• International journal of advanced smart convergence
• /
• v.5 no.3
• /
• pp.27-31
• /
• 2016

High-tech industries in a state well enough to troubleshoot hacking information introduction a big barrier to delay the growth of the market related to IoT(Internet of Things) as is likely to be on the rise. This early on, security issues introduced in the solution, a comprehensive solution, including the institutional laws/precautions needed. Recent examples of frequent security threats while IoT is the biggest issue of introducing state-of-the-art industry information due to the vulnerable security hacking. This high-tech industries in order to bridge the information responsible for the target attribute, target range, and the protection of security and how to protect the subject, IoT environment (domestic industrial environment) considering the approach is needed. IoTs with health care and a wide variety of services, such as wearable devices emerge. This ensures that RFID/USN-based P2P/P2M/M2M connection is the implementation of the community. In this study, the issue on the high-tech industrial information and the vulnerable security issues of IoT are described.

• Journal of Digital Convergence
• /
• v.10 no.10
• /
• pp.319-324
• /
• 2012

The application software, which is developed on smart phone environment, is applied to according to system development methodology. This paper presents security consideration, that is required to major application program, which is developed in smart phone environment. First it reviews security issues in application program, and the next it considered to security policy for secure application program.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1568-1570
• /
• 2005

The internet is already a part of life. It is very convenient and people can do almost everything with internet that should be done in real life. Along with the increase of the number of internet user, various network attacks through the internet have been increased as well. Also, Large-scale network attacks are a cause great concern for the computer security communication. These network attack becomes biggest threat could be down utility of network availability. Most of the techniques to detect and analyze abnormal traffic are statistic technique using mathematical modeling. It is difficult accurately to analyze abnormal traffic attack using mathematical modeling, but network simulation technique is possible to analyze and simulate under various network simulation environment with attack scenarios. This paper performs modeling and simulation under virtual network environment including $NGSS^{1}$ system to analyze abnormal traffic-flooding attack.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.77-83
• /
• 2011

In addition to the rapid development of health information technology services for the development of new medical information, a lot of research is underway. Improve health care services for patients are many ways to help them. However, no information about the security, if only the technology advances in health care systems will create an element of risk and threat. Today's issues and access issues are stable over a public network. Ad hocsensor network using secure, non-integrated health information system's security vulnerabilities does not solve the security vulnerabilities. In the development and utilization of health information systems to be subject to greater restrictions. Different security policies in an environment with a medical information system security policy mechanism that can be resolved if people get here are needed. Context-aware and flexible policy of integration and confidential medical information through the resistance should be guaranteed. Other cross-domain access control policy for telecommunications should be protected. In this paper, that the caller's medical information system, diversification, diversification Security agent in the environment, architecture, design, plan, role-based security system are proposed. The proposed system architecture, design work in the field and in the utilization of one model are expected to be.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.859-870
• /
• 2020

The MQTT-SN (Message Queuing Telemetry Transport-Sensor Network) protocol is a message transmission protocol used in a sensor-based Internet of Things (IoT) environment. This MQTT-SN protocol is a publish-subscribe model with a broker in the middle of message transmission, and each IoT device sends and receives messages through an intermediary when delivering messages. However, the MQTT-SN protocol does not provide security-related functions such as message security, mutual authentication, access control, and broker security. Accordingly, various security problems have recently occurred, and a situation in which security is required has emerged. In this paper, we review the security requirements of MQTT-SN once again, and propose a modified protocol that improves security while satisfying the constraints in the environment where the resource of IoT to which this protocol is applied is limited. Unlike the existing protocol, the security field and authentication server have been added to satisfy the security requirements. In addition, the proposed protocol is actually implemented and tested, and the proposed protocol is evaluated for practical use in terms of energy consumption.

• Journal of Information Technology Services
• /
• v.15 no.4
• /
• pp.63-72
• /
• 2016

Critical infrastructure has been operating in a closed environment with a completely separate information system and in the private area. However, with the current ICT environment changes due to convergence and open platforms it has increased the threats and risks to critical infrastructure. The importance of cyber security is increasing in the infrastructure control system, such as the outbreak of Ukraine blackout in 2015 by a malicious code called 'black energy'. This thesis aims to recognize the importance and necessity of protecting the critical infrastructure service, designing a security framework reflecting environmental and characteristic changes, and analyzing the management system suitable for a security framework. We also propose a theoretical basis for constructing a new security framework by comparing and analyzing seven international security management system standards, such as NIST 800-82 and IEC 62443-2-1, which are used in the control system. As a result, the environment surrounding critical infrastructure changes with the characteristics of connectivity, openness, and finality was studied, and as a response to this, many scholars and institutions present critical infrastructure security frameworks as cycle enhancement type structures, risk management structures, and management domain expansion structures. In response, the security framework encompassing these structures, CISF (Critical Infrastructure Security Framework), was designed. Additionally, through the security related international standard and criterion analysis, as a newly designed security standard suitable for CISF, IEC 62443-2-1 is reviewed and suggestions are made.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.13-28
• /
• 2003

The Protection Profile(PP) is a common security function and detailed statement of assurance requirements in a specific class of Information Technology security products such as firewall and smart card. The parts of TOE security environment in the PP have to be described about assumption, treat and security policy through analyzing purpose of TOE. In this paper, we present a new security policy derivation among TOE security environment parts in the PP. Our survey guides the organizational security policy statements in CC scheme through collected and analyzed hundred of real policy statements from certified and published real PPs and CC Toolbox/PKB that is included security policy statements for DoD. From the result of the survey, we present a new generic organizational policy statements list and propose a organizational security policy derivation method by using the list.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.141-153
• /
• 2012

In the recent years, various researches on the use cases of the cloud computing service have been achieved for its standardization. Notwithstanding, we need more additory effort to refine the operating mechanisms on the cloud computing environment. In this paper, we suggest an operating mechanism on IaaS cloud computing environment that is related to the integrated security management system. By using CloudStack 2.2.4 toolkit, we have built a test-bed for IaaS cloud computing service i.e., SWU-IaaS cloud computing environment. Through operating this hierarchical SWU-IaaS cloud computing environment, we have derived the attributes and the methods of its components. Its scenarios can be described in case of both normal state and abnormal state. At the end, a special scenario has been described when it receives a security event from the integrated security management system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.955-963
• /
• 2022

The Internet of Things (IoT), combined with various technologies, is rapidly becoming an integral part of our daily life. While it is rapidly taking root in society, security considerations are relatively insufficient, making it a major target for cyber attacks. Since all devices in the IoT environment are connected to the Internet and are closely used in daily life, the damage caused by cyber attacks is also serious. Therefore, encryption communication using a network security protocol must be considered for a service in a more secure IoT environment. A representative network security protocol includes TLS (Transport Layer Protocol) defined by the IETF. This paper analyzes the performance measurement results for TLS version 1.2 and version 1.3 in an IoT device open platform environment to predict the load of TLS, a representative network security protocol, in IoT devices with limited resource characteristics. In addition, by analyzing the performance of each major cryptographic algorithm in version 1.3, we intend to present a standard for setting appropriate network security protocol properties according to IoT device specifications.

• The Journal of Information Technology
• /
• v.10 no.3
• /
• pp.77-92
• /
• 2007

This study aims to suggest an implementation methodology of security module for data integrity of mobile internet terminal. This is based on the WTLS(Wileless Transport Layer Security) of WAP Protocol. This security module is expected to achieve central role in conversion of wireless internet environment and emphasis of encryption technology and safe and calculable wireless communication environment construction.