• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.10a
• /
• pp.882-884
• /
• 2009

네트워크보안에서 네트워킹기능과 정보보호기능을 분리하여 관리하지 않고 연계하여 종합 메커니즘을 구성 및 적용할 경우 종합적인 정보보호 효율은 시너지효과로 나타난다. 본 연구는 네트워킹 기능과 정보보호기능을 연계하여 정보보호기능을 적용했을 경우의 연동메커니즘 구현방법을 제안하기 위한 것이다. 연동 메커니즘에 의한 보안차단성과는 분리상황의 성과보다 증대되어 나타나므로 네트워크 인프라상에서의 정보보호기능 구현은 반드시 네트워킹기능과 정보보호기능을 연계하여 구성하고 그 성과를 측정, 관리하는 것이 정보보호 성과 관리에 효율적 방법임을 본 연구를 통해 제시하고자 한다.

• Journal of the Korea Society of Computer and Information
• /
• v.5 no.3
• /
• pp.84-90
• /
• 2000

This paper presents a design of an access control mechanism that can resolves the complicated problems of access control requirements in internet environment. In this paper, we proposed an access control mechanism which can satisfy the combined goals of confidentiality integrity and availability of any resource. We defined an access control mechanism from the viewpoints of identity-based, rule-based and role-based policy and implemented 6 access control operations. The Proposed access control mechanism can protect resources from unauthorized accesses based on the multi-level security policies of security label, integrity level, role and ownership.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.2
• /
• pp.337-348
• /
• 2023

As protecting organizations' information assets affects their substantiality, they are increasing their investments in policies, regulations, and technologies for systematic information asset management and protection. This study confirms the impact on information security(IS) compliance from the perspective of employees who apply IS policies to actual work. In particular, this study identifies mechanisms linked to IS policy awareness, sanction, justice, and IS compliance from the perspective of expanding deterrence theory. We applied 316 samples obtained from workers of organizations that applied IS policies and regulations to work and verified the relationship between mechanisms by using AMOS and SPSS packages. As a result of the verification, IS policy awareness had a positive effect on organization justice and compliance intention through the severity and clarity of sanctions. Individual justice sensitivity had a moderating effect on the cause and outcome of justice. The sanction-related mechanism presented in this study provides strategic implications for organizations that require active IS activities by insiders.

• Review of KIISC
• /
• v.7 no.2
• /
• pp.15-34
• /
• 1997

분산 시스템 환경은 다수의 컴퓨터가 네트워크에 연결되어 있고, 다양한 사용자가 공통적으로 접근할 수 있기 때문에 심각한 보안 문제를 안고 있다. 본 논문은 개방형 분산 시스템 환경에서 각종 위협에 대응할 수 있는 인증 메커니즘에 관하여 다룬다. 기본적인 위협 요소, 인증 요구조건 및 서비스를 검토하고 관련된 메커니즘들을 조사 분석함으로써 분산 시스템의 응용에서 암호학적인증 메커니즘의 설계 기준을 마련할 수 있을 것이다. 본 논문에서는 Kerberos, X.509, SPX 및 SESAME 인증 메커니즘을 실체 인증의 개념적 관점에서 분석하였다.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.287-294
• /
• 2003

Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.

• Journal of Internet Computing and Services
• /
• v.6 no.1
• /
• pp.1-12
• /
• 2005

Recently, the patterns of cyber attack through internet have been various and have become more complicated and thus it is difficult to detect a network intruder effectively and to response the intrusion quickly. Therefore, It is almost not possible to chase the real location of a network intruder and to isolate the Intruder from network in UDP based DoS or DDoS attacks spoofing source IP address and in TCP based detour connection attacks. In this paper, we propose active security architecture on active network to correspond to various cyber attacks promptly. Security management framework is designed using active technology, and security control mechanism to chase and isolate a network intruder is implemented. We also test the operation of the active security mechanism implemented on test_bed according to several attack scenarios and analyze the experiment results.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.7
• /
• pp.241-244
• /
• 2014

Wireless Sensor Network(WSN) has been attracting lots of interest in recent years for smart surveillance systems. WSN-based surveillance systems need to figure out the occurrence or existence of events or objects and to find out where the events have occurred or the objects are present. In our surveillance system, it is needed to give an alarm only when the detected object is human (not pets or rodents) for reducing false alarms and improving the system reliability. In this paper, we propose a height prediction mechanism to determine if the detected object is human using Heron's formula. Finally, we verify the performance of our proposed mechanism through various experiments.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1158-1161
• /
• 2007

IPv6는 IETF가 IPv4를 대체하기 위해 제안한 프로토콜이다. 하지만 현재 모든 네트워크를 IPv4에서 IPv6로 전환하는 것은 비용과 시간적인 측면에서 힘들기 때문에 상당 기간 IPv4와 IPv6가 공존하는 IPv4/IPv6 혼재 네트워크가 유지될 것이다. IPv4/IPv6 혼재 네트워크에서 통신을 위해 다양한 메커니즘들이 개발되었다. Teredo는 이러한 메커니즘들 중에 하나로 NAT 내에 위치한 IPv4 호스트가 IPv6를 이용할 수 있게 하고, 향후 다수의 사용자에 의해 사용이 예상되는 윈도우 비스타에서 기본적으로 이용할 수 있기 때문에 혼재 네트워크에서 상당히 오랜 기간 동안 사용될 것이다. 하지만 Teredo 메커니즘은 NAT 내의 보안 장비 우회, Teredo 구성 요소의 신뢰성 등 보안 취약점을 가지고 있다. 본 논문에서는 Teredo를 이용하는 네트워크에서 발생 가능한 보안 취약점들에 대해서 기술하고, 그 중에서 캐쉬 오버플로우 공격에 대한 실험 결과를 기술한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.31-40
• /
• 2003

The current security issue for the Internet is focused on the security for user data. On the other hand, the research on the security for routing protocols is not so active, considering the importance of its role for the harmonious and accurate operation of the Internet. In this paper, we investigate the security problems of the link-state routing protocol which has been employed in the Internet, and suggest a new authentication mechanism for routing messages which complements and extends the previous ones. For this purpose, a concept of dual hash chains is newly introduced, which is provably secure, and we explain how to provide both the integrity and source authentication service for routing messages based on the session hash chains.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2006.05a
• /
• pp.741-744
• /
• 2006

There are a lot of on-going researches on various security technologies for guaranteeing the safety of home network systems. Until now, a few security technologies such as device authentication mechanism, user authentication mechanism, access control mechanism and firewall are generally deployed, and they are just simple. However, we need some representation skills in order to efficiently define the home network and describe the security for managing and performing these security mechanisms. So, in this paper, we define the xHDL language to define and describe the security components of home network and analyze the semantics of each components.