• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.217-218
• /
• 2023

내부자 위협이란, 조직의 보안 및 데이터, 시스템에 대한 내부 정보에 접근하는 현 임직원 및 전 임직원, 계약자와 같이, 동일한 조직 내부의 사람들로부터 발생하는 위협을 의미한다. 일반적으로 내부자들은 업무를 위하여, 시스템에 대한 합법적인 접근 권한을 가지며, 만약 이러한 권한이 오남용되는 경우에는 조직에 매우 심각한 피해를 입힐 수 있다. 이러한 내부자 위협은 외부로부터의 위협보다 방어 및 탐지가 훨씬 어려운 한계점이 있으며, 그 피해 규모가 매우 방대하다는 문제점도 존재한다. 이에 따라, 본 논문에서는 내부자 위협을 탐지하기 위하여, 이메일을 통한 기밀정보를 유출하는 유형의 위협에 대응하는 방안을 제안한다. 제안하는 방안은 조직 내에서 이메일을 발신하는 경우를 대상으로, 파일이 포함된 이메일에 발신자를 식별하기 위하여, 파일에 키 값 및 서명을 삽입하며, 발신되는 이메일을 모니터링하여 첨부된 파일의 유형을 파악함으로써, 동적 그래프를 통하여 시각화한다. 내부 시스템 및 네트워크에서의 보안관제 담당자 및 관리자는 시각화된 그래프를 확인함으로써, 직관적으로 정보 유출을 파악하고 대응할 수 있을 것으로 판단된다. 본 논문에서 제안하는 방안을 통하여, 조직 내의 내부자 위협을 탐지할 수 있으며, 데이터 유출 사고가 발생하는 경우, 유출자를 빠르게 식별하고 초기에 대응할 수 있을 것으로 판단된다.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.213-218
• /
• 2021

This paper proposes a technique for detecting a significant threat that attempts to get sensitive and confidential information such as usernames, passwords, credit card information, and more to target an individual or organization. By definition, a phishing attack happens when malicious people pose as trusted entities to fraudulently obtain user data. Phishing is classified as a type of social engineering attack. For a phishing attack to happen, a victim must be convinced to open an email or a direct message [1]. The email or direct message will contain a link that the victim will be required to click on. The aim of the attack is usually to install malicious software or to freeze a system. In other instances, the attackers will threaten to reveal sensitive information obtained from the victim. Phishing attacks can have devastating effects on the victim. Sensitive and confidential information can find its way into the hands of malicious people. Another devastating effect of phishing attacks is identity theft [1]. Attackers may impersonate the victim to make unauthorized purchases. Victims also complain of loss of funds when attackers access their credit card information. The proposed method has two major subsystems: (1) Data collection: different websites have been collected as a big data corresponding to normal and phishing dataset, and (2) distributed detection system: different artificial algorithms are used: a neural network algorithm and machine learning. The Amazon cloud was used for running the cluster with different cores of machines. The experiment results of the proposed system achieved very good accuracy and detection rate as well.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.6
• /
• pp.693-697
• /
• 2010

In current e-commerce system, it happens that client's confidential information such as credit card numbers, pin numbers, or digital certificate may pass through a web proxy server or an altered proxy server without client's awareness. Even though the confidential information is encrypted and sent through SSL(Secure Sockets Layer) or TLS(Transport Layer Security) protocol, it can be exposed to the risk of sniffing by the digital certificate forgery at the proxy server, which is called the SSL MITM(Man-In-The-Middle) Proxy attack. In this paper, current credit card web-payment systems, which is weak at proxy information alternation attack, are analyzed. A resolution with certificate proxy server is also proposed to prevent the MITM attack.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.177-186
• /
• 2020

In current public blockchain, any node can see every blocks, so that public blockchain provider transparent property. However, some application requires the confidential information to be stored in the block. Therefore, this paper proposes a multi-layer blockchain that have the public block layer and the private block for confidential information. This paper suggests the requirement for encryption of private block. Also, this paper shows the t-of-n threshold cryptosystem without dealer who is trusted third party. Moreover, the delegated node who has key information can be withdraw the delegated node group or a new delegated node can join in the delegated node group. Therefore, the paper proposes an efficient key information resharing scheme for withdraw and join. Finally proposed scheme satisfies the requirements for encryption and fairness.

• Journal of The Korean Association of Information Education
• /
• v.5 no.3
• /
• pp.329-336
• /
• 2001

This paper addresses the issue of design and application of a Web-based counseling system of which purpose is to facilitate counseling so that students can freely express their personal problems and get professional helps through the system. The prominent features of the counseling system are that the system encourages students to involve actively in interactive process, and it helps them to create genuine interests out of disbelief or uneasiness towards counseling, and it helps them to create positive attitude towards counseling. To do that, counseling process should meet the requirement of confidentiality in order to build trust between counselor and counselee. Many counseling sites operated by various organizations utilize E-mail as a communication channel for confidentiality purpose, which is likely to end up with single occasions in which desirable relationships for counseling can hardly be established. To solve the above-mentioned problem, a closed, confidential, Web-based counseling system was built on a Web server so that trustful relationship can be accomplished through a confidential, Web-based counseling system. Also, the result of applying it to a local elementary school is stated. Thanks to the merits of personalized, confidential counseling system compared to the face-to-face counseling, surpassing the limitation of time and space and overcoming the fearfulness, it was well observed that students showed great interests in participation of conseling.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.31-36
• /
• 2011

Enterprise which has a core technology or organization which manages a core information will be walking into a critical situation like a ruins when organization's confidential information is outflowed. In the past confidential information that was leaked to the off-line, recently the outflow made possible through a variety of equipment at any time via the network based on the ubiquitous communication environment. In this paper, we propose to authenticate and block all packets transmitted via the network at real-time in order to prevent confidentials outflow. Especially in or der to differentiate between users who attempt to disclose confidentials, we propose to insert user's biometric informaion transparently at per-packet basis, and also verify a performance by simulation.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.1-10
• /
• 2014

In February 2014 Korean Bar Association has amended Professional Ethics Code as to stipulate attorney's duty to protect personal information. While existing Korean law and Professional Ethics Code has made attorney to keep client's confidential information, attorney's newly promulgated obligation has its meaning in that personal information of subject other than client is not protected through confidentiality rules, given that confidentiality obligation is interpreted to protect only client's information relating to representation. Moreover, duty to protect personal information deals with not only disclosure and use of information, which confidentiality rules is about, but also collection and retention process, access to and correction and care of information and even destruction of information. Amid unprecedented theft of personal data in several national banks and other serious leakage reported recently, this paper is going to contemplate the scope and application of the duty to protect personal information with hope to contribute to starting discussion on it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.29-46
• /
• 2002

We generally use SSL/TLS protocol utilizing X.509 v3 certificates so as to provide a secure means in establishment an confidential communication and the support of the authentication service. SPKI/SDSI was motivated by the perception that X.509 is too complex and incomplete. This thesis focuses on designing a secure server and an implementation of the prototype which has two main modules, one is to support secure communication and RBAC, not being remained in the SPKI/SDSI server which was developed by the existing Geronimo project and the other is to wholly issue name-certificate and authorization-cerificate. And the demonstration embodied for our sewer is outlined hereafter.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.16 no.2
• /
• pp.97-103
• /
• 2023

Since most of the information is transmitted through the network, eavesdropping and interception by a third party may occur. Appropriate measures are required for effective, secure and confidential communication in the network. Steganography is a technology that prevents third parties from detecting that confidential information is hidden in other media. Due to structural vulnerabilities, information protected by encryption and steganography techniques can be easily exposed to illegitimate groups. In order to improve the limitations of LSB where the simplicity and predictability of the hiding method exist, I propose a technique to improve the security of the message to be hidden based on PRNG and recursive function. To enhance security and confusion, XOR operation was performed on the result of selecting a random bit from the upper bits of the selected channel and the information transformed by the RS-box. PSNR and SSIM were used to confirm the performance of the proposed method. Compared to the reference values, the SSIM and PSNR of the proposed method were 0.9999 and 51.366, respectively, confirming that they were appropriate for hiding information.

• Proceedings of the IEEK Conference
• /
• 2002.07a
• /
• pp.482-485
• /
• 2002

For mission-critical and safe-critical operations of medical information, financial, or administrative systems, a reliable and robust storage system is indispensable. The main purpose of our research is to develop a high-confidential, reliable, and survivable storage system.