• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.3-12
• /
• 2005

To provide visitors with the various services, Many web sites distribute many ActiveX controls to them because ActiveX controls can overcome limits of HTML documents and script languages. However, PC can become dangerous if it has unsecure ActiveX controls, because they can be executed in HTML documents. Nevertheless, many web sites provide visitors with ActiveX controls whose security are not verified. Therefore, the verification is needed by third party to remove vulnerabilities in ActiveX controls. In this paper, we introduce the process and the technique to fad vulnerabilities. The existing proof codes are not valid because ActiveX controls are different from normal application and domestic environments are different from foreign environments. In this paper, we introduce the technique to prove vulnerabilities in ActiveX control.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.73-81
• /
• 2021

When downloading files using an app or web-based application on the user's mobile phone, the path is set to be saved in the pre-defined default directory. Many applications requiring access to storage, including file managers, require a write or read permission of storage to provide numerous functions and services. This means that the application will have direct access to the download folder where the numerous files downloaded. In this paper, to prove our feasibility of attack using the security vulnerabilities mentioned above, we developed a file hacking function disguised as an encryption function in the file management application. The file that encrypted will be sent to hackers via E-mail simultaneously on the background. The developed application was evaluated from VirusTotal, a malicious analysis engine, was not detected as a malicious application in all 74 engines. Finally, in this paper, we propose a defense technique and an algorithm based on the Trusted Execution Environment (TEE) to supplement these storage vulnerabilities.

• Proceedings of the Korean Institute of Industrial Safety Conference
• /
• 2003.10a
• /
• pp.335-338
• /
• 2003

최근의 통계에 따르면 국내의 인터넷 인용율은 2000년도에 44.7%, 2001년도에 56.6%, 2002년도에는 55.2%로 아이슬랜드(60.8%), 스웨덴(57.3%)에 이어 세계에서 세번째로 높은 것으로 나타났다. 또한 인구 100명당 PC보급율 또한 미국(62.5대), 덴마크(57.68대)에 이어 한국(55.58대)이 세계3위를 기록해 명실상부한 정보화 선진국임이 입증되고 있다. 따라서 잘 발달된 infrastructure을 이용하는 기술개발은 초고속정보이용을 가능케하고 있다. 근래에 들어 인터넷을 기반으로 기본적인 활용인 문자, 음성 및 영상 전송 등의 데이터 전송뿐만 아니라, 근래에는 인터넷을 통한 remote control 및 monitoring system에 대한 연구가 활발히 진행되고 있다. 기존의 증류공정은 DCS(Dispersion Control System)로써 공정상태(온도, 압력, 유량, 레벨, 순도등)를 Control room까지 선로를 통하여 신호전달이 이루어지고 있다. 따라서, 제한된 지역에서만 I/O(Input/output)이 이루어지고 있다. 이로 인해 안전감시시스템의 효율성이 떨어지고 있는 게 사실이다. 본 연구에서는 PC기반의 프로그램을 바탕으로 인터넷을 이용한 remote control 및 monitoring system을 개발함으로써 close Network에서 Open Network으로 발전시켰다. 여기서 local plant의 안전시스템 알고리즘은 그대로 Server system에 도입하였으며 사용자의 실정에 맞게 손쉽게 설정을 할 수 있도록 확장성을 높였다. 이는 PC기반의 시스템을 구축함으로써 가능하게 된 것이다. 또한, 웹 상에서의 무차별적 접근으로부터 보호하기 위하여 감시 대상의 성질에 따라 프로그램상에서 차별적 접근형식을 택할 수 있으며, control room의 indicator들과 controller를 프로그램상에 그대로 이식시킴으로써 감시자에게 충분한 정보제공 및 원격제어가 가능하도록 하고있다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.2
• /
• pp.135-141
• /
• 2010

This research examines technologies and systems regarding right to control information in the network era. For this purpose, It attempts an integrated analysis of technologies and systems on the basis of the tree components of cyberspace. And it examines the prior researches and cases on privacy, personal information, and right to control information with emphasis on technologies and systems of the cyberspace. To protect privacy information, it analyses vulnerability of element technology, platform service technology, and individual technology. In particular, it describes, from the perspective of right to control information, the risk and security measures for personal information to be used as relation-context in the Web 2.0 environment. The research result will assist the methodology of future researches for grand theory on privacy information and help understanding the interaction between technology and society.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.224-226
• /
• 2019

Currently, medical data is basically confidential and difficult to access because it is protected under the Medical Protection Act. For the practical education of the students who are in the process of education, the researcher or the faculty members create and upload simulated data (chart of the question bank) close to the actual data. In this paper, the maintenance and repair easier on the basis of node.js and Ajax, mysql, jquery to a web-based research and enables users to easily approach the problem of the chart and the easy to the difficult access to patient contact respectively.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.9B
• /
• pp.1360-1368
• /
• 2010

Recently, as the development of Radio Frequency Identification (RFID) technology becomes active, the demand for services which can electronically manage the history and location information of major trees, including trees for cultural heritage restoration and nurse trees, has been increased. This information has been managed by separated drawings and documents or storing its information into PDAs and then structuring data files through input and computation. But, these methods imply limitations in terms of its extensibility and scalability. This paper has designed and implemented an RFID based Tree History Information System (THIS) for cultural heritage restoration. The purpose of the proposed system is to support to be able to effectively and consistently manage historical information of major trees and improve working processes by implementing mobile RFID services through wireless Internet or Local Area Network (LAN) as mobile communication networks. Through implementation, it is confirmed that the proposed system can manage the historical information of major trees more effectively than conventional methods and also improve previous field working conditions.

• KIISE Transactions on Computing Practices
• /
• v.23 no.6
• /
• pp.350-358
• /
• 2017

Spill of personal information using a stolen ID and password that recently occurred in large enterprises and portal web site such as Nate, Auction, National Agricultural Cooperative Federation, suggesting the importance of protecting personal information. By managing access to user accounts in real time, users will be able to block access before personal information is leaked. Therefore, In this paper, we propose a method to prevent spill of personal information that may occur when connected to others by using an authorized ID and password from portals. Specifically, we offer a mobile status control app that controls the logged status of user account in real time to view login status information to user by visualization and information about specific time and IP address. Also, we propose a method for detecting and blocking duplicated login that connect via IP address change.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.6
• /
• pp.1137-1142
• /
• 2017

Cyber hacking attacks and cyber terrorism are damaging to the lives of the people, and in the end, national security is threatened. Cyber-hacking attacks leaked nuclear power cooling system design drawings, cyber accidents such as hacking of Cheongwadae's homepage and hacking of KBS stations occurred. The Act on Information and Communication Infrastructure Protection, Promotion of Information and Communication Network Utilization and Information Protection, and the Personal Information Protection Act remove the responsibility for cyber attacks, but it is difficult to prevent attacks by hackers armed with new technologies. This paper studies the development of cyber security experts for cyber security. Build a Knowledge Data Base for cyber security professionals. Web hacking, System hacking, and Network hacking technologies and evaluation. Through researches on the operation and acquisition of cyber security expert certification, we hope to help nurture cyber security experts for national cyber security.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.33-51
• /
• 2011

This research derived the influencing factors for employees' compliance with the information security policy in organizations on the basis of Neutralization Theory, Theory of Planned Behavior and Protection Motivation Theory. To empirically analyze the research model and the hypotheses, data were collected by conducting web survey, 194 of 207 questionnaires were available. The test of causal model was conducted by PLS. Reliability, validity and model fit were found to be statistically significant. the results of hypotheses tests showed that seven ones of eight hypotheses could be accepted. The theoretical implications of this study are as follows : 1) this study is expected to play a role of baseline for future research about employee compliance with the information security policy, 2) this study attempted interdisciplinary approach through combining psychology and information system security research, and 3) it suggested concrete operational definitions of influencing factors for information security policy compliance through comprehensive theoretical review. Also, this study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for implement of information system security policies in organizations. Second, it is proved that the need for conducting education and training program suppressing employees. neutralization psychology to violate information security policy should be emphasized in the organizations.

• Journal of the Korea Convergence Society
• /
• v.9 no.7
• /
• pp.9-16
• /
• 2018

The purpose of this study is to prevent the malicious user from breaking the door-lock due to physical impact. If it matches the analog displacement value set in the door-lock system, it protects the body and property by transmitting damage information in real time to the manager smart phone. The research suggests a system that transmits damage information in real time to registered users when door-lock is damaged by physical impact. Then compare the impact information sensed by the door lock with the data of the sensitivity control unit. In the web server of the proposed system, after impact information transmitted from Door-Lock is stored in the DB, if the impact information is larger than the shock detection transmission reference value stored in the DB, it is transmitted to the administrator in real time by SMS module so that illegal access information.