• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.032 seconds

Open Based Network Security System Architecture (개방형 네트워크 보안 시스템 구조)

  • Kim, Chang-Su;Jung, Hoe-Kyung
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.12 no.4
    • /
    • pp.643-650
    • /
    • 2008
  • If existing system need to expand security part, the security was established after paying much cost, processing of complicated installation and being patient with inconvenience at user's view because of closed structure. In this thesis, those defects could be overcome by using open security tools and constructing security server, which is firewall of 'bastion' form including proxy server, certification server and so on. Also each security object host comes to decide acceptance or denial where each packet comes from, then determines security level each hosts. Precisely it is possible choosing the packets from bastion host or following at the other policies. Although an intruder enter into inside directly, it is constructed safely because encryption algorithm is applied at communication with security object host. This thesis suggests more flexible, independent and open security system, which improves existing security through systematic linkage between system security and network security.

The Evaluation-based CBR Model for Security Risk Analysis (보안위험분석을 위한 평가기반 CBR모델)

  • Bang, Young-Hwan;Lee, Gang-Soo
    • Journal of KIISE:Computer Systems and Theory
    • /
    • v.34 no.7
    • /
    • pp.282-287
    • /
    • 2007
  • Information society is dramatically developing in the various areas of finance, trade, medical service, energy, and education using information system. Evaluation for risk analysis should be done before security management for information system and security risk analysis is the best method to safely prevent it from occurrence, solving weaknesses of information security service. In this paper, Modeling it did the evaluation-base CBD function it will be able to establish the evaluation plan of optimum. Evaluation-based CBD(case-based reasoning) functions manages a security risk analysis evaluation at project unit. it evaluate the evaluation instance for beginning of history degree of existing. It seeks the evaluation instance which is similar and Result security risk analysis evaluation of optimum about under using planning.

A Security Model for Duplication Resistant eSeal (복제 공격 저항성을 갖는 전자봉인 보안 모델)

  • Kim, Joo-Hae;Choi, Eun-Young;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.5
    • /
    • pp.111-116
    • /
    • 2007
  • An eSeal(Electrical Seal) is an active RFID device which installed on the door of a container. The main role of the tag is to make sure the seal is not breaking by unauthorized people. Because an eSeal uses RFID system, we need to prevent eavesdrop and impersonate. Moreover, an eSeal which uses a secure protocol must not be able to duplicate. If duplication resistant property is not provide to a eSeal, an attacker may replace a object in the sealed container and reseal the container with duplicated eseal to hide breaking of the eSeal. In this paper, we provide a protocol which resist duplicate an eSeal during prevent eavesdrop and impersonation.

A Research on the improvement of domestic IoT security certification system (국내 IoT 보안인증 제도 개선 연구)

  • Lee, Yongpil;Suh, YungJin;Lee, SangGeol
    • Convergence Security Journal
    • /
    • v.21 no.1
    • /
    • pp.79-92
    • /
    • 2021
  • In a society where ICT technology is converged, the use of various network-connected devices such as IoT is spreading. Network-connected devices are inevitably exposed to the threat of hacking such as information leakage, and countermeasures need to be prepared to respond. Security certification system for IoT devices has been introduced to promote security of IoT products, and for this purpose, legalization and standardization of certification standards and methods are in progress. In line with this, in Korea, as the Information and Communication Network Act was revised in 2020, ICT convergence devices connected to the network were newly defined as "information and communication network connected devices," and the basis for the security certification system is being established. We summarized related domestic and foreign trends and suggest specific considerations for implementing the security certification system for IoT devices in South Korea.

Automated Smudge Attacks Based on Machine Learning and Security Analysis of Pattern Lock Systems (기계 학습 기반의 자동화된 스머지 공격과 패턴 락 시스템 안전성 분석)

  • Jung, Sungmi;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.4
    • /
    • pp.903-910
    • /
    • 2016
  • As smart mobile devices having touchscreens are growingly deployed, a pattern lock system, which is one of the graphical password systems, has become a major authentication mechanism. However, a user's unlocking behaviour leaves smudges on a touchscreen and they are vulnerable to the so-called smudge attacks. Smudges can help an adversary guess a secret pattern correctly. Several advanced pattern lock systems, such as TinyLock, have been developed to resist the smudge attacks. In this paper, we study an automated smudge attack that employs machine learning techniques and its effectiveness in comparison to the human-only smudge attacks. We also compare Android pattern lock and TinyLock schemes in terms of security. Our study shows that the automated smudge attacks are significantly advanced to the human-only attacks with regard to a success ratio, and though the TinyLock system is more secure than the Android pattern lock system.

QR Code Based Mobile Dual Transmission OTP System (QR 코드를 이용한 모바일 이중 전송 OTP 시스템)

  • Seo, Se Hyeon;Choi, Chang Yeol;Lee, Goo Yeon;Choi, Hwang Kyu
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.38B no.5
    • /
    • pp.377-384
    • /
    • 2013
  • In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.

Analysis of Improving Requirement on Military Security Regulations for Future Command Control System (미래 지휘통제체계를 위한 보안 규정 개선 요구사항 분석)

  • Kang, Jiwon;Moon, Jae Woong;Lee, Sang Hoon
    • Convergence Security Journal
    • /
    • v.20 no.1
    • /
    • pp.69-75
    • /
    • 2020
  • The command control system, like the human brain and nervous system, is a linker that connects the Precision Guided Missile(PGR) in information surveillance and reconnaissance (ISR) and is the center of combat power. In establishing the future command and control system, the ROK military should consider not only technical but also institutional issues. The US Department of Defense establishes security policies, refines them, and organizes them into architectural documents prior to the development of the command and control system. This study examines the security architecture applied to the US military command control system and analyzes the current ROK military-related policies (regulations) to identify security requirements for the future control system. By grouping the identified security requirements, this study identifies and presents field-specific enhancements to existing security regulations.

A Study on the influence of firm's Information Security Activities on the Information Security Compliance Intention of Employees (기업의 정보보안 활동이 구성원의 정보보안 준수의도에 미치는 영향 연구)

  • Jung, Jaewon;Lee, Jung-hoon;Kim, Chae-ri
    • Convergence Security Journal
    • /
    • v.16 no.7
    • /
    • pp.51-59
    • /
    • 2016
  • An internal and external threat against an information system has increased, and to reduce it, organization has spent a great deal of money and manpower. However, in spite of such investment, security threat and trouble have happened continuously. Organization has conducted information security activity through various policies. The study classified such activities into prevention-oriented activity and control-oriented activity, and researched how information security activity of organization affects members of an organization and obeys information security policy by using health belief model. As a result of the study, prevention-oriented activity has a meaningful impact on seriousness, and this seriousness affects compliance intention for information security. Control-oriented activity has a meaningful impact on benefits, and the benefits have an effect on compliance intention. When an organization conducts prior activities such as education, PR, and monitoring, this organization should emphasize negative results that can happened because of deviation. In addition, in case of exposure and punishment through post activities such as inspection and punishment, if the organization emphasizes the positive effects of exposure and punishment rather than emphasis of negative parts, information security activity will be more effective.

Proposed RASS Security Assessment Model to Improve Enterprise Security (기업 보안 향상을 위한 RASS 보안 평가 모델 제안)

  • Kim, Ju-won;Kim, Jong-min
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.05a
    • /
    • pp.635-637
    • /
    • 2021
  • Cybersecurity assessment is the process of assessing the risk level of a system through threat and vulnerability analysis to take appropriate security measures. Accurate security evaluation models are needed to prepare for the recent increase in cyberattacks and the ever-developing intelligent security threats. Therefore, we present a risk assessment model through a matrix-based security assessment model analysis that scores by assigning weights across security equipment, intervals, and vulnerabilities. The factors necessary for cybersecurity evaluation can be simplified and evaluated according to the corporate environment. It is expected that the evaluation will be more appropriate for the enterprise environment through evaluation by security equipment, which will help the cyber security evaluation research in the future.

  • PDF

A Study on the development of metrics for security evaluation of secondary schools (중등학교의 보안성 평가를 위한 지표 개발에 관한 연구)

  • 고진홍;안성진
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.145-151
    • /
    • 2004
  • School Networks environment is implemented in many schools to support educational activities for networking resources required in teaching-teaming activities with government initiative. On the other hand, the open system in school which are used in internet in internet do considerable damage committed by intruder and cracker to the preservation of computer data and system due to second schools security state. Therefore this study is to present assortment in information resources of schools, security items and problem. finally, we give the effective and systematic metrics of estimates for security of secondary schools in information resources parts.

  • PDF