• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.346-349
• /
• 2014

Currently, the growing cyber threat continues, the damage caused by the evolution of malicious code incidents become more bigger. Such advanced attacks as APT using 'zero-day vulnerability' bring easy way to steal sensitive data or personal information. However it has a lot of limitation that the traditional ways of defense like 'access control' with blocking of application ports or signature base detection mechanism. This study is suggesting a way of controlling application activities focusing on keeping integrity of applications, authorization to running programs and changes of files of operating system by hardening of legitimate resources and programs based on 'white-listing' technology which analysis applications' behavior and its usage.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.257-260
• /
• 2014

Digital Forensics in the event of an accident, the system restore files and the only way to find evidence KT Website hacking happening now, credit card companies, and leakage of personal information by three recent spills occurred, such as Skin Food Home Up Customer Information hackers to find these crimes only means as well. This study attempted to bypass the KT website hacking attacks utilizing automated programs hacking programs, and if you try to experiment on whether any information has been disclosed and if so what home attacked forensics evidence for hackers to locate the can make a report is described.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.201-202
• /
• 2014

In this paper, we research on domestic or international hacking cases that could damage us mentally or financially. Seventy five percent of Web-site attacks abuses weak points of application programs, or software. We also research on major issues related to software development security with these demerits.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.135-140
• /
• 2010

The computation using Chinese Remainder Theorem in RSA cryptosystem is well suited in the digital signature or decryption processing due to its low computational load compared to the case of general RSA without CRT. Since the RSA-CRT algorithm is vulnerable to many fault insertion attacks, some countermeasures against them were proposed. Among several countermeasures, Yen et al. proposed two schemes based on fault propagation method. Unfortunately, a new vulnerability was founded in FDTC 2006 conference. To improve the original schemes, Kim et al. recently proposed a new countermeasure in which they adopt the AND operation for fault propagation. In this paper, we show that the proposed scheme using AND operation without checking procedure is also vulnerable to fault insertion attack with chosen messages.

• Journal of the Korea Society for Simulation
• /
• v.19 no.3
• /
• pp.99-108
• /
• 2010

The main contents of this paper is to develope effective measures for Internet Web service attack, classifying vulnerability of Web Service by network layer and host unit and researching classification method by attack range of type of services. Using this paper, we can accumulate analyzed Web service attack information which is key information of promote Web security strengthening business, and basis of relevant security research for detect and response Web site attack which can contribute to activation information security industry.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.1001-1004
• /
• 2011

Denial of Service (DoS) 공격은 현재 심각한 국가적 보안 문제로 떠오르고 있다. DoS 란, 많은양의 네트워크 트래픽을 발생시켜 속도를 매우 느리게 만들거나, 가용 자원을 고갈시켜 사용자에게 서비스를 정상적으로 제공하지 못하도록 만드는 공격이다. 그 중에서 Distributed Denial of Service (DDoS)는 네트워크에 분산된 컴퓨터들을 감염시켜 공격에 사용하기 때문에 더 위험하다. DDoS 종류 중 한가지인 Smurf Attack 은 ICMP ECHO 와 IP 브로드캐스트를 이용하여 많은 양의 트래픽을 발생시킨다. 본 논문에서는 Smurf Attack 에 쓰이는 ICMP ECHO REQUEST 패킷을 조각화시켜서 전송할 시, 피해자에게 전송되는 패킷의 숫자가 기존 방법보다 증가하고 피해자 컴퓨터의 IP 스택에서 발생하는 취약점을 도출하고 그로 인한 피해를 분석하였다. 끝으로 ICMP ECHO 패킷의 조각화를 방지하기 위한 방안을 제시하였다.

• International Journal of Advanced Culture Technology
• /
• v.12 no.2
• /
• pp.249-257
• /
• 2024

This study analyzes the current status and prospects of Iran's air defense network, focusing on the Russian-made S-300 system, and derives implications for the development of South Korea's air defense network. Iran's air defense network exhibits strengths such as long-range detection and interception capabilities, multi-target processing, high-altitude interception, and electronic warfare response. However, it also reveals weaknesses, including lack of mobility, difficulty in detecting low-altitude targets, obsolescence, training level of operating personnel, and vulnerability to electronic warfare. Real-world cases confirm these weaknesses, making the system susceptible to enemy evasion tactics, swarm drone attacks, and electronic warfare. Drawing from Iran's case, South Korea should establish a multi-layered defense system, strengthen low-altitude air defense and electronic warfare capabilities, foster the domestic defense industry for technological self-reliance, and enhance international cooperation. By addressing these aspects, South Korea can establish a robust air defense network and firmly protect its national security. Future research should aim to secure and analyze materials from the Iranian perspective for a more objective evaluation of Iran's air defense network and continuously track Iran's efforts to improve its air defense network and the trend of strengthening drone forces to predict changes in the Middle East security situation.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.7
• /
• pp.4884-4890
• /
• 2015

These days most of people possesses an average of one to two mobile devices in the world and a wireless network market is gradually expanding. Wi-Fi preference are increasing in accordance with the use growth of mobile devices. A number of areas such as public agencies, health care, education, learning, and content, manufacturing, retail create new values based on Wi-Fi, and the global network is built and provides complex services. However, There exist some attacks and vulnerabilities like wireless radio device identifier vulnerability, illegal use of network resources through the MAC forgery, wireless authentication key cracking, unauthorized AP / devices attack in the next generation radio network environment. In addition, advanced security technology research, such as authentication Advancement and high-speed secure connection is not nearly progress. Therefore, this paper designed a secure communication system for message protection in next-generation wireless network environments by device identification and, designing content classification and storage protocols. The proposed protocol analyzed safeties with respect to the occurring vulnerability and the securities by comparing and analyzing the existing password techniques in the existing wireless network environment. It is slower 0.72 times than existing cypher system, WPA2-PSK, but enforces the stability in security side.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.05a
• /
• pp.667-671
• /
• 2001

The Instant Messenger(IM) is the most popular personal communication tool today. IM is a tool that can substitute E-mail for a person, and can secure the user for a company. Further, it is claimed as it has a limitless potential. However, there has been several reports on security issues. It has known that the transmitting message is not secured for the attacks, and hacking tools has been developed. In addition, several reports has been made regards to the vulnerability. In other words, anyone can been through and manipulate the messages that are sent or received via IM. This is a barrier for the IM to be developed as a corporate's strategic tool, and furthermore, it will create serious personal privacy issue. IETF IMPP Working Group is preparing a standard mutual relationship between IM. However, it is complicated due to the American On-Lines's absence, whom has ensured the most number of IM users. There was a discussion only about the form of the transmitting data, but it is insufficient state to discuss the security service for general. In this paper, I design and implement the Secure Instant Messaging System, to solve the IM's vulnerability and the security issue presented above.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.5 no.2
• /
• pp.357-364
• /
• 2001

The Instant Messenger(IM) is the most popular personal communication tool today. IM is a tool that can substitute E-mail for a person, and can secure the user for a company. Further, it is claimed as it has a limitless potential. However, there has been several reports on security issues. It has known that the transmitting message is not secured for the attacks, and hacking tools has been developed. In addition, several reports has been made regards to the vulnerability. In other words, anyone can peep through and manipulate the messages that are sent or received via IM. This is a barrier for the IM to be developed as a corporate's strategic tool, and furthermore, it will create serious personal privacy issue. IETF IMPP Working (:roup is preparing a standard mutual relationship between IM. However, it is complicated due to the American On-Lines's absence, whom has ensured the most number of IM users. There was a discussion only about the form of the transmitting data, but it is insufficient state to discuss the security service for general. In this paper, 1 design and implement the Secure Instant Messaging System, to solve the IM's vulnerability and the security issue presented above.