• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.211-212
• /
• 2014

This paper is to suggest the security requirements for identification and authentication in analysis step. Firstly, individual ID should be uniquely identified. The second element is to apply the length limitations, combination and periodic changes of passwords. The third should require the more reinforced authentication methods besides ID and passwords and satisfy the defined security elements on authentication process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.6 no.4
• /
• pp.39-52
• /
• 1996

Networking revolution provides users with data and resources sharing, distributed processing, and computer communication in cyberspace. However, users may use computers as a way of unauthorized access, system destruction, and leakage of the stored data. In recent trend, incresing of hacking instances which are from domestic as well as abroad reaches to the level of seriousness. It, therefore, is required to develop a secure system for the National Depense computing resources and deploy in practice in the working field as soon as possible. In this paper, we focuss on finding the security requirements of a network and designing Intrusion Detection System using statical intrusion detection and rule-based intrusion detection analysis through accumulating audit data.

• Convergence Security Journal
• /
• v.16 no.6_2
• /
• pp.53-60
• /
• 2016

Security measures for the current insurance crime has focused on the capture oriented and reactive response in the screening stage of insurance payments. However, since leaving the damages that can not be healed by post-punishment, it is necessary to take measures to prevent the insurance crimes in advance. In this paper, I would like to try to identify problems through analyzing the characteristics and cases of the insurance crimes, and to present alternatives to it. The problems with the current insurance system that causes the insurance crimes are, First, When signing the insurance contract, it is too inattentive to confirm about the credit status of the policyholder, duplicate join or not, whether voluntarily sign up etc. Second, a thorough investigation or criminal charges in case of insurance accident is not being done properly. Third, information exchange and management to malicious policyholders is not being done properly. Therefore, in order to guard people from insurance crimes, First, it should strengthen the audit of such credit conditions, accident experiences in the insurance contract at the policyholders. Second, we need to block insurance crimes in advance through the continuous upgrades of insurance fraud analysis systems and social network. Third, it is necessary to strengthen the surveillance systems for the insurance crimes by the information sharing.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.3-9
• /
• 2022

Recently, as the environment of the 4th industrial revolution has arrived, the opening, sharing and convergence of data are actively being achieved in any organization. However, the opening and sharing of data inevitably leads to security vulnerability and there is ambivalence that is a threat that can affect the existence of an organization operated in the 4th industrial revolution environment. Especially security issues in the organization of the military can be a threat to the state, not the military itself, so it is always necessary to maintain a high level of security discipline. In this paper, 14 variables were selected through structural equation model applying theory of planned behavior, deterrence and protection motivation to find out the security level development measures by extracting factors that can affect security level. As a result, the theory of planned behavior that the security knowledge embodied through the usual security regulation education and evaluation affects the behavior was adopted, and the theory of deterrence and protection motivation showed the significance of the rejection level. In addition, it was confirmed that the variables that have the greatest impact on the military security level through the measured values of the three-year security audit were commanders and mental security. In conclusion, in order to improve the security level, it is suggested that security education, definite reward and punishment, and security system upgrading should be firmly established and mental security posture should be secured.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.1-7
• /
• 2004

The growth of incidents on the Internet has reflected growth of the internet itself and growth of the computing Power. while in Previous years, external attacks tended to originate from those interested trend in exploring the Internet for its own sake and testing their skills, there is an increasing trend towards intrusions motivated by financial, Political, and military objectives. so, attacks on the nation's computer infrastructures are becoming an increasingly serious problem. Even though the problem is ubiquitious, government agencies are particularly appealing targets and they tend to be more willing to reveal such events than commercial organizations. The threat of damage made necessity of security's recognition, as a result, many researches have been carried out into security of system actively. Intrusion Detection technology is detection of intrusion using audit data differently from using traditional simple filtering and informs manager of it. It has security manager of system deal with the intrusion more quickly. but, cause current environment of Internet manager can't doing response Intrusion alert immediately That's why IPS needed. IPS can response automatically the intrusion alert. so, manager is more comfortable and can response quickly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.165-172
• /
• 2015

Recently large amounts of customer information has leaked ranging from public institutions to the large-scale of portals, and similar information leakage incidents owing to the absence of personal information management have subsequently occurred. Therefore, the security infrastructure in which leakage of internal data can be blocked fundamentally is emerging as a key issue. An integrated identity and access management architecture which performs user access and its rights management, authentication and audit of the business systems is more important to improve the efficiency of business. In addition, this approach is emerging as a safe and effective ways for identity and access rights management. In this paper, we analyze how an integrated approach for identity and access management to improve the efficiency of the computational work and to strengthen the security in local government administration should be constructed, and proposed the preferred solution.

• The Korean Journal of Air & Space Law and Policy
• /
• v.19 no.1
• /
• pp.165-182
• /
• 2004

According to the Annex 17 to the Convention on International Civil Aviation, an appropriate authority of each contracting state has to define and allocate tasks and coordinate activities between the departments, agencies and other organizations of the State, airport and aircraft operators and other entities concerned with or responsible for the implementation of various aspects of the national civil aviation security programme. It is generally recognized that the three major parties responsible for the aviation security at an airport are appropriate government departments, airport operator and airlines. The airlines are the beneficiaries of security activities as well as the provider of security activities. So, their responsibilities have been critical in protecting civil aviation from unlawful interferences. The airport has to take leading role in implementing security tasks at airport area because the airport operator is the provider of airport facilities and services to its customer and the security activities belong to its services. The government has the responsibilities not only for establishing regulatory system but also for oversighting the implementation of aviation security activities. The paper is to review the revision of aviation security regulation and the changes of aviation security responsibilities, and costs and task assignment in Republic of Korea after September 11 event. The responsibilities, tasks and costs assigned to airlines, airport operators and government are introduced and evaluated in terms of economic fairness, effectiveness and efficiency of aviation security activities. The drawbacks of new legal system are pointed out and the suggestions to remedy them are proposed as conclusions.

• Convergence Security Journal
• /
• v.1 no.1
• /
• pp.21-29
• /
• 2001

For multiple attacks through large networks e.g., internet, IDS had better be installed over several hosts and collect all the audit data from them with appropriate synthesis. We propose a new distributed intrusion detection system called SPIDER II which is the upgraded version of the previous standalone IDS - SPIDER I. As like the previous version, SPIDER II has been implemented on Linux Accel 6.1 in CNU C. After planting intrusion detection engines over several target hosts as active agents, the administration module of SPIDER II receives all the logs from agents and analyzes hem. For the world-wide standardization on IDS, SPIDER II is compatible with MITRE's CVE(Common Vulnerabilities and Exposures).

• Journal of Information Processing Systems
• /
• v.16 no.2
• /
• pp.301-317
• /
• 2020

An enterprise patch-management system (PMS) typically supplies a single point of failure (SPOF) of centralization structure. However, a Blockchain system offers features of decentralization, transaction integrity, user certification, and a smart chaincode. This study proposes a Hyperledger Fabric Blockchain-based distributed patch-management system and verifies its technological feasibility through prototyping, so that all participating users can be protected from various threats. In particular, by adopting a private chain for patch file set management, it is designed as a Blockchain system that can enhance security, log management, latest status supervision and monitoring functions. In addition, it uses a Hyperledger Fabric that owns a practical Byzantine fault tolerant consensus algorithm, and implements the functions of upload patch file set, download patch file set, and audit patch file history, which are major features of PMS, as a smart contract (chaincode), and verified this operation. The distributed ledger structure of Blockchain-based PMS can be a solution for distributor and client authentication and forgery problems, SPOF problem, and distribution record reliability problem. It not only presents an alternative to dealing with central management server loads and failures, but it also provides a higher level of security and availability.

• Journal of Digital Convergence
• /
• v.13 no.1
• /
• pp.257-262
• /
• 2015

The ministry of security and public administration provide the secure coding guide that can remove the vulnerability of applications and defend cyber attack from the coding step because cyber attack like the hacking about 75% abusing the vulnerability of applications. In this paper we find the oder of priority and did the criticality analysis used by AHP about 7 items in the secure coding which the ministry of security and public administration provide. The result is decided that 'exception handling' is the most important item. There is no secure coding items in software supervision currently, therefore the result of the research will make good use audit standards in the process of the software development.