• Review of KIISC
• /
• v.17 no.3
• /
• pp.41-48
• /
• 2007

미래 정보사회로 의미가 확대된 유비쿼터스 환경은 글로벌 컴퓨팅 환경에 기반한 유비쿼터스 인프라에서의 최적 보안 서비스 제공을 위한 지속적인 정보보호 기술이 요구되고 있다. 이와 같이 보안 서비스는 사용자에게 유비쿼터스 사회에서의 안전성, 신뢰성, 건전성을 제공하기 위한 다양한 수단을 포괄하는 개념으로, 개인의 프라이버시 침해 및 컨텍스트의 무분별한 사용이라는 문제점에 대응할 수 있어야 한다. 현재의 ID/Password를 사용한 인증 단계에서 발생되는 여러 문제들에 대한 대응 방안으로 OTP(One Time Password)가 부각되고 있다. OTP는 다양한 어플리케이션으로의 적용 및 유연한 사용자 권한 설정이 가능한 장점을 통해 다른 사용자 인증 방식에 비해 유비쿼터스 환경으로의 효율적인 적용이 가능하다. 하지만 OTP에 대한 인식의 부족 및 사용자 인증에 대한 중요성 인지 미흡으로 인하여 OTP 활용을 위한 시스템과 구조 연구가 부족하고, 제한적인 서비스에 OTP가 활용되고 있다. 본 논문에서는 사용자를 위한 보안 서비스를 제공하고자 유비쿼터스 환경에서의 보안 요소 강화를 위한 OTP의 보안 요구사항을 분석하고, OTP를 이용한 다양한 적응 방안을 고려한다. 이와 같은 연구를 통해 OTP의 효율적 관리 방안과 다양한 서비스 및 환경에서의 적용 방안 연구를 통하여, 기존 인증 방식보다 보안성이 강화된 인증 체계의 구현과 다양한 보안 서비스 제공이 가능할 것으로 기대 된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1231-1238
• /
• 2013

In the background of rapidly increasing domestic cloud service demand, worries about security and privacy incidents can hinder the promotion of cloud service industry. Thus, it is crucial that the independent 3rd party assures the reliability for using the cloud service. This paper compares several external and internal cloud service certification cases, for example CSA certification, FedRAMP certification, KCSA certification, and concludes that insufficient security and privacy controls are prevailing. As a consequence, several enhanced countermeasures by using ISO/IEC 27017, KISA's ISMS considering manageability and expertise are proposed in the cloud service certification system.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.123-132
• /
• 2019

Rapid developments of IT technology has been creating new security threats. There have been more attacks to get patients' sensitive personal information, targeting medical institutions that are relatively insufficient to prevent and defend against such attacks. Although the government has required senior general hospitals to get the ISMS certification since 2016, such a requirement has been burdensome for small and medium-sized medical institutions. Therefore, this study was designed to draw measures to identify and improve the privacy status of the medical institution by dividing it into management, physical and cyber areas for small and medium-sized medical institutions. The results of this study showed that the government should provide financial support and managerial supervision for the improvement of personal information protection of small and medium-sized medical institutions. They also suggested that the government should also provide medical security specialists, continuous medical security education, disaster planning, reduction of medical information management regulations not suitable for small and medium sized institutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.195-208
• /
• 2010

As information communication technologies have highly advanced, a large amount of user sensitive information can be easily collected and unexpectedly distributed. For user-friendly services, a service provider requires and processes more user information. However known privacy protection models take on a passive attitude toward user information protection and often involve serious weaknesses. In reality, information exposure by unauthorised access and mistakenly disclosure occurs frequently. In this paper, we study on the applicability of anonymous authentication services for fine-grained user privacy protection. We analyze authentication schemes and classify them according to the level of privacy newly defined in this paper. In addition, we identify security requirements that a privacy protection scheme based on anonymous authentication can achieve within legal boundary.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06d
• /
• pp.44-46
• /
• 2012

예방접종은 예방접종 대상 감염병 예방을 위해 가장 효과적인 보건학적 수단으로 예방접종 기록의 체계적 관리는 개인의 건강보호 및 국가 감염병예방을 위해 매우 중요하다. 이를 위해 질병관리본부는 2002년부터 8개년 국가정보화사업으로 '예방접종등록관리 정보시스템'을 구축하여 연간 1천 4백만 건의 예방접종 내역을 전산등록하고 있다. 최근 스마트폰의 보급 확산과 사용자 증가에 착안하여 전산 등록된 예방접종기록의 활용방안과 함께 예방접종 서비스 질 향상과 함께 적기 접종률 향상을 위해 개인별 예방접종 정보제공 방안이 필요함에 따라 2011년 예방접종도우미 모바일 서비스를 개발하여 제공하게 되었다.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.107-113
• /
• 2019

Data security is the planning, implementation and implementation of security policies and procedures for the proper audit and authorization of access to and use of data and information assets. In addition, data serviced through internal / external networks, servers, applications, etc. are the core objects of information protection and can be said to focus on the protection of data stored in DB and DB in the category of information security of database and data. This study is a preliminary study to design a proper Data Security Management System (DSMS) model based on the data security certification system and the US Federal Security Management Act (FISMA). And we study the major security certification systems such as ISO27001 and NIST's Cybersecurity Framework, and also study the state of implementation in the data security manager solution that is currently implemented as a security platform for preventing personal data leakage and strengthening corporate security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.119-130
• /
• 2009

Korea ranked 2nd in the UN Global e-Participation Index and ranked number one as the leader in e-Government for the third consecutive year. However, Korea ranked 51 in the level of information security published by WEF(World Economic Forum), relatively a low level comparing with its great number of users and excellent environments for the Internet service. A series of critical hacking accidents such as the information leak at Auction and GS Caltex emerged consecutively in 2008 year, resulting in the leak of personal & critical information. This led to a strong interest in the necessity and importance of information security and personal information so that demand for IT security is growing fast. In this paper, we survey to benchmark information security in the perspective of service level, system, investment and policy about major foreign countries. Then we research on an effective way to make the most of the benchmark result to Korea e-Government. In addition, the purpose of this paper is to improve national information security index by developing a policy for ISO 27001 ISMS, an international standard for Information Security Management System, and elevate safety and security of the e-Government serviced by central administrative organizations and local authorities.

• Journal of Platform Technology
• /
• v.9 no.4
• /
• pp.32-41
• /
• 2021

The EU enacted a law strongly regulating the GDPR to protect the privacy of its citizens on 25 May 2018. Compliance with GDPR is an essential prerequisite for companies to enter the European market in the global economic era. In this paper, Step-by-step measures have been defined to conclude DPA agreements for the appropriate level of protection against EU personal data transfer. To explore the benefits and expected effects of determining appropriateness at the government level. As a result, enterprises benefit from simplifying processes, reducing time, and reducing costs when entering the EU. Government-level support in response to personal data breach and communication with the EU Commission will have a positive impact, However, even after the adequacy decision, the entity continues to need activities to secure personal data through compliance with GDPR principles and obligations. Major operations of companies that comply with GDPR are also maintained as important tasks that must be observed in most cases except for the Data Protection Agreement.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.7
• /
• pp.57-64
• /
• 2022

In this paper, the definition and overview of digital health care that has emerged recently, core technology, and We would like to propose a plan to establish a next-generation information protection system that can protect digital healthcare devices and data from cyber attacks. Various vulnerabilities exist for digital healthcare devices and data, and cyber attacks are possible for those vulnerabilities. Through an attack on digital health care devices and information and communication networks, it can directly adversely affect human life and health, Since digital healthcare data contains sensitive and personal information, it is essential to safely protect it from cyber attacks. In the case of this proposal, for continuous safe management of data and cyber attacks on equipment and communication networks for digital health devices, It is expected to be able to respond more effectively and continuously through the establishment of the next-generation information protection system.

• KIPS Transactions on Computer and Communication Systems
• /
• v.9 no.12
• /
• pp.315-320
• /
• 2020

Identity authentication is an important technology that has long been used in society to identify individuals and provide appropriate services. With the development of the Internet infrastructure, many areas have expanded into online areas, and identity authentication technologies have also expanded online. However, there is still a limit to identity authentication technology that relies entirely on trusted third parties like the government. A centralized identity management system makes the identification process between agencies with different identity management systems very complex, resulting in a waste of money and time for users. In particular, the limits of the centralized identity management system were clearly revealed in the face mask shortage in the 2020 COVID-19 crisis. A Decentralized Identity (DID) is a way for users to manage their identity on their own, and recently, a number of DID platform based on blockchain technology have been proposed. In this paper, we analyze the limitations of the existing centralized identity management system and propose a DID system that can be utilized in future national emergency situations such as COVID-19.