• Journal of the Korea Computer Industry Society
• /
• v.2 no.11
• /
• pp.1383-1394
• /
• 2001

Through the extension of damages caused by hacking and computer virus, although security control has been emphasized, hackers' capability exceeded the security controllability. The basic security setup of server system will be free from the damages by primary and intermediate level which are the major group. It should be noted that security condition of most middle-sized and personal systems is widely open for hacker's intrusion. There is no perfect information system either software-wise or hardware-wise. It has to be recognized that our systems will be attacked easily by the hackers and computer virus. Computer users are demanded to be prepared for these types of surprise attacks. In this paper, I will propose a formation of Bastion server. This will protect risks from inside & outside intrusion which have been known till today.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.1-11
• /
• 2010

Recently, We have many private information leakage cases through internet which cause social problems and it is impossible to change or update the leaked information, it is also used to the third crime such as identity theft, internet fraud. Hackers are interested in stealing private information for making money, in this point private information leakage problems are constantly increased hereafter. In this paper, I surveyed the authorization model on site registration which is currently used in Korea, and the problem of collecting personal identification number, I proposed policy model of useless method of private information, especially leaked information can not be used anymore in internet.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.5B
• /
• pp.489-499
• /
• 2003

This paper is a study about Honey-pot Model using CPN(Colored Petri Nets) that is a method of intrusion detection. Suggested Honey-pot model consists of two parts : \circled1 security kernel module for active induction of hacker's intrusion, intrusion detection and behavior pattern analysis. \circled2 virtual module for activity of induced hackers. However, suggested model was compared and analysed with conventional Denning model and Shieh nodel. The Honey-pot model using CPN can classify the characteristic of intrusion pattern, modeling intrusion pattern and pattern matching procedure, detect DDoS attack through multi hosts, and provide basis of study model for analysing intrusion pattern, finally.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.249-251
• /
• 2017

In the past, People thought that software security was not important. but Skills of attacking software has growing up in fast, software crack fall down software industry growth and profit of copyright holder was declined. So I propose software crack prevention for changing PE Format. Hackers can analyze program in static. As we change the PE format, we can prevent static analysis. As I insert anti - debugging code the exe file, the program is protected from dynamic analysis.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.04a
• /
• pp.280-282
• /
• 2016

오늘날 IoT 사물기기들의 사용 범위가 늘어나면서 해커들은 IoT 기기에서 네트워크상의 서비스 및 정보검색의 기능을 하는 프로토콜인 SSDP의 취약점을 악용하여 SSDP DRDoS(분산 반사 서비스 거부) 공격이라는 새로운 형태의 공격을 만들어 공격을 시도하고 있다. 이는 단순히 우리 생활에서 쓰이는 IoT 기기의 위협뿐만 아니라 사람의 생명이나 주요 기반시설 등에서 사용되어지는 IoT기기들의 공격으로 이어지면 큰 위험을 나타낼 수 있다. 앞으로 IoT기기들이 점차 증가되어 생활에 편리함과 실용성을 가지고 오는 반면에 해커들은 더욱더 교묘하고 복잡하게 공격을 시도를 할 것이다. 특히 본 논문에서는 DRDoS의 몇 가지 공격방법을 알아보고 그중에 IoT 기기에서 사용되어지는 SSDP프로토콜의 관련연구 및 공격방법들을 알아보고 공격시나리오 및 대응방안을 제안한다.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.5
• /
• pp.145-154
• /
• 2007

Analyzed about a matter and requirements to intimidate security of ubiquitous and home network threatening various security for personal information protection in ubiquitous home networks at this paper, and studied. Got authentication procedures and verification procedures acid user approach to be reasonable through designs to the home security gateway which strengthened a security function in the outsides, and strengthened protection of a home network. Also, execute a DoS. DDoS, IP Spoofing attack protective at home network security gateways proved, and security regarding against the Hacker's attack was performed, and confirmed. Strengthen appliances and security regarding a user, and confirm a defense regarding an external attack and present a home network security model of this paper to the plans that can strengthen personal information protection in ubiquitous home networks in ubiquitous home networks through experiment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.257-260
• /
• 2014

Digital Forensics in the event of an accident, the system restore files and the only way to find evidence KT Website hacking happening now, credit card companies, and leakage of personal information by three recent spills occurred, such as Skin Food Home Up Customer Information hackers to find these crimes only means as well. This study attempted to bypass the KT website hacking attacks utilizing automated programs hacking programs, and if you try to experiment on whether any information has been disclosed and if so what home attacked forensics evidence for hackers to locate the can make a report is described.

• Journal of Industrial Convergence
• /
• v.16 no.4
• /
• pp.47-52
• /
• 2018

WebShell is a web script file created by a hacker to remotely commands to a web server. The hacker can bypass the security system using the web shell, access the system, control the system such as file modification, copying and deletion, install malicious code in the web source code, attack the user's PC, And so on. There are many types of WebShell attack, but we study about attacks on PHP and JSP based web server which are used as representative ones. And we propose the method of web page management, method of development, and several other methods. By using these countermeasures, it is possible to effectively prevent damage caused by WebShell attacks.

• The Journal of the Korea Contents Association
• /
• v.15 no.10
• /
• pp.607-615
• /
• 2015

Mosts user of internet and smart phone has certificate, and uses it when money transfer, stock trading, on-line shopping, etc. Mosts user stores certificate in a hard disk drive of PC, or the external storage medium. In particular, the certification agencies are encouraged for user to store certificate in external storage media such as USB memory rather than a hard disk drive. User think that the external storage medium is safe, but when it is connect to a PC, certificate may be copied easily, and can be exposed to hackers through malware or pharming site. Moreover, if a hacker knows the user's password, he can use user's certificate without restrictions. In this paper, we suggest secure management scheme of the private key file using a password of the encrypted private key file, and a USB Memory's hardware information. The private key file is protected safely even if the encrypted private key file is copied or exposed by a hacker. Also, if the password of the private key file is exposed, USB Memory's container ID, additional authentication factor keeps the private key file safe. Therefore, suggested scheme can improve the security of the external storage media for certificate.

• Journal of Broadcast Engineering
• /
• v.28 no.1
• /
• pp.145-148
• /
• 2023

Open-loop Octonion space-time block code for 4 transmit antenna system is considered and random phases are applied to 4 transmit antennas for physical layer security. When an illegal hacker estimates the random phases of 1 through 4 transmit antennas with maximum likelihood (ML), this letter analyzes the bit error rate (BER) performances versus signal-to-noise ratio (SNR). And the Octonion code in the literature[1] does not have full orthogonality so, this letter employs the perfect orthogonal Octonion code. When the hacker knows that the random phases are 2-PSK constellations and he should estimate all the 4 random phases, the hacking is impossible until 100dB. When the hacker possibly know that some of the random phases, bit error rate goes down to 10^-3 so, the transmit message could be hacked.