• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.039 seconds

Development and Evaluation of Key Recovery System for Secure Recovery of Cryptographic Files in PC (PC상의 암호파일의 안전한 복구를 위한 키복구 시스템의 개발 및 평가)

  • 장수진;고정호;이강수
    • The Journal of Society for e-Business Studies
    • /
    • v.7 no.1
    • /
    • pp.167-186
    • /
    • 2002
  • The encryption of a file on a PC before saving can maintain security of the file. However, if the key for the encrypted file is lost or damaged, the encrypted file can not be decrypted, resulting in serious economical loss to the user or the user group. In order to minimize the economical loss a secure and reliable key recovery technology is required. Presented in this paper is the development and evaluation of PKRS (PC based Key Recovery System) which supports encryption and decryption of file and recovery of the encrypted file in emergency. The encapsulating method, which attaches key recovery information to encrypted file, is applied to the PKRS. In addition, the PKRS is developed and evaluated according to the requirements of Requirements for Key Recovery Products proposed by NIST and requirements of Common Criteria 2.0 to prove the safety and reliability of the information security system. This system is applicable to a PC and can be further extended to internet or intranet environment information system where in encryption and recovery of file is possible.

  • PDF

A Scheme for Protecting Security Rules in Intrusion Detection System (침입 탐지 시스템을 위한 효율적인 룰 보호 기법)

  • 손재민;김현성;부기동
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.8 no.4
    • /
    • pp.8-16
    • /
    • 2003
  • This paper moses a method to solve the weakness in Snort, the network based intrusion detection system. Snort which is the rule-based intrusion detection system dose not supports a protection method for their own rules which are signatures to detect intrusions. Therefore the purpose of this paper is to provide a scheme for protecting rules. The system with the proposed scheme could support integrity and confidentiality to the rules.

  • PDF

A Study on Enhancing Security Management of IT Outsourcing for Information System Establishment and Operation (정보시스템 구축·운영을 위한 IT 외주용역기반 보안관리 강화에 관한 연구)

  • Lee, Eun-Sub;Kim, Sin-Ryeong;Kim, Young-Kon
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.17 no.4
    • /
    • pp.27-34
    • /
    • 2017
  • In recent years, major security data such as research data and confidential documents have been leaked to the outside due to the carelessness of the companies and research institutes performing IT related services such as information technology projects and research and development of financial institutions, companies and public institutions is. Leakage cases are caused by leakage of personal information due to lack of security management of information system maintenance companies, such as unauthorized leakage or storage of related materials in outsourcing service process. In this paper, we analyzed the types and management status of service business through the environmental survey of corporate informatization business and analyzed the problems in development and maintenance using external service companies. Furthermore, in this paper, we provide an information system service that focuses on the business activities based on the items considered, and at the same time, it provides the informatization service for companies that can prevent infiltration of viruses and hacking from the outside. This paper presents a methodology for enhancing security for the system construction.

A Study of 4G Network for Security System

  • Kim, Suk-jin;Lee, Hyangran;Lee, Malrey
    • International Journal of Advanced Culture Technology
    • /
    • v.3 no.2
    • /
    • pp.77-86
    • /
    • 2015
  • In this paper there is an overview of some standards and security models which are implemented in such an IP-based and heterogeneous networks and we also present some security models in an open environment and finally we obtain that as a result of the nature of 4G networks there are still more security holes and open issues for expert to notice. Our survey shows that a number of new security threats to cause unexpected service interruption and disclosure of information will be possible in 4G due mainly to the fact that 4G is an IP-based, heterogeneous network. Other than that, it tells about the security issues and vulnerabilities present in the above 4G standards are discussed. Finally, we point to potential areas for future vulnerabilities and evaluate areas in 4G security which warrant attention and future work by the research and advanced technology industry.

Research on Secure Card-Payment System of Social Commerce (안전한 소셜커머스 카드결제 시스템에 관한 연구)

  • Heo, Wonseok;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.6
    • /
    • pp.1337-1344
    • /
    • 2012
  • This paper analyzed electronic transaction systems of social commerce service which have rapidly grown recent days, and as a result found that most of the electronic transaction systems of social commerce service had payment amount modification issue. This paper proposes a method for solving the payment amount modification issue. The proposed method adds an authentication process between servers of social commerce service provider and payment-gateway company. The added authentication process prohibits user getting involved in payment procedure, and thus prevents payment amount modification.

Anonymized Network Monitoring for Intrusion Detection Systems

  • Srinivas, DB;Mohan, Sagar
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.7
    • /
    • pp.191-198
    • /
    • 2022
  • With the ever-increasing frequency of public sector and smalls-cale industries going live on the internet in developing countries, their security of which, while crucial, is often overlooked in most cases. This is especially true in Government services, whilst essential, are poorly monitored if at all. This is due to lack of funds and personnel. Most available software which can help these organizations monitor their services are either expensive or very outdated. Thus, there is a need for any developing country to develop a networking monitoring system. However, developing a network monitoring system is still a challenge and expensive and out sourcing network monitoring system to third party is a security threat. Therefore, in this article we propose a method to anonymize network logs and outsource networking monitoring system to third-party without breach in integrity of their network logs.

Implementation of a Secure VoIP System based on SIP (SIP 기반의 VoIP 보안 시스템 구현)

  • Choi, Jae-Deok;Jung, Tae-Woon;Jung, Sou-Hwan;Kim, Young-Han
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.9B
    • /
    • pp.799-807
    • /
    • 2004
  • In this paper, a security mechanism for a VoIP system based on SIP was implemented. This was satisfied sec security requirement of RFC 3261. The SIP standard proposes a HTTP digest authentication for user authentication mechanism, TLS for hop-by-hop security and S/MIME for end-to-end security. SRTP draft was implemented for media security. We also analyzed security of proposed SIP standard.

The ISDF Framework: Towards Secure Software Development

  • Alkussayer, Abdulaziz;Allen, William H.
    • Journal of Information Processing Systems
    • /
    • v.6 no.1
    • /
    • pp.91-106
    • /
    • 2010
  • The rapid growth of communication and globalization has changed the software engineering process. Security has become a crucial component of any software system. However, software developers often lack the knowledge and skills needed to develop secure software. Clearly, the creation of secure software requires more than simply mandating the use of a secure software development lifecycle; the components produced by each stage of the lifecycle must be correctly implemented for the resulting system to achieve its intended goals. This study demonstrates that a more effective approach to the development of secure software can result from the integration of carefully selected security patterns into appropriate stages of the software development lifecycle to ensure that security designs are correctly implemented. The goal of this study is to provide developers with an Integrated Security Development Framework (ISDF) that can assist them in building more secure software.

Development of a Smart Oriental Medical System Using Security Functions

  • Hong, YouSik;Yoon, Eun-Jun;Heo, Nojeong;Kim, Eun-Ju;Bae, Youngchul
    • International Journal of Fuzzy Logic and Intelligent Systems
    • /
    • v.14 no.4
    • /
    • pp.268-275
    • /
    • 2014
  • In future, hospitals are expected to automatically issue remote transcriptions. Many general hospitals are planning to encrypt their medical database to secure personal information as mandated by law. The electronic medical record system, picture archiving communication system, and the clinical data warehouse, amongst others, are the preferred targets for which stronger security is planned. In the near future, medical systems can be assumed to be automated and connected to remote locations, such as rural areas, and islands. Connecting patients who are in remote locations to medical complexes that are usually based in larger cities requires not only automatic processing, but also a certain amount of security in terms of medical data that is of a sensitive and critical nature. Unauthorized access to patients' transcription data could result in the data being modified, with possible lethal results. Hence, personal and sensitive data on telemedicine and medical information systems should be encrypted to protect patients from these risks. Login passwords, personal identification information, and biological information should similarly be protected in a systematic way. This paper proposes the use of electronic acupuncture with a built-in multi-pad, which has the advantage of being able to establish a patient's physical condition, while simultaneously treating the patient with acupuncture. This system implements a sensing pad, amplifier, a small signal drive circuit, and a digital signal processing system, while the use of a built-in fuzzy technique and a control algorithm have been proposed for performing analyses.

A Study on the Costs Factors of an being additional Budget by the Security System (보안시스템으로 인해 추가되는 예산 외 비용의 요인에 관한 연구)

  • Jeon, Jeong-Hoon
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.36 no.12B
    • /
    • pp.1481-1488
    • /
    • 2011
  • Recently, Hacking Attacks are appearing as a various Attack techniques with evolution of the Network. and most of the network through a Various Security Systems are responding to an attack. In addition, it should be placed adding the Security Systems to protect the Internal Network's Information assets from External attacks. But, The use of Security Systems inside the network makes a significant impact on Security and Performance, as well as a result causes Economic Additional Costs. Therefore, In this paper, it will be to analyze by associated a case study and experimental results about the Additional Costs Factors(Variable situations difficult to predict and Information Security Recognition levels, Security Systems, Information Asset Assessment). This is expected to serve as a valuable Information for the Reduction of an Costs in a Network deployment and Design in a future.