• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.11
• /
• pp.1451-1461
• /
• 2019

DNS spoofing is an attack in which an attacker intervenes in the communication between client and DNS server to deceive DNS server by responding to a fake IP address rather than actual IP address. It is possible to implement a pharming site that hacks user ID and password by duplicating web server's index page and simple web programming. In this paper we have studied web spoofing attack that combines DNS spoofing and pharming site implementation which leads to farming site. We have studied DNS spoofing attack method, procedure and farming site implementation method for portal server of this university. In the case of Kyungsung Portal, bypassing attack and hacking were possible even though the web server was SSL encrypted and secure authentication. Many web servers do not have security measures, and even web servers secured by SSL can be disabled. So it is necessary that these serious risks are to be informed and countermeasures are to be researched.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.111-122
• /
• 2008

Web service is defined to support interoperable machine to machine interaction over a network and defined as distributed technologies. Recently in web service environment, security has become one of the most critical issues. An attacker may expose user privacy and service information without authentication. Furthermore, the users of web services must temporarily delegate some or all of their behalf. This results in the exposure of user privacy information by agents. We propose a delegation model for providing safety of web service and user privacy in ubiquitous computing environments. In order to provide safety of web service and user privacy, XML-based encryption and a digital signature mechanism need to be efficiently integrated. In this paper, we propose web service management server based on XACML, in order to manage services and policies of web service providers. For this purpose, we extend SAML to declare delegation assertions transferred to web service providers by delegation among agents.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.8
• /
• pp.189-196
• /
• 2016

Many companies have struggled to manage Web vulnerabilities and security incidents have also frequently happened. The current inspection methods are mainly based on the OWASP vulnerabilities. In practice, however, it is very difficult to cope with frequent changes of Web applications. In this paper, we first investigate the existing quantification of Web application vulnerabilities and verification process. Then we propose an improved inspection framework which is focused on removing essential and realistic vulnerabilities and active verification process.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.17-25
• /
• 2004

As Internet and Internet users are rapidly increasing and getting popularized in the world the existing firewall has limitations to detect attacks which exploit vulnerability of web server. And these attacks are increasing. Most of all, intrusions using web application's programming error are occupying for the most part. In this paper, we introduced real-time web-server agent which analyze web-server based log and detect web-based attacks after the analysis of the web-application's vulnerability. We propose the method using real-time agent which remove Process ID(pid) and block out attacker's If if it detects the intrusion through the decision stage after judging attack types and patterns.

• The KIPS Transactions:PartD
• /
• v.15D no.5
• /
• pp.699-704
• /
• 2008

By the dependence on Web from popularization of internet and increasing number of users, web services capability and security problem of communication is becoming a great issue. Existing web services technology decrease the capability of web application server by limiting the number of synchronous client, decreasing the processing load and increasing average response time. The encryption process to secure communication and the early expense of handshake decrease transmission speed and server capability by increasing the calculation time for connecting. Accordingly, this paper executes an encryption procedure by elliptical encryption algorithm to satisfy secure demands, improve the overload of server for web services and get reliability and security of web server architecture and proposes an improved mobile web sever which provides better ability and the techniques for deferred processing.

• The Journal of Korean Association of Computer Education
• /
• v.14 no.6
• /
• pp.75-81
• /
• 2011

Cookie is simple text file, which contains records of web service which provided to user. some of data included in Cookie has user's private information. When attacker has Cookie which included user's private information, will causing financial losses. In this paper we designed security section which can improve vulnerable Cookie's security level. Through research and vulnerability analysis of Cookie file, we find out how to implement security area to offer efficient security area and design security area for cookie file. Also we checked security level to performance evaluation. Through this security level, we can keep user's private information secure using Cookie's improve security level which stored in user's personal computer.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.2
• /
• pp.49-54
• /
• 2016

In this paper, we propose an Arduino-based effective home security monitoring system. Proposed home security monitoring system consists of arduino which is inexpensive main processor, ultrasonic sensor and human body detection sensor to detect whether someone breaks into home. Data from ultrasonic sensor and human body detection sensor are transmitted to web server via ethernet shield connected to arduino. Web server checks whether someone breaks into home by using stored data from ultrasonic sensor and human body detection sensor. Snapshot is photographed via webcam connected by using JQuery. Photographed snapshot is stored in web server as image file. A user can monitor in web or smart device environment by using HTML5, CSS and Canvas. When examining efficiency of proposed home security monitoring system, it was found that proposed system is easier to be made than existing home security system and is cost effective by using arduino and is efficient and convenient and stable as it enables a user to handle an error in person and it uses reliable data.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.519-523
• /
• 2002

NIDS의 보급이 보편화됨에 따라 NUDS를 우회하기 위한 공격 기법 역시 많이 개발 되고 있다. 이런 공격들 중 일부는 NIDS 구조의 근본적인 결함을 이용하기 때문에 NIDS 구조에서는 해결될 수 없다. NIDS의 많은 장점들을 유지하면서도 NIDS의 한계를 극복하는 새로운 HIDS 모델을 제시한다. HIDS는 시스템에 많은 부하를 준다는 것이 가장 큰 문제점이지만, Web 서버는 특성상 모든 곳에서의 접속을 허용하므로 보안에 취약하기 때문에 어느 정도 HIDS에 의한 부하를 감수하더라도 보안을 강화해야만 한다. 또한. Web 서버는 Web 서비스라는 특정 목적만을 위해 운영되기 때문에 HIDS를 설치하더라도 Web 공격에 대해서만 고려함으로써 HIDS의 부하를 상당히 줄일 수 있다. 본 논문에서 제안하는 HIDS는 Linux 운영체제의 Kernel에서 TCP Stream을 추출하여 이를 감사 자료로써 사용하여 침입탐지를 한다.

• International Journal of Contents
• /
• v.11 no.4
• /
• pp.70-76
• /
• 2015

The development of technology provides and increases security as well as convenience for humans. The development of new technology directly affects the standard of life thanks to smart home automatic control systems. This paper describes a door control, automatic curtain, home security (CCTV, fire, gas, safe, etc.), home control (energy, light, ventilation, etc.) and web-based smart home automatic controller. It also describes the use of ARM (Advanced RISC Machines) for automatic control of home equipment, a Multi-Axes Servo Controller using FPGA (Field Programmable Gate Array) and PLC (programmable logic controller). Additionally, it describes the development of a HTML editor using web auto control software. The tab loading time (7 seconds) is faster when using ARM-based web browser software instead of Chrome and Firefox is used because the browser has a small memory footprint (300M). This system is realized by web auto controller language which controls and uses PLCs that are easier than existing devices. This smart home automatic control technology can control smart home equipment anywhere and anytime and provides a remote interface through mobile equipment.

• The Journal of Information Systems
• /
• v.10 no.1
• /
• pp.127-146
• /
• 2001

The area of business applications in the internet are extended enormously in result of fast development of computing and communication technologies, increase of internet use, and use of intranet/extranet in enterprise information system. Widely spread the use of the internet, there are various applications for Business to Business (B to B) or Business to Customer(B to C) model that are based on the intranet or extranet. This paper designed and implemented the Web-based Electronic Bidding System for Business to Business (B to B) model. The technical issues of electronic bidding system in the internet are involved in the connection between web client and server, electronic data interchange for the contract document, and security solution during the bidding and contracting processes. The web-based electronic bidding system in this paper is implemented using Java applet and servlet as a connection interface for web client and server, XML/EDI-based documents for a bid and a contract, and bidding server and notary server for enhancing the security using PKI(Public Key Infrastructure)-based public key cryptography, digital signature and Certification Authority(CA).