• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.914-916
• /
• 2011

최근 낸드 플래시 메모리 기술의 발전으로 플래시 메모리의 용량이 증가함에 따라 다양한 장치에서 데이터 저장소로 사용되고 있으며, 하드디스크를 대체할 저장 매체로서 주목을 받고 있다. 하지만 낸드 플래시 메모리의 특성으로 인해 데이터를 삭제하더라도 일정 기간 삭제된 데이터가 메모리에 남아있게 되며, 이러한 특성으로 사용자의 중요 데이터가 보호되지 않은 상태로 저장되어 외부에 노출될 수 있다. 따라서 이런 특성을 보완하는 방법이 필요하며 본 논문에서는 낸드 플래시 메모리의 단점을 해결하기 위하여 낸드 플래시 메모리를 위한 시스템 소프트웨어인 FTL(Flash Translation Layer) 계층에서 암호화 알고리즘을 사용하여 데이터를 노출하지 않게 하는 방법을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.1065-1068
• /
• 2008

RFID를 이용한 화물추적시스템은 물류분야의 특성상 서로 다른 소속의 이 기종 간의 데이터의 인터페이스로 화물의 흐름을 체계화한다. 국내뿐 아니라 국제적으로도 여러 종류의 데이터를 인터페이스하고 있으며, 이 데이터들은 EDI 표준을 이용하여 다양한 환경의 시스템으로 인터페이스 되어 적용되고 있다. 하나의 물류흐름을 만들기 위하여 RFID를 이용한 데이터의 인터페이스가 이루어지다 보니 다양한 보안상의 문제를 유발시키고 있는 실정이다. 본 논문에서는 인공신경망 회로를 이용하여 이 기종 간의 EDI 데이터 인터페이스 시 발생할 수 있는 보안상의 취약점을 미리 파악하여 적절한 조치를 취할 수 있도록 방향을 제시하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.123-140
• /
• 2022

Recently, research on solving problems that have introduced the concept of smart city in countries and companies around the world is in progress due to various urban problems. A smart city converges the city's ICT, connects all the city's components with a network, collects and delivers data, and consists of a supply chain composed of various IoT products and services. The increase in various cyber security threats and supply chain threats in smart cities is inevitable, in addition to establishing a framework such as supply chain security policy, authentication of each data provider and service according to data linkage and appropriate access control are required in a Zero-Trust point of view. To this end, a smart city security model has been developed for smart city security threats in Korea, but security requirements related to supply chain security and zero trust are insufficient. This paper examines overseas smart city security trends, presents international standard security requirements related to ISMS-P and supply chain security, as well as security requirements for applying zero trust related technologies to domestic smart city security models.

• Journal of KIISE:Databases
• /
• v.36 no.5
• /
• pp.352-365
• /
• 2009

Recently, data access control policies have not been applied for authorized or unauthorized persons properly and information leakage incidents have occurred due to database security vulnerabilities. In the traditional database access control methods, administrators grant permissions for accessing database objects to users. However, these methods couldn't be applied for diverse access control policies to the database. In addition, another database security method which uses data encryption is difficult to utilize data indexing. Thus, this paper proposes an enhanced database access control system via a packet analysis method between client and database server in network to apply diverse security policies. The proposed security system can be applied the applications with access control policies related to specific factors such as date, time, SQL string, the number of result data and etc. And it also assures integrity via a public key certificate and MAC (Message Authentication Code) to prevent modification of user information and query sentences.

• Journal of Internet of Things and Convergence
• /
• v.6 no.1
• /
• pp.9-15
• /
• 2020

Recently, interest in blockchain technology has increased. The data industry is increasingly growing around the world. In addition, databases which obtain important information such as personal data are targeted by hackers. Data exposed by attackers happen frequently. In 2017, OWASP announced SQL injection is a top 1 threat to web applications. However, the proportion of data security is the smallest in the data industry. To prevent data exposure, this paper proposes a method that can protect databases by using hybrid blockchain.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.367-380
• /
• 2013

A secure data gathering in a Wireless Sensor Network(WSN) has given attention to one of security issues. In general, the process of secure data gathering causes difficulties: one process is exchanging the secured data and the other is constructing secured data path. The previous studies have been resolving the difficulties in terms of two problems: security and data gathering in WSNs. However, a WSN requires a protocol that has to guarantee a security of path between sensors and sink, or a cluster head. Thus how to gather data securely is an important issue. In this paper, we propose a secure data gathering protocol over WSNs, which consists of hierarchical key settlement and secure path construction, and aims at tackling two problems. The proposed protocol causes little overhead to sensor nodes for secured key settlement and path construction. This work provides security analysis focused on the key settlement protocol and evaluates network performance for the proposed data gathering protocol through simulation.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.393-399
• /
• 2013

Recently, the quantity and type of data that is being processed in cloud environment are varied. A method for easy access in different network in a heterogeneous environment of big data stored in the device is required. This paper propose security management method for smoothly access to big data in other network environment conjunction with attribute information between big data and user. The proposed method has a high level of safety even if user-generated random bit signal is modulated. The proposed method is sufficient to deliver any number of bits the user to share information used to secure recognition. Also, the security awareness information bit sequence generated by a third party to avoid unnecessary exposure value by passing a hash chain of the user anonymity is to be guaranteed to receive.

• The Journal of Society for e-Business Studies
• /
• v.27 no.2
• /
• pp.137-152
• /
• 2022

Consumers' enhanced intention to adopt the Mydata service or their voluntary provision of personal information is a very essential element in the stable growth of the Mydata industry along with the creation of corporate values. The growing leakage of customer information according to the rising value of data can have negative impacts on the use of Mydata service and shrink quality custom service needs based on the personal information provided by financial consumers. This study set out to identify security risks that financial consumers could recognize and security factors that could supplement them and investigate the effects of these security factors on consumers' intention to adopt the Mydata service, thus providing useful implications for increasing the acceptance of financial consumers and finding a strategy to expand safe utilization. The findings raise a need to guarantee the stability and transparency of information provided by customers as information subjects, and they should be essential requirements for the Mydata service. The security factors applied to guarantee them should include convenience in terms of financial service.

• Review of KIISC
• /
• v.30 no.2
• /
• pp.11-19
• /
• 2020

드론은 군용에서부터, 공공 관제 및 모니터링, 촬영 및 취미, 배송 서비스에 이르기까지 다양하게 활용되고 있다. 그러나 드론에 내장된 센서 값 조작이나 수집 데이터 누출, 통신 내용 도감청 및 GPS 신호 조작 등의 보안 취약점을 이용한 공격은 드론을 포획하거나 추락시키고 중요한 데이터를 탈취하는 등 심각한 문제를 야기할 수 있다. 이러한 보안 취약점을 해결하기 위해 드론 전용 난수 생성기와 통신보호를 위한 암호프로토콜, 화이트박스 암호를 통한 정보보호 및 신호 인증을 통한 GPS 스푸핑 탑지 기법 등 안전한 드론 보안 메커니즘이 활발히 연구되고 있다. 이에 본 논문에서는 드론 시스템의 구성 요소별 보안 위협 요소를 살펴보고, 보안 위협 사례를 공격 유형별로 분석한다. 또한 이러한 보안 위협들에 대응하기 위해 드론에 적용된 암호 기술 현황에 대해 살펴본다.

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.317-322
• /
• 2013

Mobile cloud environment is recently becoming popular due to Internet access through various environments. Driven by computer performance improvement and service development, the demand for mobile cloud is increasing and accordingly the damage is on the rise. Therefore, it needs to conduct a study on problems of security necessary in large database that occurs in mobile cloud services. Although various security solutions limiting database access, security strategies about new user environments should be analyzed. This study analyzes weakness of safe data access through database management in mobile cloud environment and examines security requirements for safe data management. In addition, this study looks into threatening factors of security in cloud services and then draws security requirements about safer access control. A study on system application and evaluation of security requirements about access control is required.