• Electronics and Telecommunications Trends
• /
• v.34 no.2
• /
• pp.73-82
• /
• 2019

Airport is shifted airport 1.0 to airport 4.0 called smart airport and services paradigm is changed into direction to point the customer targeted benefits. Smart airports make use of integrated Internet of Things components to provide added-value services. By integrating smart components, airports are being exposed to a larger attack surface and new attack vectors. Self-services such as web or mobile check-in, self check-in/tagging/back drop/boarding, etc. should be strengthened to make airport processes smarter, and technologies such as automatic immigration, smart security search, and automatic AI-based baggage search should be applied. In this paper, we describe the necessity and importance of smart airports and next generation security screening technology. Further, we describe a walk through-type smart security screening system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.6139-6160
• /
• 2018

For ease of use and access, web browsers are now being used to access and modify sensitive data and systems including critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully updated. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations. However, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure web browsing ecosystem. We analyzed more than a 1000 browser security configuration options in three major browsers and found that only 13 configuration options had syntactic and semantic similarity, while 4 configuration options had semantic similarity, but not syntactic similarity. We: a) describe the results of our in-depth analysis of browser security configuration options; b) demonstrate the complexity of policy-based configuration of web browsers; c) describe a knowledge-based solution that would enable organizations to implement highly-granular and policy-level secure configurations for their information and operational technology browsing infrastructures at the enterprise scale; and d) argue for necessity of developing a common language and semantics for web browser configurations.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2151-2154
• /
• 2003

Internet is deeply rooted in everyday life and many things are performed using internet in real-world, therefore internet users increased because of convenience. Also internet accident is on the increase rapidly. The security vendor developed security system to protect network and system from intruder. Many hackings can be prevented and detected by using these security solutions. However, the new hacking methods and tools that can detour or defeat these solutions have been emerging and even script kids using these methods and tools can easily hack the systems. In consequence, system has gone through various difficulties. So, Necessity of intruder trace-back technology is increased gradually. Trace-back technology is tracing back a malicious hacker to his real location. trace-back technology is largely divided into TCP connection trace-back and IP packet trace-back to trace spoofed IP of form denial-of-service attacks. TCP connection trace-back technology that autonomously traces back the real location of hacker who attacks system using stepping stone at real time. In this paper, We will describe watermark trace-back system using TCP hijacking technique to supplement difficult problem of connection maintenance happened at watermark insertion. Through proposed result, we may search attacker's real location which attempt attack through multiple connection by real time.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.5
• /
• pp.1146-1151
• /
• 2007

In this paper, it is investigated to the security services and vulnerability tools of IEEE802.11 wireless LAN, and it is considered the employment state of wireless LAN AP (access point) and analyzed the state of security vulnerability. In according to this study, among wireless LAN APs, which are operated in each company or each factory, in center around industrial of Cheonan city, 50% of AP, which is used, is not operated on WEP, and therefore, it is stated the weakness of security so far. From the result of this study, in case of mid and small company, it can be distinguished the necessity of the security training for the informaton system manager.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.471-478
• /
• 2013

Industrial control system was designed mainly in the form of analog in early days. However, necessity of digital system engineering is increasing recently because systems become complicated. Consequently, stability of digital systems is improved so most industrial control systems are designed with digital. Because Using digital design of Industrial control system is expanded, various threatening possibilities such as penetration or destruction of systems are increasing enormously. Domestic and overseas researchers accordingly make a multilateral effort into risk analysis and preparing countermeasures. In this paper, this report chooses common security requirement in industrial control system and nuclear control system through relevant guidelines analysis. In addition, this report suggests the development plan of nuclear cyber security system which will be an essential ingredient of planning approvals.

• Maritime Security
• /
• v.7 no.1
• /
• pp.1-29
• /
• 2023

For the last 70 years, the U.S.-led bilateral security system, or "Hub-and-Spokes" system, has been applied to Northeast Asia, and the system has been successfully settled in terms of stability and economic achievements of the region. Given the increasing complexity of the security environment of East Asia, it is plausible to consider the possibility of a security system shift from bilateral alliances to collective security. In order to analyze the driver of collective security system, this study developed three factors of formation and development of collective security system - main threat, intensity of the threat, and confidence among countries in the system - by reviewing international political theories related to security cooperation. Comparing the formation, development, and achievements of NATO and SEATO, the study figures out that the existence of the main threat, the high intensity of the threat, and the strong confidence among countries in the security system are the primary drivers for a successful collective security system. Based on the result, the study also analyzed the possibility of a security system shift in East Asia. Considering contemporary international conflicts such as U.S.-China strategic competition, Russia-Ukraine War, and growing threats posed by North Korean nuclear and missiles, the study anticipates that the necessity of a collective security system that will replace the current security system of the region would arise. Still, although some issues between countries should be overcome, the growing intensity of the threats will promote cooperation among countries by improving their confidence.

• Convergence Security Journal
• /
• v.15 no.2
• /
• pp.33-41
• /
• 2015

A safe Linux system for security enhancement should have an audit ability that prohibits an illegal access and alternation of data as well as trace ability of illegal activities. In addition, construction of the log management and monitoring system is a necessity to clearly categorize the responsibility of the system manager or administrator and the users' activities. In this paper, the Linux system's Security Log is analyzed to utilize it on prohibition and detection of an illegal protrusion converting the analyzed security log into a database. The proposed analysis allows a safe management of the security log. This system will contribute to the enhancement of the system reliability by allowing quick response to the system malfunctions.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.177-191
• /
• 2015

Recently, the necessity of systematic security management system that consider company' character and environment has appeared because of increasing security accident continuously in domestic companies. However, most of companies has applied to only K-ISMS which is existing information security management system, although They are different from object, purpose and way of security level evaluation by companies. According to this situation, Many experts have questioned that there are many problems with effectiveness of introducing security management system. In this study, We established definition of information security management system, industrial security management system and research security management system through analysis of previous study and developed evaluation item which can implement security in whole industry comparing and analyzing the control items of them. Also, we analyzed existing security level evaluation and suggest design direction of industry-centric security level evaluation model considering character of industry.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.23-30
• /
• 2008

Attempt to protect personal computer from hacking, virus, worm, and the troy wooden horse is progressed variously. Nevertheless, it is very difficult fer public users to understand configurations to enhance security stability in windows based personal computer, and many security problem is due to there lack of recognize about information accessability, various kind of configuration, these necessity, and efficiency. Accordingly, it is demandded to develop an efficient system to protect networks and personal computer with automated method. In this paper, we derive problems of personal computer by analyzing various vulnerableness and policy on security, through which we design and implement the system to solve various windows system problem conveniently.

• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.145-154
• /
• 2003

Current security efforts provided in such as firewall or IDS (intrusion detection system) of the network level suffer from many vulnerabilities in internal computing servers. Thus the necessity of secure OS is especially crucial in today's computing environment. This paper identifies secure OS requirements, analyzes tile research trends for secure Linux in terms of security kernel, and provides the descriptions of the multi-level security(MLS) Linux kernel which we have implemented. This security kernel-based Linux meets the minimum requirements for TCSEC Bl class as well providing anti-hacking, real-time audit trailing, restricting of root privileges, and enterprise suity management functions.