• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.65-72
• /
• 2015

Recent cyberthreats are emerging as big issues that need to be addressed to both developed countries and South Korea. Our government has implemented and established comprehensive measures whenever major incidents were happened. It is still insufficient, even though the national and social level of cybersecurity are improved with continuous investments and efforts to strengthen the country than in the past. Comprehensive measures have been exposed to limit the effectiveness because they are focused on short-term measures. In this paper, we try to analyze the problems of incidents and assess the implementation process of establishing comprehensive measures in order to suggest ways ultimately to improve the country's overall level of cybersecurity.

• Journal of Convergence for Information Technology
• /
• v.11 no.1
• /
• pp.118-127
• /
• 2021

In spite of various safety measures, coastal safety accidents continue to occur, so this study focused on using drones as countermeasures. Municipalities that already have coasts have begun operating unmanned multicopters for coastal safety management. In particular, by connecting an unmanned multi-copter to the currently applied smart city safety net system, it is possible to transmit real-time images of the scene in case of emergency in the coastal area to the local government safety information center. It is also expected to contribute significantly to strengthening safety management in coastal waters through a more rapid response to safety accidents. Therefore, in this paper, we propose the use of drones as an alternative to the limitations of the domestic coastal safety system by investigating the state of coastal safety accidents and analyzing the state of domestic coastal safety systems. In addition, it is expected to be a key breakthrough in the coastal area safety system by proposing a model linking the Korean K-Drone system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.283-284
• /
• 2015

Smartphone, tablet PC, notebook, such as the Internet banking and electronic commerce using a mobile device, as well as process and to their work. While going to high availability and convenience of mobile devices castle, SNS, letters, using an email Smishing financial fraud and leakage of personal information such as crime has occurred many. Smishing smartphone accidents increased sharply from 2013, MERS infection cases, landmine provocative events, such as the delivery of Thanksgiving has occurred cleverly using social engineering techniques. In this paper, i analyze the trends in Smishing hacking attacks on mobile devices since 2014. With regard to social issues, it analyzes the process of hacking attacks Smishing leading to financial fraud to mobile users.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.11 no.1
• /
• pp.100-106
• /
• 2018

Since the concept of virtual currency called Bitcoin was announced in 2008, the blockchain technology, which is the basis of Bitcoin, is attracting attention as an important platform technology in the era of the 4th industrial revolution that can change our society in the future. Although Existing electronic financial transactions store and manage all transaction history at a reliable central organization such as government and bank, blockchain-based electronic financial transactions are composed of a distributed structure in which all participants participating in the transaction store and manage the transaction history, it is possible to secure transaction transparency while reducing system construction and operation costs. Besides the virtual currency that started with bit coins, the technology of these blockchains has been extended in various fields such as smart contracts and document management. The key technology area of this blockchain is security based on proven cryptographic technology to make it difficult to forge and hack, but there are security risks such as security vulnerabilities in the virtual currency trading service, We will discuss security risks in using virtual currency and discuss countermeasures. Especially security accidents of virtual currency exchanges are occurring frequently recently, the damage of users who trade the virtual currency is also increasing, we propose security threats and security countermeasures against virtual currency exchanges.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2012.05a
• /
• pp.63-66
• /
• 2012

최근 스마트 기기는 결제, 할인쿠폰 등 각종 기능을 제공하는 수단으로 진화되면서 통신과 금융이 융합된 모바일 NFC 서비스의 시장이 급성장할 것으로 전망되고 있다. 특히 모바일 NFC 결제 서비스 시장의 활성화가 예상됨에 따라 모바일 NFC 결제 서비스는 국내 외적으로 널리 주목받고 있다. 하지만 이에 따른 NFC 기술 활용 증가로 개인정보 이용이 늘면서 침해요소 또한 증가하고 있다. 최근 한국인터넷진흥원에서 발표한 "NFC 개인정보보호 대책 최종보고서"에 따르면 개인정보 암호화를 부분적으로 미지원하거나 불필요한 개인정보의 과도한 수집 및 저장 등이 문제점으로 제기되었으며 Google사의 Google Wallet 서비스의 개인정보 유출 사고 또한 이러한 문제점을 뒷받침하는 근거가 되고 있다. 본 논문에서는 기존의 NFC 모바일 결제 서비스 상에서 결제정보를 이용한 결제 기술의 위협을 분석하고 결제정보를 직접적으로 사용하지 않고 결제자를 증명할 수 있는 NTRU기반 영지식 증명 기법을 제안한다.

• Review of Korean Society for Internet Information
• /
• v.9 no.2
• /
• pp.27-36
• /
• 2008

2008년 상반기 국내 민간최종소비지출 중 카드 사용비중은 54%로, 이제 카드는 결제수단의 최대 강자로 자리잡았다. 경제활동인구 1인당 신용카드 소지수도 2002년 4.6매에서 2005년 3.5매로 떨어졌다가 2008년도까지 3.8매 선으로 안정되고 있다. 신용카드 이외의 은행, 증권, 저축은행 등의 현금인출용 카드와 교통카드, 모바일 칩카드, 백화점카드, 학생증카드, 직원ID카드, 마일리지카드, 기타 멤버십카드 등을 합하면 국민들의 지갑은 현금보다도 플라스틱카드로 두툼해져 있다. 이동통신서비스 사업자들은 이동통신단말기를 이용하여 다양한 서비스를 개발 제공함으로써 시장의 주도권을 노리고 있고, 교통카드 사업자들은 자사의 전자화폐인 교통카드로 주도권을 지키려 하고 있으며, 기존의 강자였던 은행과 카드사들은 고객을 빼앗기지 않기 위해 고객이 필요로 하는 다양한 서비스는 제공하면서도 주도권은 지키려고 하는 경쟁과 협력이 활발하게 전개되고 있다. 한편, MS카드는 읽기/쓰기가 쉬워 정보유출, 위변조, 복제 등을 통한 사고의 위험이 커서, 선진국뿐 아니라 중동, 중남미, 아시아 국가들까지도 IC카드로의 전환이 진행되고 있다. 국제브랜드 카드사들은 2006년 1월부터 IC카드가 MS 단말기에서 부정 사용될 경우 그 책임을 매입사에 전가시키는 제도(Transitional Chip Liability Shift Program)를 시행하고 있어 국내 카드사들의 피해도 예상된다. 금융감독 당국은 2003년 2월 “IT및 전자금융 안전성 제고대책”에 의거 2008년 말까지 100% IC카드로 전환을 목표로 연도별 전환목표를 통보하고 지도감독하고 있다. 이에 따라 은행의 현금카드는 2008년 6월까지, 신용카드는 2008년 12월까지 전환을 수행하고 있으나, 기타 금융권이나 카드사용자들은 비용부담, 재고소진 등의 문제로 잘 지켜지지 않고 있다. 특히 가맹점 단말기를 교체하여야 할 VAN사 들은 교체비용이 자기 자본을 상회하는 어려움으로 POS나 CAT단말은 거의 전환이 진행되지 않고 있어 IC카드를 가지고 있어도 MS를 이용하는 형편이다. 카드의 종류는 주도권 경쟁으로 늘어만 가고 있어 애초 취지처럼 하나의 카드로 다양한 사업자의 서비스가 통합되기 어려운데다, 단말기의 표준화도 어려워 막상 카드를 안전하고 편리하게 사용하여야 할 소비자들의 지갑만 무거워지고 있다. 본고는 이렇게 우리의 생활 깊숙이 들어온 카드를 편리하고 안전하게 사용할 수 있도록 하는 인프라는 과연 어느 수준이고 시장의 주자들은 어느 방향으로가고 있는지 살펴보고 그 문제점과 과제를 제시하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1225-1241
• /
• 2014

Recently, Financial companies implement DLP(Data Leaks Prevention) security products and enforce internal controls to prevent customer information leaks. Accidental data leaks in financial business increase more and more because internal controls are insufficient. Security officials and IT operation staffs struggle to plan countermeasures to respond to all kinds of accidental data leaks. It is difficult to prevent data leaks and to control information flow in business without research applications that handle business and privacy information. Therefore this paper describes business and privacy information flow on applications and how to plan and deploy security container based OS-level and Hypervisor virtualization technology to enforce internal controls for applications. After building security container, it was verified to implement internal controls and to prevent customer information leaks. With security policies additional security functions was implemented in security container and With recycling security container costs and time of response to security vulnerabilities was reduced.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.3
• /
• pp.133-142
• /
• 2013

Recently, smart devices for various services have been developed using converged telecommunications, and the markets for near field communication (NFC) mobile services is expected to grow rapidly. In particular, the realization of mobile NFC payment services is expected to go commercial, and it is widely attracting attention both on a domestic and global level. However, this realization would increase privacy infringement, as personal information is extensively used in the NFC technology. One example of such privacy infringement would be the case of the Google wallet service. In this paper, we propose an mutual authentication scheme based on NTRU for secure channel in OTA and an zero-knowledge proof scheme NTRU based on for protecting user information in NFC mobile payment systems without directly using private financial information of the user.

• Journal of Navigation and Port Research
• /
• v.40 no.4
• /
• pp.213-222
• /
• 2016

Recently, as cases of organizations' information disclosure occur continuously, it is urgent to manage security of information and establish measures to enhance security of information by an organization itself. Especially, members of an organization should be prepared with measures for information security, and an organization should do its efforts to raise its members' awareness toward information security. I set a research model to verify what effects an organization's fulfillment of regulations to secure information brings to performance of information security and selected members from maritime and port organizations and financial and insurance institutes as sample. Results of the analysis to identify factors affecting information security performance among members of maritime and port organizations are as follows. Firstly, I found that the factors affecting information security awareness are information security attitude and information security standards. Secondly, the factor giving influence on information security policy of an organization was found to be information security standards. In contrast, information security punishments and information security training were verified not to give influence on compliance of information security policy. Thirdly, information security awareness was identified to give significant influence on compliance of information security policy, information security competence and information security behavior. Fourthly, compliance of information security policy was verified to be those factors that give influence on information security competence and information security behavior. Lastly, information security competence and information security behavior were found to be such factors that give influence on information security performance.

• Journal of Korean Society of Forest Science
• /
• v.15 no.1
• /
• pp.1-38
• /
• 1972

1. Objective of the Study The objective of the study was to make fundamental suggestions for drawing a forest insurance system applicable in Korea by investigating forest insurance systems undertaken in foreign countries, analyzing the forest hazards occurred in entire forests of Korea in the past, and hearing the opinions of people engaged in forestry. 2. Methods of the Study First, reference studies on insurance at large as well as on forest insurance were intensively made to draw the characteristics of forest insurance practiced in main forestry countries, Second, the investigations of forest hazards in Korea for the past ten years were made with the help of the Office of Forestry. Third, the questionnaires concerning forest insurance were prepared and delivered at random to 533 personnel who are working at different administrative offices of forestry, forest stations, forest cooperatives, colleges and universities, research institutes, and fire insurance companies. Fourth, fifty three representative forest owners in the area of three forest types (coniferous, hardwood, and mixed forest), a representative region in Kyonggi Province out of fourteen collective forest development programs in Korea, were directly interviewed with the writer. 3. Results of the Study The rate of response to the questionnaire was 74.40% as shown in the table 3, and the results of the questionaire were as follows: (% in the parenthes shows the rates of response; shortages in amount to 100% were due to the facts of excluding the rates of response of minor respondents). 1) Necessity of forest insurance The respondents expressed their opinions that forest insurance must be undertaken to assure forest financing (5.65%); for receiving the reimbursement of replanting costs in case of damages done (35.87%); and to protect silvicultural investments (46.74%). 2) Law of forest insurance Few respondents showed their views in favor of applying the general insurance regulations to forest insurance practice (9.35%), but the majority of respondents were in favor of passing a special forest insurance law in the light of forest characteristics (88.26%). 3) Sorts of institutes to undertake forest insurance A few respondents believed that insurance companies at large could take care of forest insurance (17.42%); forest owner's mutual associations would manage the forest insurance more effectively (23.53%); but the more than half of the respondents were in favor of establishing public or national forest insurance institutes (56.18%). 4) Kinds of risks to be undertaken in forest insurance It would be desirable that the risks to be undertaken in forest insurance be limited: To forest fire hazards only (23.38%); to forest fire hazards plus damages made by weather (14.32%); to forest fire hazards, weather damages, and insect damages (60.68%). 5) Objectives to be insured It was responded that the objectives to be included in forest insurance should be limited: (1) To artificial coniferous forest only (13.47%); (2) to both coniferous and broad-leaved artificial forests (23.74%); (3) but the more than half of the respondents showed their desire that all the forests regardless of species and the methods of establishment should be insured (61.64%). 6) Range of risks in age of trees to be included in forest insurance The opinions of the respondents showed that it might be enough to insure the trees less than ten years of age (15.23%); but it would be more desirous of taking up forest trees under twenty years of age (32.95%); nevertheless, a large number of respondents were in favor of underwriting all the forest trees less than fourty years of age (46.37%). 7) Term of a forest insurance contract Quite a few respondents favored a contract made on one year basis (31.74%), but the more than half of the respondents favored the contract made on five year bases (58.68%). 8) Limitation in a forest insurance contract The respondents indicated that it would be desirable in a forest insurance contract to exclude forests less than five hectars (20.78%), but more than half of the respondents expressed their opinions that forests above a minimum volume or number of trees per unit area should be included in a forest insurance contract regardless of the area of forest lands (63.77%). 9) Methods of contract Some responded that it would be good to let the forest owners choose their forests in making a forest insurance contract (32.13%); others inclined to think that it would be desirable to include all the forests that owners hold whenerver they decide to make a forest insurance contract (33.48%); the rest responded in favor of forcing the owners to buy insurance policy if they own the forests that were established with subsidy or own highly vauable growing stock (31.92%) 10) Rate of premium The responses were divided into three categories: (1) The rate of primium is to be decided according to the regional degree of risks(27.72%); (2) to be decided by taking consideration both regional degree of risks and insurable values(31.59%); (3) and to be decided according to the rate of risks for the entire country and the insurable values (39.55%). 11) Payment of Premium Although a few respondents wished to make a payment of premium at once for a short term forest insurance contract, and an annual payment for a long term contract (13.80%); the majority of the respondents wished to pay the premium annually regardless of the term of contract, by employing a high rate of premium on a short term contract, but a low rate on a long term contract (83.71%). 12) Institutes in charge of forest insurance business A few respondents showed their desire that forest insurance be taken care of at the government forest administrative offices (18.75%); others at insurance companies (35.76%); but the rest, the largest number of the respondents, favored forest associations in the county. They also wanted to pay a certain rate of premium to the forest associations that issue the insurance (44.22%). 13) Limitation on indemnity for damages done In limitation on indemnity for damages done, the respondents showed a quite different views. Some desired compesation to cover replanting costs when young stands suffered damages and to be paid at the rate of eighty percent to the losses received when matured timber stands suffered damages(29.70%); others desired to receive compensation of the actual total loss valued at present market prices (31.07%); but the rest responded in favor of compensation at the present value figured out by applying a certain rate of prolongation factors to the establishment costs(36.99%). 14) Raising of funds for forest insurance A few respondents hoped to raise the fund for forest insurance by setting aside certain amount of money from the indemnity paid (15.65%); others wished to raise the fund by levying new forest land taxes(33.79%); but the rest expressed their hope to raise the fund by reserving certain amount of money from the surplus money that was saved due to the non-risks (44.81%). 15) Causes of fires The main causes of forest fires 6gured out by the respondents experience turned out to be (1) an accidental fire, (2) cigarettes, (3) shifting cultivation. The reponses were coincided with the forest fire analysis made by the Office of Forestry. 16) Fire prevention The respondents suggested that the most important and practical three kinds of forest fire prevention measures would be (1) providing a fire-break, (2) keeping passers-by out during the drought seasons, (3) enlightenment through mass communication systems. 4. Suggestions The writer wishes to present some suggestions that seemed helpful in drawing up a forest insurance system by reviewing the findings in the questionaire analysis and the results of investigations on forest insurance undertaken in foreign countries. 1) A forest insurance system designed to compensate the loss figured out on the basis of replanting cost when young forest stands suffered damages, and to strengthen credit rating by relieving of risks of damages, must be put in practice as soon as possible with the enactment of a specifically drawn forest insurance law. And the committee of forest insurance should be organized to make a full study of forest insurance system. 2) Two kinds of forest insurance organizations furnishing forest insurance, publicly-owned insurance organizations and privately-owned, are desirable in order to handle forest risks properly. The privately-owned forest insurance organizations should take up forest fire insurance only, and the publicly-owned ought to write insurance for forest fires and insect damages. 3) The privately-owned organizations furnishing forest insurance are desired to take up all the forest stands older than twenty years; whereas, the publicly-owned should sell forest insurance on artificially planted stands younger than twenty years with emphasis on compensating replanting costs of forest stands when they suffer damages. 4) Small forest stands, less than one hectare holding volume or stocked at smaller than standard per unit area are not to be included in a forest insurance writing, and the minimum term of insuring should not be longer than one year in the privately-owned forest insurance organizations although insuring period could be extended more than one year; whereas, consecutive five year term of insurance periods should be set as a mimimum period of insuring forest in the publicly-owned forest insurance organizations. 5) The forest owners should be free in selecting their forests in insuring; whereas, forest owners of the stands that were established with subsidy should be required to insure their forests at publicly-owned forest insurance organizations. 6) Annual insurance premiums for both publicly-owned and privately-owned forest insurance organizations ought to be figured out in proportion to the amount of insurance in accordance with the degree of risks which are grouped into three categories on the basis of the rate of risks throughout the country. 7) Annual premium should be paid at the beginning of forest insurance contract, but reduction must be made if the insuring periods extend longer than a minimum period of forest insurance set by the law. 8) The compensation for damages, the reimbursement, should be figured out on the basis of the ratio between the amount of insurance and insurable value. In the publicly-owned forest insurance system, the standard amount of insurance should be set on the basis of establishment costs in order to prevent over-compensation. 9) Forest insurance business is to be taken care of at the window of insurance com pnies when forest owners buy the privately-owned forest insurance, but the business of writing the publicly-owned forest insurance should be done through the forest cooperatives and certain portions of the premium be reimbursed to the forest cooperatives. 10) Forest insurance funds ought to be reserved by levying a property tax on forest lands. 11) In order to prevent forest damages, the forest owners should be required to report forest hazards immediately to the forest insurance organizations and the latter should bear the responsibility of taking preventive measures.