• Convergence Security Journal
• /
• v.3 no.3
• /
• pp.19-24
• /
• 2003

This research presents the development of a certain highly efficient model for group security policy negotiation using mobile agents in the IPSec environment. The conventional IP security systems has some problems. A drawback to these systems is that the required policy between each security area is different. Another problem is not possible to guarantee whether a packet is transmitted through the same path by both directions and is protected by the same policy due to the topology of the network. Unlike conventional systems, the model developed herein can be resolved by using a mobile agent technology. If each domain needs a negotiation of security policy, a mobile agent manages the result of the negotiation in the form of a passport and guarantees the authentication and reliability each other by using the passport.

• Proceedings of the Korean Society of Computational and Applied Mathematics Conference
• /
• 2003.09a
• /
• pp.2.1-2
• /
• 2003

WLAN의 매체 특성상 AP beacon영역 내의 모든 STA들은 다른 STA의 송수신 데이터 내용에 접근할 수 있다. 따라서 상호 또는 그룹 간의 데이터프라이버시와 상호인증 서비스는 무선 랜의 중요한 이슈중의 하나이다. 무선랜을 통한 네트워크 접속 보안으로는 사용자와 AP 사이의 무선 접속구간 보안과 AP와 AS사이의 유선 구간 보안으로 정의되며, 상대적으로 취약한 무선 구간 보안이 초점이 된다. 현재 무선 구간 보안에는 WEP이 사용된다. 그러나 WEP 방식은 WEP 키와 IV 크기가 작고, 노출된 공유키를 사용하며, 암호 알고리즘(RC4)와 무결성 알고리즘(CRC-32)이 근본적으로 취약하다. 이러한 문제에 대한 해결 방법으로 IEEE 802.11i는 두 가지 접근 방식을 채택하였다. 하나는 WEP의 보안 문제점을 소프트웨어적으로 개선한 TKIP이고 다른 하나는 기존의 WEP과는 하드웨어적으로 상이한 AES을 기반으로 한 CCMP이다. 이 논문에서는 각 알고리즘에 대한 키의 흐름 및 그 안전성을 분석하였다. 이러한 방법을 통해 WEP 구조의 보안상의 취약점을 확인하고, TKIP이 WEP을 대체할 수 있을 만큼의 안전성을 갖는지를 검증한다. 또한 고려될 수 있는 공격 모델을 제시하고, 이에 대하여 알고리즘에 부가적으로 요구되는 보완점에 대해 논한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.227-235
• /
• 2016

As various measures of law observance obligations such as mandatory obligation of privacy impact assessment (PIA) for public institutions and authorization of information security management system (ISMS) are put into practice, increase in demand for information security consulting and securement of information security consultants are emerging as a major issue. The purpose of this study is to empirically investigate what core competencies information security consultants should possess and how much they actually possess them. By analyzing the differences in perception between practitioners and managers on core competencies, this study understands difference of views between the two groups and suggests ideas for cultivation of information security consultants.

• Journal of Information Technology Services
• /
• v.8 no.2
• /
• pp.117-136
• /
• 2009

Over the years a password has been used as a popular authentication method between a client and a server because of its easy-to-memorize property. But, most password-based authentication services have focused on a same password authentication scheme which provides an authentication and key exchange between a client and a server with the same password. With rapid change of communication environments in the fields such as mobile networks, home networking, etc., the end-to-end security allowing users to hold different password is considered as one of main concerns. In this paper, we consider a new authentication service of how each client with different own password is able to authenticate each other, which is a quite new service paradigm among the existing services. This new service can be used in the current or next generation network environment where a mobile user in cell A wants to establish a secure end-to-end channel with users in ceil B, C, and D using only their memorable passwords. This end-to-end security service minimizes the interferences from the operator controlled by network components. To achieve this end-to-end security, we propose an authentication and key exchange service for group users in different realm, and analyze its security in a formal way. We also discuss a generic construction with the existing authentication schemes.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2008.06a
• /
• pp.217-224
• /
• 2008

본 논문에서는 기술자격시스템에 대한 관리 운영상의 효율성을 향상시키기 위하여 내부관리시스템을 설계하고 구현하였다. 비정기성 기술자격시스템은 정보처리 관련기업에 개발 및 구현에 대한 전체적인 사항을 위탁업무로 수행하고 처리 결과에 대한 자료를 시행기관에서 인수하여 내부업무를 처리한다. 이러한 관리체계는 추가적 요구정보에 대한 재처리에 많은 문제점을 내포한다. 부가적인 추가적 요구사항에 대하여 재개발 절차가 필요하며 효율적인 업무처리와 관리체계를 수행하는데 불안정한 요소들을 가지고 있는바, 이러한 문제점을 해결하기 위한 방안으로 특수 자격 분야에 시범적으로 적용한 내부관리시스템을 제안하였다. 제안된 내부관리 시스템의 기능 평가는 시뮬레이션 방식으로 최소 규모의 파일럿시스템에서 구현 기술을 적용하고 검증 한 후 실시간 기술자격 시험에 시범 적용한 결과 처리 과정상의 안정성과 실용성이 인증되어 대단위 자격시스템에 확대 적용할 계획이다. 위탁기관과 연계하여 부가적 요구정보 처리 시 발생되는 추가 개발기간에 대한 문제점을 해결하였으며 안정적인 시스템 운영상태와 최대의 효율성을 보여주었다. 특히 내부관리시스템을 사용하는 전문가와 비전문가그룹으로 이루어진 자격시행기관의 시스템 평가에서 사용자 편리성과 확장성 부문에 탁월한 평가를 도출하였다. 본 논문에서 설계 및 구현한 내부관리 시스템은 다양한 방식과 구성요소를 통합하여 공통영역을 표준화 한 후, 체계적으로 실시간 자격관리시스템에 적용 될 수 있을 것으로 분석되었다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.4
• /
• pp.13-23
• /
• 2017

In order to protect personal information and important information (confidential information, sales information, user information, etc.) in the internal network, companies and organizations apply encryption to the Server-To-Server or Server-To-Client communication section, And are experiencing difficulties due to the increasing number of known attacks and intelligent security attacks. In order to apply the existing S / W encryption technology, it is necessary to modify the application. In the financial sector, "Comprehensive Measures to Prevent the Recurrence of Personal Information Leakage in the Domestic Financial Sector" has been issued, and standard guidelines for financial computing security have been laid out, and it is required to expand the whole area of encryption to the internal network. In addition, even in environments such as U-Health and Smart Grid, which are based on the Internet of Things (IoT) environment, which is increasingly used, security requirements for each collection gateway and secure transmission of the transmitted and received data The requirements of the secure channel for the use of the standard are specified in the standard. Therefore, in this paper, we propose a secure encryption algorithm through mutual authentication and grouping for each node through H / W based Network Control Server (NCS) applicable to internal system and IoT environment provided by enterprises and organizations. We propose a protocol design that can set the channel.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.565-568
• /
• 2004

최근 ERP에 고객관계관리(CRM), 공급망관리(SCM), 지식관리(KMS) 등의 기능을 확장한 확장형 ERP에 대한 연구개발이 활발해지고 있다. 그러나 타산업과 달리 건설산업의 특수성으로 인한 정보화의 부진으로 인해 이러한 새로운 개념을 적용할 수 있는 ERP 확장모델이 없는 상태이며, 대기업의 경우 일부 이러한 모듈을 부분적으로 적용하려는 움직임은 보이고 있으나, ERP와 별도의 이종시스템으로 관리되고 있어 통합적인 ERP운용을 통해 얻을수 있는 효과를 기대하기 어려운 실정이다. 이에 본 연구에서는 산자부에서 건설표준ERP템플릿으로 지정받은 ERP엔진을 모체로 협력업체와의 인터페이스 제공을 위한 협업적IT시스템과 전자계약시스템, 그리고 변화되는 ISO에 대한 기업의 대처능력 향상을 위한 ISO인증관리시스템, 고객과의 관계관리를 위한 고객관계관리시스템, 절차서와 같은 기업 내의 표준화 된 문서를 관리하기 위한 전자매뉴얼관리시스템, 결재관리를 위한 그룹웨어, 기업 내의 지식저장소 관리를 위한 지식관리시스템을 연구범위로 하여 건설분야 확장형ERP 모델(E2CM)을 개발하였으며, 이를 검증을 위한 시스템(eCOMIS)을 개발하였다.

• Korean Security Journal
• /
• no.48
• /
• pp.79-111
• /
• 2016

This study aims at analyzing the global trend of standardization in the field of Industrial Security through ISO/TC 292. It covers broad areas from risk management for industrial property protection and loss prevention through supply chain security, product and document fraud and counterfeiting countermeasures and control and community resilience. It also explores the historical background of the standardization in the security field, how ISO TC 292 came out as a leading group in order to standardize relevant security management systems. TC 292 deals with terminology, general security-related standards and supply chain security management. One of the major findings from this analysis is that security targets and threats are diversified and so organizations like enterprises should have proper flexibility to adapt themselves to new security environment and take appropriate resilience system to cope with the threats and incidents. Also the ISO standardization requires public or private entities to take holistic approaches in security management. Finally, it was found that South Korea has to prepare for this global trend of standardization in this field so that ISO certification market demand and the requirements for transnational trades can be well met.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.394-400
• /
• 2013

WoT (Web of Things) was proposed to realize intelligent thing to thing communications using WEB standard technology. It is difficult to adapt security protocols suited for existing Internet communications into WoT directly because WoT includes LLN(Low-power, Lossy Network) and resource constrained sensor devices. Recently, IETF standard group propose to use DTLS protocol for supporting security services in WoT environments. However, DTLS protocol is not an efficient solution for supporting end to end security in WoT since it introduces complex handshaking procedures and high communication overheads. We, therefore, divide WoT environment into two areas- one is DTLS enabled area and the other is an area using lightweight security scheme in order to improve them. Then we propose a mutual authentication scheme and a session key distribution scheme for the second area. The proposed system utilizes a smart device as a mobile gateway and WoT proxy. In the proposed authentication scheme, we modify the ISO 9798 standard to reduce both communication overhead and computing time of cryptographic primitives. In addition, our scheme is able to defend against replay attacks, spoofing attacks, select plaintext/ciphertext attacks, and DoS attacks, etc.

• Journal of Environmental Impact Assessment
• /
• v.30 no.6
• /
• pp.393-412
• /
• 2021

This study examines the assessment systems of LEED v4.1, an eco-friendly building evaluation system in the United States, and SITE v2, an assessment system for sustainable outdoor spaces, and then compares and examines them from the perspective ofrelevant laws and institutional guidelines and standards in Korea. The conclusion is as follows. First, the US eco-friendly certification system basically not only establishes an independent evaluation system according to the field of expertise, but also provides a sustainable city and community through response to the climate crisis and the comfort of the external space environment. It can be evaluated that securing the quality of life of healthy and happy city dwellers is the top priority. Second, Korea's Green Building Certification System (G-LEED) was basically based on the American LEED system, but it was judged that there was a fundamental difference. It was judged that there is a limitation in not being able to achieve an integrated approach through the participation of various expert groups and stakeholders, but also in the accumulation of more scientific and reliable data and information through the application of cutting-edge information and communication equipment. Third, in the case of external space in Korea, a sustainable assessment system has not been established, and not only is it dispersed in various legal and institutional guidelines, but also its effectiveness is judged to be very low. Therefore, it is judged that it is urgent to introduce and secure the applicability of SITES v2, a sustainable outdoor space assessment system in the United States. It was judged that the effectiveness should be secured through the upward adjustment of the minimum Ecological Area Ratio.