• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.51-59
• /
• 2009

Many failures are due to incorrectly programmed transactions and data entry errors. System failure causes the loss or corruption of the contents of volatile storage. Although global processing protects data values to detect direct or indirect information effluence, security environments are very important in the recovery management of heterogeneous systems. Although transaction can't control system fault, the restart for the system can cause information effluence by low bandwith. From various faults, it is not easy to maintain the consistency and security of data. This paper proposes recovery management protocols to assure global multilevel secure one-copy quasi-serializability in security environments of heterogeneous systems with replicated data and proves its correctness. The proposed secure protocols guarantee the reliability and security of system when the system fault is happened.

• Journal of Korea Multimedia Society
• /
• v.20 no.12
• /
• pp.1970-1979
• /
• 2017

Computerization of educational administration following educational informatization of government has been steadily improved for the purpose of teachers' offload and job efficiency, finally resulting that NEIS(National Education Information System) has been completed. The NEIS consists of Nationwide service of NEIS, Business portal system of NEIS, Authentication management system and so on. Students, parents and civil petitioners handle civil affairs through Nationwide service of NEIS and teachers and persons of task conduct theirs business by accessing the Business portal system of NEIS. At this time, users have to obtain their certification from Authentication management system. Previous Studies were mainly focused on the evaluation about its performance according to the introduction of NEIS. But from now on there is a growing interest in security assessment and an efficient method for security improvement to check if NEIS works properly. Therefore, in this thesis, we'll propose an analytic framework in which security assessment is carried out after comprehending the fault structures through performing Fault Fishbone Analysis based on the Fault Tree Analysis. As a result of the system applied, the system had the highest rate of improvement to 47.7 percent.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.3-13
• /
• 2010

Differential Fault Analysis (DFA) is widely known for one of the most efficient method analyzing block cipher. In this paper, we propose a new type of DFA on DES (Data Encryption Standard). DFA on DES was first introduced by Biham and Shamir, then Rivain recently introduced DFA on DES middle rounds (9-12 round). However previous attacks on DES can only be applied to the encryption process. Meanwhile, we first propose the DFA on DES key-schedule. In this paper, we proposed a more efficient DFA on DES key schedule with random fault. The proposed DFA method retrieves the key using a more practical fault model and requires fewer faults than the previous DFA on DES.

• Journal of Korea Multimedia Society
• /
• v.18 no.11
• /
• pp.1342-1350
• /
• 2015

Due to rapid development of mobile device technologies, the mobile banking through Internet has become a major service of banking information systems as a security-critical information systems. Recently, lots of mobile banking information systems which handle personal and transaction information have been exposed to security threats in vulnerable security control and management processes, mainly software systems. Therefore, in this paper, we propose a process model for software security improvements in mobile banking information system by application of fault tree analysis(FTA) and failure modes and effects analysis(FMEA) on the most important activities such as 'user authentication' and 'access control' and 'virus detection and control' processes which security control and management of mobile banking information systems are very weak.

• Journal of Korea Multimedia Society
• /
• v.17 no.1
• /
• pp.52-59
• /
• 2014

These days, smart card management system(SCMS) have been broadly used for security conformability, efficiency of issuance management, key management and expert management in the smart card market. SCMS is composed of card management, issuance management, key management, application management, and issuers management systems. SCMS enables card issuers from banks, credit card companies, and telecommunications companies to provide these cards to card users. And then SCMS enables card users to download new programs to chips for use of these cards successively and provide related smart card data in safety and efficiency. In this paper, we propose a framework for security assessment and an efficient method for security improvement through fault analysis which is more effective.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.17-25
• /
• 2008

Because Chinese Remainder Theorem based RSA (RSA CRT) offers a faster version of modular exponentiation than ordinary repeated squaring, it is promoting with standard. Unfortunately there are major security issues associated with RSA CRT, since Bellcore announced a fault-based cryptanalysis against RSA CRT in 1996. In 1997, Shamir developed a countermeasure using error free immune checking procedure. And soon it became known that the this checking procedure can not effect as the countermeasures. Recently Yen proposed two hardware fault immune protocols for RSA CRT, and this two protocols do not assume the existence of checking procedure. However, in FDTC 2006, the method of attack against the Yen's two protocols was introduced. In this paper, the main purpose is to present a countermeasure against the method of attack from FDTC 2006 for CRT-RSA. The proposed countermeasure use a characteristic bit operation and dose not consider an additional operation.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.189-198
• /
• 2002

In this paper, we have designed the Web_based Home Gateway Management System using SSL, which can manage subscribers using Home Gateway device in home networking technology. To manage Home Gateway devices with SNMP, management elements are classified into system. performance. fault functional area based on MIB objects from Home Gateway devices MIB. System analysis provides configuration information of each Home Gateway, and Performance analysis provides device's traffic information and state. And fault analysis provides fault logging for the unexpected events and trap message from devices. HGMS uses SSL (Secure Socket Layer) to enforce the security of communication which is between server and client, and it improved the stability of HGMS.

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.218-232
• /
• 2015

According to the development of information processing technology and mobile communication technology, the utilization of mobile banking systems is drastically increasing in banking system. In the foreseeable future, it is expected to increase rapidly the demands of mobile banking in bank systems with the prevalence of smart devices and technologies. However, the keeping 'security' is very important in banking systems that handles personal information and financial assets. But it is very difficult to improve the security of banking systems only with the vulnerabilities and faults analysis methods of information security. Hence, in this paper, we accomplish the analysis of security risk factor and security vulnerability that occur in mobile banking system. With analyzed results, we propose the information security control and management processes for assessing and improving security based on the mechanisms which composes mobile banking system.

• Journal of Korea Multimedia Society
• /
• v.18 no.5
• /
• pp.631-640
• /
• 2015

Recently CCTV system is installed widely purpose to enhanced physical security, gathering criminal evidence and management of facilities. In spite of supporting strong management function, CCTV system has weak security function. Therefore high security management function is required. Generally it's not easy to control the devices under NAT using a NMS(Network Management System). So we design and implement alive check algorithm of CCTV devices under NAT using DVRNS address resolution and TCP session check. We evaluated and analyzed of developed system on real environment which includes about 100 DVRs under NAT. As a result of test, it showed that device alive check and DVRNS address resolution were well performed without any error.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.141-145
• /
• 2003

We propose the model of Software Rejuvenation methodology, which is applicable for survivability. Software rejuvenation is a proactive fault management technique and being used in fault tolerant systems as a cost effective technique for dealing with software faults. Survivability focuses on delivery of essential services and preservation of essential assets, even systems are penetrated and compromised. Thus, our objective is to detect the intrusions in a real time and survive in face of such attacks. As we deterrent against an attack in a system level, the Intrusion tolerance could be maximized at the target environment. We address the optimal time to execute ad hoc software rejuvenation and we compute it by using the semi Markov process. This is one way that could be really frustrated and deterred the attacks, as the attacker can't make their progress. This Software Rejuvenation method can be very effective under the assumption of unknown attacks. In this paper, we compute the optimum time to perform an ad hoc Software Rejuvenation through intrusions.