• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.233-237
• /
• 2006

확장 가능한 인증 프로토콜(EAP, Extensible Authentication Protocol)은 일반적으로 네트워크를 접근하려는 사용자를 인증하는 프로토콜로써, 인증을 요청하는 인증 요청자와(supplicant)와 인증을 수행하는 인증서버 (authentication server) 간에 수행되는 프로토콜이다. 현재 여러 국제표준화기구들에서 확장 가능한 인증 프로토콜에 대한 표준화가 진행되고 있다. 특히 ITU-T의 SG170 Q.9에서는 안전한 패스워드 인증 프로토콜에 대한 가이드라인 표준이 제안자에 의하여 수행되고 있고, SG17 Q.5에서는 NGN을 위한 인증 및 키관리 프레임워크에 대한 표준화가 제안자에 의하여 수행되고 있다. 본 논문에서는 EAP의 표준화 동향과 NGN를 충족시키기 위한 EAP의 요구사항에 대하여 알아본다.

• Journal of information and communication convergence engineering
• /
• v.8 no.1
• /
• pp.71-76
• /
• 2010

Scalable video coding (SVC) has been standardized as an extension of the H.264/AVC standard. SVC allows straightforward adaptation of video streams by providing layered bit streams. In this paper, we propose a SVC video-based multicasting system preserving scalable security which is able to provide a SVC video service while maintaining information security. In order to maintain information security between a server and a client during all transmission time, the proposed system immediately performs a packet filtering process without decoding with respect to encrypted data received in a routing device, thereby reducing an amount of calculations and latency.

• The Journal of Korea Robotics Society
• /
• v.2 no.1
• /
• pp.71-79
• /
• 2007

We propose and develop Home Security robot system based on Sensor Network (HSSN) configured by sensor nodes including radio frequency (RF), ultrasonic, temperature, light and sound sensors. Our system can acknowledge security alarm events that are acquired by sensor nodes and relayed in the hop-by-hop transmission way. There are sensor network, Home Security Mobile Robot (HSMR) and Home Server(HS) in this system. In the experimental results of this system, we presented that our system has more enhanced performance of response to emergency context and more speedy and accurate path planning to target position for arriving an alarm zone with obstacle avoidance and acquiring the context-aware information.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.31-40
• /
• 2008

Recently, network forensic research which analyzes intrusion-related information for tracing of attackers, has been becoming more popular than disk forensic which analyzes remaining evidences in a system. Analysis and correlation of logs from firewall, IDS(Intrusion Detect System) and web server are important part in network forensic procedures. This work suggests integrated graphical user interface of network forensic for private information leakage detection. This paper shows the necessity of various log information for network forensic and a design of graphical user interface for security managers who need to monitor the leakage of private information.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.3
• /
• pp.654-663
• /
• 1999

In this paper, we develop a security system which enhances the security of information during transmission over the World Wide Web for solving problems related to outflow of the information on the internet. Our system provides safe security functions without modifying the existing Web server and browser by utilizing CGI, Plug-in, and Socket Spy techniques. Our system implements user access control and data encryption/decryption by using the hardware cryptographic token instead of using a software technique as in previous systems, and hence is a more robust security system.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.346-353
• /
• 2021

In this proposal, we aim to enhance the security of systems accounts by improving the authentication techniques. We mainly intend to enhance the accuracy of the one-time passwords via including voice biometric and recognition techniques. The recognition will be performed on the server to avoid redirecting voice signatures by hackers. Further, to enhance the privacy of data and to ensure that the active user is legitimate, we propose to periodically update the activated sessions using a user-selected biometric factor. Finally, we recommend adding a pre-transaction re-authentication which will guarantee enhanced security for sensitive operations. The main novelty of this proposal is the use of the voice factor in the verification of the one-time password and the various levels of authentications for a full-security guarantee. The improvement provided by this proposal is mainly designed for sensitive applications. From conducted simulations, findings prove the efficiency of the proposed scheme in reducing the probability of hacking users' sessions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.161-168
• /
• 2003

We discuss the security of two famous password authenticated key exchange protocols, EKE2 and PAK. We introduce ′insider assisted attack′ Based on this assumption we point out weakness of the security of EKE2 and PAK protocols. More precisely, when the legitimate user wants to find other user′s password, called "insider-assisted attacker", the attacker can find out many ephemeral secrets of the server and then after monitoring on line other legitimate user and snatching some messages, he can guess a valid password of the user using the previous information. Of course for this kind of attack there are some constraints. Here we present a full description of the attack and point out that on the formal model, one should be very careful in describing the adversary′s behavior.

• Korean Journal of Computational Design and Engineering
• /
• v.11 no.5
• /
• pp.327-334
• /
• 2006

Recently, security incidents are growing rapidly in which internal employees let the drawing leak out to competitors or other countries. This type of security incidents has a characteristic that it occurs less frequently than other types of security incidents such as network or server security incident, but the damage is a lot more serious. The existing information security technologies to prevent internal information from being leaked out are only applicable to general documents(office documents, web pages and image files in which data are encrypted one by one). However, architectural drawings made up of collection of files with various formats(extensions) have problems with the process speed of en(de) cryption and accuracy, so the developments of security technologies by new methods are required. In this study, we design and develop a security technology based on work area with which users can protect the leakage of critical information in the kernel level while maintaining their work environment when they have to use sharing information that cannot be managed by the unit of file. As a result, we developed the "Virtual Secure Disk" which allows only authorized users and applications to have an access to drawings, and have verified its security by applying it to the actual company.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.10C
• /
• pp.1033-1044
• /
• 2003

In this paper, we propose security management architecture that manages efficiently security systems that are produced by different companies and programmable middleware that can reduce the load of management traffic. The proposed architecture applies programmable networks technology to policy based network management (PBNM). The proposed architecture manages and cooperates various security systems using security policy. Also, the programmable middleware provides convenience of management and reduces the overhead of a policy server by translating security policy into execution command. In addition, using programmable middleware, an administrator can manage various security systems that are produced by different companies. We showed that the programmable middleware could reduce the load of management traffic by comparing processing time for enforcing and transferring of policies/messages between the proposed architecture and PBNM architecture.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.9
• /
• pp.1374-1381
• /
• 2022

Existing research on security technology related to network attack response has focused on research using hardware network security technology, network attacks that wiretap and wiretap network packets, denial of service attack that consumes server resources to bring down the system, and network by identifying vulnerabilities before attack. It is classified as a scanning attack. In addition, methods for increasing network security, antivirus vaccines and antivirus systems have been mainly proposed and designed. In particular, many users do not fully utilize the security function of the router. In order to overcome this problem, it is classified according to the network security level to block external attacks through layered security management through layer-by-layer experiments. The scope of the study was presented by examining the security technology trends of edge routers, and suggested methods and implementation examples to protect from threats related to edge router-based network attacks.