• Proceedings of the Korean Society of Computer Information Conference
• /
• 2008.06a
• /
• pp.175-182
• /
• 2008

2008년에 있었던 우리나라 금융기관과 정부기관에 대한 DoS 공격에 대한 연구이다. 실험실 환경에서 실제 DoS 공격 툴을 이용하여 공격을 실시한다. DoS 공격을 탐지하기 위하여 네트워크 상에서 Snort를 이용한 N-IDS를 설치하고, 패킷을 탐지하기 위한 Winpcap과 패킷의 저장 및 분석하기 위한 MySQL, HSC, .NET Framework 등을 설치한다. e-Watch 등의 패킷 분석 도구를 통해 해커의 DoS 공격에 대한 패킷량과 TCP, UDP 등의 정보, Port, MAC과 IP 정보 등을 분석한다. 본 논문 연구를 통하여 유비쿼터스 정보화 사회의 역기능인 사이버 DoS, DDoS 공격에 대한 자료를 분석하여 공격자에 대한 포렌식자료 및 역추적 분석 자료를 생성하여 안전한 인터넷 정보 시스템을 확보하는데 의의가 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.901-904
• /
• 2011

SaaS 환경에서는 다수의 사용자가 동일한 어플리케이션을 이용하게 되므로 사용자에 따라 특정 자원 혹은 기능에 대한 접근을 제어하는 보안 기능의 중요성이 더욱 부각되고 있다. 이러한 기능을 갖춘 SaaS 플랫폼의 중요성과 그 가치는 매우 크다 할 수 있으나 국내에서는 이에 대한 많은 연구가 보이지 않고 있다. 본 논문에서는 계층적 그룹 구조, 접속 시간 IP 주소 MAC ID 등에 따른 역할 부여 등 풍부한 기능을 제공하는 SaaS 플랫폼을 위한 사용자 권한 관리 시스템을 설계한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1254-1257
• /
• 2007

유비쿼터스 환경이 구축됨에 따라서 온라인상에서 사용자를 인증하고 적합한 서비스를 제공할 수 있도록하기 위하여 OTP(One-Time Password)에 대한 연구가 활발히 진행되고 있다. 하지만 ID와 고정된 패스워드의 대안으로 연구되고 있는 OTP 또한 중간자공격에 취약하여 패스워드 노출 문제가 발생하고, 기존의 사용되고 있는 방식이 6~8자리의 OTP를 사용하고 있기 때문에 자릿수를 알았을 경우 사전공격 및 추측 공격이 가능할 수 있다. 기존의 OTP는 OATH와 RSA에서 연구하고 있어 두 가지 표준으로 구분된다. 그 중 OATH에서 연구하고 있으며 RFC 4226에 기술되어 있는 HOTP는 Hash-based MAC을 이용하여 안전한 OTP를 생성하고 있다 하지만 HOTP도 자릿수(Digit)가 고정되어 있어 사전 공격 및 추측 공격에 취약할 수 있다. 따라서 본 방식은 HOTP의 자릿수를 가변적으로 생성하는 R(Random digit)-OTP를 생성함으로써 제 3자의 공격으로부터 안전하게 하였다.

• The KIPS Transactions:PartC
• /
• v.10C no.1
• /
• pp.11-16
• /
• 2003

This paper implements Multiple User Authentication System to which the system authenticating with password only has been upgraded. The 4-staged authentication including user ID, password, smart card and access control information, etc. is used at the suggested Multiple User Authentication System. The user authentication system that this paper suggests has been developed based on SecuROS/FreeBSD with the function of access control added to FreeBSD kernel. It provides both the function to limit accost range to the system to each user and the function to check that when inputting important information the demand is the one if the system ; thus, the reliability becomes increased. In the SecuROS/FreeBSD system, MAC and RBAC are being used. So, in the case of users accessing to the system, the Information about the policies of MAC and RBAC to which users would access is used in the authentication. At the time, the access to system if permitted only when the access control information that users demanded satisfies all the access control rules which have been defined In the system.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.6
• /
• pp.217-224
• /
• 2008

EThis paper is study regarding banking institution and DoS attack regarding government organization which occurred in 2008. We used a tool aggressive actual DoS You install the N-IDS which used Snort in networks in order to detect a DoS attack. Storages of Winpcap and a packet to detect a packet and MySQL, HSC, to analyze. We install NET Framework etc. E-Watch etc. analyzes Packet regarding a DoS attack of a hacker and TCP, UDP etc. information, Port, MAC and IP information etc. through packet analysis tools. There is a meaning you analyze data regarding the cyber DoS, DDoS attack that is dysfunction of Ubiquitous Information Society, and it generates forensics data regarding an invader and back-tracking analysis data, and to ensure safe Internet information system through this paper study.

• The Journal of the Convergence on Culture Technology
• /
• v.6 no.1
• /
• pp.455-461
• /
• 2020

Electronic payment system using Internet banking is a very important application for users of e-commerce environment. With rapidly growing use of fintech applications, the risk and damage caused by malicious hacking or identity theft are getting significant. To prevent the damage, fraud detection system (FDS) calculates the risk of the electronic payment transactions using user profiles including types of goods, device status, user location, and so on. In this paper, we propose a new risk calculation method using relative location of users such as SSID of wireless LAN AP and MAC address. Those relative location information are more difficult to imitate or copy compared with conventional physical location information like nation, GPS coordinates, or IP address. The new method using relative location and cumulative user characteristics will enable stronger risk calculation function to FDS and thus give enhanced security to electronic payment systems.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37B no.11
• /
• pp.1004-1013
• /
• 2012

The legacy voice broadcast systems are used to broadcast the voice over an entire space or a specific zone. these broadcast systems generate unnecessary noise and waste of resources. In this paper, we propose a ubiquitous voice message broadcast system called uPaging, by combining the technique of location-awareness and the voice message delivery service in ubiquitous sensor network environment. In uPaging system, the wire/wireless hybrid network is used to implement the network system. Also, in order to actualize the location-awareness service, we use the Bidirectional Location ID-Exchange protocol was suggested by our previous research. the uPaging system can deliver the voice to a selected user or the location in which the user is present by this location awareness.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.3 s.35
• /
• pp.259-265
• /
• 2005

The purpose of this study is for designing a illegal query detection system using Winpcap library for unauthorized access by internal person. The illegal query detection can be possible detecting the data in out of access control or searching illegal data by plagiarizing other user ID. The system used in this paper collects packets and analyzes the data related to SQL phrase among them, and selects the user's basic information by comparing the dispatch of MAC address and user's hardware information constructed previously. If the extracted information and user's one are different, it is considered as an illegal query. It is expected that the results of this study can be applied to reducing the snaking off unprotected data, and also contributed to leaving the audit records using user's access log which can be applied to the pattern analysis.

• Journal of the Institute of Convergence Signal Processing
• /
• v.12 no.4
• /
• pp.274-280
• /
• 2011

Due to their rapid growth and new paradigm applications, wireless sensor networks(WSNs) are morphing into low power personal area networks(LoWPANs), which are envisioned to grow radically. The fragmentation and reassembly of IP data packet is one of the most important function in the 6LoWPAN based communication between Internet and wireless sensor network. However, since the 6LoWPAN data unit size is 102 byte for IPv6 MTU size is 1200 byte, it increases the number of fragmentation and reassembly. In order to reduce the number of fragmentation and reassembly, this paper presents a new scheme that can be applicable to 6LoWPAN. When a fragmented packet header is constructed, we can have more space for data. This is because we use 8-bits routing table ill instead of 16-bits or 54-bits MAC address to decide the destination node. Analysis shows that our design has roughly 7% or 22% less transmission number of fragmented packets, depending on MAC address size(16-bits or 54-bits), compared with the previously proposed scheme in RFC4944. The reduced fragmented packet transmission means a low power consumption since the packet transmission is the very high power function in wireless sensor networks. Therefore the presented fragmented transmission scheme is well suited for low-power wireless sensor networks.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.6
• /
• pp.599-603
• /
• 2016

Recently the wireless LAN system is substituting wired LAN system notably as the number of mobile users increases greatly along the advancement of technology. But the wireless LAN has a critical weakness in the security such as data leakage. Thus a safe security system is imperative to avoid threatening from hackers with offering the best convenience to inner users. In this research, we have developed a RADIUS wireless LAN security system for industrial applications, which performs the EAP authentication with the compatibility for any maker of wireless LAN. The system has interfaces based on WEB, providing DB access function for user management so that users can perform authentication of 802.1x in their computers.