• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.91-103
• /
• 2004

The survey of network firewall system has been focused on the deny policy that protects information from the unlicensed and the intrusion detection system. Government has solved several firewall problems as building the intranet separated from the intranet. However, the new firewall system would been satisfied both the denialpolicy and information share with the public, according as government recently emphasizes electronic service. Namely, it has to provide the functions such as the information exchange among divisions, partial share of information with the public, network connection and the interception of illegal access. Also, it considers the solution that protects system from hacking by inner user and damage of virus such as Worm. This Paper suggests the protects information system using the intrusion prevention system and role-based security policy to support the partial opennessand the security that satisfied information share among governments and public service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.125-136
• /
• 2011

The vulnerabilities existed in Korean electricity control systems is unexposed because it is being operated in a closed network with superior security. The threat will become greater once the closed network develops into a smart grid environment with superior intelligence. Security will have a greater impact once each household will be connected to the power plant via the smart meter. This research focuses on stable data transfer in harsh external environment and whole-nation coverage network, and suggested standardized and optimized Virtual Private Network (VPN) Gateway architecture to support Power Line Communication (PLC). The functionality and stability of the prototype has been verified with field tests. For implementation of outdoor type VPN device for smart grid, we adopted PLC low voltage remote-meter-net for data communication. Also, IPSec type tunneling and ARIA algorithm based encryption of data collected by PLC low voltage remote meter is transmitted.

• Journal of Industrial Convergence
• /
• v.19 no.6
• /
• pp.37-47
• /
• 2021

Today, people share information and communicate with others using various information and communication media such as e-mail, smartphones, SNS, etc. However, it is being used in malicious attacks to send a large amount of illegal spam or to use it for fraud by using illegally collected personal information and devices that are vulnerable to security. Illegal spam, smishing, and fraudulent mail(SCAM) cause a lot of direct and indirect damage to companies and users, including not only social costs such as mental fatigue, but also unnecessary consumption of IT infrastructure resources and economic losses. Although there are regulations related to spam, violators of the law are still on the rise by circumventing the law, and victims are constantly occurring, so it is necessary to review what the problem is. This study examined domestic and foreign spam-related regulations and spam-related response activities, identified problems, and suggested improvement countermeasures. Through this study, it was intended to suggest directions for improving spam-related systems in order to block illegal spam and prevent fraudulent damage.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.7
• /
• pp.955-961
• /
• 2021

In modern warfare, the importance of electronic warfare, which carries out a mission that using radio wave to find out enemy information or to protect ally information, has increased. Radar jamming technique is one of the most representative techniques of EA(Electronic Attack), it disturbs and deceives enemy radar system in order to secure ally location information. Velocity deception jamming technique, which is one of the radar jamming techniques, generally operate against pulse-doppler radar which use doppler effect in order to track target's velocity and location. Velocity Deception Jamming Technique can be implemented using DRFM(Digital Radio Frequency Memory) that performs Frequency Modulation. In this paper, I describe implementation method of VGPO/VGPI(Velocity Gate Pull-Off/Pull-In) velocity deception jamming technique using phase-sampled DRFM, and verify the operation of VGPO/VGPI velocity deception jamming technique with board test under signal injection condition.

• KNOM Review
• /
• v.22 no.1
• /
• pp.11-19
• /
• 2019

As technology develops, the latest security threats on the network applied to users are increasing. By attacking industrial or corporate systems with malicious purposes, hackers cause many social problems such as confidential information leakage, cyber terrorism, infringement of information assets, and financial damage. Due to the complex and diversified threats, the current security personnel alone are not enough to detect and analyze all threats. In particular, the Supervisory Control And Data Acquisition (SCADA) used in industrial infrastructures that collect, analyze, and return static data 24 hours a day, 265 days a year, is very vulnerable to real-time security threats. This paper introduces security information and event management (SIEM), a powerful integrated security management system that can monitor the state of the system in real time and detect security threats. Next, we compare SIEM solutions from various companies with the open source SIEM (OSSIM) from AlienVault, which is distributed as an open source, and present cases using the OSSIM and how to utilize it.

• Journal of Internet of Things and Convergence
• /
• v.9 no.3
• /
• pp.21-26
• /
• 2023

The development and distribution approach of applications is transitioning from a monolithic architecture to microservices and containerization, a lightweight virtualization technology, is becoming a core IT technology. However, unlike traditional virtual machines based on hypervisors, container technology does not provide concrete security boundaries as it shares the same kernel. According to various preceding studies, there are many security vulnerabilities in most container images that are currently shared. Accordingly, attackers may attempt exploitation by using security vulnerabilities, which may seriously affect the system environment. Therefore, in this study, we propose an efficient automated deployment pipeline design to prevent the distribution of container images with security vulnerabilities, aiming to provide a secure container environment. Through this approach, we can ensure a safe container environment.

• Annual Conference of KIPS
• /
• 2021.11a
• /
• pp.659-662
• /
• 2021

국내에서는 매년 많은 수의 자격시험이 치러지고 있다. 현재 대부분의 시험장에서 응시자 본인 확인 절차는 감독관이 응시자의 얼굴과 신분증 사진을 비교하는 방식으로 이루어진다. 하지만 이 방식은 사람에 따라 오차가 클 수 있으며, 사진과 눈에 띄는 차이가 없으면 동일인물로 판단하기 쉽다. 최근까지도 대리응시 이슈가 발생하고 있어 근절을 위한 보다 강력한 조치가 필요하다. 본 논문에서는 지문과 오토인코더, SGAN을 이용하여 대리응시방지를 강화할 수 있는 본인 확인 시스템을 제안한다. 이때 응시자의 지문정보가 그대로 인증 서버에 저장되면 응시자의 생체정보가 노출될 수 있다는 문제점이 존재한다. 따라서 오토인코더를 통해 지문의 특징점만 추출하여 인증용 이미지를 생성하고 이 이미지를 서버에 저장하여 학습시키도록 한다. 적은 학습데이터 환경에서 분류기로써 좋은 성능을 갖는 SGAN을 통해 인증 이미지와 응시자가 동일인물인지 확인할 수 있다. 서버가 공격을 받더라도 응시자의 지문데이터가 그대로 노출되지 않게 되어 보안 취약점을 극복할 수 있다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.28 no.5
• /
• pp.41-54
• /
• 2023

Smart grid that supports efficient energy production and management is used in various fields and industries. However, because of the environment in which services are provided through open networks, it is essential to resolve trust issues regarding security vulnerabilities and privacy preservation. In particular, the identification information of smart meter is managed by a centralized server, which makes it vulnerable to security attacks such as device stolen, data forgery, alteration, and deletion. To solve these problems, this paper proposes a blockchain based authentication protocol for a smart meter. The proposed scheme issues an unique decentralized identifiers (DIDs) for individual smart meter through blockchain and utilizes a random values based on physical unclonable function (PUF) to strengthen the integrity and reliability of data. In addition, we analyze the security of the proposed scheme using informal security analysis and AVISPA simulation, and show the efficiency of the proposed scheme by comparing with related work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.553-568
• /
• 2024

Due to the rapid development of IoT technology and the increase in home activities after the COVID-19 pandemic, users' demand for smart homes has increased significantly. As the size of the smart home market increases every year and the number of users increases, the importance of personal information protection and various security issues is also growing. It often grants temporary users smart home owner rights and gives them access to the system. However, this can easily allow access to third parties because the authorities granted are not properly managed. In addition, it is necessary to prevent the possibility of secondary damage using personal information collected through smart home devices and sensors. Therefore, in this paper, to prevent indiscriminate access to smart home systems without reducing user convenience, access rights are subdivided and designed according to the functions and types of smart home devices, and a token-based user access control technique using personal devices is proposed.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.8
• /
• pp.103-112
• /
• 2024

This study was initiated with the aim of authenticating that inputs have not been tampered with without disclosing them in the case of computations where multiple inputs are entered by participants using the same key. In general, in the authentication stage, authentication is performed after the input value is disclosed, but we do not want to reveal the inputs until the end. This is a case of deviating from the traditional security model in which malicious participants exist in cryptography, but it is a malicious attack method that can actually occur enough. Privacy infringement or distortion of calculation results can occur due to malicious manipulation of input values. To prevent this, this study studied a method that can authenticate that the message is not a modified message without disclosing the message using the signature system, zero-knowledge proof, and commitment scheme. In particular, by modifying the ElGamal signature system and combining it with the commitment scheme and zero-knowledge proof, we designed and proved a verification protocol that the input data is not a modified data, and the efficiency was improved by applying batch verification between authentication.