• Journal of Internet Computing and Services
• /
• v.7 no.6
• /
• pp.157-174
• /
• 2006

Ajax interaction model changes the posture of web application to become a stateful over HTTP. Ajax applications are long-lived inthe browser. XMLHTTPRequest (XHR) is used to facilitate the data exchange. Using HTTPS over this interaction is not viable because of the frequency of data exchange. Moreover, switching of protocols form HTTP to HTTPS for sensitive information is prohibited because of server-of-origin policy. The longevity, constraint, and asynchronous features of Ajax application need to hove a different authentication and session fondling mechanism that invoke re-authentication. This paper presents an authentication and session management scheme using Ajax. The scheme is design lo invoke periodic and event based re-authentication in the background using digest authentication with auto-generated password similar to OTP (One Time Password). The authentication and session management are wrapped into a framework called AWASec (Ajax Web Application Security) for coupling to avoid broken authentication and session management.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.259-265
• /
• 2004

Since the 2003.1.25 Internet Crisis, the government has been looking at a number of options to strengthen national cyber-security/crisis management capability to guard against ever increasing threat of cyber-war and terror. Thus, the focus of this study was to explorer new ways of developing a comprehensive cyber-security/crisis management system, in particular by combining modern social-science analytic theories. As a result, although there has to be more in-depth researches into incorporating advanced techniques to generate more detailed and object-specific indexes and protocols, the use of 'event data system,' which has been widely utilized in many recent social science researches to assess a wide-range of socio-political risks and crises, could be adopted as a basis for a comprehensive nationwide cyber-risk management system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.9 no.6
• /
• pp.95-100
• /
• 2009

Nowadays there are many studies and there's huge development about USN/RFID which have great developmental potential to many kinds of applications. More and more real time application apply USN/RFID technology to identify data collect and locate objects. Wide deployment of USN/RFID will generate an unprecedented volume of primitive data in a short time. Duplication and redundancy of primitive data will affect real time performance of application. Thus, security applications must filter primitive data and correlate them for complex pattern detection and transform them to events that provide meaningful, actionable information to end application. In this paper, we design a ECA Rule system for security monitoring of exhibition. This system will process USN/RFID primitive data and event and perform data transformation. It's had applied each now in exhibition hall through this study and efficient data transmission and management forecast that is possible.

• Journal of KIISE:Computing Practices and Letters
• /
• v.13 no.7
• /
• pp.540-544
• /
• 2007

Researches on Sensor Network has become much more active and is currently being applied to many different fields. However since sensor network is limited to only collecting and reporting information regarding a certain event, and requires human intervention with that given information, it is often difficult to react to an event or situation immediately and proactively. To overcome this kind of limitation, Wireless Sensor and Actor Networks (WSANs) with immediate-response Actor Nodes has been proposed which adds greater mobility and activity to exisiting sensor networks. Although WSANs shares many common grounds with sensor networks, it is difficult to apply exisiting security technologies due to the fact that WSAN contains Actor Nodes that are resource-independent and mobile. This research therefore seeks to demonstrate ways to provide security, integrity and authentication services for WSAN's secure operation, by separating networks into hierarchcial structure by each node's abilities and providing different encryption key-based secure protocols for each level of hierarchy: Pair-wise Key, Node Key, and Region Key for sensor levels, and Public Key for actor levels.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.83-89
• /
• 2019

In accordance with information security compliance and security regulations, there is a need to develop regular and real-time concepts for cyber-infringement attacks against network system vulnerabilities in branch and periodic forms. Vulnerability Analysis Analysis It is judged that it will be a countermeasure against new hacking attack in case of concept validation by interworking with TOOL. Vulnerability check module is standardized in event attribute management and ease of operation. Opening in terms of global sharing of vulnerability data, owasp zap / Angry ip Etc. were investigated in the SIEM system with interlocking design implementation method. As a result, it was proved that the inspection events were monitored and transmitted to the SIEM console by the vulnerability module of web and network target. In consideration of this, ESM And SIEM system In this paper, we propose a new vulnerability analysis method based on the existing information security consultation and the results of applying this study. Refer to the integrated interrelationship analysis and reference Vulnerability target Goal Hacking It is judged to be a new active concept against invasion attack.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.4
• /
• pp.51-62
• /
• 2019

Recently, as the number of Smart Phone users increase, the simple payment system has been able to make payments using only card information such as a registered password without extra authorized certificate authentication or input of card information. In this paper, it will examine and analyze simple payment system provided by IT companies and financial institutions and the simple payment system that operates global online payment system by case view of operational direction. Then with this examination, it will study ways to improve the problems with terms of convenience and stability in terms of users. In this paper, it will analyze the inconvenient problem in using the QR code system that recently introduced and will propose solutions. Also, it will propose suggestions to solve inconvenience that caused by system that supports NFC simple payment terminal in Korea is not universalize by analyze case study on the overseas simple payment system. It will also propose opinions on the matters that customer having responsible for event of a small financial accident related to loss or theft when using the simple payment system. Then it will suggest expected requirements to prepare new security technical countermeasures and solve the conditions of meeting expectation satisfaction of users.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.368-372
• /
• 2021

The article identifies the features of the digital culture of modern society in the dynamics of its impact on the education sector, identifies the main directions of digitalization education, an objective analysis is presented, the possibilities of examination as a scientific assessment are determined "Digital reforms" of education, the role of traditional values of educational culture in expertise and improvement digital innovations in the education system, identified the main contradictions in the development of digital culture, to determine the directions of its improvement. The article describes the three main components of information technology as a complex of hardware, software and a system of organizational and methodological support; the description of analog and digital information technologies is presented. The authors list the most common multifunctional office applications and IT tools; the advantages of using IT in the educational process are highlighted.

• Korean Security Journal
• /
• no.19
• /
• pp.105-138
• /
• 2009

This study's purpose is to present the improvement of effectiveness of security activity for international conference among Several Countries which can be held hereafter. On the basis of security activity problems originating in APEC that had been held in Busan in 2005. I made up questions three times to on the members of the police, military, fire figher and national intelligence service who had experienced in Busan APEC and recognition of possible problem and possibility of improvement on each item of questions was analyzed by Delphi Method. Also interviews with 4 security experts selected from each security agency were conducted to present improvement in each part of problem. The results obtained from the face to face interview with four experts of security-enforcement agency about the role and importance of site activity stage for international conference among several countries are as followings ; First, the system that experienced security-enforcement agents can be selected for the next national security event is needed, by data-basing the security-enforcement agents who were experienced in security event as man power management. Second, the middle-term plan for the introduction of high-tech equipment and joint inspection with relevant security agents are needed for the efficient explosive technical detection. Third, high-tech security equipment could be introduced through the international high-tech security equipment exhibition. Fourth, an anti-terrorism plan should be measured by sharing information through the cooperation with domestic and international intelligence agency. Fifth, public relations should be measured systematically by organization rather than agents' individual public relations. Sixth, political consideration to secure integrative coordination with other agency is needed for security activity, through normal cooperation with fire fighting related agency such as an electric, gas, elevator company. Seventh, a definite press guideline is needed for a convenient news coverage and safety during security event.

• Journal of Industrial Convergence
• /
• v.18 no.3
• /
• pp.109-116
• /
• 2020

The purpose of this study is to make suggestions for the infectious disease surveillance systems as part of the government's healthcare policy intended to minimize damage by implementing an appropriate and swift crisis management in the event of future infectious disease outbreaks. To that end, this descriptive study analyzes the infectious disease outbreaks and the management and control thereof in Korea and other countries, so as to suggest some approaches to infectious disease surveillance systems applicable to affected regions. The analysis results shed light on the causes of the spread of future infectious diseases over the past years, and the management systems that could possibly deal with the trial and error in the response policy. It seems crucial to roll out appropriate information, training and promotion programs as part of the national disaster response systems to prevent infectious diseases in relation to the roles of multiple relevant government agencies in the event of disasters especially amid the COVID-19 pandemic.

• Korean Security Journal
• /
• no.46
• /
• pp.7-30
• /
• 2016

This study found the strategies for activating the security industry to utilize social network services based on the platform business model. This research was utilized for in-depth interview and IPA analysis. And use it was to check the contents and strategic improvement projects that can actually materialize and direction of the strategy. First, run a priority need area is a private center of community policing related portal development and operation, universal social networking service(SNS) utilizing expanded, professional training, IT-based security content management and operation of IT infrastructure security guards and security professionals up educational content development, online security guards and security professionals-up refresher training program development. Second, the area over the inventory capabilities increase the effectiveness of the security guards was constructed open-type comprehensive public information system. Third, the area needed to be reviewed are the individual security industry experts workers operating information channels, dedicated customer service and expanding the event of a private security guard & security service providers up. Fourth, the effectiveness of the insufficient area are discuss system improvements, the sharing of community policing closed Cameras for proposals for the expanded utilization of social networking services, private development organizations Social Network Service(SNS).