• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제26권1호
• /
• pp.153-168
• /
• 2016

This paper introduces a structure, features and programming techniques for the CNG(Cryptography API: Next Generation), which is the substitution of the CAPI(Cryptography API) from Microsoft. The CNG allows to optimize a scope of functions and features because it is comprised of independent modules based on plug-in structure. Therefore, the CNG is competitive on development costs and agility to extend. In addition, the CNG supports various functions for the newest cryptographic algorithm, audit, kernel-mode programming with agility and possible to contribute for core cryptography services in a new environment. Therefore, based on these advantageous functions, we analyze the structure of CNG to extend it for the enterprise and the public office. In addition, we implement an error-detection tool for program which utilizes CNG library.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 한국사이버테러정보전학회 2004년도 제1회 춘계학술발표대회
• /
• pp.21-26
• /
• 2004

The growth of incidents on the Internet has reflected growth of the internet itself and growth of the computing power. while in previous years, external attacks tended to originate from those interested trend in exploring the Internet for its own sake and testing their skills, there is an increasing trend towards intrusions motivated by financial, political, and military objectives. so, attacks on the nation's computer infrastructures are becoming an increasingly serious problem. Even though the problem is ubiquitious, government agencies are particularly appealing targets and they tend to be more willing to reveal such events than commercial organizations. The threat of damage made necessity of security's recognition, as a result, many researches have been carried out into security of system actively. Intrusion Detection technology is detection of intrusion using audit data differently from using traditional simple filtering and informs manager of it. It has security manager of system deal with the intrusion more quickly. but, cause current environment of Internet manager can't doing response Intrusion alert immediately. That's why IPS needed. IPS can response automatically the intrusion alert. so, manager is more comfortable and can response quickly.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 한국항해항만학회 2019년도 추계학술대회
• /
• pp.134-136
• /
• 2019

The International Maritime Organization (IMO) issued 2017 Guidelines on maritime cyber risk management. In accordance with IMO's maritime cyber risk management guidelines, each flag State is required to comply with the Safety Management System (SMS) of the International Safety Management Code (ISM) that the cyber risks should be integrated and managed before the first annual audit following January 1, 2021. In this paper, to identify cyber security management targets and risk factors in the maritime sector and to conduct vulnerability analysis, we catagorized the cyber security sector in management, technical and physical sector in maritime sector based on the industry guidelines and international standards proposed by IMO. In addition, the Risk Matrix was used to conduct a qualitative risk assessment according to risk factors by cyber security sector.

• The Journal of Society for e-Business Studies
• /
• 제20권3호
• /
• pp.1-10
• /
• 2015

The main objective of this study was to identify the factors that can maximize the effect of preventing technology leakage by government support. Therefore we used the 2013 small business technology protection capabilities and level of research which is conducted by the Small and Medium Business Administration, and have analyzed the presence of small business technological assets leakage protection eand skills. Multiple logistic regression analysis was performed to identify 1,518 small companies (43 big companies are excluded) which are divided into 155 technological assets leaked small business and non-leaked 1363 small business. The most important factors associated with technology leakage were entrant control system, security audit, employee absence of security activities and important data protection measures. This result shows that if the government can support more for these details, technological asset leakage prevention effect is expected to be maximized.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• 제11권10호
• /
• pp.1873-1879
• /
• 2007

As the mobile terminal which uses P2P service increases and it comes to be applied to many fields, mobile agent technology has been applied to P2P and its innovative services has been offered to various fields. However, free mobility of mobile agent technology works like worm, the problem which is contaminated by malicious attacker's attack quickly has appeared and fundamental solution has not been developed yet. This paper proposes STAS (Security Tracking and Auditing Server) system which can offer verification for security of mobile agent in structured P2P environments. Mobile Agent will send data value to STAS via peer so that STAS can verify secure audit and integrity and Mobile agent initiator will obtain the final value of the data from STAS. It can minimize overload of mobile terminal which is occurred by verification of mobile agent and its accomplishment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제9권3호
• /
• pp.13-26
• /
• 1999

Widespread use of Internet despite numerous positive aspects resulted in increased number of system intrusions and the need for enhanced security mechanisms is urgent. Systematic collection and analysis of log data are essential in intrusion investigation. Unfortunately existing logs are stored in diverse and incompatible format thus making an automated intrusion investigation practically impossible. We examined the types of log data essential in intrusion investigation and implemented a tool to enable systematic collection and efficient analysis of voluminous log data. Our tool based on RBDMS and SQL provides graphical and user-friendly interface. We describe our experience of using the tool in actual intrusion investigation and explain how our tool can be further enhanced.

• 한국디지털정책학회:학술대회논문집
• /
• 한국디지털정책학회 2004년도 International Conference on Digital Policy & Management
• /
• pp.311-331
• /
• 2004

This paper addresses the democracy-oriented regulatory and legal requirements that e-democracy impacts. It demonstrates that the structure of the political system also plays a significant role in the decision to develop an e-voting application. The short term perspective of the questions put before the electorate obliterate the long term perspective in which many policy problems have to be seen. A well-designed e-voting system should produce an audit trail that is even stronger than that of conventional systems (including paper-based systems). Remote Internet voting systems pose significant risk to the integrity of the voting process, and should not be fielded for use in public elections until substantial technical and social science issues are addressed. Conclusively the paper focuses on the specific attributes an electronic voting (polling place) system should respect and ensure such as transparency, verifiability, accountability, security and accuracy in relation to the constitutional requirements such as General, Free. Equal, Secret, Direct and Democratic.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 한국컴퓨터정보학회 2018년도 제58차 하계학술대회논문집 26권2호
• /
• pp.179-180
• /
• 2018

자계 검출 센서는 여러 가지 종류가 있으나 벽면에 흐르는 미소 자계 및 차폐 전선에서 검출이 가능한 구조는 초전도 양자 간섭 소자(SQUID)가 주로 사용되지만 가격 및 물성 재료 특성으로 인하여 특수 용도로 사용되고 있다. 이에 본 연구에서는 전선으로부터 발생되는 저주파 자장을 검출할 수 있고 휴대성 및 가격이 저렴한 구조인 코일형 자계측정기를 개발하기 위해 자기 코어 및 코일 Turn수 변화에 따른 자계 검출 감도를 조사하여 최적의 구조를 설정하였다.

• 한국IT서비스학회:학술대회논문집
• /
• 한국IT서비스학회 2008년도 추계학술대회
• /
• pp.419-422
• /
• 2008

유비쿼터스 시대의 핵심 기반기술인 RFID와 관련하여 공공기관을 중심으로 시범 사업 및 본 사업이 활발하게 추진되고 있다. 또한 RFID 기반 정보시스템에 대한 감리 수요도 계속 증가하고 있으며, 특히 개인정보보호에 대한 관심이 확산되면서 보안감리의 비중도 높아지고 있다. 이와 관련하여 RFID 기반 정보시스템의 사업특성을 적절히 반영한 보안감리 점검항목이 요구되고 있다. 따라서 본 논문에서는 현행 RFID 기반 정보시스템에 대한 감리를 보다 체계적이고 효율적으로 수행하는데 활용될 수 있는 RFID 사업특성기반의 보안감리 점검항목을 제안한다.

• Journal of information and communication convergence engineering
• /
• 제5권1호
• /
• pp.68-72
• /
• 2007

In this paper, we present robust and secure metering scheme to measure the number of interactions between clients and servers in the web, especially the web advertising. In most cases the web advertising is consists of advertisers, clients, servers, and an audit agency. The metering scheme should always be secure against fraud attempts by servers which maliciously try to inate the number of their visits and against clients that attempt to disrupt the metering process. We propose robust and secure metering scheme based on cryptographic techniques. By analyzing the proposed scheme we show that our scheme is more robust and secure than the previous schemes [1,2,4,5].