• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.772-774
• /
• 2001

최근 XML(eXtensible Markup Language)이 인터넷 전자 상거래와 데이터 전송 및 검색 부문에서 광범위하게 이용됨에 따라, XML 문서에 대한 보안과 표준화 문제가 대두되고 있다. XML을 이용한 각종 데이터 및 문서는 웹 상에 존재하게 되며, 가상공간에서 문서적 처리는 제 3자에 의해 위조나 변경이 가능하다. 이에 데이터 및 문서를 보호하는 일은 현재 필수적인 사안이며, XML 문서 보안에 대한 연구 개발 또한 활발히 진행되고 있다. 최근 Microsoft와 Verisign, Webmethods등 3개사는 XML기반 차세대 PKI(Public Key Infrastructure)기술인 XKMS(Xml Key Management Specification)를 개발하였으며, XKMS 표준화 작업에 휴렛패커드(HP), 불티모어, IBM, 퓨어에지솔루션스, 로이터 등이 참여하고 있다. 이에 본 논문에서는 XKMS의 표준화를 진행중인 표준화 단체의 XML 보안동향을 파악하고, XKMS의 내부 구조 및 전반적인 기술을 분석한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.1527-1529
• /
• 2015

디지털 콘텐츠가 넘쳐나는 가운데, 최근 이미지 저작권에 대한 중요성이 대두되고 있다. 블로그 및 SNS에 쉽게 게시물을 업로드가 가능한 점으로 인해, 이미지 저작권의 침해가 광범위하게 이루어지나, 저작권의 소유자는 침해된 자료를 찾기 위해 일일이 검색하고 적발하는 방식을 사용하고 있어 비용이 많이 들며 저작권 침해 속도에 크게 못 미친다. 이러한 문제를 해결하고 궁극적으로 저작권의 권리 보장과 저작권 침해 예방을 위해 본 연구에서는 키워드 검색으로 얻은 게시물에 게재된 이미지를 저작권 침해 적발 방법을 자동화하는 시스템을 제안하고 실험결과를 제시하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1493-1504
• /
• 2016

As cyber threats have been increased over the Internet, the invasions of personal information are constantly occurring. A malicious user can access the Web site as a normal user using leaked personal information and does illegal activities. This paper proposes an effective method which authenticates a genuine user with real-time. The method use the user's profile which is a record of user's behavior created by Membership Analysis(MA) and Markov Chain Model(MCM). In addition to, user's profile is augmented by a Time Weight(TW) which reflects the user's tendency. This method can detect a malicious user who camouflage normal user. Even if it is a genuine user, it can be determined as an abnomal user if the user acts beyond the record profile. The result of experiment showed a high accuracy, 96%, for the correct user.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.24 no.3
• /
• pp.239-244
• /
• 2014

As the usefulness of mobile device is kept growing the privacy of the cloud computing is receiving more attentions. Even though many researches and solutions for privacy matters are suggested we are still worrying about the security problems. In addition most of cloud computing systems uses file-level synchronization which make it difficult to modify a part of a file. If we use data-centric app that stores data on embedded DBMS such as SQLite, a simple synchronization may incur some loss of information. In this paper we propose a solution to build a personal cloud that supports record-level synchronization. And we show a prototype system which uses RESTful web services and the same schema on mobie devices and the cloud storage. Synchronization is achieved by using a kind of optimistic concurrency control.

• Journal of the Korean BIBLIA Society for library and Information Science
• /
• v.11 no.2
• /
• pp.49-64
• /
• 2000

디지털기술의 급속한 발전으로 인해 현재 대부분의 문서가 디지털화된 형태를 이루고 있으며 이러한 정보는 지속적으로 증가하고 있는 상황이다. 웹 및 문서저작도구의 발전과 함께, 정보의 생성과 공유가 쉬워지면서 중복적으로 존재하는 정보의 비율이 갈수록 높아지고 있으며 일부를 표절하여 자신의 정보로 사용하는 문서의 불법적인 복제문제가 발생할 수 있다. 현재 온라인 상에서 제공되고 있는 수많은 정보는 그것을 접하는 사용자들에게 유용하게 사용될 수도 있지만 불법복제 (illegal copy)나 표절(plagiarism)과 같은 형태로 이용될 수 있는 가능성도 높다. 두 경우에 있어서 원문의 부분 또는 전체를 그대로 사용하는 경우가 있으며, 특히, 표절의 경우에 있어서는 문장의 재구성, 유사단어로 대체하는 것처럼 원문과는 다른 형태로 나타날 수 있다. 그러나 표절에 있어서 엄청난 양의 정보중에서 일부를 표절한 사실을 알아내기란 쉽지가 않다 왜냐하면 표절을 판별하기 위해서는 기존에 존재하는 모든 정보를 알고 있어야 하는데 이것은 이론상으로 사람의 힘으로는 불가능하기 때문이다. 또한 저작자의 동의 없이 이루어지는 불법적인 복제는 디지털콘텐츠의 유통을 위한 커다란 걸림돌이 되고 있다. 따라서 기존의 문서와의 유사성 판별을 통해서 자동적으로 표절의 가능성을 제시해 줄 수 있는 기술과 함께 근본적으로 디지털 저작물에 대한 불법적인 복제를 막을 수 있는 방법이 필요하다.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.85-92
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.321-330
• /
• 2007

This paper proposes a two-phase server login authentication system by XML-Signature schema extension to protect server's information resources opened on network which offer various web contents. A proposed system requests and publishes XML-based certificate through on-line, registers certificate extension information provided by CA(Certification Authority) to XCMS(XML Certificate Management Server), and performs prior authentication using user's certificate password. Then, it requests certificate extension information added by user besides user's certificate password and certificate extension information registered in XCMS by using SOAP message, and performs posterior authentication by comparing these certificate extension information. As a result, a proposed system is a security reinforced system compared with existing systems.

• Journal of Internet Computing and Services
• /
• v.8 no.1
• /
• pp.99-113
• /
• 2007

In the rapidly changing e-business environment, organizations need to share information, process business transactions, and enhance collaborations with relevant entities by taking advantage of the various technologies. However, there are always the security issues that need to be handled in order for the e-business operations to be run efficiently. In this research, we suggest the new security authorization model for safety flexible supporting the needs of e-business (e-marketplace) in an organization. This proposed model provides the scalable of access control policy among multi-domains, and preservation of flexible authorization management in distributed system environments. For servers to take the access control policy and enforcement decisions, we also describe the feasible authorization architecture is concerned with how they might seek advice and guideline from formal access control model.

• The KIPS Transactions:PartC
• /
• v.17C no.3
• /
• pp.223-232
• /
• 2010

Due to the advance of Internet, offline services are expanded into online services and a financial transaction company provides online services using internet baning systems. However, security problems of the internet banking systems are caused by a lack of security for developing the internet banking systems. Although the financial transaction company has applied existing internal and external standards, ISO 20022, ISO/IEC 27001, ISO/IEC 9789, ISO/IEC 9796, Common Criteria, etc., there are still vulnerabilities. Because the standards lack in a consideration of security requirements of the internet banking system. This paper is intended to explain existing standards and discusses a reason that the standards have not full assurance of security when the internet baning system is applied by single standard. Moreover we make an analysis of a security functions for the internet baning systems and then selects the security requirements. In this paper, we suggest a new protection profile of the internet baning systems using Common Criteria V.3.1 from the analysis mentioned above.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.459-466
• /
• 2017

One of the most widely-used open source project; OpenSSL is a cryptography library that is used to secure most web sites, servers and clients. One can secure the communication with the Secure Socket Layer (SSL) or its successor, Transport Layer Security (TLS) protocols by using the OpenSSL library. Since cryptography protocols will be updated and enhanced in order to keep the system protected, the library was written in such a way that simplifies the integration of new cryptographic methods, especially for the symmetric cryptography protocols. However, it gets a lot more complicated in adding an asymmetric cryptography protocol and no guide can be found for the integration of the asymmetric cryptography protocol. In this paper, we explained the architecture of the OpenSSL library and provide a simple tutorial to modify the OpenSSL library in order to accommodate custom protocols of both symmetric and asymmetric cryptography.