• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.4
• /
• pp.81-87
• /
• 2015

Recently, with the development of the ICT environment, the use of the software is growing rapidly. And the number of the web server software used with a variety of users is also growing. However, There are also various damage cases increased due to a software security vulnerability as software usage is increasing. Especially web shell hacking which abuses software vulnerabilities accounts for a very high percentage. These web server environment damage can induce primary damage such like homepage modification for malware spreading and secondary damage such like privacy. Source code weaknesses checking system is needed during software development stage and operation stage in real-time to prevent software vulnerabilities. Also the system which can detect and determine web shell from checked code in real time is needed. Therefore, in this paper, we propose the system improving security for web server by detecting web shell attacks which are invisible to existing detection method such as Firewall, IDS/IPS, Web Firewall, Anti-Virus, etc. while satisfying existing secure coding guidelines from development stage to operation stage.

• Journal of Advanced Navigation Technology
• /
• v.19 no.6
• /
• pp.587-594
• /
• 2015

Open operating system, Linux is the traditional Web, E-mail, DNS, FTP server, as well as being used in Cloud and Big data infrastructure. In addition, Linux is also used like a desktop or mobile devices, smart TV and cars. In particular, stepping up to the IoT era at this time is expected to be greater proportion occupied by Linux. As the use of Linux has increased security has emerged as an important factor. User management is core of Linux system security. In this paper, Classifying Linux user and analyzed the role of the user-specific file. Finally, we analyzed the linux management technologies and useful user security tools.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.1
• /
• pp.466-483
• /
• 2017

Zen Cart is an open-source online store management system. It is used all over the world because of its stability and safety. Today, Zen Cart's session security mechanism is mainly used to verify user agents and check IP addresses. However, the security in verifying the user agent is lower and checking the IP address can affect the user's experience. This paper, which is based on the idea of session protection as proposed by Ben Adida, takes advantage of the HTML5's sessionStorage property to store the shared keys that are used in HMAC-SHA256 encryption. Moreover, the request path, current timestamp, and parameter are encrypted by using HMAC-SHA256 in the client. The client then submits the result to the web server as per request. Finally, the web server recalculates the HMAC-SHA256 value to validate the request by comparing it with the submitted value. In this way, the Zen Cart's open-source system is reinforced. Owing to the security and integrity of the HMAC-SHA256 algorithm, it can effectively protect the session security. Analysis and experimental results show that this mechanism can effectively protect the session security of Zen Cart without affecting the original performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.353-360
• /
• 2017

The Internet of Things(IoT) security has more need than a technical problem as it needs series of regulations and faultless security system for common purposes. So, this study proposes an efficient key management in order that can be trusted IoT data in cloud computing. In contrast with a key distribution center of existing sensor networks, the proposed a federation key management of cloud proxy key server is not central point of administration and enables an active key recovery and update. The proposed key management is not a method of predetermined secret keys but sharing key information of a cloud proxy key server in autonomous cloud, which can reduce key generation and space complexity. In addition, In contrast with previous IoT key researches, a federation key of cloud proxy key server provides an extraction ability from meaningful information while moving data.

• The Journal of the Korea Contents Association
• /
• v.18 no.6
• /
• pp.434-442
• /
• 2018

Recently, the threat to the security and damage of important data leaked by devices of intranet infected by malicious code through the Internet have been increasing. Therefore, the partitioned intranet model that blocks access to the server for business use by implementing authentication of devices connected to the intranet is required. For this, logical net partition with the VDI(Virtual Desktop Infrastructure) method is no information exchange between physical devices connected to the intranet and the virtual device so that it could prevent data leakage and improve security but it is vulnerable to the attack to expose internal data, which has access to the server for business connecting a nonregistered device into the intranet. In order to protect the server for business, we suggest a blockchain based network partition model applying blockchain technology to VDI. It contributes to decrease in threat to expose internal data by improving not only capability to verify forgery of devices, which is the vulnerability of the VDI based logical net partition, but also the integrity of the devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1317-1330
• /
• 2017

To collect server information and construct network map enable us to prevent security breach, prepare for national cyber warfare and make effective policies. In this paper, we analyze well-known network scanners, Nmap and ZMap, and construct network map using banner grabbing. We use multiple threads in order to increase scanning speed and arrange IP lists by specific order to reduce the load on information gathering targets. Also, we applied performance tests to compare the real-time banner grabbing tool with the existing network scanners. As a result, we gathered server information from domestic and overseas servers and derived a risk index based on the collected database. Although there are slight differences among countries, we can identify the risky situation that many users in every country are exposed to several security breaches.

• Journal of Advanced Navigation Technology
• /
• v.17 no.4
• /
• pp.421-428
• /
• 2013

Voice over IP refers to technology that enables routing of voice conversations over the Internet or a TCP/IP network. VoIP communication costs cheaper than traditional analog phone. Phone calls can be made to anywhere / anyone: Both to VoIP numbers as well as people with normal phone numbers. VoIP protocol equipment available today follows the SIP standard. Older VoIP equipment though would follow H 323, MGCP, Megaco/H.248. A SIP server is the main component of an IP PBX, dealing with the setup of all SIP calls in the TCP/IP network. A SIP server is also referred to a Asterisk IP-PBX. A VoIP telephone, also known as a SIP phone or a softphone, allows the user to make phone calls to any softphone, mobile or PC by using App store. A VoIP telephone can be a simple software-based softphone. However, the SIP Server and the program is vulnerable to VoIP attacks. In this paper, eavesdropping attacks tested by using the Asterisk SIP server. Eavesdropping attacks and TLS security methods apply to VoIP system. TLS can be applied to determine whether the eavesdropping available for VoIP Environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.859-868
• /
• 2018

Previous research related to recovering deleted data in database has been mainly based on transaction logs or detecting and recovering data using original source files by physical collection method. However there was a limit to apply if the transaction log does not exist in the server or it is not possible to collect the original source file because a database server owner does not permit stopping the database server because of their business loss or infringement at the scene. Therefore it is necessary to examine various collection methods and check the recoverability of the deleted data in order to handling the constraints of evidence collection situation. In this paper we have checked an experiment that the recoverability of deleted data in the original database source according to logical and physical collection methods on digital forensic investigation of Microsoft SQL Server database.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.7
• /
• pp.779-789
• /
• 2014

Utilizing smart phones based on android applications in the field of FA(Factory Automation) or PA(Production Automation) is being deployed actively. In general, MDM(Mobile Device Management) is a crucial infra-structure to build such a FA or PA environment. In this paper, we suggest an open mobile device management platform and implement its prototype. The developed prototype consists of three modules such as DMS(Device Management Server), FUMO(Firmware Update Management Object) and SCOMO(Software Component Management Object). In addition, we suggest a security module based on the concept of the EAP (Extensible Authentication Protocol) and the AES (Advanced Encryption Standard). The suggested security module's prototype is applied to guarantee the data integrity in the process of communicating among DMS, FUMO and SCOMO for the purpose of utilizing smart phones based on android applications in a FA field. We also evaluate the performance of the implemented security prototype. According to our simulation results, the implemented prototype has a good performance in a FA environment and can be utilized in the other FA, PA or OA(Office Automation) environment with guaranteeing the security.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.377-384
• /
• 2013

In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.