• Title/Summary/Keyword: information security system

Search Result 6,599, Processing Time 0.037 seconds

A Study of Communications Security by Using Key Generation and File Encryption (파일 암호화와 키 생성을 이용한 통신보안 연구)

  • Lee, Jae-Hyun;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2010.05a
    • /
    • pp.316-319
    • /
    • 2010
  • File security is typically protected by encryption methods. The development of a network environment, such as the Internet according to the sharing of information between systems become commonplace, while providing convenience to users, individuals or organizations that facilitate access to sensitive information caused by hacking the system to attack the rapidly growing is a trend. This paper is the latest generation file system caused by the hacking attacks on the Sniffing for users using file encryption and key generation, Packet Sniffing Tool IP and data through the analysis are discussed. Through this study, the importance of protecting personal information by imprinting Proactive in the hacking incident, and what users will contribute to increase the level of security awareness.

  • PDF

Mobile Devices Control System using LSM (리눅스 보안 모듈을 이용한 모바일 장치 통제 시스템)

  • Bae, Hee-sung;Kim, So-yeon;Park, Tae-kyou
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.1
    • /
    • pp.49-57
    • /
    • 2017
  • With the prevalence of mobile devices, many organizations introduce MDM BYOD and try to increase the level of security with them. However, device control of mobile devices in application level cannot be a solution against the fundamental problems. In this paper, we propose a more flexible and more secure method to control the hardware devices using Linux Security Module in the kernel level with the mandatory access control.

Development Status and Prospects of Graphical Password Authentication System in Korea

  • Yang, Gi-Chul
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.11
    • /
    • pp.5755-5772
    • /
    • 2019
  • Security is becoming more important as society changes rapidly. In addition, today's ICT environment demands changes in existing security technologies. As a result, password authentication methods are also changing. The authentication method most often used for security is password authentication. The most-commonly used passwords are text-based. Security enhancement requires longer and more complex passwords, but long, complex, text-based passwords are hard to remember and inconvenient to use. Therefore, authentication techniques that can replace text-based passwords are required today. Graphical passwords are more difficult to steal than text-based passwords and are easier for users to remember. In recent years, researches into graphical passwords that can replace existing text-based passwords are being actively conducting in various places throughout the world. This article surveys recent research and development directions of graphical password authentication systems in Korea. For this purpose, security authentication methods using graphical passwords are categorized into technical groups and the research associated with graphical passwords performed in Korea is explored. In addition, the advantages and disadvantages of all investigated graphical password authentication methods were analyzed along with their characteristics.

Private Blockchain-Based Secure Access Control for Smart Home Systems

  • Xue, Jingting;Xu, Chunxiang;Zhang, Yuan
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.12
    • /
    • pp.6057-6078
    • /
    • 2018
  • Smart home systems provide a safe, comfortable, and convenient living environment for users, whereby users enjoy featured home services supported by the data collected and generated by smart devices in smart home systems. However, existing smart devices lack sufficient protection in terms of data security and privacy, and challenging security and privacy issues inevitably emerge when using these data. This article aims to address these challenging issues by proposing a private blockchain-based access control (PBAC) scheme. PBAC involves employing a private blockchain to provide an unforgeable and auditable foundation for smart home systems, that can thwart illegal data access, and ensure the accuracy, integrity, and timeliness of access records. A detailed security analysis shows that PBAC could preserve data security against various attacks. In addition, we conduct a comprehensive performance evaluation to demonstrate that PBAC is feasible and efficient.

Development of a System Security Unit using RFID (RFID를 이용한 시스템 보안 장치 개발)

  • Jang, Jae-Hyuk;Sim, Gab-Sig
    • Journal of the Korea Society of Computer and Information
    • /
    • v.16 no.1
    • /
    • pp.11-18
    • /
    • 2011
  • This study developed a digital security device which power is on/off by the RFID card. This device is based on the wireless data transmit/receive circuits, built in RS-232C chip and applied to computer and other digital devices. We can check whether this device is operated or not by connecting the LED. In this system, 13.56MHz frequency circuit supplies power with ID card, and DC inputs check the proximity operating distance of the card field for verifying the existence of a card. The security level of this system is much stronger than that of a compared system[13]. Anyone cannot use the system without RFID card. All illegal access is prevented except for authorized path.

A Discovery System of Malicious Javascript URLs hidden in Web Source Code Files

  • Park, Hweerang;Cho, Sang-Il;Park, Jungkyu;Cho, Youngho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.5
    • /
    • pp.27-33
    • /
    • 2019
  • One of serious security threats is a botnet-based attack. A botnet in general consists of numerous bots, which are computing devices with networking function, such as personal computers, smartphones, or tiny IoT sensor devices compromised by malicious codes or attackers. Such botnets can launch various serious cyber-attacks like DDoS attacks, propagating mal-wares, and spreading spam e-mails over the network. To establish a botnet, attackers usually inject malicious URLs into web source codes stealthily by using data hiding methods like Javascript obfuscation techniques to avoid being discovered by traditional security systems such as Firewall, IPS(Intrusion Prevention System) or IDS(Intrusion Detection System). Meanwhile, it is non-trivial work in practice for software developers to manually find such malicious URLs which are hidden in numerous web source codes stored in web servers. In this paper, we propose a security defense system to discover such suspicious, malicious URLs hidden in web source codes, and present experiment results that show its discovery performance. In particular, based on our experiment results, our proposed system discovered 100% of URLs hidden by Javascript encoding obfuscation within sample web source files.

Efficient Authentication Protocol for Low-Cost RFID System (저비용 RFID 시스템에 적합한 효율적인 인증 방법)

  • Kim, Jin-Ho;Seo, Jae-Woo;Lee, Pil-Joong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.2
    • /
    • pp.117-128
    • /
    • 2008
  • Compared with the existing bar code system, RFID system has lots of advantages such as it identifies automatically massive objects. We might anticipate RFID technology will be a substitution for an optical bar code system in the near future. However, their feature that uses radio waves may cause various security problems. Many kinds of solutions have been researched to overcome these security problems. In this paper, we analyze the previous proposed protocols. And then, we categorize RFID authentication into two types according to the synchronization requirement between a Back-end Database and a Tag. In addition, we introduce the previous proposed approaches to tag search problem in RFID authentication. And we propose an efficient method which provides fast tag search by using membership test algorithm, a Bloom filter.

Role-Behavior Based Access Control on Mobile Agent System for Workflow Management System (워크플로우 응용을 위한 이동 에이전트 시스템에의 역할-행위 기반 접근통제 적용)

  • Shin, Wook;Lee, Dong-Ik;Yoon, Seok-Hwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.10 no.3
    • /
    • pp.11-28
    • /
    • 2000
  • In these days it is rapidly increasing that multi-user, multi-layered commercial software developments for companies or public institutions. Security services are necessary for most of systems and the access control service is the essential of security services. Current access control methods that are used as access control policies are classified as Discretionary Access Control Mandatory Access Control and Role Based Access Control. However there are some inefficiencies when those methods are applied to current multi-user, multi-layered systems. Therefore it is required that a new access control method that takes complex system resources into account from the side of policy. In this paper extending previous Role Based of 'Behavior' and a basic model of the method. And we simply implement the method on the mobile agent based workflow management system that is a representative example of multi-user. multi-layered softwares and shows implementation results to tap possibilities of real-world application.

A Structural Analysis between Financial Regulations and Security Industry through the Systems Thinking (시스템 사고를 통한 금융 규제와 보안 산업의 구조 분석)

  • Lee, Jeong-Ha
    • Korean System Dynamics Review
    • /
    • v.16 no.4
    • /
    • pp.31-50
    • /
    • 2015
  • The purpose of this research is to understand a structural relationship between financial regulations and security industry based on the systems thinking perspective using causal loop analysis. As a result, the positive regulations on security technology against finance security incidents shrink the autonomy of the security industry and will deteriorate the competitiveness of the security industry through the unknown feedback loop. The conclusion provides the direction that policy makers understand causal loop diagram related current regulations and open enough to the consideration of the negative regulations.

Algorithm of certificate security based-on using query language (사용자 질의어를 이용한 개인 인증 보안 알고리즘)

  • Lee, Chang-Jo
    • Convergence Security Journal
    • /
    • v.11 no.6
    • /
    • pp.45-51
    • /
    • 2011
  • Certificate security oriented cyber certificate is important tool for the purpose of offering user-authentication service based on on-line system. In the paper, we analyzed management implement which could make the efficient use of certificate security oriented cyber terror response. This algorithm called SOL(Security Oriented Language) will make efficient use of the service about authentication consisting of the basis in the age of information through efficient management and partial use of each certificates. Especially, SOL could be used efficiently by grafting a small group of on-line system which is operated with particular purposes.