• Journal of the Korea Convergence Society
• /
• v.10 no.7
• /
• pp.33-37
• /
• 2019

Nowadays, the needs for linking smart devices are growing fast because of wide spread of smart devices such as smart TV, smart phones, smart pad and so on. This paper presents a game framework for linking smart TV and smart phones and proves its applicability by developing an example contents. The problem of connection between smart devices is basically a problem of connection between heterogeneous devices. The problem is that data transmission and reception between heterogeneous devices must be considered. Therefore, the core data is implemented by adopting the concept of cloud computing and storing it in a server, and in a smart TV, playing the game by using this data. The proposed framework could be applied to a lot of applications such as computer games.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.961-971
• /
• 2019

Isolation between virtual machines in a cloud computing environment is an important security factor. The violation of isolation between virtual machines leads to interferences of shared resources and the implementation of covert channels. In this paper, the structure of Hyper-V hypervisor is analyzed to implement covert channels between virtual machines. Hyper-V uses a mutex technique for mutual exclusion between virtual machines. It indicates that isolation of virtual machines is violated and covert channels can be implemented due to mutex. We implemented several covert channels by designing a method for searching mutex resources applicable to Hyper-V with complex architectures. The mutex-based covert channel is not hardware dependent. If the covert channel is detected or defended, the defensive technique can be avoided by using the other covert channel among several covert channels.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.853-856
• /
• 2013

서비스기반 모바일 어플리케이션은 디바이스의 장점을 부각시키고 단점을 보안하기 위하여 제안된 응용 형태 이다. 사용자가 필요로 하는 기능의 일부는 서버 측에 배포하고, 모바일 디바이스에 설치된 클라이언트 어플리케이션과의 네트워크를 통한 상호작용을 통하여 전체 기능을 실행 한다. 사용자가 필요로 하는 전체 기능 및 데이터베이스는 모바일 디바이스에 설치된 클라이언트 측과 서비스 제공자 측에 설치된 서버 측에 분리되어 있다. 전체 어플리케이션 기능 중 비교적 적은 자원을 필요로 하는 간단한 기능은 클라이언트 측에서 실행이 되며, 복잡한 계산 및 데이터 조작을 요구하는 기능은 서버 측에서 실행이 된다. 더욱 공통적이며 재사용 가능한 기능들을 서비스 형태로 제공하며, 이는 클라우드 컴퓨팅 서비스와 유사하다. 다양하고 풍부한 네트워크를 이용하여 독립형 모바일 어플리케이션의 기능 제약성을 보완할 수 있다. 즉, 성능 좋은 서버에서 제공되는 서비스를 사용함으로써, 모바일 디바이스의 특징인 부족한 컴퓨팅 자원을 확장해서 복잡한 기능의 어플리케이션을 사용할 수 있게 된다. 그러나 이러한 서비스 적인 측면의 기능들은 네트워크의 안정성이 보장이 되어야만 사용자가 기능 호출에 대한 응답을 받을 수 있다. 따라서 본 논문에서는 이러한 서비스 기반 모바일 어플리케이션의 높은 네트워크 의존도를 낮추기 위한 방안을 제안한다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.19 no.1
• /
• pp.23-30
• /
• 2023

According to the government's plan for cloud conversion and integration of information resources for administrative and public institutions, work is underway to convert administrative and public institutions to the cloud by 2025. In addition, in the private sector, companies in many fields, including finance, are already using cloud services, and the usage is expected to expand more and more. As a result, changes have occurred in security control activities using security systems, it is required to secure visibility for encrypted traffic when building a cloud control environment. In this paper, an analysis was conducted on the way to provide visibility in the cloud service environment. Ways to provide visibility in the cloud service environment include methods of using load balancer, methods of using security systems, and methods of using equipment dedicated to SSL/TLS decryption. For these methods, Performance comparison was performed in terms of confidentiality, functionality (performance), cost. Through this, the pros and cons of each visibility provision method were presented.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.19 no.1
• /
• pp.31-42
• /
• 2023

As computer performance is leveled upward, the use of IoT systems is gradually expanding. Although IoT systems are used in many fields, it is true that it is difficult to build a safe system due to performance limitations. To overcome these limitations, many researchers have proposed numerous protocols to improve security issues. Among them, Azrour et al. except. We proposed a new efficient and secure authentication protocol for remote healthcare systems in a cloud-based IoT environment, and claimed that the new protocol could solve the security vulnerabilities of the existing protocols and was more efficient. However, in this paper, through the security analysis of the remote healthcare system in the cloud-based IoT environment proposed by Azrour et al., the protocol of this system was found to be vulnerable to Masquerade attack, Lack of Perfect Forward Secrecy, Off-line password guessing attack, and Replay attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1001-1020
• /
• 2023

As massive increase in remote work since COVID-19, the boundaries between the inside and outside of corporate networks have become blurred. As a result, traditional perimeter security has stagnated business productivity and made it difficult to manage risks such as information leakage. The zero trust architecture model has emerged, but it is difficult to apply to IT environments composed of various companies. Therefore, using the remote work system configuration as an example, we presented a configuration and methodology that can apply zero trust models even in various network environments such as on-premise, cloud, and network separation. Through this, we aim to contribute to the creation of a safe and convenient cyber environment by providing guidance to companies that want to apply zero trust architecture, an intelligent system that actively responds to cyber threats.

• Management & Information Systems Review
• /
• v.37 no.2
• /
• pp.149-167
• /
• 2018

The purpose of this study is to analyze the performance of Virtual Desktop Infrastructure(VDI) adoption. VDI performance was measured by IS manager (system quality, security, and managerial operation) and business user (usability, access, and user satisfaction). The survey questionnaires were developed for measuring VDI performance. 84 data samples were collected from the companies that had adopted cloud-based VDI. This research model was verified by Smart-PLS and SPSS. The research findings were as follows: First, the companies using VDI experienced actual performance, but they did not attain their expectation. Second, as results of comparing between IS managers and business users, IS administrators had considerably higher performance than business users, which indicates that there were big differences in performance perception among users. Compared with prior research such as technical trend, system construction, and performance improvement, this study has the following implications. First, by comparing the expected performance with the actual performance of the companies that have implemented and operating VDI, it was suggested how a company that wants to adopt VDI can manage the expectation level of VDI and achieve higher actual performance. Second, because the perception of VDI performance differs between business users and system managers, it is meaningful that a fair evaluation of VDI performance requires a balanced consideration of business users and system managers.

• KIPS Transactions on Computer and Communication Systems
• /
• v.9 no.5
• /
• pp.101-106
• /
• 2020

Since computer became available, much effort has been made to achieve information security. Even though memory protection defense mechanisms were studied the most among of them, the problems of existing memory protection defense mechanisms were found due to improved performance of computer and new defense mechanisms were needed due to the advent of the side-channel attacks. In this paper, we propose JMP+RAND that embedding random values of 5 to 8 bytes per page to defend against memory sharing based side-channel attacks and bridging the gap of existing memory protection defense mechanism. Unlike the defense mechanism of the existing side-channel attacks, JMP+RAND uses static binary rewriting and continuous jmp instruction and random values to defend against the side-channel attacks in advance. We numerically calculated the time it takes for a memory sharing-based side-channel attack to binary adopted JMP+RAND technique and verified that the attacks are impossible in a realistic time. Modern architectures have very low overhead for JMP+RAND because of the very fast and accurate branching of jmp instruction using branch prediction. Since random value can be embedded only in specific programs using JMP+RAND, it is expected to be highly efficient when used with memory deduplication technique, especially in a cloud computing environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.933-940
• /
• 2015

IT environments such as IoT, SNS, BigData, Cloud computing are changing rapidly. These technologies add new technologies to some of existing technologies and increase the complexity of Information System. Accordingly, they require enhancing the security function for new IT services. Information Security Pre-inspection aims to assure stability and reliability for user and supplier of new IT services by proposing development stage which considers security from design phase. Existing 'Information Security Pre-inspection' (22 domains, 74 control items, 129 detail items) consist of 6 stage (Requirements Definition, Design, Training, Implementation, Test, Sustain). Pilot tests were executed for one of IT development companies to verify its effectiveness. Consequently, for some inspection items, some improvement requirements and reconstitution needs appeared. This paper conducts a study on activation of 'Information Security Pre-inspection' which aims to construct prevention system for new information system. As a result, an improved 'Information Security Pre-inspection' is suggested. This has 16 domains, 54 inspection items, 76 detail items which include some improvement requirements and reconstitution needs.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.191-200
• /
• 2021

Artificial intelligence technology is developing in an environment where a lot of data is produced due to the development of computing technology, a cloud environment that can store data, and the spread of personal mobile phones. Among these artificial intelligence technologies, the deep neural network provides excellent performance in image recognition and image classification. There have been many studies on image detection for forest fires and fire prevention using such a deep neural network, but studies on detection of cigarette smoking were insufficient. Meanwhile, military units are establishing surveillance systems for various facilities through CCTV, and it is necessary to detect smoking near ammunition stores or non-smoking areas to prevent fires and explosions. In this paper, by reflecting experimentally optimized numerical values such as activation function and learning rate, we did the detection of smoking pictures and non-smoking pictures in two cases. As experimental data, data was constructed by crawling using pictures of smoking and non-smoking published on the Internet, and a machine learning library was used. As a result of the experiment, when the learning rate is 0.004 and the optimization algorithm Adam is used, it can be seen that the accuracy of 93% and F1-score of 94% are obtained.