• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1605-1618
• /
• 2016

In recent years, security incidents - such as personal information leakage, homepage hacking, DDoS and etc. - targeting finance companies(banks, securities companies, credit card companies, insurance companies and etc.) have increased steadily. In this paper, we analyze problems of information security management level in the existing electronic financial infrastructure from perspective of compliance and information security certification system and propose improvements to enable sustainable high level of information security activities under a comprehensive management system for the financial sector characteristics using ISMS, SECU-STAR and CNIVAM system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.177-180
• /
• 2015

As network technology advances hacking techniques are also evolving. This paper proposes design of a packet analyzer to monitor and analyze data packets in networks. The proposed packet analyzer offers functions such as packet sniffing, filtering and statistics. We implemented a prototype packet analyzer in C# .NET development environment using SharPcap.

• The KIPS Transactions:PartA
• /
• v.11A no.6
• /
• pp.439-450
• /
• 2004

Mobile agents are autonomous and dynamic entities that can migrate among various nodes in the network. Java's Jini framework facilitates mobile agent system development, providing hey features for distributed network programming. However, due to the security weakness, Jinil.0 service has a fundamental limitation on developing mobile agent systems which support secure remote communications. In this paper, we describe a Jini2.0-based secure mobile agent system named SecureJMoblet. On the top of Jini2.0, the system provides basic functionalities of a mobile agent system such as creation, transfer and control. In addition, with the SeureJS developed for secure JavaSpace service, SecureJMoblet supports a secure object repository and a reliable communication among mobile agents.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.97-116
• /
• 2003

Frequency of attacks on web services and the resulting damage continue to grow as web services become popular. Techniques used in web service attacks are usually different from traditional network intrusion techniques, and techniques to protect web services are badly needed. Unfortunately, conventional intrusion detection systems (IDS), especially those based on known attack signatures, are inadequate in providing reasonable degree of security to web services. An application-level IDS, tailored to web services, is needed to overcome such limitations. The first step in developing web application IDS is to analyze known attacks on web services and characterize them so that anomaly-based intrusion defection becomes possible. In this paper, we classified known attack techniques to web services by analyzing causes, locations where such attack can be easily detected, and the potential risks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.776-779
• /
• 2004

With the rapid progress of information technique, it is getting more difficult to protect information systems from cyber terrorism, because of bugs and vulnerabilities of software and the properties of cyberspace such as anonymity. furthermore cyber terror techniques are highly developed and complicated and their use for a malicious intent and a military purpose are increasing recently. Therefore a study of warfare attack technology on the cyber space is necessary for establishing trusted society and further national security. Specially, worms/viruses are becoming a more common occurrence on the cyber space. Also, The worm caused a great deal of damage to the large number of networks around the world in a very short period of time. Therefore, we will describe worms/viruses in the warfare attack technique in this paper.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.15-23
• /
• 2004

Westfeld analyzed a sequential LSB embedding steganography effectively through the $\chi$$^2$statistical test which measures the frequencies of PoVs(pairs of values). Fridrich also proposed another statistical analysis, so-called RS steganalysis by which the embedding message rate can be estimated. This method is based on the partition of pixels as three groups; Regular, Singular, Unusable groups. In this paper, we propose a new steganographic scheme which preserves the above two statistics. The proposed scheme embeds the secret message in the innocent image by randomly adding one to real pixel value or subtracting one from it, then adjusts the statistical measures to equal those of the original image.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.643-646
• /
• 2021

경찰청에 따르면 도로교통법이 개정된 이후 3개월단 개인형 이동장치(PM)를 단속한 결과 무면허 운전이 3199건에 달하는 것으로 나타났다. 공유 킥보드 서비스의 경우 회원가입을 할 때 운전면허증 취득 여부를 확인하긴 하지만 서비스를 이용할 때는 별도의 확인 절차 없이 대여할 수 있기 때문에 운전면허증을 취득하지 않았어도 대여하는 경우가 발생한다. 본 논문에서는 공유 킥보드 서비스의 보안 취약점을 보완하기 위해 오토인코더와 변이형 오토인코더를 사용한 딥러닝 기반의 공유 킥보드 대리 대여 방지 시스템을 제안한다. 오토인코더는 지문 데이터로부터 특징만을 추출할 수 있어, 사용자의 지문 원본을 서버에게 노출시키지 않을 수 있다. 변이형 오토인코더는 생성형 모델로써, 사용자의 지문 데이터를 증폭 시켜 합성곱 신경망의 성능을 높이는데 도움을 준다. 이러한 오토인코더와 변이형 오토인코더의 특징을 이용해 사용자의 지문을 서버에 노출시키지 않으면서 적은 데이터로 신뢰성 높은 사용자 인증이 가능한 전동 킥보드 대여 시스템을 제안한다.

• Korean Security Journal
• /
• no.29
• /
• pp.301-336
• /
• 2011

This exploratory study aims to review the risks and threats of social network services(SNSs), particularly focusing upon the policing perspective. This paper seeks to acknowledge the present risk/danger of SNSs and the very significance of establishing a strategic framework to effectively prevent and/or control criminal misuse of SNSs. This research thus advocates that proactive study on security issues and criminal aspects of SNSs and preventive countermeasures can play a significant role in policing the networked society in the time of digital/internet age. Social network sites have been increasingly attracting the attention of entrepreneurs, and academic researchers as well. In this exploratory article, the researcher tried to define concepts and features of SNSs and describe a variety of issues and threats posed by SNSs. After summarizing existing security risks, the researcher also investigated both the potential threats to privacy associated with SNSs, such as ID theft and fraud, and the very danger of SNSs in case of being utilized by terrorists and/or criminals, including cyber-criminals. In this study, the researcher primarily used literature reviews and empirical methods. The researcher thus conducted extensive case studies and literature reviews on SNSs. The literature reviews herein cover theoretical discussions on characteristics, usefulness, and/or potential danger/harm of SNSs. Through the literature review, the researcher also concentrated upon being able to identify a strategic framework for law enforcement to effectively prevent criminal misuse of SNSs The limitation of this study can be lack of statistical data and attempts to examine previously un-researched area in the field of SNS and its security risks and potential criminal misuse. Thus, to supplement this exploratory study, more objective theoretical models and/or statistical approaches would be needed to provide law enforcement with sustainable policing framework and contribute to suggesting policy implications.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.1
• /
• pp.49-57
• /
• 2016

Recently, marine accidents such as the sinking accident Mongol freighter ship and the sinking accident of Sewol ferry in Jindo continuously happen. In order to decrease the number of these marine accidents, Korean ships are obliged to follow the AIS(Automatic Identification System) system. The AIS protocol includes all information for sailing ships. However, the standard AIS protocol does not provide any security function, In addition, it is possible to hijack the standard AIS protocol in case of using a satellite communication device called FUNcuve Dongle Pro+. Therefore, this paper analyzes weak points of the security in the standard AIS protocol. Furthermore, this paper ensures reliability by marking the MAC Address of sender and receiver for secure communication and suggests the protocol that can securely send data, using the VPN Tunnelling method. Therefore, the suggested AIS protocol provides the secure communication to the AIS protocol and protect the messages in the AIS protocol, which can serve safe voyages by decreasing the marine accidents.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.25-32
• /
• 2022

Recently, the image processing industry has been activated as deep learning-based technology is introduced in the image recognition and detection field. With the development of deep learning technology, learning model vulnerabilities for adversarial attacks continue to be reported. However, studies on countermeasures against poisoning attacks that inject malicious data during learning are insufficient. The conventional countermeasure against poisoning attacks has a limitation in that it is necessary to perform a separate detection and removal operation by examining the training data each time. Therefore, in this paper, we propose a technique for reducing the attack success rate by applying modifications to the training data and inference data without a separate detection and removal process for the poison data. The One-shot kill poison attack, a clean label poison attack proposed in previous studies, was used as an attack model. The attack performance was confirmed by dividing it into a general attacker and an intelligent attacker according to the attacker's attack strategy. According to the experimental results, when the proposed defense mechanism is applied, the attack success rate can be reduced by up to 65% compared to the conventional method.