• Title/Summary/Keyword: Security Enhance

Search Result 824, Processing Time 0.023 seconds

Improved Multi-layer Authentication Scheme by Merging One-time Password with Voice Biometric Factor

  • ALRUWAILI, Amal;Hendaoui, Saloua
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.9
    • /
    • pp.346-353
    • /
    • 2021
  • In this proposal, we aim to enhance the security of systems accounts by improving the authentication techniques. We mainly intend to enhance the accuracy of the one-time passwords via including voice biometric and recognition techniques. The recognition will be performed on the server to avoid redirecting voice signatures by hackers. Further, to enhance the privacy of data and to ensure that the active user is legitimate, we propose to periodically update the activated sessions using a user-selected biometric factor. Finally, we recommend adding a pre-transaction re-authentication which will guarantee enhanced security for sensitive operations. The main novelty of this proposal is the use of the voice factor in the verification of the one-time password and the various levels of authentications for a full-security guarantee. The improvement provided by this proposal is mainly designed for sensitive applications. From conducted simulations, findings prove the efficiency of the proposed scheme in reducing the probability of hacking users' sessions.

Research on Education and Training of the Analyzer for Security Enhancement of SW Vulnerability (SW 취약점의 보안성 강화를 위한 진단원의 교육 양성 연구)

  • Kim, Seul-gi;Park, Dea-woo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.5
    • /
    • pp.945-950
    • /
    • 2017
  • Due to the vulnerability of the software, there is a hacking attack on the country's cyber infrastructure and real financial assets. Software is an integral part of the operating system and execution system that controls and operates Internet information provision, cyber financial settlement and cyber infrastructures. Analyzing these software vulnerabilities and enhancing security will enhance the security of cyber infrastructures and enhance the security of actual life in the actual country and people. Software development security system analysis and software development Security diagnosis analysis and research for enhancing security of software vulnerability. In addition, we will develop a textbook for the training of software vulnerability diagnosis and maintenance education, develop pilot test problems, pilot test of diagnostic staff, The purpose of this study is to enhance the software security of the cyber infrastructures of national and national life by presenting curriculum and diagnosis guide to train the software vulnerability examiner.

A Study on Comparative Analysis of Maritime Security Programs - Focussed on TWIC

  • Yoon, Dae-Gwun
    • Journal of Navigation and Port Research
    • /
    • v.33 no.4
    • /
    • pp.283-288
    • /
    • 2009
  • To improve maritime security and enhance international shipping commerce within US ports in addition to ISPS (International Ship and Port Facility Security Code), the TWIC (Transportation Worker Identification Credential) program is working on the maritime field from the October 15, 2008 in the United States. In this paper, the program is reviewed and investigated in terms of goal, benefit, solution, and related legislation so forth In addition, other maritime security programs including MMD (Merchant Mariner Document), FAST (Free and Secure Trade), SIDA (Security Identification Display Areas). and Air Cargo security program was analyzed and compared in order to obtain relationship and difference with the program in terms of enrollment frequency, list and method of security check, and profile of each program As a result of this paper, the program is mostly to improve maritime security, protect individual privacy, and enhance commerce rather than other programs.

A Storage Method to Enhance Cookie File Security (쿠키파일의 보안성 향상을 위한 저장 방식)

  • Sim, Won-Tae;Choi, Yo-Han;Seo, Hee-Suk;Noh, Bong-Nam
    • Journal of the Korea Society for Simulation
    • /
    • v.20 no.1
    • /
    • pp.29-37
    • /
    • 2011
  • Cookie file can be properly protected by designing security zone to enhance the safety of cookie file vulnerable to cyber attacks. In this paper, the model, in which cookie file is stored in the security area and the current visiting page is closely linked with cookie, is proposed to help users utilize in the same existing way, as well as enhance the security of user cookie files. Even if attacker tries to compromise web browser's cookie folder, the security of other cookies can be preserved. It is possible since the folder has the only cookie for the current web page where user is visiting.

The Enhancement of Power System Security Using flexible AC Transmission Systems (FACTS) (FACTS 기기를 이용한 전력시스템의 안전도 향상)

  • 송성환;임정욱;문승일
    • The Transactions of the Korean Institute of Electrical Engineers A
    • /
    • v.52 no.3
    • /
    • pp.165-172
    • /
    • 2003
  • This paper presents an operation scheme to enhance the power system security by applying FACTS on Power systems. Three main generic types of FACTS devices are suggested an illustrated. Flow congestions over lines have been solved by controlling active power of series-compensated FACTS devices and low voltages at buses have been solved by controlling reactive power of shunt-compensated FACTS devices. Especially, Especially, UPFC has been applied in both line congestion and low voltages. Two kinds of indices which indicate the power system security level related to line flow and bus voltage are utilized in this paper. They have been minimized to enhance the power system security level through the iterative method and the sensitivity vector of security index is derived to determine the direction to minimum. The proposed algorithm has been tested on the IEEE 57-bus system with FACTS devices in a normal condition and a line-faulted contingency.

Securing SCADA Systems: A Comprehensive Machine Learning Approach for Detecting Reconnaissance Attacks

  • Ezaz Aldahasi;Talal Alkharobi
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.12
    • /
    • pp.1-12
    • /
    • 2023
  • Ensuring the security of Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) is paramount to safeguarding the reliability and safety of critical infrastructure. This paper addresses the significant threat posed by reconnaissance attacks on SCADA/ICS networks and presents an innovative methodology for enhancing their protection. The proposed approach strategically employs imbalance dataset handling techniques, ensemble methods, and feature engineering to enhance the resilience of SCADA/ICS systems. Experimentation and analysis demonstrate the compelling efficacy of our strategy, as evidenced by excellent model performance characterized by good precision, recall, and a commendably low false negative (FN). The practical utility of our approach is underscored through the evaluation of real-world SCADA/ICS datasets, showcasing superior performance compared to existing methods in a comparative analysis. Moreover, the integration of feature augmentation is revealed to significantly enhance detection capabilities. This research contributes to advancing the security posture of SCADA/ICS environments, addressing a critical imperative in the face of evolving cyber threats.

Effect of Security Culture on Security Compliance and Knowledge of Employees (조직의 정보보안 문화 형성이 조직 구성원의 보안 지식 및 준수의도에 미치는 영향 연구)

  • Hwang, Inho;Kim, Daejin;Kim, Taeha;Kim, Jinsoo
    • Information Systems Review
    • /
    • v.18 no.1
    • /
    • pp.1-23
    • /
    • 2016
  • This study proposes an alternative to minimize insider-caused security threats that are relatively difficult to control and cause high uncertainty in information security management. Therefore, we investigate the relationship between organizational effort and the security understanding of employees to eventually enhance security compliance intention among employees. We develop a research model and formulate hypotheses on the basis of past findings. Accomplished questionnaires are collected from 526 employees working in organizations where information security policy is being implemented. In addition, we prove the hypotheses using a structural model. After reviewing the structural model, the security knowledge of employees and information security culture are determined to positively influence the security compliance intention of employees. Moreover, top management support, security policy, security visibility, and security education programs are proven to be antecedent factors in establishing a security culture in organizations. The findings of this study could guide organizations in formulating information security strategies to enhance the security compliance intention of employees.

Strategy based PSO for Dynamic Control of UPFC to Enhance Power System Security

  • Mahdad, Belkacem;Bouktir, T.;Srairi, K.
    • Journal of Electrical Engineering and Technology
    • /
    • v.4 no.3
    • /
    • pp.315-322
    • /
    • 2009
  • Penetration and installation of a new dynamic technology known as Flexible AC Transmission Systems (FACTS) in a practical and dynamic network requires and force expert engineer to develop robust and flexible strategy for planning and control. Unified Power Flow Controller (UPFC) is one of the recent and effective FACTS devices designed for multi control operation to enhance the power system security. This paper presents a dynamic strategy based on Particle Swarm Optimization (PSO) for optimal parameters setting of UPFC to enhance the system loadability. Firstly, we perform a multi power flow analysis with load incrementation to construct a global database to determine the initial efficient bounds associated to active power and reactive power target vector. Secondly a PSO technique applied to search the new parameters setting of the UPFC within the initial new active power and reactive power target bounds. The proposed approach is implemented with Matlab program and verified with IEEE 30-Bus test network. The results show that the proposed approach can converge to the near optimum solution with accuracy, and confirm that flexible multi-control of this device coordinated with efficient location enhance the system security of power system by eliminating the overloaded lines and the bus voltage violation.

Priority of the Government Policy to support Industrial Security - Focus on a companies' demand and efficiency of policy - (산업보안 지원 정책 결정의 우선 순위 - 기업 수요와 효율성을 중심으로 -)

  • Kim, Chang-Ho;Yu, Jai-Hwan
    • Korean Security Journal
    • /
    • no.42
    • /
    • pp.155-178
    • /
    • 2015
  • This study surveyed the subject of companies' industrial security on priorities of the government policy for the confidentiality of corporate and the necessity of expanding the government support for the industrial security. In determining the priority, we should consider all opinions of companies, individuals, societies, and governments that associated with the confidentiality. Especially in industrial security, companies are the most significant beneficiaries and consumers of security policy and it would be the basis for supporting on policy-making. As a result, we analyzed the 50 valid questionnaires collected from security personnel of Korean corporations and 'Enhance support for education and promotion of human resource (On/Off-Line)', 'Establish Security management and Security measures', and 'Enhance Security professionals status via qualifications/certifications' are shown as 1st, 2nd, 3rd priority of government policy to protect Corporate confidential information including its customer information. All respondents of the study says that the Government support for Industrial Security should be enlarged.

  • PDF

Protection Plan of Trustee Personal Credit Information for Credit Card Company Using Cloud Computing (클라우드컴퓨팅 이용 신용카드사의 영세수탁자 개인신용정보 보호방안)

  • Kim, Shi-in;Kim, In-suk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.885-895
    • /
    • 2019
  • As seen in recent cases of hacking in financial services, attackers are attempting to hacking trustee with poor security management, rather than directly hacking a financial company. As a result, the consignor is strengthening the security check and control of the trustee, but small trustee has difficulties to invest in information security with the lack of computer facilities and the excessive cost of security equipment. In this paper I investigate the vulnerability of personal information processing life cycle standards in order to enhance the security of small consignee that receive personal information form the credit card company. To solve the vulnerability the company should use litigation management system constructed on cloud computing service and install VPN to secure confidentiality and intergrity in data transfer section. Also, to enhance the security of users, it is suggested to protect personal credit information by installing PC firewall and output security on user PC.