In this research, we touched on the concept of SQLI and what are its different types, and then we detected a SQLI vulnerability in a website using SQLMAP. Finally, we mentioned different ways to avoid and protect against SQLI.