• Title/Summary/Keyword: information security system

Search Result 6,599, Processing Time 0.035 seconds

Advanced protocol against MITM attacks in Industrial Control System (산업제어시스템에서의 MITM 공격을 방어하기 위해 개선된 프로토콜)

  • Ko, Moo-seong;Oh, Sang-kyo;Lee, Kyung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.6
    • /
    • pp.1455-1463
    • /
    • 2015
  • If the industrial control system is infected by malicious worm such as Stuxnet, national disaster could be caused inevitably. Therefore, most of the industrial control system defence is focused on intrusion detection in network to protect against these threats. Conventional method is effective to monitor network traffic and detect anomalous patterns, but normal traffic pattern attacks using MITM technique are difficult to be detected. This study analyzes the PROFINET/DCP protocol and weaknesses with the data collected in real industrial control system. And add the authentication data field to secure the protocol, find out the applicability. Improved protocol may prevent the national disaster and defend against MITM attacks.

A Study on Application Structure for IT Operational Risk in Financial Institute (금융기관의 IT운영리스크 관점에서의 응용프로그램 구조에 관한 연구)

  • Cho, Seong-Cheol;Nam, Cho-Yee;Lee, Kyung-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.4
    • /
    • pp.705-719
    • /
    • 2014
  • Recently the importance of operational risk is gradually increasing in risk management of financial institute. Especially the service interruption caused by system failure can lead to customer complaints, decrease of profit and customer secession. Thus, financial industry makes diverse effort to minimize the impact caused by the system failure of IT application. Common modules are used in IT system in financial industry to exclude redundant development and to use the system efficiently. However, when a failure in common module is occurred, the risk that affects all the tasks using the common module exists. In this study, the damage affected by a failure in application program is prevented separating common module which has a large risk by task in the perspective of IT operational risk. In order to cope with damage, the research on the factors related to common module is conducted and proposes the separating common module standard for decrease of operational risk of the financial IT.

A Study on the Derivation of SME-based Evaluation Items in ISMS-P Authentication Systems (정보보호 및 개인정보보호 관리체계(ISMS-P) 인증 제도에서 중소기업 기반 평가항목 도출에 관한 연구)

  • Park, Hyuk Gyu;Kang, Wan Seok;Shin, Kwang Sung
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.10a
    • /
    • pp.578-579
    • /
    • 2021
  • According to a survey on the infringement of SMEs, the level of technology protection capability is improving every year, but technology leaks and damage continue to occur. This shows that there is a need for a security management and supervision system that can strengthen the security awareness of SME executives and employees and maintain the security level continuously. The Personal Information & Information Security Management System(ISMS-P) authentication systems is the latest related standard, which has the problem of applying the same certification criteria without considering the types of certification target organizations such as ISPs, IDC, hospitals and schools, and SMEs.. In this paper, 73 evaluation items that can be specialized and applied to SMEs were derived by referring to ISMS-P certification and Personal Information Protection Management System (PIMS) certification. The results of the study show that the number of evaluation items decreased by 28.4% compared to the existing ISMS-P certification.

  • PDF

Design and Implementation of a Secure E-Mail System using Elliptic Curve Cryptosystem (타원곡선 암호 시스템을 이용한 보안 메일 시스템의 설계 및 구현)

  • Lee, Won-Goo;Kim, Sung-Jun;Lee, Hee-Gyu;Mun, Ki-Young;Lee, Jae-Kwang
    • Journal of KIISE:Information Networking
    • /
    • v.29 no.4
    • /
    • pp.333-345
    • /
    • 2002
  • As computers and networks become popular, distributing information on the Internet is common in our daily life. Also, the explosion of the Internet, of wireless digital communication and data exchange on Internet has rapidly changed the way we connect with other people. But secure mail is gaining popularity abroad and domestically because of their nature of providing security. That is. It has been used a variety of fields such as general mail and e-mail for advertisement. But, As the data transmitted on network can be easily opened or forged with simple operations. Most of existing e-mail system don't have any security on the transmitted information. Thus, security mail system need to provide security including message encryption, content integrity, message origin authentication, and non-repudiation. In this paper, we design and implement secure mail system with secure key agreement algorithm, non-repudiation service, and encryption capability to provide services for certification of delivery and certification of content as well as the basic security services.

e-Passport Security Technology using Biometric Information Watermarking (바이오정보 워터마킹을 이용한 전자여권 보안기술)

  • Lee, Yong-Joon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.4
    • /
    • pp.115-124
    • /
    • 2011
  • There has been significant research in security technology such as e-passport standards, as e-passports have been introduced internationally. E-passports combine the latest security technologies such as smart card, public key infrastructure, and biometric recognition, so that these technologies can prevent unauthorized copies and counterfeits. Biometric information stored in e-passports is the most sensitive personal information, and it is expected to bring the highest risk of damages in case of its forgery or duplication. The present e-passport standards cannot handle security features that verify whether its biometric information is copied or not. In this paper, we propose an e-passport security technology in which biometric watermarking is used to prevent the copy of biometric information in the e-passport. The proposed method, biometric watermarking, embeds the invisible date of acquisition into the original data during the e-passport issuing process so that the human visual system cannot perceive its invisibly watermarked information. Then the biometric sample, having its unauthorized copy, is retrieved at the moment of reading the e-passport from the issuing database. The previous e-passport security technology placed an emphasis on both access control readers and anti-cloning chip features, and it is expected that the proposed feature, copy protection of biometric information, will be demanded as the cases of biometric recognition to verify personal identity information has increased.

Multiple Eavesdropper-Based Physical Layer Security in SIMO System With Antenna Correlation

  • Sun, Gangcan;Liu, Mengge;Han, Zhuo;Zhao, Chuanyong
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.1
    • /
    • pp.422-436
    • /
    • 2020
  • In this paper, we investigate the impact of antenna correlation on secure transmission in a multi-eavesdropper single-input multiple-output (SIMO) system, where the receiver and eavesdroppers are equipped with correlated antennas. Based on the practical passive eavesdropping system, the new closed-form expressions of secrecy outage probability (SOP) and non-zero secrecy capacity probability are derived to explore the effect of antenna correlation on the system with multiple eavesdroppers. To further analyze the secrecy performance of the investigated system, we theoretically derive the expression of asymptotic SOP to clearly show the diversity order and array gain. Finally, Monte Carlo simulations verify the effectiveness of our theoretical results.

A Study on Enterprise Security Management System with Pre-Forensic policy (Pre-Forensic 정책을 도입한 통합보안관리시스템 연구)

  • Choi, Dae-Soo;Lee, Yong-Kyun;Kim, Sung-Rak
    • Annual Conference of KIPS
    • /
    • 2005.05a
    • /
    • pp.1169-1172
    • /
    • 2005
  • 컴퓨터 포렌식절차에서 증거물 획득은 중요한 부분이다. 컴퓨터 포렌식의 여러 원칙 중 신속성의 원칙은 휘발성 정보의 획득유무와 관계가 있다. 기존 통합보안관리시스템(ESM: Enterprise Security Management) 은 보안이벤트중심으로 정보를 수집한다. 컴퓨터 포렌식에서 중요한 휘발성 시스템 포렌식 정보와 네트웍 포렌식 정보는 수집하지 않는다. 본 논문에서는 통합보안관리시스템에 Pre-Forensic 정책을 도입하여 기존 보안경보기능에 포렌식 데이터 수집 대응방안을 추가한 새로운 통합 보안관리시스템 모델을 제안한다. 제안 시스템은 무결성이 보장되는 많은 증거를 수집할 수 있으며 향상된 컴퓨터 포렌식 증거물 획득 방법을 제시한다.

  • PDF

Design and Implementation of Certificate Revocation List Acquisition Method for Security of Vehicular Communications

  • Kim, Hyun-Gon
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37 no.7C
    • /
    • pp.584-591
    • /
    • 2012
  • Distributing a Certificate Revocation List (CRL) quickly to all vehicles in the system requires a very large number of road side units (RSUs) to be deployed. In reality, initial deployment stage of vehicle networks would be characterized by limited infrastructure as a result in very limited vehicle to infrastructure communication. However, every vehicle wants the most recent CRLs to protect itself from malicious users and malfunctioning equipments, as well as to increase the overall security of the vehicle networks. To address this challenge, we design and implement a nomadic device based CRL acquisition method using nomadic device's communication capability with cellular networks. When a vehicle could not directly communicate with nearby RSUs, the nomadic device acts as a security mediator to perform vehicle's security functions continuously through cellular networks. Therefore, even if RSUs are not deployed or sparsely deployed, vehicle's security threats could be minimized by receiving the most recent CRLs in a reasonable time.

A Development of Management System of Malware Group and Variant Information (악성코드 그룹 및 변종 관리 시스템 개발)

  • Kang, Hong-Koo;Ji, Seung-Goo;Jeong, Hyun-Cheol
    • Annual Conference of KIPS
    • /
    • 2011.04a
    • /
    • pp.879-882
    • /
    • 2011
  • 최근 변종 악성코드가 크게 증가하고 하나 이상의 악성코드로 이루어진 그룹 형태의 악성코드들이 빠르게 유포되고 있다. 이러한 그룹 형태의 악성코드와 변종 악성코드에 대한 효과적인 대응을 위해서는 악성코드 그룹 및 변종을 관리하고 안티바이러스 업체와 정보를 공유할 수 있는 시스템이 필요하다. 본 논문에서는 대용량 악성코드 분석 정보로부터 악성코드 그룹 및 변종 정보를 효율적으로 관리하고 공유하는 시스템을 제안하다. 악성코드 그룹 정보는 악성코드 행위를 기반으로 연계된 악성코드 정보들로 생성되고, 악성코드 변종 정보는 CFG 분석을 통한 악성코드간 유사도 정보로 생성된다. 본 논문에서 제안하는 시스템은 악성코드 그룹 및 변종 정보를 쉽게 검색하고 공유할 수 있기 때문에 다양한 악성코드 대응 시스템과 쉽게 연계될 수 있는 장점을 가지고 있다.

Graduates' Progression Tracking System

  • Amjad Althubiti;Razan Alharthi;Rneem Alqarni;Haya Alharthi;Fawziah Alzahrani;Shahad Alotaibi;Mona Al-Qahtaniy;Mrim Alnfiai
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.6
    • /
    • pp.119-130
    • /
    • 2024
  • Universities are open systems that aim to prepare students to meet academic and industrial programs' expectations. It is important for universities to recognize these expectations and to make sure that they are achievable. To do so, graduates' progression tracking system is an essential tool for universities' development to ensure graduate students meet the market requirements. The purpose of this paper is to create automatic tracing system that captures information about students after graduation and creates annual report that represents the status of university students in term of employment or completing their study. It mainly assists graduates to find appropriate jobs that meet their desires or enabling them to complete their higher education by providing all these opportunities in one platform. The system main objective is to improve communication between graduate students, the university and companies. It also aims to identify the difficulties associated with graduate employability and changes are required to serve current students in term of creating new programs or activities. This helps universities to identify and address the existing curriculums and program's strengths and weaknesses and their adequacy, quality and competencies of a graduate in the labor market, which enhances the quality of higher education. we analyzed and implemented the tracing system using PHP language, which speeds up custom web application development and MySQL database, which guarantee data security, high performance, and other features. Graduate students found the proposed system usable and valuable.