• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.845-848
• /
• 2013

유 무선 통신망을 통한 여러 서비스들에 대해 정보의 정확성, 전달속도 및 신뢰성은 서비스 제공에 중요한 요소도 작용된다. 뿐만 아니라 최근 정보보호의 인식이 커지면서 보안 적용도 중요한 요소로 자리 잡고 있다. 하지만 보안 적용 시 속도 지연 및 서비스 품질 저하의 문제가 발생할 수 있다. 이러한 문제는 보안 적용에 필수적인 암호 알고리즘 수행 시 내부적으로 소모되는 연산 비용이 크기 때문에 발생할 수 있다. 본 논문에서는 암호 장치를 추가한 테스트 환경을 구축하여, 보안을 적용하였을 때 소모되는 비용을 암호 알고리즘 레벨로 측정 및 분석하였다. 결과적으로 암호 장치를 추가하여 암호를 수행했을 때 암호화에 대한 소모비용은 데이터 통신에 많은 영향을 주지 않는다는 것을 확인하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.4
• /
• pp.923-948
• /
• 2013

The main concern in mobile peer-to-peer (P2P) networks is security because jamming or eavesdropping on a wireless link is much easier than on a wired one and such damage can be incurred without physical access or contact. In particular, authentication has increasingly become a requirement in mobile P2P environments. This paper presents a new mutual authentication mechanism which requires less storage space and maintains a high level of security in mobile P2P networks. The proposed mechanism improves efficiency by avoiding the use of centralized entities and is designed to be agile in terms of both reliability and low-cost implementation. The mechanism suggested in the simulation evaluates the function costs occurring in authentication between the devices under mobile P2P network environment comparing to existing method in terms of basic operation costs, traffic costs, communications costs, storage costs and scalability. The simulation results show that the proposed mechanism provides high authentication with low cryptography processing overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.855-861
• /
• 2017

Gordon & Loeb[1] suggested that the optimal level of investment decision of an enterprise is the point that the marginal benefit(MB) of information security investment is equal to the marginal cost(MC). However, many companies suffering from information security incidents are not aware of the fact that they are experiencing information security accidents and can not measure how much they are affected. In this paper, I propose a model of information security investment decision making under the incomplete information situation by modifying the Gordon & Loeb[1] model and compare the differences in investment level. Under the incomplete information situation the expected return from the information security investment tends to be lower than that of actual information security investment, and the level of investment is also less. This shows that if a third party such as the government gives accurate information such as the rate of incidents of information security accidents and the amount of damages, companies can expand their investment in information security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.225-235
• /
• 2015

Recently, the administration and supervision of Information Security Certification and Security Inspection has been enforced but information leakage and security accidents by insiders are increasing consistently. The security accidents by insiders ran to 21% in 2010, by the 2011 Cyber Security Watch Survey. The problem is that immediate recognition is difficult and stopgap measure is mostly adopted without company's external notice apprehensive for cost increase or credit drop in case of internal security accidents. In the paper, we conducted the regression study on security access management then proposed the standard process available for other systems and businesses sites. It can be very useful for many companies to investigate, analyze and improve the problem of security management conveniently.

• Proceedings of the Korea Contents Association Conference
• /
• 2003.11a
• /
• pp.132-139
• /
• 2003

In this paper, we design and implement the public key certification the structure of assure information security which play an important role in PKI (Public Key Infrastructure). The structure of assure information security consists of Root-CA, Home-network and Foreign-network. CA will going to gave the mandate to Home-Agent or Foreign-Agent when they request. The structure of assure information security is various characteristic : more then high speed, mobile network, and low cost more then previous structure of assure information security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.6
• /
• pp.1818-1832
• /
• 2022

Violence in the Internet era poses a new challenge to the current counter-riot work, and according to research and analysis, most of the violent incidents occurring are related to the dissemination of violence images. The use of the popular deep learning neural network to automatically analyze the massive amount of images on the Internet has become one of the important tools in the current counter-violence work. This paper focuses on the use of transfer learning techniques and the introduction of an attention mechanism to the residual network (ResNet) model for the classification and identification of violence images. Firstly, the feature elements of the violence images are identified and a targeted dataset is constructed; secondly, due to the small number of positive samples of violence images, pre-training and attention mechanisms are introduced to suggest improvements to the traditional residual network; finally, the improved model is trained and tested on the constructed dedicated dataset. The research results show that the improved network model can quickly and accurately identify violence images with an average accuracy rate of 92.20%, thus effectively reducing the cost of manual identification and providing decision support for combating rebel organization activities.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.5
• /
• pp.1920-1937
• /
• 2015

Network environment has been under constant threat from both malicious attackers and inherent vulnerabilities of network infrastructure. Existence of such threats calls for exhaustive vulnerability analyzing to guarantee a secure system. However, due to the diversity of security hazards, analysts have to select from massive alternative hardening strategies, which is laborious and time-consuming. In this paper, we develop an approach to seek for possible hardening strategies and prioritize them to help security analysts to handle the optimal ones. In particular, we apply a Risk Flow Attack Graph (RFAG) to represent network situation and attack scenarios, and analyze them to measure network risk. We also employ a multi-objective genetic algorithm to infer the priority of hardening strategies automatically. Finally, we present some numerical results to show the performance of prioritizing strategies by network risk and hardening cost and illustrate the application of optimal hardening strategy set in typical cases. Our novel approach provides a promising new direction for network and vulnerability analysis to take proper precautions to reduce network risk.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.5
• /
• pp.67-77
• /
• 2006

Radio Frequency IDentification (RFID) will soon become an important technology in various industries. Therefore, security mechanisms for Rm systems are emerging crucial problems in RFID systems. In order to guarantee privacy and security, it is desirable to encrypt the transferred data with a strong crypto algorithm. In this paper, we present the ultra-light weight Advanced Encryption Standard (AES) processor which is suitable for RFID tags. The AES processor requires only 3,992 logic gates and is capable of both 128-bit encryption and decryption. The processor takes 446 clock cycles for encryption of a 128-bit data and 607 clock cycles for decryption. Therefore, it shows 55% improved result in encryption and 40% in decryption from previous cases.

• ETRI Journal
• /
• v.28 no.5
• /
• pp.692-695
• /
• 2006

Recently, there has been a constant barrage of worms over the Internet. Besides threatening network security, these worms create an enormous economic burden in terms of loss of productivity not only for the victim hosts, but also for other hosts, as these worms create unnecessary network traffic. Further, measures taken to filter these worms at the router level incur additional network delays because of the extra burden placed on the routers. To develop appropriate tools for thwarting the quick spread of worms, researchers are trying to understand the behavior of worm propagation with the aid of epidemiological models. In this study, we present an optimization model that takes into account infection and treatment costs. Using this model we can determine the level of treatment to be applied for a given rate of infection spread.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.899-900
• /
• 2012

RFID technology can help automatically and remotely identify objects, which raises many security concerns. We review and categorize several RFID security and privacy solutions, and conclude that the most promising and low-cost approach currently attracts little academic attention. We therefore concluded that, from a privacy perspective, the user scheme is an important strategy for meeting the consumer's needs. Furthermore, we call for the privacy research community to put more effort into this line of thinking about RFID privacy.