• 한국정보처리학회논문지
• /
• 제6권3호
• /
• pp.654-663
• /
• 1999

In this paper, we develop a security system which enhances the security of information during transmission over the World Wide Web for solving problems related to outflow of the information on the internet. Our system provides safe security functions without modifying the existing Web server and browser by utilizing CGI, Plug-in, and Socket Spy techniques. Our system implements user access control and data encryption/decryption by using the hardware cryptographic token instead of using a software technique as in previous systems, and hence is a more robust security system.

• 정보보호학회논문지
• /
• 제25권6호
• /
• pp.1455-1463
• /
• 2015

국가 주요기반 시설인 산업제어시스템이 스턱스넷과 같은 악성 웜에 감염되는 경우 국가적 재난이 발생할 수 있다. 따라서 산업제어시스템에 대한 정보보호 연구는 활발히 진행되고 있다. 하지만, 대부분의 산업제어시스템 방어는 이러한 위협으로부터 시스템을 보호하기 위한 네트워크에서의 침입 탐지에 초점이 맞춰져 있다. 현재 국내에서 연구되고 있는 기존의 방법은 네트워크 트래픽을 모니터링하고 변칙 패턴을 검출하는데 효과적이나 MITM 기법을 이용한 정상 패턴과 동일한 공격 유형은 탐지하기 어렵다. 본 연구에서는 실제 산업제어시스템 현장의 데이터를 수집하여 PROFINET/DCP 프로토콜과 취약점을 분석하고 인증데이터 필드를 추가하여 MITM 공격을 방어 가능한 개선된 프로토콜을 제시 하며 이에 대한 적용 가능성을 확인한다. 본 논문에서 제시하는 개선된 프로토콜을 실 적용시 MITM 공격으로 인해 발생할 수 있는 국가적 재난 발생을 방지할 수 있다.

• 융합보안논문지
• /
• 제19권4호
• /
• pp.97-105
• /
• 2019

니콜라 테슬라에 의해 항공기의 무선제어 가능성이 제시되면서 출현한 무인항공기는 제 1, 2차 세계대전을 통해 항공력의 급속한 발전과 함께 군사, 방산용으로 사용하게 되었다. 2000년대, 무인항공기의 분야가 촬영, 배송, 통신 등 민간분야까지 확대됨에 따라 여러 서비스와 융합되어 활용되고 있다. 하지만, 최근 무인항공기 시스템에서의 통신이나 무인항공기 자체의 보안 취약점을 이용하여 GPS 스푸핑, 전파 교란 공격 등을 시도하는 보안사고가 발생하고 있다. 이에, 안전한 무인항공기의 도입을 위하여 국내에서는 자체 무인항공기 검증 제도인 감항 인증 제도가 마련되었다. 그러나 감항 인증 제도는 무인항공기의 보안성보다는 시험 비행, 설계 및 물리적 구조의 안전성과 인증하는 쪽에 초점이 맞추어져 있다. 보안성 높은 안전한 무인항공기의 도입을 위해 본 논문에서는 무인항공기 시스템 모델을 제안하고 데이터 흐름도를 작성하였다. 작성한 데이터 흐름도를 바탕으로 무인항공기 시스템에서의 위협을 도출하였고, 도출한 위협을 방지할 수 있는 보안기능요구사항을 개발하였다. 제안한 보안기능요구사항을 통해 향후 무인항공기의 안전한 도입을 위한 앞으로의 평가, 검증 기술의 발전 방향을 제시한다.

• International Journal of Internet, Broadcasting and Communication
• /
• 제12권2호
• /
• pp.1-7
• /
• 2020

The secure access the lighting, Heating, ventilation, and air conditioning (HVAC), fire safety, and security control boxes of building facilities is the primary objective of future smart buildings. This paper proposes an authorized user access to the electrical, lighting, fire safety, and security control boxes in the smart building, by using color grid coded optical camera communication (OCC) with face recognition Technologies. The existing CCTV subsystem can be used as the face recognition security subsystem for the proposed approach. At the same time a smart device attached camera can used as an OCC receiver of color grid code for user access authentication data sent by the control boxes to proceed authorization. This proposed approach allows increasing an authorization control reliability and highly secured authentication on accessing building facility infrastructure. The result of color grid code sequence received by the unauthorized person and his face identification allows getting good results in security and gaining effectiveness of accessing building facility infrastructure. The proposed concept uses the encoded user access authentication information through control box monitor and the smart device application which detect and decode the color grid coded informations combinations and then send user through the smart building network to building management system for authentication verification in combination with the facial features that gives a high protection level. The proposed concept is implemented on testbed model and experiment results verified for the secured user authentication in real-time.

• 한국IT서비스학회지
• /
• 제15권3호
• /
• pp.33-50
• /
• 2016

In a dynamic IT environment, employees often utilize external IT resources to work more efficiently and flexibly. However, the use of external IT resources beyond its control may cause difficulties in the company. This is known as "Shadow IT." In spite of efficiency gains or cost savings, Shadow IT presents problems for companies such as the outflow of enterprise data. To address these problems, appropriate measures are required to maintain a balance between flexibility and control. Therefore, in this study, we developed a new information security management system called AIIMS (Advanced IT service & Information security Management System) and the Shadow IT Evaluation Model. The proposed model reflects a Shadow IT's attributes such as innovativeness, effectiveness, and ripple effect. AIIMS consists of five fields: current analysis; Shadow IT management plans; management process; education and training; and internal audit. There are additional management items and sub-items within these five fields. Using AIIMS, we expect to not only mitigate the potential risks of Shadow IT but also create successful business outcomes. Now is the time to draw to the Light in the Shadow IT.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2001년도 ICCAS
• /
• pp.59.1-59
• /
• 2001

The attackers on Internet-connected systems we are seeing today are more serious and more technically complex than those in the past. Computer security incidents are different from many other types of crimes because detection is unusually difficult. So, network security managers need a IDS and Firewall. IDS (Intrusion Detection System) monitors system activities to identify unauthorized use, misuse or abuse of computer and network system. It accomplishes these by collecting information from a variety of systems and network resources and then analyzing the information for symptoms of security problems. A Firewall is a way to restrict access between the Internet and internal network. Usually, the input ...

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2003년도 ICCAS
• /
• pp.2093-2096
• /
• 2003

Trusted operating systems (OS) provide the basic security mechanisms and services that allow a computer system to protect, distinguish, and separate classified data. Trusted operating systems have been developed since the early 1980s and began to receive National Security Agency (NSA) evaluation in 1984. The researches about trusted OS are proceeding over the world, and new product type using the loadable security kernel module (LSKM) or dynamic link library (DLL) is being developed. This paper proposes a special type of product using LSKM and specific conditions for operational environment should be assumed.

• 한국시뮬레이션학회논문지
• /
• 제10권4호
• /
• pp.51-64
• /
• 2001

It is quite necessary that an organization's information network should be equipped with a proper security system based on its scale and importance. One of the effective methods is to use the simulation model for deciding which security policy and mechanism is appropriate for the complex network. Our goal is to build a foundation of knowledge-based modeling and simulation environment for the network security. With this environment, users can construct the abstracted model of security mechanisms, apply various security policies, and quantitatively analyze their security performance against possible attacks. In this study, we considered security domain from several points of view and implemented the models based on a systematic modeling approach. We enabled the model to include knowledge in modular fashion and provided well-defined guidelines for transforming security policy to concrete rule set.

• International Journal of Computer Science & Network Security
• /
• 제22권10호
• /
• pp.303-309
• /
• 2022

Software Defined Networking (SDN) is a novel approach that have accelerated the development of numerous technologies such as policy-based access control, network virtualization, and others. It allows to boost network architectural flexibility and expedite the return on investment. However, this increases the system's complexity, necessitating the expenditure of dollars to assure the system's security. Network Function Virtualization (NFV) opens up new possibilities for network engineers, but it also raises security concerns. A number of Internet service providers and network equipment manufacturers are grappling with the difficulty of developing and characterizing NFVs and related technologies. Through Moodle's efforts to maintain security, this paper presents a detailed review of security-related challenges in software-defined networks and network virtualization services.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 2003년도 춘계종합학술대회
• /
• pp.301-304
• /
• 2003

본 논문은 웹 브라우저 만으로 원격지에 위치한 설비의 모니터링과 제어를 할 수 있고, 서로 다른 시스템간의 호환성과 확장성을 지원할 수 있는 lava 플랫폼을 기반으로 응용 계층인 HTTP 프로토콜의 URL통신을 이용한 인터넷 원격제어 시스템 구축 방법을 제안하였다. 제안한 인터넷 원격제어시스템을 실험하기 위하여 서버 PC와 RS-232 통신방식으로 연결된 $\mu$-Processor를 통한 직류전동기의 속도 및 온도를 모니터링하고 제어하는 실험을 하였다.