• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.2
• /
• pp.85-100
• /
• 2004

Study and analysis on the digital certification of the world today, and census on how digital signature is being used or considered for the government will be used to sum of what can be the difficulties and Problems in operating digital signature certifications for the government administrations at this research, and of course the answers to these problems will be provided too. This research suggests practical ideas on how to interoperate between Government PKI (GPKI: Administrational Digital Certification for the Government) and National PKI (NPKI: Digital Certification for General Public ＆Business), how to make use of Standard Security APIs, how to manage (e.g. issue, reissue, update, revoke) digital certificate, how to improve technical side of security and reliability, and how to improve political issues on public education for information security. Digital certification will become more popular and widely used in government administrations in the future. Therefore, census and research on demands md satisfactions of digital certification for public and government will be regularly performed. Of course, continuous maintenances and improvement in this field will be necessary to obtain firmer way of information security.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.53 no.2
• /
• pp.76-86
• /
• 2016

SQL Injection attacks are the most widely used and also they are considered one of the oldest traditional hacking techniques. SQL Injection attacks are getting quite complicated and they perform a high portion among web hacking. The big data environments in the future will be widely used resulting in many devices and sensors will be connected to the internet and the amount of data that flows among devices will be highly increased. The scale of damage caused by SQL Injection attacks would be even greater in the future. Besides, creating security solutions against SQL Injection attacks are high costs and time-consuming. In order to prevent SQL Injection attacks, we have to operate quickly and accurately according to this data analysis techniques. We utilized data analytics and machine learning techniques to defend against SQL Injection attacks and analyzed the execution plan of the SQL command input if there are abnormal patterns through checking the web log files. Herein, we propose a way to distinguish between normal and abnormal SQL commands. We have analyzed the value entered by the user in real time using the automated SQL Injection attacks tools. We have proved that it is possible to ensure an effective defense through analyzing the execution plan of the SQL command.

• Korean Security Journal
• /
• no.21
• /
• pp.155-175
• /
• 2009

RFID that provide automatic identification by reading a tag attached to material through radio frequency without direct touch has some specification, such as rapid identification, long distance identification and penetration, so it is being used for distribution, transportation and safety by using the frequency of 125KHz, 134KHz, 13.56MHz, 433.92MHz, 900MHz, and 2.45GHz. Also it is one of main part of Ubiquitous that means connecting to net-work any time and any place they want. RFID is expected to be new growth industry worldwide, so Korean government think it as prospective field and promote research project and exhibition business program to linked with industry effectively. RFID could be used for access control of person and vehicle according to section and for personal certify with password. RFID can provide more confident security than magnetic card, so it could be used to prevent forgery of register card, passport and the others. Active RFID could be used for protecting operation service using it's long distance date transmission by application with positioning system. And RFID's identification and tracking function can provide effective visitor management through visitor's register, personal identification, position check and can control visitor's movement in the secure area without their approval. Also RFID can make possible of the efficient management and prevention of loss of carrying equipments and others. RFID could be applied to copying machine to manager and control it's user, copying quantity and It could provide some function such as observation of copy content, access control of user. RFID tag adhered to small storage device prevent carrying out of item using the position tracking function and control carrying-in and carrying-out of material efficiently. magnetic card and smart card have been doing good job in identification and control of person, but RFID can do above functions. RFID is very useful device but we should consider the prevention of privacy during its application.

• Korean Security Journal
• /
• no.25
• /
• pp.109-130
• /
• 2010

As many countries in the world including the Republic of Korea have used all their national resources in the accelerating economic information warfare, illegal leakage of industrial technologies and information has increased rapidly. The costs required for damage prevention from 2007 to 2008 are estimated at approximately KRW 180 trillion which is expected to increase gradually in future. Because the tricks of leaking key technologies are also getting increasingly systematized, sophisticated and bigger, e.g., simple theft at the individual level or the conspiracy of all the staff taking part in the research activities, we should pay special attention to technology security in addition to technology development. While there are several factors affecting such the brain drain, they usually include personal, social, political and cultural factors, for instance, very heavy educational expenditure of children compared to relatively low pay, the speedy labor market circulation for experienced personnel, or political restrictions on researches. In this context, as part of efforts made to prevent the outflow of core personnel, individual companies and research institutes should establish systematically appropriate core personnel management systems for their own organizational or business goals and principles which are intented to ensure to give better treatment and benefit to core personnel and to exercise closer supervision over them. Furthermore, the conventional personnel management system should be radically and flexibly improved in the manner of encouraging the core personnel returning to the organization to combine their external experiences with practices, instead of penalizing them. At the same time, it is necessary to train and educate core personnel through mutual collaboration and in-house training facilities as well as external academic programs operated jointly at the level of the industry. Finally, as the issues concerning the outflow of core personnel are not just problems of relevant companies and other advanced countries have devoted their best efforts to secure their own key technologies at the national level, it is urgent for the industry and the competent authorities to cooperate closely.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.10a
• /
• pp.1010-1013
• /
• 2009

The youths of the farming village have moved to the metropolis, thus the most of the manpower which engages to a production remained in the village reaches layer old age and all thing sprouts long the whole and it is one. So to remove the waste of barn rather than to give feed to the livestock is hard that what step all automation of this part is necessary. Consequently we have developed the automation system in order to reduce the massive death of the livestock at the time of intense cold and hot. The system will be able to clean the waste of the barn and confront quickly in the change of temperature which is sudden it came. And we proposed also the system that will be able to watch at real-time and monitor the operational environment from a remote using CCD camera. In this paper, we proposed the remote control system which uses PDA in order to control the automation system of a stall while moving. The proposed system was embodied in order for the control and the monitor while the user is mobile using PDA screens. We also added a protection system in that system. The system sends the case warning and SMS while will have the fire and the intrusion from the outside and prevents a robbery.

• Journal of Korea Multimedia Society
• /
• v.13 no.4
• /
• pp.575-581
• /
• 2010

With widespread use of the Internet and improvements in streaming media and compression technology, digital music, video, and image can be distributed instantaneously across the Internet to end-users. However, most conventional Digital Right Management are often not secure and not fast enough to process the vast amount of data generated by the multimedia applications to meet the real-time constraints. The SVC offers temporal, spatial, and SNR scalability to varying network bandwidth and different application needs. Meanwhile, for many multimedia services, security is an important component to restrict unauthorized content access and distribution. This suggests the need for new cryptography system implementations that can operate at SVC. In this paper, we propose a new scrambling encryption for reserving the characteristic of scalability in MPEG4-SVC. In the base layer, the proposed algorithm is applied and performed the selective scambling. And it encrypts various MVS and intra-mode scrambling in the enhancement layer. In the decryption, it decrypts each encrypted layers by using another encrypted keys. Throughout the experimental results, the proposed algorithms have low complexity in encryption and the robustness of communication errors.

• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.595-604
• /
• 2004

By the help of expansion of computer network and rapid growth of Internet, the information infrastructure is now able to provide a wide range of services. Especially open architecture - the inherent nature of Internet - has not only got in the way of offering QoS service, managing networks, but also made the users vulnerable to both the threat of backing and the issue of information leak. Thus, people recognized the importance of both taking active, prompt and real-time action against intrusion threat, and at the same time, analyzing the similar patterns of in-trusion already known. There are now many researches underway on Intrusion Detection System(IDS). The paper carries research on the in-trusion detection system which hired supervised learning algorithm and Fuzzy membership function especially with Neuro-Fuzzy model in order to improve its performance. It modifies tansigmoid transfer function of Neural Networks into fuzzy membership function, so that it can reduce the uncertainty of anomaly intrusion detection. Finally, the fuzzy logic suggested here has been applied to a network-based anomaly intrusion detection system, tested against intrusion data offered by DARPA 2000 Intrusion Data Sets, and proven that it overcomes the shortcomings that Anomaly Intrusion Detection usually has.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.361-364
• /
• 2012

Through USN (Ubiquitous Sensor Network) is collected the patient's vital information in real-time, also information collected will be stored in the DB (Date Base), frequent use hospital saved patient's vital information for DB. Stored in the patient's vital medical information stored in the patients with frequent hospital patient to hospital if the patient's vital information is stored in DB. But, stored location is within hospital server or stored in a PC environment, because If utilize other Hospital existing hospitals will need to request. However, Existing hospital have problem for security, authentication, management, cost, manpower, such as, because other hospitals and the exchange of information does not come easily. So, If has the advantage of the patient and the patient's vital information is stored on mobile devices that you can use as DB. It is important to find information quickly and accurately, in this study, Is A study on mobile circulation loop DB systems for patient-centered serbices.

• Tunnel and Underground Space
• /
• v.29 no.1
• /
• pp.1-11
• /
• 2019

This study investigated use cases of machine learning technology in domestic medical, manufacturing, finance, automobile, urban sectors and those in overseas mining industry. Through a literature survey, it was found that the machine learning technology has been widely utilized for developing medical image information system, real-time monitoring and fault diagnosis system, security level of information system, autonomous vehicle and integrated city management system. Until now, the use cases have not found in the domestic mining industry, however, several overseas projects have found that introduce the machine learning technology to the mining industry for improving the productivity and safety of mineral exploration or mine development. In the future, the introduction of the machine learning technology to the mining industry is expected to spread gradually.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.21 no.6
• /
• pp.807-816
• /
• 2018

Threat hunting is defined as a process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. The main concept of threat hunting is to find out weak points and remedy them before actual cyber threat has occurred. And HMM(Hunting Maturity Matrix) is suggested to evolve hunting processes with five levels, therefore, CSOC(Cyber Security Operations Center) can refer HMM how to make them safer from complicated and organized cyber attacks. We are developing a system for cyber situation awareness system with pro-active threat hunting process called unMazeTM. With this unMaze, it can be upgraded CSOC's HMM level from initial level to basic level. CSOC with unMaze do threat hunting process not only detecting existing cyber equipment post-actively, but also proactively detecting cyber threat by fusing and analyzing cyber asset data and threat intelligence.