• The KIPS Transactions:PartC
• /
• v.14C no.1 s.111
• /
• pp.27-38
• /
• 2007

IPv6 has appeared for solving the address exhaustion of IPv4 and for guaranteeing the problems of security and QoS. It occurs the unexpected new attacks of IPv6 as well as the existing attacks of IPv4 because of the increasing address space to 128bits and the address hierarchies for efficient network management and additions of the new messages between nodes and routers like neighbor discovery and auto address configuration for the various comfortable services. For the successful transition from IPv4 to IPv6, we should get the secure compatibility between IPv4 hosts or routers working based on secure and systematic policy and IPv6. Network manager should design security technologies for efficient management in IPv4/IPv6 co-existence network and IPv6 network and security management framework designation. In this paper, we inspected the characteristics of IPv4 and IPv6, study on security requirement for efficient security management of various attacks, protocol, service in IPv4/IPv6 co-existence and IPv6 network, and finally suggest integrated solution about security vulnerability of IPv6 network in considering of analysis of IPv6 system, host and application, IPv6 characteristics, modified CGA(MCGA).

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.79-90
• /
• 2014

User authentication based on ID and PW has been widely used. As the Internet has become a growing part of people' lives, input times of ID/PW have been increased for a variety of services. People have already learned enough to perform the authentication procedure and have entered ID/PW while ones are unconscious. This is referred to as the adaptive unconscious, a set of mental processes incoming information and producing judgements and behaviors without our conscious awareness and within a second. Most people have joined up for various websites with a small number of IDs/PWs, because they relied on their memory for managing IDs/PWs. Human memory decays with the passing of time and knowledges in human memory tend to interfere with each other. For that reason, there is the potential for people to enter an invalid ID/PW. Therefore, these characteristics above mentioned regarding of user authentication with ID/PW can lead to human vulnerabilities: people use a few PWs for various websites, manage IDs/PWs depending on their memory, and enter ID/PW unconsciously. Based on the vulnerability of human factors, a variety of information leakage attacks such as phishing and pharming attacks have been increasing exponentially. In the past, information leakage attacks exploited vulnerabilities of hardware, operating system, software and so on. However, most of current attacks tend to exploit the vulnerabilities of the human factors. These attacks based on the vulnerability of the human factor are called social-engineering attacks. Recently, malicious social-engineering technique such as phishing and pharming attacks is one of the biggest security problems. Phishing is an attack of attempting to obtain valuable information such as ID/PW and pharming is an attack intended to steal personal data by redirecting a website's traffic to a fraudulent copy of a legitimate website. Screens of fraudulent copies used for both phishing and pharming attacks are almost identical to those of legitimate websites, and even the pharming can include the deceptive URL address. Therefore, without the supports of prevention and detection techniques such as vaccines and reputation system, it is difficult for users to determine intuitively whether the site is the phishing and pharming sites or legitimate site. The previous researches in terms of phishing and pharming attacks have mainly studied on technical solutions. In this paper, we focus on human behaviour when users are confronted by phishing and pharming attacks without knowing them. We conducted an attack experiment in order to find out how many IDs/PWs are leaked from pharming and phishing attack. We firstly configured the experimental settings in the same condition of phishing and pharming attacks and build a phishing site for the experiment. We then recruited 64 voluntary participants and asked them to log in our experimental site. For each participant, we conducted a questionnaire survey with regard to the experiment. Through the attack experiment and survey, we observed whether their password are leaked out when logging in the experimental phishing site, and how many different passwords are leaked among the total number of passwords of each participant. Consequently, we found out that most participants unconsciously logged in the site and the ID/PW management dependent on human memory caused the leakage of multiple passwords. The user should actively utilize repudiation systems and the service provider with online site should support prevention techniques that the user can intuitively determined whether the site is phishing.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.11
• /
• pp.2176-2183
• /
• 2017

The value of Big-Data which is a main factor of the fourth Industrial Revolution enhances industrial productivity in private sector and provides administrative services for nations and corporates in public sector. ICT-developed countries are coming up with Big-Data application in public sector rapidly. Especially, when it comes to social crisis management, they are equipped with pre-forcasting system. Korean Government also emphasizes Big-Data application in public sector for the social crisis management. But the reality where the overall infrastructure vulnerability reveals requires preparation and operation of measurement for social problems. Accordingly, we need to analyze Big-Data application problem and benchmark the precedented cases, thereby, direct policy diversity. Hence, this paper proposes the roles and rules of E-government analyzing problems from Big-Data application. The following policy proposes open Information and legal&institutional improvement, Big-Data service considerations threatening privacy issues in Big-Data ecosystem, necessity of operational and analytical technology for Big-Data and related technology in technical implication of Big-Data.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.91-100
• /
• 2014

While IT security investment of organizations has been increased, the amount of the monetary loss of organizations caused by IT security breaches did not decrease as much as their expectation. Also, from surveys, it was discovered that the poor usage of their security budget thwarted the improvement of the organization's security level. In this paper, to resolve the poor usage of security budget of organizations, we propose a comprehensive economic model for determining the optimal amount of investment in security solutions, including the proactive security solutions(PSSs) and the reactive security solutions(RSSs). Using the proposed analytical model under different parameters of security solutions, we show the optimal condition to maximize the expected net benefits from IT security investment of organizations. Also, we verify the common belief that the optimal level of investment in security solutions is an increasing function of vulnerability. Through simulations, we find the optimal level of IT security investment, given parameters of different characteristics of security solutions.

• The Journal of Society for e-Business Studies
• /
• v.18 no.3
• /
• pp.107-123
• /
• 2013

In a wireless sensor network environment, it is required to ensure anonymity by keeping sensor nodes' identifiers not being revealed and to support real-time authentication, lightweight authentication and synchronization. In particular, there exist possibilities of location information leakage by others, privacy interference and security vulnerability when it comes to wireless telecommunications. Anonymity has been an importance issue in wired and wireless network environment, so that it has been studied in wide range. The sensor nodes are interconnected among them based on wireless network. In terms of the sensor node, the researchers have been emphasizing on its calculating performance limit, storage device limit, and smaller power source. To improve of biometric-based D. He scheme, this study proposes a real-time authentication protocol using Unique Random Sequence Code(URSC) and variable identifier for enhancing network performance and retaining anonymity provision.

• Korean Journal of Environment and Ecology
• /
• v.28 no.3
• /
• pp.374-380
• /
• 2014

This study was conducted to provide baseline information which will be useful for managing the forest trails as the outdoor recreation facility. To investigate residents' attitudes toward the forest trail construction and use, a questionnaire survey was employed in Jirisan Dulegil. As the results, 4 impact factors that are influenced to local communities due to Jirisan Dulegil construction were resulted in. Most of the respondents perceived that the Jirisan Dulegil have positive impact economically on community growth. Contrastively, a negative perception existed in the environmental aspect. Local lodging industry was selected one of preference business models. In viewpoint of community business, a more professional and systematic approach to find appropriate business model is needed because of structural vulnerability of business.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.313-317
• /
• 2014

Smart-phone, PC or tablet platforms, such as smart terminals spread to the masses trying to capitalize. Smart TV also is increasing. In Korea, market size of TV is growing fast with growth of risk of hacking. In this paper, several kinds of Smart TV hacking cases are presented with the possibility of attacks against the vulnerability analysis and countermeasures. Most of the Linux operating system is open. Thus, it is vulnerable for latest hacking techniques. Most are based on the Linux OS to enhance security mount Sand-Box. However, bypass procedure using the technique, or APT attacks can avoid San-Box technique. New hacking techniques and a variety of ways will occur in the future. Therefore, this paper will develop Smart TV, and it analysis of a security threat and establishes better prepared in the future because new hacking attacks are expected to prepare more.

• Journal of Digital Convergence
• /
• v.16 no.9
• /
• pp.179-185
• /
• 2018

Technology of Internet of Things (IoT) which is receiving the spotlight recently as a new growth engine of Information Communications Technology (ICT) industry in the $4^{th}$ Industrial Revolution needs trustworthiness beyond simple technology of security. IoT devices should consider trustworthiness from planning and design of IoTs so that everyone who develop, evaluate and use the device can measure and trust its security. Increased number of IoTs and long lifetime result in the increased securituy vulnerability due to the difficulty of software patch and update. In this paper, we investigated security and scalability issues of current IoT devices through research of the technical, political and industrial trend of IoT. In order to overcome the limitations, we propose an automatic verification of software integrity utilizing and a political solution to apply cyber killchain based security mechanism using hash which is an element technology of blockchain to solve these problems.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.4
• /
• pp.41-46
• /
• 2016

Recently, many domestic and foreign corporates are concentrating in investment to wearable devices and users are provided with various service based on wearable devices 26% more than compared to last year. It is widely used in previous healthcare, smart work, smart home environment, and it is now introduced to get connection to fused service environment. However, as products of G company are commercialized, the security issue of personal information is causing dispute in society, and the danger of data management and security regarding telecommunication is increasing. Also, because the password system used in previous wireless environment is still in use, there are possible vulnerability considering the new and mutant security threat. This thesis conducted study about protocols that can exercise safe telecommunication in the basis of wearable devices. In the registration and certification process, the signature value is created based on the code value. The telecommunication method is designed to conduct safe telecommunication based on the signature value. As for the attack method occurring in the wearable device environment, the safety was analyzed and conducted performance evaluation of previous password system and proposal system, and verified about 14% of efficiency.

• Journal of Digital Convergence
• /
• v.13 no.10
• /
• pp.343-351
• /
• 2015

With the diverse services of the current M2M environment being expanded to the organizations, the corporations, and the daily lives, the possibility of the occurrence of the vulnerabilities of the security of the related technologies have become an issue. In order to solve such a problem of the vulnerability of the security, this thesis proposes the technique for applying the cryptography algorithm for the protection of the device key of the M2M environment. The proposed technique was based on the elliptic curve cryptography Through the key exchange and the signature exchange in the beginning, the security session was created. And the white box cipher was applied to the encryption that creates the white box table using the security session key. Application results cipher algorithm, Elliptic Curve Cryptography provides a lightweight mutual authentication, a session key for protecting the communication session and a conventional white-box cipher algorithm and was guaranteed the session key used to encrypt protected in different ways. The proposed protocol has secure advantages against Data modulation and exposure, MITM(Man-in-the-middle attack), Data forgery and Manipulation attack.