• Review of KIISC
• /
• v.29 no.4
• /
• pp.29-34
• /
• 2019

바이오인식기술은 사람의 지문 얼굴 홍채 정맥 등 신체적 특징(Physiological characteristics) 또는 음성 서명 자판 걸음걸이 등 행동적 특징(Behavioral characteristics)을 자동화된 IT 기술로 추출 저장하여 다양한 IT 기기로 개인의 신원을 확인하는 사용자 인증기술이다. 전통적으로 바이오인식기술은 출입국심사(전자여권, 승무원 승객 신원확인), 출입통제(도어락, 출입 근태관리), 행정(무인민원발급, 전자조달), 사회복지(미아찾기, 복지기금관리), 의료(원격의료, 의료진 환자 신원확인), 정보통신(휴대폰인증, PC 인터넷 로그인), 금융(온라인 뱅킹, ATM 현금인출) 등 다방면에서 폭넓게 보급되어 실생활 깊숙이 자리잡게 되었다. 2001년 미국의 911 테러사건으로 인하여 전 세계 국제공항 항만 국경에서 지문 얼굴 홍채 등 바이오정보를 이용한 출입국심사가 보편화됨과 동시에 ISO/IEC JTC1 SC37(Biometrics) 국제표준화기구를 중심으로 표준화가 급속도로 진행되어 왔다. 최근 들어 스마트폰 테블릿 PC 등 모바일기기에 지문 얼굴 등 바이오정보를 탑재하여 다양한 모바일 응용서비스를 가능하게 해주는 모바일 바이오인식 응용기술이 전 세계적으로 개발 보급되고, 삼성전자 페이팔 중심으로 바이오인식기술을 이용한 모바일 지급결제솔루션에 대하여 페이팔 구글 마이크로소프트 비자카드 마스터카드 등 미국 주도의 사실표준화협의체인 FIDO1), ITU-T SG17 Q9(Telebiometrics) 국제표준화기구를 중심으로 표준화가 진행되고 있다. 특히, 이러한 모바일 바이오인식기술은 스마트폰을 통한 비대면 인증기술 수단으로서 핀테크, 원격의료분야에서 중요한 요소기술로 작용될 전망이다. 본 논문에서는 이러한 바이오인식 표준화를 위한 국외 표준화 기구를 소개하고, 각 기구별 표준화 현황을 살펴본다.

• The Journal of Information Systems
• /
• v.25 no.3
• /
• pp.1-30
• /
• 2016

Purpose The purpose of this study is to grasp the factors influencing domestic SNS users' privacy protection behavior and verify their relationship through self-efficacy and responsiveness. Thus, this study tries to suggest efficient and effective measures for SNS personal information protection. Design/methodology/approach To this end, with main variables of the protection motivation theory based on the assumption that when users are exposed to the threat to their health, they would have protection motivation and change their behavior of protecting their health, a research model was suggested. In addition, in order to empirically verify the research model, a survey was performed targeting general college students having the experience of using SNS. Findings As a result of the analysis, first, perceived effectiveness and self-efficacy had a positive effect on responsiveness. Second, perceived barrier had a positive effect on self-efficacy. Third, self-efficacy and responsiveness had a positive effect on privacy protection behavior. This study is expected to contribute to establishing an effective guideline for measures that could induce SNS users' privacy protection behavior.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1025-1035
• /
• 2013

There has been an explosive increase in the population of OSN(online social network) for 10 years. OSN provides users with many opportunities to have communication among friends, families and goes so far as to make relationships among unknown people having similar belief or interest. However, OSN also produced adverse effects such as privacy breaches, leaking uncontrolled information or disseminating false information. Access control models such as MAC, DAC, RBAC are applied to the OSN to control those problems but those models in OSN are not fit in dynamic OSN environment because user's acts in OSN are unpredictable and static access control imposes burden on users to change access control rules one by one. This paper proposes the dynamic trust-based access control to solve the problems of traditional static access control in OSN.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1087-1101
• /
• 2013

Most people are connected to Social Network Services (SNS) through smart devices. Social Network Services are tools that transport information fast and easily. It does not care where he or she comes from. A lot of information circulates and is shared on Social Network Services. but Social Network Services faults are magnified and becoming a serious issue. For instance, malicious users generate multiple IDs easily on Facebook and he can use personal information of others on purpose, because most people tend to undoubtedly accept friend requests. In this paper, we have specified research scope to Facebook, which is one of most popular Social Network Services in the world. We propose a way of minimizing the number of malicious actions on Facebook from malignant users and malicious bots by setting criteria and applying reputation system.

• Journal of Information Management
• /
• v.43 no.3
• /
• pp.61-78
• /
• 2012

Internet is widely spreading in everyday life and it makes easy to find and share information on the Internet. Many of Internet users are copying and distributing copyrighted materials freely on the Internet without recognizing that it is unethical and illegal behavior. The rate of Internet piracy is constantly increasing even though the regulation and punishment for piracy behavior are to be strict. However, there is a lack of study about the relationship between the punishment and education for intenet piracy on users' attitude and intention toward piracy on the Internet. The purpose of this study is therefore to find out the effect of the level of punishment for internet piracy on users' attitude and intention. This study also examines the moderating effect of piracy education on the relationship between punishment and piracy intention. The study shows that the punishment is directly associated with the attitude but not associated with the piracy intention. The piracy education has a significant effect on the relationship between punishment and intention. The result of this study could bring up the issue of intellectual property protection on the Intenet and suggest an importance of piracy education to educators, managers and internet users.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.05a
• /
• pp.564-567
• /
• 2022

최근 딥러닝이 다양한 분야에서 활용됨에 따라 중앙 집중식 서버, 적대적 공격 그리고 데이터 부족 및 독점화와 같은 다양한 문제점이 발생하고 있다. 또한 연합학습을 수행할 경우, 클라이언트가 잘못된 기울기를 서버에 제공하거나 서버가 악의적인 행동을 할 경우 심각한 문제로 이어질 수 있다. 이와 같은 보안 취약점을 해결하기 위해 딥러닝에 블록체인을 결합하여 중앙 집중식 서버를 분산화하고 각 참여자 노드에게 인센티브를 줌으로써 신뢰할 수 있는 데이터를 수집하는 기법이 연구되고 있다. 본 논문에서는 위와 같이 딥러닝의 문제점을 해결하기 위해 블록체인이 어떻게 적용되었는지 살펴본다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.233-240
• /
• 2017

Fingerprint authentication identifies individuals based on user specific information. It is widely used as it is convenient, secure and has no risk of leakage, loss, or forgotten. However, the latent fingerprints remaining on the smart device's surface are vulnerable to smudge attacks. We analyze the usage patterns of individuals using smart device and propose methods to reconstruct damaged fingerprint images using fingerprint smudges. We examine the feasibility of smudge attacks with frequent usage situations by reconstructing fingerprint smudges collected from touch screens. Finally, we empirically verify the vulnerability of fingerprint authentication systems by showing high attack rates.

• Review of KIISC
• /
• v.25 no.4
• /
• pp.43-50
• /
• 2015

바이오인식기술은 사람의 지문 얼굴 홍채 정맥 등 신체적 특징(Physiological characteristics) 또는 음성 서명 자판 걸음걸이 등 행동적 특징(Behavioral characteristics)을 자동화된 IT 기술로 추출 저장하여 다양한 IT 기기로 개인의 신원을 확인하는 사용자 인증기술이다. 2001년 미국의 911 테러사건으로 인하여 전 세계 국제공항 항만 국경에서 지문 얼굴 홍채 등 바이오정보를 이용한 출입국심사가 보편화됨과 동시에 ISO/IEC JTC1 SC37(바이오인식) 국제표준화기구를 중심으로 표준화가 급속도로 진행되어 왔다. 최근 들어 스마트폰 테블릿 PC 등 모바일기기에 지문 얼굴 등 바이오정보를 탑재하여 다양한 모바일 응용서비스를 가능하게 해주는 모바일 바이오인식 응용기술이 전 세계적으로 개발 보급되고, 삼성전자 페이팔 중심으로 바이오인식기술을 이용한 모바일 지급결제솔루션에 대한 사실표준화협의체인 FIDO, ITU-T SG17 Q9(텔레바이오인식) 국제표준화기구를 중심으로 표준화가 진행되고 있다. 특히 이러한 모바일 바이오인식기술은 스마트폰을 통한 비대면 인증기술 수단으로서 핀테크의 중요한 요소기술로 작용될 전망이다. 한편, 위조지문 등 전통적인 바이오인식 기술의 위변조 위협으로 인한 우려도 증폭됨에 따라 스마트워치 등 웨어러블 디바이스에서 살아있는 사람의 심박수(심전도), 뇌파 등의 생체신호를 측정하여 스마트폰을 통하여 개인을 식별하는 차세대 바이오인식기술로 진화중에 있다. 본고에서는 바이오인식기술의 변천사와 함께 국내외 모바일 바이오인식기술 동향과 표준화 추진현황을 살펴보고, 지난 2015년 5월 29일 발족한 KISA "모바일 생체신호 인증기술 표준연구회"를 통하여 뇌파 심전도 등생체신호를 이용한 차세대 바이오인식 기술 및 표준화 계획을 수립하여 향후 바이오인식기반의 비대면 인증기술에 대한 추진전략을 모색하고자 한다.

• Informatization Policy
• /
• v.29 no.1
• /
• pp.60-83
• /
• 2022

The purpose of this study is to empirically analyze the effect of individual perception of artificial intelligence and the level of digital literacy on the acceptance of artificial intelligence-based public services. For empirical analysis, a research model was set up based on the technology acceptance model and planned behavior theory using survey data of 2017 and analyzed through structural equations. To summarize the results of the analysis, firstly, the positive perception of individuals about artificial intelligence technology plays a role in reinforcing attitudes toward benefits and reducing concerns about public service in which artificial intelligence technology has been introduced. Secondly, the level of digital literacy reinforces both benefits and concerns about artificial intelligence technology, but it was found that the intention to use public services was reinforced through the benefits of artificial intelligence technology perceived by individuals, rather than privacy concerns about artificial intelligence technology. Thirdly, it was confirmed that the perceived benefits of individuals on artificial intelligence technology reinforced the intention to use public civil services, and privacy concerns negatively influenced the intention to use. It was confirmed that the influence of a perceived ease of use and usefulness, as opposed to privacy concerns, further reinforces the intention to use. Both citizens' positive perceptions regarding the accuracy and reliability of information provided through artificial intelligence technology and institutional complementation of responsibility for errors caused by artificial intelligence technology are strengthened, and technical problems related to privacy protection are solved.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.243-253
• /
• 2016

Company strengthen various information security policy and activity in order to protect important information assets that the company has been dealing with and prevents information security accidents such as personal information spill. However, some study said these policy and activity increase employee's information security stress and still information security accidents by employees have happened so far. Therefore, this study will review preceding theories and studies used in many various fields including Information Security areas needed to explain human's behavioral intention and determinants and summarize characteristic factors that have influence on control of human's behavioral intention in the results of the above theories and studies. Secondly, this study will implement exploratory analysis on characteristic factors perceived by employees that has been stemmed from various company's information security policy and activity in order to increase employee/'s information security compliance intention under the its surrounding security circumstance. Thirdly, this study will fulfil multiple-regression analysis in order to identify cause-effect relationship between employee's perceived information security stress and employee's perceived characteristic factor. Finally, this study will explain casual relationship with same analysis methods between information security stress and information security compliance intention based on results of the survey conducted on the financial firm's employees with same analysis methods.