• Title/Summary/Keyword: information security system

Search Result 6,599, Processing Time 0.032 seconds

The Study on Forensic Methodology of Firefox OS (Firefox OS 포렌식 기법에 관한 연구)

  • Kim, Do-Su;Choi, Jong-hyun;Lee, Sang-jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.5
    • /
    • pp.1167-1174
    • /
    • 2015
  • As the market share of smartphone exponentially increases in mobile market, a number of manufacturers have developed their own operating system. Firefox OS is an open source operating system for the smartphone and tablet which is being developed by the Mozilla Foundation. This OS is designed using JavaScript and operated based on HTML5. Even though the number of manufacturers which release the Firefox OS smartphone is consistently increasing, However it is difficult to analyze artifacts in a smartphone in terms of investigation since existing researches on Firefox OS focused on imaging velocity according to abstract forensic process and block size. In this paper, we propose how to collect data in Firefox OS while minimizing data loss and forensic analysis framework based on analysis results on system and user data leaving in a smartphone.

A study on vulnerabilities of serial based DNP in power control fields (전력 제어시스템의 시리얼 기반 DNP통신 취약점에 관한 연구)

  • Jang, Ji Woong;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.6
    • /
    • pp.1143-1156
    • /
    • 2013
  • Power control system like SCADA(Supervisory Control And Data Acquisition) is gathering information using RS232C and low-speed analog communication network. In general, these methods are known as secure because of the secure characteristics from the analog based communication network and serial communication. In this study, first we build DNP communication environment using commercial power control simulator and find some vulnerabilities by testing from the viewpoint of confidentiality, integrity and availability. Consequently, we see the necessity of a valid method for authentication and data encryption when gathering information, even though that is known as secure so far. Discussion of needs of DNP authentication and data encryption is started about several years ago, but there is still nowhere applied that on real environment because the current methods can not fully meet the security requirements of the real environment. This paper suggests a solution to the vulnerabilities, and propose some considerations for enhancing power control system's security level by applying DNP authentication and data encryption.

A Study of the Intelligent Connection of Intrusion prevention System against Hacker Attack (해커의 공격에 대한 지능적 연계 침입방지시스템의 연구)

  • Park Dea-Woo;Lim Seung-In
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.2 s.40
    • /
    • pp.351-360
    • /
    • 2006
  • Proposed security system attacks it, and detect it, and a filter generation, a business to be prompt of interception filtering dates at attack information public information. inner IPS to attack detour setting and a traffic band security, different connection security system, and be attack packet interceptions and service and port interception setting. Exchange new security rule and packet filtering for switch type implementation through dynamic reset memory by real time, and deal with a packet. The attack detection about DDoS, SQL Stammer, Bug bear, Opeserv worm etc. of the 2.5 Gbs which was an attack of a hacker consisted in network performance experiment by real time. Packet by attacks of a hacker was cut off, and ensured the normal inside and external network resources besides the packets which were normal by the results of active renewal.

  • PDF

The Design of SIP-Aware Intrusion prevention System (SIP-Aware 침입방지 시스템 설계)

  • Kim, Jeong-Wook;Kim, Hwan-Kuk;Ko, KyoungHee;Lee, Chang-Yong;Ha, DoYoon;Jeong, HyunCheol
    • Annual Conference of KIPS
    • /
    • 2009.11a
    • /
    • pp.655-656
    • /
    • 2009
  • 인터넷전화는 저렴한 가격과 다양한 서비스를 장점과 번호이동과 같은 정부 정책에 힘입어 급속한 성장을 이루고있다. SIP는 VoIP의 시그널링 프로토콜로서 다양한 부가서비스 제공을 위해 기존의 H.323을 대체하고 있을뿐만 아니라, IMS의 시그널링 제어 프로토콜로 채택되어 향후 SIP기반 응용서비스의 급속한 성장이 예상된다. 하지만 SIP기반 응용서비스는 기존의 IP 망에서 발생되는 보안 위협뿐만 아니라 SIP 특성에 기인한 신규 위협에 의한 피해 사례가 발생하고 있음에도 불구하고, 현재 보안 시스템으로는 이러한 위협에 효과적으로 대응하지 못하고 있다. 본 논문에서는 SIP기반 네트워크 보안 위협에 대해서 설명하고, 이러한 공격을 탐지 및 대응할 수 있는 SIP-Aware 침입방지시스템 설계 및 구조도를 설명한다.

A Study on Living Space with the Internet Information Appliances (인터넷 정보가전을 활용한 주거공간 연구)

  • 전흥수;김주연
    • Korean Institute of Interior Design Journal
    • /
    • no.28
    • /
    • pp.44-50
    • /
    • 2001
  • This study propose the new concept of residence by analyzing the change of residence through the characteristic of popularity and degree of development of technology on home network information appliance for intelligent home. Accordingly, Cyber village represented as home automation and extend to information of society. it encourage need of information and multimedia of home. It expect home information infrastructure for accepting informations, which make smart home to linked home-working home-learning home-treatment. home-shopping and home-banking. The system of intelligent home is the intelligence of human-biology in the side of environmental friendly and multi-function. it distinguish the system of security, controlling system of inside environment, supporting system of house-working, automatic controlling, house working. Future house require to meet demand of young generation, such as small residental space, the multi-functional space, the flexible space, making mood for dual income couple and of single as intelligent home. Accordingly, basic purpose which are pleasantness, the safe and the convenience the mobile multi-function as well as networking with controlling of temperature, security, health-test, home-entertainment, home-office and consider environment together.

  • PDF

The Plan and Tools for Vulnerability Testing in Information Software-Based System

  • Kim, In-Jung;Lee, Young-Gyo;Won, Dong-Ho
    • Journal of Information Processing Systems
    • /
    • v.1 no.1 s.1
    • /
    • pp.75-78
    • /
    • 2005
  • Although many tests for stabilization of the software have been done, vulnerability test for a system run by combination of the software of various products has not been conducted enough. This has led to increased threats and vulnerability of system. Especially, web-based software system, which is public, has inherent possibility of exposure to attacks and is likely to be seriously damaged by an accident. Consequently, comprehensive and systematic test plans and techniques are required. Moreover, it is necessary to establish a procedure for managing and handling the results of vulnerability test. This paper proposes vulnerability test plans and designs for implementing automated tools, both of which can be complied with on web-based software systems.

An Analysis of Vulnerabilities and Performance on the CCTV Security Monitoring and Control (CCTV 보안관제 취약성 및 성능 분석)

  • Seo, Tae-Woong;Lee, Sung-Ryoul;Bae, Byung-Chul;Yoon, E-Joong;Kim, Chang-Soo
    • Journal of Korea Multimedia Society
    • /
    • v.15 no.1
    • /
    • pp.93-100
    • /
    • 2012
  • Recently, the security monitoring and control systems based on spatial information in various field are operated and being developed according to evolve the spatial information technology. Especially, the CCTV monitoring and control system can be used in various field as a typical system. However, the security vulnerability problems have become an issue because the system connected by computer network and getting bigger than before. Therefore we studied security vulnerabilities of CCTV monitoring and control system which is being developed and operated. In addition, it is important to consider disaster and terrorism with unauthorized changes on location information. Therefore we analyzed the performance of observation when the cameras are break down as a result by hacking to CCTV monitoring and control system.

Design and Implementation of a Web Security System using a Chaos Cipher Algorithm (카오스 암호화 알고리즘을 이용한 웹 보안 시스템 설계 및 구현)

  • Lee, Bong-Hwan;Kim, Cheol-Min;Yun, Dong-Won;Chae, Yong-Ung;Kim, Hyeon-Gon
    • The KIPS Transactions:PartC
    • /
    • v.8C no.5
    • /
    • pp.585-596
    • /
    • 2001
  • In this paper, a new stream cipher algorithm based on the chaos theory is proposed and is applied to a Web security system. The Web security system is composed of three parts: certificate authority (CA), Web client, and Web server. The Web client and server system include a secure proxy client (SPC) and a secure management server (SMS), respectively, for data encryption and decryption between them. The certificate is implemented based on X.509 and the RSA public key algorithm is utilized for key creation and distribution to certify both the client and server. Once a connection is established between the client and server, outgoing and incoming data are encrypted and decrypted, respectively, using one of the three cipher algorithms: chaos, SEED, and DES. The proposed chaos algorithm outperforms the other two conventional algorithms in processing time and complexity. Thus, the developed Web security system can be widely used in electronic commerce (EC) and Internet banking.

  • PDF

Design of the homomorphic encryption system for secure data management in the future battlefield environment (미래 전장환경에서 안전한 데이터 관리를 위한 준동형 시스템 설계)

  • Cha, HyunJong;Kim, JinMook;Ryou, HwangBin
    • Convergence Security Journal
    • /
    • v.14 no.2
    • /
    • pp.51-56
    • /
    • 2014
  • Be expressed in network-centric warfare, mainly battlefield environment of the future. The purpose of the system for the war of the future, is to recognize the enemy before the enemy, and rapid decision-making, to hit accurately. For this reason, it is during the construction of the integrated system of C4ISR+PGM. In such an integrated system, it is necessary to further enhance the security aspects of the information. In particular, strengthening of security leads to a decrease of efficiency. Therefore, security and efficiency should be considered together. In this study, we provide a homomorphic encryption system that can be safely managed information environment on the battlefield of the future. The proposed method uses encryption technology of homomorphic that can be the arithmetic operations on encrypted state. It has changed from the state of the encryption. Therefore, the attacker can not know a decent information.

Vulnerability Mitigation System Construction Method Based on ATT&CK in M ilitary Internal Network Environment (국방 네트워크 환경에서 ATT&CK 기반 취약점 완화 체계 구축 방안)

  • Ahn, Gwang Hyun;Lee, Hanhee;Park, Won Hyung;Kang, Ji Won
    • Convergence Security Journal
    • /
    • v.20 no.4
    • /
    • pp.135-141
    • /
    • 2020
  • The Ministry of National Defense is strengthening the power and capacity of cyber operations as cyber protection training is conducted. However, considering the level of enemy cyber attack capability, the level of cyber defense capability of the ministry of national defense is significantly low and the protection measures and response system for responding to cyber threats to military networks are not clearly designed, falling short of the level of cyber security capabilities of the public and private sectors. Therefore, this paper is to investigate and verify the establishment of a military internal network vulnerability mitigation system that applies the intention of attackers, tactics, techniques and procedures information (ATT&CK Framework), identified military internal network main threat information, and military information system security requirements with military specificity as factors that can establish a defense network vulnerability mitigation system by referring to the domestic and foreign cyber security framework It has the advantage of having.