• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.3
• /
• pp.49-57
• /
• 2013

Power-saving PC software enables the inexpensive power control, but the installation of the power-saving software in all computers in the organization is not an easy task. Computer users in the organization are usually not cooperative as they do not think the power-saving cost is directly related to themselves. The PC power-saving system provides advantage to driving active participation in which users installs the power saving software by restricting IP address through the power management server. However, the problem with this approach is the security vulnerability to IP spoofing attacks, therefore we need to solve the problem that disrupt the entire network system rather than saving electric power. This paper proposes the security authentication system that can implement the efficiency saving power by providing high security for the members' computer system of the public institutions based on the PC power-saving system. Also, by analyzing it in comparison with other method, it is possible to check that the prospects of safety and efficiency are strengthened.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1293-1308
• /
• 2014

The cause of privacy extrusion in credit card company at 2014 is usage of the original data in test system. By Electronic banking supervision regulations of the Financial Supervisory Service and Information Security business best practices of Finance information technology (IT) sector, the data to identify the customer in the test system should be used to convert. Following this guidelines, Financial firms use converted customer identificaion data by loading in test system. However, there is some risks that may be introduced unintentionally by user mistake or lack of administrative or technical security in the process of testing. also control and risk management processes for those risks did not studied. These situations are conducive to increasing the compliance violation possibility of supervisory institution. So in this paper, we present and prove the process to eliminate the compliance violation possibility of supervisory institution by controlling and managing the unidentified conversion customer identification data and check the effectiveness of the process.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.67-70
• /
• 2014

Last was the main issue of financial security in the future will be more emphasis on security. Such as March 20, 2013 Computational crisis, June 25 Cyber terrorism information to credit card companies and customers due to carrier spill in Financial computational security measures 'released in 2014 and the financial authorities' customer information leakage prevention measures "were published the efforts to protect customers' information assets and ensure the stability of the financial transactions carried out by financial institutions protected status check "the information annually authorities This study business operations for the protection of information technology services for IT systems security equipment, data security operating services, security management services operations, operational management of IT systems security requirements from the point to the need for information security, IT systems administrator it would be great help.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.463-472
• /
• 2012

This paper propose a security method that performs mutual authentication between the SIP UA and the server, check for integrity of the signaling channel and protection of SDP information for VoIP using a One-Time Password. To solve the vulnerability of existing HTTP Digest authentication scheme in SIP, Various SIP Authentication schemes have been proposed. But, these schemes can't meet security requirements of SIP or require expensive cryptographic operations. Proposed method uses OTP that only uses hash function and is updated each authentication. So Proposed method do not require expensive cryptographic operations but performs user authentication efficiently and safely than existing methods. In addition, Proposed method verifies the integrity of the SIP messages and performs SDP encryption/decryption through OTP that used for user authentication. So Proposed method can reduce communication overhead when applying S/MIME or TLS.

• Journal of Korea Society of Industrial Information Systems
• /
• v.10 no.2
• /
• pp.67-75
• /
• 2005

In this paper, we design and implement real time IP security packet analyzer on IPv4 and IPv6 network. This packet analyzer sniffs and analyzes the packets generated by the protocols that are used by IPsec, IKE, IPv4 and IPv6 such as AH, ESP, ISAKMP, IP, ICMP and so on. The purpose of this analyzer is to check current security status of the network automatically. In this paper we provide implementation details and the examples of security evaluation by using our security packet analyzer system.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• Review of KIISC
• /
• v.3 no.3
• /
• pp.31-39
• /
• 1993

IOS/IEC JTC1/SC27의 국제표준소개의 첫번째 편으로 DIS 9797을 소개한다. 이것은 1989년에 1차로 국제표준이 되었다가 결함이 발견되어 다시 작업이 시작되어 1992년 10월 SC27정기총회에서 CD(Committee Draft)에서 수정후 DIS(Draft Internationa Standard) 수준으로 올리기로 하여 1993년 3월 DIS로서 표결에 부쳐진 문서이다. 이해를 돕기 위하여 국문뒤에 원문을 덧붙였다. 번역이 적절하지 않거나 더 좋은 표현이 있으면 역자에게 알려주면 참고하여 추후의 수정본에 반영하겠다.

• The Journal of Society for e-Business Studies
• /
• v.16 no.2
• /
• pp.159-169
• /
• 2011

In order for agencies and companies at the IT service industry to check as well as to upgrade the current status of their information security programs, this paper suggests the assessment method for information security levels. The study developed 12 assessment fields and 54 assessment items derived from domestic and foreign cases including SP800-26, SP800-53, ISMS, and ISO27001. It categorized 54 assessment items into 5 levels for determining information security levels. Also, the study presents 7 strategies for performing their efficient evaluations. The proposed method and process in this paper can be useful guidelines for improving the national information security level.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.1
• /
• pp.466-483
• /
• 2017

Zen Cart is an open-source online store management system. It is used all over the world because of its stability and safety. Today, Zen Cart's session security mechanism is mainly used to verify user agents and check IP addresses. However, the security in verifying the user agent is lower and checking the IP address can affect the user's experience. This paper, which is based on the idea of session protection as proposed by Ben Adida, takes advantage of the HTML5's sessionStorage property to store the shared keys that are used in HMAC-SHA256 encryption. Moreover, the request path, current timestamp, and parameter are encrypted by using HMAC-SHA256 in the client. The client then submits the result to the web server as per request. Finally, the web server recalculates the HMAC-SHA256 value to validate the request by comparing it with the submitted value. In this way, the Zen Cart's open-source system is reinforced. Owing to the security and integrity of the HMAC-SHA256 algorithm, it can effectively protect the session security. Analysis and experimental results show that this mechanism can effectively protect the session security of Zen Cart without affecting the original performance.

• Journal of Korea Multimedia Society
• /
• v.20 no.12
• /
• pp.1970-1979
• /
• 2017

Computerization of educational administration following educational informatization of government has been steadily improved for the purpose of teachers' offload and job efficiency, finally resulting that NEIS(National Education Information System) has been completed. The NEIS consists of Nationwide service of NEIS, Business portal system of NEIS, Authentication management system and so on. Students, parents and civil petitioners handle civil affairs through Nationwide service of NEIS and teachers and persons of task conduct theirs business by accessing the Business portal system of NEIS. At this time, users have to obtain their certification from Authentication management system. Previous Studies were mainly focused on the evaluation about its performance according to the introduction of NEIS. But from now on there is a growing interest in security assessment and an efficient method for security improvement to check if NEIS works properly. Therefore, in this thesis, we'll propose an analytic framework in which security assessment is carried out after comprehending the fault structures through performing Fault Fishbone Analysis based on the Fault Tree Analysis. As a result of the system applied, the system had the highest rate of improvement to 47.7 percent.