• Annual Conference of KIPS
• /
• 2012.04a
• /
• pp.759-760
• /
• 2012

국내 주식거래 시장에서 사용되는 홈트레이딩시스템(HTS)은 PC와 인터넷만 연결되어있으면 누구나 쉽게 내려받아 이용할 수 있는 주식거래 프로그램이다. 집에서도 이용할 수 있는 장점 때문에 증권회사별로 HTS를 만들어 배포하고 있으며 사용자의 편의성과 효용성을 만족하게 하려고 다양한 HTS를 개발하고 있다. 하지만 사용자 편의성에 중심을 두다 보니 아직 보안에 대해 미흡한 점이 발견되고 있고 이러한 취약점에 대해 보완을 하고 있다. 따라서 본 논문에서는 아직 보완해야 할 부분이 많은 메모리 영역에서의 보안취약점에 대해서 알아보고 이를 막으려는 대응방법을 제시한다.

• Annual Conference of KIPS
• /
• 2011.04a
• /
• pp.60-63
• /
• 2011

프로그램 코드는 실행이 되기 전에 반드시 주 기억 장치에 Loading 되어야 하는데, 이때 Loading Time 은 압축 데이터를 NAND Flash Memory 로부터 읽어오는 시간과 압축을 복원하는 시간의 합이 된다. 따라서 빠른 압축 복원 속도는 코드 압축을 사용하는 임베디드 장치에서는 매우 중요한 요소가 된다. 일반적으로 휴대 장치의 경우 일반 PC 와는 달리 적은 배터리 용량 및 프로세서의 한계, 프로그램을 저장하는 NAND Flash Memory 의 크기 때문에 최적의 성능을 발휘할 수 없었다. 본 논문에서는 무 손실 압축 알고리즘에 대한 연구를 진행 함과 동시에 모바일 환경에 적합한 LZCode 을 개선하여 복원속도를 기존 LZCode 보다 1.5 배 향상 시키는 알고리즘을 제시 하고자 한다.

• Annual Conference of KIPS
• /
• 2011.04a
• /
• pp.1398-1400
• /
• 2011

2000년 초에 PC간 인터넷을 통한 음성통화를 시작으로 최근에는 스마트폰의 전용 애플리케이션까지 VoIP 기반의 음성통화 서비스가 발전해왔다. 이에 따라, VoIP를 통한 외부 공격 및 침입에 대한 사례가 발생되고 이를 해결하기 위한 보안 소프트웨어들이 나오기 시작하였다. 일반적으로 VoIP기반의 소프트웨어에 대한 품질 기준은 사용자의 통화품질이 최우선 이었다. 하지만, GS시험.인증 과정을 통해 VoIP 보안 소프트웨어가 통화품질에는 직접적인 영향을 미치지는 않지만 전체 운영 시스템에 미치는 영향을 확인하고, 시험 중 발생한 문제에 대한 해결 방안 제시를 통해 VoIP의 품질을 향상시킬 수 있었다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1435-1447
• /
• 2015

Finance Companies are operating a security solution such as E-DRM(Enterprise-Digital Right Management), Personal information search, DLP(Data Loss Prevention), Security of printed paper, Internet network separation system, Privacy monitoring system for privacy leakage prevention by insiders. However, privacy leakages are occurring continuously and it is difficult to the association analysis about relating to the company's internal and external distribution of private document. Because log system operated in the separate and independent security solutions. This paper propose a systematic chains that can correlatively analyze business systems and log among heterogeneous security solutions organically and consistently based on security documents. Also, we suggest methods of efficient detection for Life-Cycle management plan about security documents that are created in the personal computer or by individual through the business system and distribution channel tracking about security documents contained privacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1225-1241
• /
• 2014

Recently, Financial companies implement DLP(Data Leaks Prevention) security products and enforce internal controls to prevent customer information leaks. Accidental data leaks in financial business increase more and more because internal controls are insufficient. Security officials and IT operation staffs struggle to plan countermeasures to respond to all kinds of accidental data leaks. It is difficult to prevent data leaks and to control information flow in business without research applications that handle business and privacy information. Therefore this paper describes business and privacy information flow on applications and how to plan and deploy security container based OS-level and Hypervisor virtualization technology to enforce internal controls for applications. After building security container, it was verified to implement internal controls and to prevent customer information leaks. With security policies additional security functions was implemented in security container and With recycling security container costs and time of response to security vulnerabilities was reduced.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37C no.9
• /
• pp.841-850
• /
• 2012

Most of banks in Korea provide smartphone banking services. To use the banking service, public key certificates with private keys, which are stored in personal computers, should be installed in smartphones. Many banks provides intermediate servers that relay certificates to smartphones over the Internet, because the transferring certificates via USB cable is inconvenient. In this paper, we analyze the certificate transfer protocol between personal computer and smartphone, and consider a possible attack based on the results of the analysis. We were successfully able to extract a public key certificate and password-protected private key from encrypted data packets. In addition, we discuss several solutions to transfer public key certificates from personal computers to smartphones safely.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.11 no.6
• /
• pp.543-548
• /
• 2001

In the case of mobile internet service using WAP it was connected to http protocol using WAP Gateway, So users take increased cost of mobile internet service. And it was generated inner security problem because it watched user information in the WAP Gateway. To solve this problem we use java language Which is independant of platform and low cost and intensely security an downloadable application. Additional , Using socket connection. Wire.Wireless Messaging system(WWMS) will connect real time between PC-Client and Mobile-Client, Mobile-Client and Mobile-Client, and so on. In this paper, as design and implementation of multi-platform wire.wireless messaging use J2Me. It will be foundation do develop various mobile application in the future.

• The Journal of the Korea Contents Association
• /
• v.17 no.7
• /
• pp.571-578
• /
• 2017

In order to approach information system through smart device and pc, user has to authenticate him or herself via user authentication. At that time when user tries reaching the system, well-used user authentication technologies are ID/PW base, OTP, certificate, security card, fingerprint, etc. The ID/PWbased method is familiar to users, however, it is vulnerable to brute force cracking, keylogging, dictionary attack. so as to protect these attacks, user has to change the passwords periodically as per password combination instructions. In this paper, we designed and implemented a user authentication system using smartphone's USIM without using password while enhancing security than existing ID / PW based authentication technology.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.39-47
• /
• 2002

To recently with the love-letter and Back Orifice the same Worm-virus, with the Trojan and the Linux-virus back against the new species virus which inside and outside of the country to increase tendency the malignant new species virus which is the possibility of decreasing the damage which is enormous in the object appears and to follow a same network coat large scale PC is being quicker, it disposes spontaneously to respect, applied an artificial intelligence technique the research against the next generation malignant computer virus of new form is demanded. Will reach and to respect it analyzes the digital immunity system of the automatic detection which is quick against the next generation malignant virus which had become unconfirmed and the foreign countries which has an removal function.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.75-82
• /
• 2006

Internet worm gives various while we paralyze the network and flow the information out damages. In this paper, I suggest the method to prevent this. This method detect internet worm in PC first. and present the method to do an automatic confrontation. This method detect a traffic foundation network scanning of internet worm which is the feature and accomplish the confrontation. This method stop the process to be infected at the internet worm and prevent that traffic is flowed out to the outside. and This method isolate the execution file to be infected at the internet worm and move at a specific location for organizing at the postmortem so that we could accomplish the investigation about internet worm. Such method is useful to the radiation detection indication and computation of unknown internet worm. therefore, Stable network operation is possible through this method.