• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.131-138
• /
• 2003

With the Internet winning a huge popularity, there rise urgent problems which are related to Network Security Managements such as Protecting Network and Communication from un-authorized user. Accordingly, Using Security equipments have been common lately such as Intrusion Detection Systems, Firewalls and VPNs. Those systems. however, operate in individual system which are independent to me another. Their usage are so limited according to their vendors that they can not provide a corporate Security Solution. In this paper, we present a Hierarchical Security Management Model which can be applicable to a Network Security Policies consistently. We also propose a Policy Negotiation Mechanism and a Prototype which help us to manage Security Policies and Negotiations easier. The results of this research also can be one of the useful guides to developing a Security Policy Server or Security Techniques which can be useful in different environments. This study also shows that it is also possible to improve a Security Characteristics as a whole network and also to support Policy Associations among hosts using our mechanisms.

• 제어로봇시스템학회:학술대회논문집
• /
• 2004.08a
• /
• pp.926-931
• /
• 2004

In this paper, we proposed security management architecture that combines programmable network technology and policy based network management technology to manage efficiently heterogeneous security systems. By using proposed security management architecture, a security administrator can manage heterogeneous security systems using security policy, which is automatically translated into a programmable security policy and executed on programmable middleware of security system. In addition, programmable middleware that has the features of programmable network can reduce excessive management traffic. We showed that the programmable middleware could reduce the load of management traffic by comparing processing time between the proposed architecture and PBNM architecture.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.2 no.2
• /
• pp.118-122
• /
• 2007

The previous security system was PCI way which has many difficulties for PC novices to use. Moreover the security programs in use are mostly unverified ones as they are using cracks, and are exposed to attacks such as hackers and viruses. Therefore this thesis describes to design the security system of Twofish cryptographic algorithm using USB, which it can be used in general-purpose computers and users can handle it with ease. Users can easily use the security system by using this USB and it is applicable to various security systems that Twofish cryptographic algorithm used in the security system by having variable key length. Also the efficiency of the system can be enhanced as it can perform both encryption and decryption and it has a benefit of downsizing hardware.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.4
• /
• pp.219-228
• /
• 2018

The utilization of NFC has been continuously increasing due to the spread of smart phones and the development of short-range wireless communication networks. However, it has been suggested that stability and security of convenient NFC short-range wireless communications can be unstable and problematic. The unstable causes for NFC are the lack of security technologies for NFC, the controversy about personal information infringement, and the lack of social awareness on security breach against data settlement. NFC service can be conveniently used by simply touching other NFC devices and NFC tags through the NFC device. This thesis analyzes that NFC authentication technology, which is convenient for user are one of the unstable causes of security of NFC. This thesis suggest that ministry should research countermeasures and promote how users can use NFC safely. It also suggests that users should have awareness when they use payment and authentication service through NFC to prevent from security threat.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.906-918
• /
• 2018

The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.11
• /
• pp.2204-2220
• /
• 2011

Without providing a proper security measure to the handover procedure in Mobile WiMAX, several security attacks can be mounted. Even though security schemes have been previously proposed for this purpose, they are still vulnerable to several security attacks due to fatal design flaws. A newly proposed security scheme in this paper is based on the framework of authentication domain and concept of handover ticket. A method of establishing security associations within the authentication domain is proposed, and a lightweight security measure to protect the management messages associated with the handover is also proposed. Especially, using the handover ticket, the new security scheme can defend against a Redirection Attack arising from a compromised base station. The new security scheme is comparatively analyzed with the previous security schemes in terms of Replay, Session Hijacking, Man-In-The-Middle, and Redirection attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.6
• /
• pp.1192-1213
• /
• 2011

Information security management systems (ISMSs) are used to manage information about their customers and themselves by governments or business organizations following advances in e-commerce, open networks, mobile networks, and Internet banking. This paper explains the existing ISMSs and presents a comparative analysis. The discussion deals with different types of ISMSs. We addressed issues within the existing ISMSs via analysis. Based on these analyses, then we proposes the development of an information security management evaluation system (ISMES). The method can be applied by a self-evaluation of the organization and an evaluation of the organization by the evaluation committee. The contribution of this study enables an organization to refer to and improve its information security levels. The case study can also provide a business organization with an easy method to build ISMS and the reduce cost of information security evaluation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.765-768
• /
• 2007

In this paper, the security evaluation method about mobile web services message is suggested in the method for improving the safety an reliability about the mobile web services message. In order that the goal of this paper is accomplished, the security threat and the security vulnerability which can be occurred in the mobile web services message are defined. The evaluation method for performing the security evaluation about the mobile web services message is defined. Also, the requirements for the mobile web services message security evaluation are defined. Finally, the evaluation framework for performing the mobile web services message security evaluation is constituted, and the evaluation scenario example is suggested. By using the mobile web services message security evaluation defined in the paper, before the mobile web services is deployed, the security threats and security vulnerability can be verified. Also, the countermeasure for the security threat and security vulnerability discovered in the verification result can be prepared. Therefore, the sorority and reliability about the mobile web services can be improved.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.4
• /
• pp.671-690
• /
• 2010

The continuous growth of attacks in the Internet causes to generate a number of rules in security devices such as Intrusion Prevention Systems, firewalls, etc. Policy anomalies in security devices create security holes and prevent the system from determining quickly whether allow or deny a packet. Policy anomalies exist among the rules in multiple security devices as well as in a single security device. The solution for policy anomalies requires complex and complicated algorithms. In this paper, we propose a new method to remove policy anomalies in a single security device and avoid policy anomalies among the rules in distributed security devices. The proposed method classifies rules according to traffic direction and checks policy anomalies in each device. It is unnecessary to compare the rules for outgoing traffic with the rules for incoming traffic. Therefore, classifying rules by in-out traffic, the proposed method can reduce the number of rules to be compared up to a half. Instead of detecting policy anomalies in distributed security devices, one adopts the rules from others for avoiding anomaly. After removing policy anomalies in each device, other firewalls can keep the policy consistency without anomalies by adopting the rules of a trusted firewall. In addition, it blocks unnecessary traffic because a source side sends as much traffic as the destination side accepts. Also we explain another policy anomaly which can be found under a connection-oriented communication protocol.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.3
• /
• pp.55-68
• /
• 2018

In this paper, we identify and evaluate the information security factors considered in outsourcing development of information systems for defense agency with analytic hierarchy process(AHP). To assess the information security elements, we prepared three groups including the experts of a defense agency, subcontractor managers and subcontractor practitioners who are involved in developing information systems. And the relative importance of security factors were analyzed using questionnaires and responses. As a result of analysis of 27 security factors, factors corresponding to human and physical security as a whole were evaluated as having higher importance. Although there are some differences in the ranking of some importance according to human roles, they can be positive for the implementation of complementary information security. And administrative security and technical security can be relatively insignificant considering that they can be considered as infrastructure of the overall information environment. The result of this paper will be helpful to recognize the difference of perception of information security factors among the persons in the organization where collaboration is activated and to prepare countermeasures against them.