• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.77-83
• /
• 2011

In addition to the rapid development of health information technology services for the development of new medical information, a lot of research is underway. Improve health care services for patients are many ways to help them. However, no information about the security, if only the technology advances in health care systems will create an element of risk and threat. Today's issues and access issues are stable over a public network. Ad hocsensor network using secure, non-integrated health information system's security vulnerabilities does not solve the security vulnerabilities. In the development and utilization of health information systems to be subject to greater restrictions. Different security policies in an environment with a medical information system security policy mechanism that can be resolved if people get here are needed. Context-aware and flexible policy of integration and confidential medical information through the resistance should be guaranteed. Other cross-domain access control policy for telecommunications should be protected. In this paper, that the caller's medical information system, diversification, diversification Security agent in the environment, architecture, design, plan, role-based security system are proposed. The proposed system architecture, design work in the field and in the utilization of one model are expected to be.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.313-323
• /
• 2020

With the development of smart grid technologies, a user can use the secure and reliable power services in smart gird environments. However, the users are not secure against various potential attacks because the smart gird services are provided through the public channel. Therefore, a secure and lightweight authentication and key agreement scheme has become a very important security issue in smart grid in order to guarantee user's privacy. In 2019, Zhang et al. proposed a lightweight authentication scheme for smart gird communications. In this paper, we demonstrate that Zhang et al.'s scheme is vulnerable to impersonation and session key disclosure attacks, and then we propose a secure authentication and key agreement scheme for smart grid environments without tamper-resistant devices. Moreover, we perform the informal security and the BAN logic analysis to prove that our scheme is secure various attacks and provides secure mutual authentication, respectively. We also perform the performance analysis compared with related schemes. Therefore, the proposed scheme is efficiently applicable to practical smart gird environments.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.27-37
• /
• 2022

Virtual private network (VPN) services are used in various environments related to national security, such as defense companies and defense-related institutions where digital communication environment technologies are diversified and access to network use is increasing. However, the number of cyber attacks that target vulnerable points of the VPN has annually increased through technological advancement. Thus, this study identified security requirements by performing STRIDE threat modeling to prevent potential and new vulnerable points that can occur in the VPN. STRIDE threat modeling classifies threats into six categories to systematically identify threats. To apply the proposed security requirements, this study analyzed functions of the VPN and formed a data flow diagram in the VPN service process. Then, it collected threats that can take place in the VPN and analyzed the STRIDE threat model based on data of the collected threats. The data flow diagram in the VPN service process, which was established by this study, included 96 STRIDE threats. This study formed a threat scenario to analyze attack routes of the classified threats and derived 30 security requirements for each element of the VPN based on the formed scenario. This study has significance in that it presented a security guideline for enhancing security stability of the VPN used in facilities that require high-level security, such as the Ministry of National Defense (MND).

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.18 no.12
• /
• pp.1945-1955
• /
• 1993

Two types of key distribution protocols with user authentication are proposed for PCS(Personal Communication Service) and digital mobile communication systems. In this paper, we investigate the service procedure and security requirement for PCS. also discuss the security problems of KDPs previously proposed for digital mobile communication, and show that Park`s type II among the schemes is easily broken by an impersonation attack. Our proposed I, II are based on the modified cryptosystem of Rabin and ElGamal, and reduce the amount of computation for user authentication. Such a reduction is good solution coped with the limited capability of user terminal on PCS. As a result of making a comparison between our schemes and the previously presented schemes, we can know ours are more secure and efficient for PCS.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.1023-1026
• /
• 2006

에드 혹 네트워크는 불규칙한 이동성을 지닌 다수의 노드들에 의해 자율적으로 구성되는 네트워크이다. 그러나 에드 혹 네트워크는 저 전력, 낮은 프로세싱 능력, 무선채널이라는 에드 혹 네트워크만의 특징으로 인해 패킷 드롭, 재전송 공격, 서비스 거부 공격, 비잔틴 공격, 신원사칭과 같은 보안상 여러 가지 공격에 취약하다는 문제점을 안고 있다. 때문에 이러한 취약점을 개선하려는 방안으로 노드 간에 인증, 기밀성, 무결성을 비롯한 여러 가지 요소를 충족시키기 위한 보안기법이 연구되어 왔다, 그러나 Ad Hoc 네트워크는 기존의 회선을 사용하는 정적인 형태의 네트워크가 아닌 시간에 동적으로 네트워크 구조가 변화하며, 네트워크에서 불규칙한 이동성을 지닌 노드들은 적은양의 자원을 소유하는 원인으로 인해 기존의 보안기법은 효과적이지 못하다. 본 논문에서는 신뢰성이 확보된 이웃 노드 간에 그룹을 형성하고, 그룹멤버의 안전성을 입증하는 그룹 인증서를 생성하여 그룹에 접근하는 단일노드 혹은 또 다른 그룹간의 인증을 수행하는 기법을 제안한다. 또한 그룹 멤버 간에 그룹 키를 생성하여 데이터 유출에 대한 위험성 문제를 해결하고, 인증과 기밀성 유지로 인한 자원소비를 감소시킬 수 있도록 하였다.

• Journal of Advanced Navigation Technology
• /
• v.15 no.5
• /
• pp.722-728
• /
• 2011

Most services need to have authentication protocols to verify users' eligibility in the network environment. For this, a lot of user authentication protocols have been researched and developed. Two of them, SPMA and I-SPMA protocols, introduced the lack of mutual authentication and vulnerability to the reply attack of the prior protocols and suggested revised protocols. Nevertheless, these protocols did not mention about the critical problem caused when the server and the client lose synchronization on the secret information between them. Therefore, in this paper, we analyze the security characteristics of the existing protocols and prove the vulnerability to the synchronization of the protocols.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2011.05a
• /
• pp.229-233
• /
• 2011

IT기술의 발달과 함께 최근 유비쿼터스 패러다임이 등장함에 따라 수자원분야의 정보화 환경이 변화하여야 한다는 논의가 활발하다. 빈번하게 발생하고 있는 자연재해에 있어서 주요 치수시설물의 안전모니터링은 새로운 기술의 적극적인 도입과 개발이 필수적이다. 또한 지속적인 수자원 관리 및 활용 고도화를 위해서도 정보화 경쟁력을 제고하고, 높아지는 사용자의 서비스 요구수준을 충족시켜야할 필요가 있다. 본 연구는 제방 및 보(수문)의 안전모니터링 선진화를 위해 다음과 같은 과정으로 연구하였다. 주요 치수시설물의 안전모니터링 요소를 분석하기 위해 붕괴원인 유형에 따른 주요 모니터링 취약성 인자를 도출한다. 취약성 인자 중 제방의 경우 침투, 침식, 월류, 구조물에 의한 붕괴 등에 의한 유형과 보(수문)의 경우 전도, 활동, 부유 등 다양한 관련 붕괴 현상을 검토하여 각각의 발생된 인자 특성별 모니터링이 가능하도록 최적 센서를 도출한다. 이러한 일련의 과정은 과거의 계측기를 통하거나 육안 및 수동적인 모니터링에서 벗어나, IT기술의 통신분야와 융합한 무선센서네트워크를 적용하여 경제성, 효율성, 현실성을 가지는 치수시설물의 모니터링이 가능하도록 하였다. 향후 이러한 USN(Ubiquitous Sensor Network) 등 유비쿼터스의 융합과 IT기술을 활용한 치수시설물 안전모니터링 선진화를 통해 홍수방어 및 관리시스템 구축에 활용되어 인명 및 재산피해를 절감하고 기술수준을 향상시킴으로서 홍수 재해로부터 안전한 국토 건설 및 국민의 삶의 질을 향상시킬 것이다. 또한, 국가 홍수관리 시스템 구축, 치수능력증대, 장래유역단위 통합홍수방어 및 관리기술 개발에 기여할 것으로 판단된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.147-153
• /
• 2015

Since the DoS(Denial of Service) attack is still an important vulnerable element in many web service sites, sites including public institution should try their best in constructing defensive systems. Recently, DDoS(Distributed Denial of Service) has been raised by prompting mass network traffic that uses NTP's monlist function or DoS attack has been made related to the DNS infrastructure which is impossible for direct defense. For instance, in June 2013, there has been an outbreak of an infringement accident where Computing and Information Agency was the target. There was a DNS application DoS attack which made the public institution's Information System impossible to run its normal services. Like this, since there is a high possibility in having an extensive damage due to the characteristics of DDoS in attacking unspecific information service and not being limited to a particular information system, efforts have to be made in order to minimize cyber threats. This thesis proposes a method for using TTL (Time To Live) value in IP header to detect DDoS attack with IP spoofing, which occurs when data is transmitted under the agreed regulation between the international and domestic information system.

• Convergence Security Journal
• /
• v.7 no.2
• /
• pp.119-128
• /
• 2007

Since the internet banking service was introduced to Korea in 1999, the service has placed itself as an indispensable service to most users. The internet banking, which provides convenience for internet users as well as efficiency for banks, is expected to increase its importance more and to play a bigger role as a passage of funds. Meanwhile, numerous accounts as to the misusage of the internet banking service have been reported and the types and size of damages, especially making illegal money transfers and embezzling user information through computer hacking, tend to increase continuously. This paper points out fundamental problems of the current internet banking service by analyzing the all components of the internet banking service and fitting the results of structural analysis of hacking threats in accordance with service flow. This paper also attempts to propose the means to minimize the hacking threats of the internet banking service.

• Social Economics & Policy Studies
• /
• v.9 no.4
• /
• pp.119-146
• /
• 2019

The purpose of this study is to develop social performance measures of social enterprises and to verify the validity of developed measures. In order to achieve the purpose of this study, first, previous studies on the concept, components, and scale development of social performance were analyzed. After developing a scale suitable for measurement, the validity was verified. The preliminary questions on the social performance scale were 15 items, and after the exploratory factor analysis, 3 items were removed and classified into 2 factors. The sub-factors of the social performance measure were named community development, contribution and community spirit. As a result of confirmatory factor analysis based on 15 items, 3 items were removed. Finally, the social performance scale consisted of 12 questions, divided into two factors.