• Journal of Digital Convergence
• /
• v.13 no.3
• /
• pp.201-208
• /
• 2015

Recently computer, smart phone, medical devices, etc has become used in a variety of environments as the application fields of IT products have become diversification. Attack case of abuse of software security vulnerabilities is on the increase as the application fields of software have become diversification. Accordingly, secure coding program is of a varied but history management, updating, API module to be vulnerable to attack. Thus, this paper proposed a materialization of CMS linked system to enable check the vulnerability of the source code to content unit for secure software development, configuration management system that interwork on the transmission module. Implemented an efficient coding system secure way that departmentalized by the function of the program and by analyzing and applying secure coding standards.

• Journal of Digital Convergence
• /
• v.14 no.12
• /
• pp.201-208
• /
• 2016

The purpose of Email system is used to transmit important information between companies in today. But Email system has vulnerabilities such that changing email address of sender by attacker. So it is important to authenticate mail server and user using mail server. This paper proposed mail proxy located between mail servers that evaluate authority and authenticate sender and receiver. The proposed email platform has some functions to compose trusted domain and to authenticate mail servers in the domain. Also, if sender and recipient are valid users in mail system, each exchanges a key for confidentiality and the sender sends an e-mail encrypted with exchanged key to recipient. In this paper, we propose a key exchange scheme in proposed platform and verify this protocol using Casper which is the formal analysis tool. In the future research, we will study the overall platform of the domain configuration for the security of mail.

• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.19-26
• /
• 2006

Recently, web server hacking is trending toward web application hacking which uses comparatively vulnerable web applications based on open sources. And, it is possible to hack databases using web interfaces because web servers are usually connected databases. Web application attacks use vulnerabilities not in web server itself, but in web application structure, logical error and code error. It is difficult to defend web applications from various attacks by only using pattern matching detection method and code modification. In this paper, we propose a method to secure the web applications based on profiling which can detect and filter out abnormal web application requests.

• Informatization Policy
• /
• v.25 no.2
• /
• pp.3-19
• /
• 2018

With the introduction of video cameras into law enforcement, a great deal of police organizations have adopted the technology in their routine crime prevention activities. The up-to-date systems of ambient surveillance energized by CCTV, police wearable cameras, drones, and thermal imaging devices enable the police to thoroughly monitor public spaces as well as to rigorously arrest on-scene criminals. These efforts to improve the level of surveillance are often met with public resistance raising concerns over citizens' rights to privacy. Recent studies on the use of police video equipment have constantly raised the issues related to the lack of applicable legal provisions, risk of personal information and privacy infringement as well as security vulnerabilities. In this regard, the present study attempted to review the public surveillance methods currently used by law enforcement agencies worldwide within the context of public safety and individual rights to privacy. Furthermore, the present study also discussed the legal boundaries of police use of video equipment to address public concerns over privacy issues.

• Journal of the military operations research society of Korea
• /
• v.35 no.2
• /
• pp.87-98
• /
• 2009

In the military logistics, the Outsourcing such as 3PL (3rd Party Logistics) and 4PL has emerged recently as an important agenda. However, when 3PL applied prematurely, side effects will occur such as the loss of combat power in wartime, the security vulnerabilities and the high cost by a small amount of military order. Recently, the developed countries such as the United States and the Britain want to compensate for these side effects. Therefore, They are developing the private-public competitive sourcing concept for the complementary partnership and the foster competition with the private sector. To apply this concept to the Korean Military, they need to be reorganized and promote the efficiency in the military logistics. Especially, the transportation sector. Therefore, this study, which is focused on the transportation sector, offers two kinds of measures to improve such as the Dual Pallet Standard (T11, T12) and the PLS(Palletized Loading System) truck system. Finally, these improvements will be analyzed by the simulation in this paper.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.8
• /
• pp.1768-1773
• /
• 2005

The IEEE 802.1x standard provides an architectural framework which can be used various authentication methods. But, IEEE 802.1x also has vulnerabilities about the DoS, the session hijacking and the Man in the Middle attack due to the absence of AP authentication. In this paper, we propose a WLAN secure system which can offer a robust secure communication and a user authentications with the IEEE 802.1x framework. The user authentication on the WLAN secure system accomplishes mutual authentications between authentication severs, clients and the AP using PKI and prevents an illegal user from intervening in communication to disguise oneself as a client, the AP or authentication servers. Also, we guarantee the safety of the communication by doing secure communication between clients and the AP by the Dynamic WEP key distribution.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.299-302
• /
• 2011

Recently, Voice over Internet protocol(VoIP) in IP-based wired and wireless voice, as well as by providing multimedia information transfer. Wired and wireless VoIP is easy on illegal eavesdropping of phone calls and VoIP call control signals on the network. In addition, service misuse attacks, denial of service attacks can be targeted as compared to traditional landline phones, there are several security vulnerabilities. In this paper, VoIP equipment in order to obtain information on the IP Phone is scanning. And check the password of IP Phone, and log in successful from the administrator's page. Then after reaching the page VoIP IP Phone Administrator Settings screen, phone number, port number, certification number, is changed. In addition, IP Phones that are registered in the administrator page of the call records check and personal information is the study of hacking.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.245-248
• /
• 2011

Voice over Internet protocol(VoIP) is call's contents using the existing internet. Thus, in common with the Internet service has the same vulnerability. In addition, unlike traditional PSTN remotely without physical access to hack through the eavesdropping is possible. Cyber terrorism by anti-state groups take place when the agency's computer network and telephone system at the same time work is likely to get upset. In this paper is penetration testing for security threats(Call interception, eavesdropping, misuse of services) set out in the NIS in the VoIP. In addition, scenario writing and penetration testing, hacking through the Voice over Internet protocol at the examination center will study discovered vulnerabilities. Vulnerability discovered in Voice over Internet protocol presents an attack and defense plan.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.412-415
• /
• 2004

As computers and networks become popular, corporation or country organization composes security network including various kinds information protection system to protect informations and resources from internet and is operating system and network. But current firewall and IDS(Intrusion Detection System) of the network level suffers from many vulnerabilities in internal computing informations and resources. In this paper, we design of ICMP-based Traceback System using a ICMP Traceback Message for efficiently traceback without change structure of routers. ICMP-based Traceback System. Create of ICMP message is managed by “Traceback Agent” mirroring port for router. Victim's systems that are received the message store it and “Traceback Manager” is detect a attack(like a DDoS). Using a information of this message starting a traceback and detecting a source of attacker, so response a attack.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.8
• /
• pp.1977-1985
• /
• 2009

An e-Seal is an active RFID device that was set on the door of a container. e-Seal provides both the state of the seal and the remote control of the device automatically. But it has vulnerabilities like eavesdrop and impersonate because of using RFID system. A secure e-Seal authentication protocol must use PRF for encryption/decryption of reader and e-Seal. The existing PRF uses simple hash function such as MD5 or SHA which is not available for e-Seal. It is required to use strong hash functions. The hash function is a essential technique used for data integrity, message authentication and encryption in the mechanism of information security. Therefore, in this paper, we propose more secure and effective hash function based on polynomial for e-Seal authentication protocol.