• The KIPS Transactions:PartA
• /
• v.11A no.6
• /
• pp.439-450
• /
• 2004

Mobile agents are autonomous and dynamic entities that can migrate among various nodes in the network. Java's Jini framework facilitates mobile agent system development, providing hey features for distributed network programming. However, due to the security weakness, Jinil.0 service has a fundamental limitation on developing mobile agent systems which support secure remote communications. In this paper, we describe a Jini2.0-based secure mobile agent system named SecureJMoblet. On the top of Jini2.0, the system provides basic functionalities of a mobile agent system such as creation, transfer and control. In addition, with the SeureJS developed for secure JavaSpace service, SecureJMoblet supports a secure object repository and a reliable communication among mobile agents.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.97-116
• /
• 2003

Frequency of attacks on web services and the resulting damage continue to grow as web services become popular. Techniques used in web service attacks are usually different from traditional network intrusion techniques, and techniques to protect web services are badly needed. Unfortunately, conventional intrusion detection systems (IDS), especially those based on known attack signatures, are inadequate in providing reasonable degree of security to web services. An application-level IDS, tailored to web services, is needed to overcome such limitations. The first step in developing web application IDS is to analyze known attacks on web services and characterize them so that anomaly-based intrusion defection becomes possible. In this paper, we classified known attack techniques to web services by analyzing causes, locations where such attack can be easily detected, and the potential risks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.776-779
• /
• 2004

With the rapid progress of information technique, it is getting more difficult to protect information systems from cyber terrorism, because of bugs and vulnerabilities of software and the properties of cyberspace such as anonymity. furthermore cyber terror techniques are highly developed and complicated and their use for a malicious intent and a military purpose are increasing recently. Therefore a study of warfare attack technology on the cyber space is necessary for establishing trusted society and further national security. Specially, worms/viruses are becoming a more common occurrence on the cyber space. Also, The worm caused a great deal of damage to the large number of networks around the world in a very short period of time. Therefore, we will describe worms/viruses in the warfare attack technique in this paper.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.15-23
• /
• 2004

Westfeld analyzed a sequential LSB embedding steganography effectively through the $\chi$$^2$statistical test which measures the frequencies of PoVs(pairs of values). Fridrich also proposed another statistical analysis, so-called RS steganalysis by which the embedding message rate can be estimated. This method is based on the partition of pixels as three groups; Regular, Singular, Unusable groups. In this paper, we propose a new steganographic scheme which preserves the above two statistics. The proposed scheme embeds the secret message in the innocent image by randomly adding one to real pixel value or subtracting one from it, then adjusts the statistical measures to equal those of the original image.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.643-646
• /
• 2021

경찰청에 따르면 도로교통법이 개정된 이후 3개월단 개인형 이동장치(PM)를 단속한 결과 무면허 운전이 3199건에 달하는 것으로 나타났다. 공유 킥보드 서비스의 경우 회원가입을 할 때 운전면허증 취득 여부를 확인하긴 하지만 서비스를 이용할 때는 별도의 확인 절차 없이 대여할 수 있기 때문에 운전면허증을 취득하지 않았어도 대여하는 경우가 발생한다. 본 논문에서는 공유 킥보드 서비스의 보안 취약점을 보완하기 위해 오토인코더와 변이형 오토인코더를 사용한 딥러닝 기반의 공유 킥보드 대리 대여 방지 시스템을 제안한다. 오토인코더는 지문 데이터로부터 특징만을 추출할 수 있어, 사용자의 지문 원본을 서버에게 노출시키지 않을 수 있다. 변이형 오토인코더는 생성형 모델로써, 사용자의 지문 데이터를 증폭 시켜 합성곱 신경망의 성능을 높이는데 도움을 준다. 이러한 오토인코더와 변이형 오토인코더의 특징을 이용해 사용자의 지문을 서버에 노출시키지 않으면서 적은 데이터로 신뢰성 높은 사용자 인증이 가능한 전동 킥보드 대여 시스템을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.815-818
• /
• 2007

최근 유비쿼터스 시대가 도래하면서 센서 네트워크의 중요성이 대두되고 있다. 센서 네트워크란 필요한 모든 곳에 전자태그를 부착하고, 이를 통해 사물의 인식 정보를 기본으로 주변의 환경정보까지 각종 센서를 통해 실시간으로 수집하여 관리, 통제할 수 있도록 구성한 네트워크를 말한다. 이러한 센서 네트워크에서 각 노드들은 에너지, 계산 능력, 대역폭 등에 상당한 제한을 받으며, 정보가 저장된 장치를 쉽게 도난 당할 수도 있다. 특히 보안 통신을 하기 위해 키 설정 및 관리는 필수적이며 지금까지 그로 인해 여러 가지 키 분배 및 관리 방법이 제안되었다. 본 논문은 군대 등의 특정 상황과 같이 계층적 구조를 가지는 센서 네트워크에서 더욱 효율적으로 통신을 할 수 있는 키 관리 방법을 소개하고자 한다. 기존의 계층적 구조의 취약점을 분석하고, 이를 바탕으로 레벨 키를 제안하여 같은 레벨에서 다른 그룹간 통신이 가능한 효율적인 키 분배 방안을 제시한다.

• Korean Security Journal
• /
• no.29
• /
• pp.301-336
• /
• 2011

This exploratory study aims to review the risks and threats of social network services(SNSs), particularly focusing upon the policing perspective. This paper seeks to acknowledge the present risk/danger of SNSs and the very significance of establishing a strategic framework to effectively prevent and/or control criminal misuse of SNSs. This research thus advocates that proactive study on security issues and criminal aspects of SNSs and preventive countermeasures can play a significant role in policing the networked society in the time of digital/internet age. Social network sites have been increasingly attracting the attention of entrepreneurs, and academic researchers as well. In this exploratory article, the researcher tried to define concepts and features of SNSs and describe a variety of issues and threats posed by SNSs. After summarizing existing security risks, the researcher also investigated both the potential threats to privacy associated with SNSs, such as ID theft and fraud, and the very danger of SNSs in case of being utilized by terrorists and/or criminals, including cyber-criminals. In this study, the researcher primarily used literature reviews and empirical methods. The researcher thus conducted extensive case studies and literature reviews on SNSs. The literature reviews herein cover theoretical discussions on characteristics, usefulness, and/or potential danger/harm of SNSs. Through the literature review, the researcher also concentrated upon being able to identify a strategic framework for law enforcement to effectively prevent criminal misuse of SNSs The limitation of this study can be lack of statistical data and attempts to examine previously un-researched area in the field of SNS and its security risks and potential criminal misuse. Thus, to supplement this exploratory study, more objective theoretical models and/or statistical approaches would be needed to provide law enforcement with sustainable policing framework and contribute to suggesting policy implications.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.1
• /
• pp.49-57
• /
• 2016

Recently, marine accidents such as the sinking accident Mongol freighter ship and the sinking accident of Sewol ferry in Jindo continuously happen. In order to decrease the number of these marine accidents, Korean ships are obliged to follow the AIS(Automatic Identification System) system. The AIS protocol includes all information for sailing ships. However, the standard AIS protocol does not provide any security function, In addition, it is possible to hijack the standard AIS protocol in case of using a satellite communication device called FUNcuve Dongle Pro+. Therefore, this paper analyzes weak points of the security in the standard AIS protocol. Furthermore, this paper ensures reliability by marking the MAC Address of sender and receiver for secure communication and suggests the protocol that can securely send data, using the VPN Tunnelling method. Therefore, the suggested AIS protocol provides the secure communication to the AIS protocol and protect the messages in the AIS protocol, which can serve safe voyages by decreasing the marine accidents.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.25-32
• /
• 2022

Recently, the image processing industry has been activated as deep learning-based technology is introduced in the image recognition and detection field. With the development of deep learning technology, learning model vulnerabilities for adversarial attacks continue to be reported. However, studies on countermeasures against poisoning attacks that inject malicious data during learning are insufficient. The conventional countermeasure against poisoning attacks has a limitation in that it is necessary to perform a separate detection and removal operation by examining the training data each time. Therefore, in this paper, we propose a technique for reducing the attack success rate by applying modifications to the training data and inference data without a separate detection and removal process for the poison data. The One-shot kill poison attack, a clean label poison attack proposed in previous studies, was used as an attack model. The attack performance was confirmed by dividing it into a general attacker and an intelligent attacker according to the attacker's attack strategy. According to the experimental results, when the proposed defense mechanism is applied, the attack success rate can be reduced by up to 65% compared to the conventional method.

• Asia-Pacific Journal of Business Venturing and Entrepreneurship
• /
• v.17 no.4
• /
• pp.163-172
• /
• 2022

This study investigates the IPI (Information Protection Intention) of DHS (Digital Healthcare Service) providers by introducing PMT (Protection Motivation Theory). This study examines the effects of protection motivation, such as threat appraisal and coping appraisal, on IPI, such as ICI(Induction Control Intention) and SDI(Self Defense Intention). The research model, based on the PMT, adopted severity, vulnerability, reaction efficacy and self-efficacy as independent variables. The research model was validated through quantitative research, a survey of 222 DHS providers in South Korea, using structural equation modeling. The results show that (1) a clear awareness of the consequences of security threats increases the understanding of DHS providers on the severity of closure of healthcare information, and thus may decreases abuse of DHS by providers; (2) user confidence and satisfaction on the security system may make them be confident that they can handle the closure of healthcare information by themselves; and (3) although DHS providers are realizing the consequences of closure of healthcare information, they think that they are unlikely to encounter such situations. As a result of this study, venture companies that provide DHS need to provide contents that can continuously increase providers' security level in order to increase providers' information protection intention. It suggests that IPI is important through trust of healthcare service providers.