• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.3 s.303
• /
• pp.1-8
• /
• 2005

At IETF (Internet Engineering Task Force), recently RFC3775, RFC3776 documents about the mobile IPv6 were standardized by IETF (Internet Engineering Task Force). Those specifications propose that during the roaming, the mobile node sends securely the binding update to the home agent and the correspondent node after setting the security association between Mobile Node and Home Agent. But there is no secure bootstrapping method between a mobile node and a home agent at the two RFC documents. This paper proposed a method for the secure bootstrapping between a mobile node and a home agent. This makes the authentication, binding update, home agent assignment, security association distribution through the AAA-based secure channel between mobile node and home agent. And the proposed method was analyzed in the view of the procedure, round trip and security strength.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.9
• /
• pp.4588-4608
• /
• 2017

The measurement of information security levels is a very important but difficult task. So far, various measurement methods have studied the development of new indices. Note, however, that researches have focused on the problem of attaining a certain level but largely neglecting research focused on the issue of how different types of possible flaws in security controls affect each other and which flaws are more critical because of these effects. Furthermore, applying the same weight across the board to these flaws has made it difficult to identify the relative importance. In this paper, the interrelationships among security flaws that occurred in the security controls of K-ISMS were analyzed, and the relative impact of each security control was measured. Additionally, a case-control study was applied using empirical data to eliminate subjective bias as a shortcoming of expert surveys and comparative studies. The security controls were divided into 2 groups depending on whether or not a security flaw occurs. The experimental results show the impact relationship and the severity among security flaws. We expect these results to be applied as good reference indices when making decisions on the removal of security flaws in an enterprise.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.12
• /
• pp.595-602
• /
• 2021

The robot is developing into a software-oriented shape that recognizes the surrounding situation and is given a task. Cloud Robotics Platform is a method to support Service Oriented Architecture shape for robots, and it is a cloud-based method to provide necessary tasks and motion controllers depending on the situation. As it evolves into a humanoid robot, the robot will be used to help humans in generalized daily life according to the three robot principles. Therefore, in addition to robots for specific individuals, robots as public goods that can help all humans depending on the situation will be universal. Therefore, the importance of information security in the Cloud Robotics Computing environment is analyzed to be composed of people, robots, service applications on the cloud that give intelligence to robots, and a cloud bridge that connects robots and clouds. It will become an indispensable element for In this paper, we propose a Security Scheme that can provide security for communication between people, robots, cloud bridges, and cloud systems in the Cloud Robotics Computing environment for intelligent robots, enabling robot services that are safe from hacking and protect personal information.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.207-212
• /
• 2021

Clustering Unlabeled Spatial-datasets to convert them to Labeled Spatial-datasets is a challenging task specially for geographical information systems. In this research study we investigated the NYC Taxi Limousine Commission dataset and discover that all of the spatial-temporal trajectory are unlabeled Spatial-datasets, which is in this case it is not suitable for any data mining tasks, such as classification and regression. Therefore, it is necessary to convert unlabeled Spatial-datasets into labeled Spatial-datasets. In this research study we are going to use the Clustering Technique to do this task for all the Trajectory datasets. A key difficulty for applying machine learning classification algorithms for many applications is that they require a lot of labeled datasets. Labeling a Big-data in many cases is a costly process. In this paper, we show the effectiveness of utilizing a Clustering Technique for labeling spatial data that leads to a high-accuracy classifier.

• Journal of the Korea Convergence Society
• /
• v.11 no.10
• /
• pp.107-113
• /
• 2020

With the development of IT technology, along with the expansion of women's participation in society, the education training of information security women's workforce is becoming a very important issue. Therefore, it is important to analyze the relevant curriculum to identify the direction of fostering women's information security workforce. Therefore, in this paper, the education and training programs of the department for training women's information security workforce based in Seoul area of the Korean metropolitan area were analyzed. The main research objective of this paper is to review whether the education and training system, which consists of the department of women's information security human resources development, is in line with the direction of NIST's human resources development. The research focus was on what the women's information security department organizes courses with each security major and what task training is interested in. In addition, in this paper, we were confirmed that the curriculum of the relevant major is based on the NIST Human Resources Development Framework, and that the majors of the relevant universities have an education and training system that conforms to the relevant task. In conclusion, the related majors are judged to be focused on the development of certification evaluation personnel of convergence industry security or information security development personnel, and general cyber security personnel.

• Journal of Korea Society of Industrial Information Systems
• /
• v.26 no.5
• /
• pp.69-77
• /
• 2021

This study aims to identify security-based threat information for an organization. This is because protecting the threat for IT systems plays an important role for an corporate's intangible assets. Security monitoring systems determine and consequently respond threats by analyzing them in a real time situation, focusing on events and logs generated by security protection programs. The security monitoring task derives priority by dividing threat information into reputation information and analysis information. Reputation information consisted of Hash, URL, IP, and Domain, while, analysis information consisted of E-mail, CMD-Line, CVE, and attack trend information. As a result, the priority of reputation information was relatively high, and it is meaningful to increase accuracy and responsiveness to the threat information.

• International Journal of Computer Science & Network Security
• /
• v.21 no.4
• /
• pp.19-27
• /
• 2021

Tasks scheduling have been gaining attention in both industry and research. The scheduling that ensures independent task execution is critical in real-time systems. While task scheduling has gained a lot of attention in recent years, there have been few works that have been implemented into real-time architecture. The efficiency of the classical scheduling strategy in real-time systems, in particular, is still understudied. To reduce total waiting time, we apply three scheduling approaches in this paper: First In/First Out (FIFO), Shortest Execution Time (SET), and Shortest-Longest Execution Time (SLET). Experimental results have demonstrated the efficacy of the SLET in comparison with the others in most cases in a wide range of configurations.

• Journal of information and communication convergence engineering
• /
• v.18 no.1
• /
• pp.39-48
• /
• 2020

Information-security management systems (ISMSs) are becoming very important, even for micro, small, and medium enterprises (MSMEs). However, implementing an ISMS is not an easy task. Many obstacles must be overcome, e.g., complexity, document tracking, competency management, and even changing cultures. The objective of our study is to provide ISMS application tools, based on ISO 27001:2013 ISM frameworks. The application was developed on the Odoo Open Enterprise Resource Planning platform. To validate its feasibility for future improvement, the application was implemented by an MSME company. For this implementation, information-security-related users gave their feedback through a questionnaire. The distributed feedback questionnaire consists of nine assessment parameters, covering topics from the application's technical aspects to users' experiences. Based on the questionnaire feedback, all users of the application were satisfied with its performance.

• Management & Information Systems Review
• /
• v.6
• /
• pp.1-19
• /
• 2001

Partial transactions which use computer networks are formed in the cyberspace due to rapid progress of communication and computer technology. Electronic business transactions have security problems according to the special quality of opening networks, while it can be approached easily by anyone without being tied to time and places through Internets. To revitalize the electronic business transactions, security technology which can establish its security and trust is the prior task and both safe information communication and better information security service offer are essential factors. The method to exchange information through Internets must be made after confirming one another's exact connection in the mutual identity certification to prevent a lot of threat which can occur in the use of password techniques. To satisfy these electronic business transactions, we intend to increase understanding of authentication algorithm provided with authentication function of messages and users as well to plan safety and trust of business information and contents in the electronic business transactions.

• International journal of advanced smart convergence
• /
• v.10 no.4
• /
• pp.22-29
• /
• 2021

For web application vulnerability diagnosis, from the development stage to the operation stage, it is possible to stably operate the web only when there is a policy that is commonly applied to each task through diagnosis of vulnerabilities, removal of vulnerabilities, and rapid recovery from web page damage. KISA presents 28 evaluation items for technical vulnerability analysis of major information and communication infrastructure. In this paper, we diagnose the vulnerabilities in the automobile goods shopping mall website and suggest security measures according to the vulnerabilities. As a result of diagnosing 28 items, major vulnerabilities were found in three items: cross-site scripting, cross-site request tampering, and insufficient session expiration. Cookie values were exposed on the bulletin board, and personal information was exposed in the parameter values related to passwords when personal information was edited. Also, since the session end time is not set, it was confirmed that session reuse is always possible. By suggesting security measures according to these vulnerabilities, the discovered security threats were eliminated, and it was possible to prevent breaches in web applications and secure the stability of web services.