• Journal of Internet Computing and Services
• /
• v.22 no.1
• /
• pp.99-107
• /
• 2021

With the recent establishment of a ubiquitous-based medical and healthcare environment, the medical information system for obtaining situation information from various sensors is increasing. In the medical information system environment based on context-awareness, the patient situation can be determined as normal or emergency using situational information. In addition, medical staff can easily access patient information after simple user authentication using ID and Password through applications on smart devices. However, these services of authentication and patient information access are staff-oriented systems and do not fully consider the ubiquitous-based healthcare information system environment. In this paper, we present a authentication service model based context-awareness system for providing situational information-driven authentication services to users who access medical information, and implemented proposed system. The authentication service model based context-awareness system is a service that recognizes patient situations through sensors and the authentication and authorization of medical staff proceed differently according to patient situations. It was implemented using wearables, biometric data measurement modules, camera sensors, etc. to configure various situational information measurement environments. If the patient situation was emergency situation, the medical information server sent an emergency message to the smart device of the medical staff, and the medical staff that received the emergency message tried to authenticate using the application of the smart device to access the patient information. Once all authentication was completed, medical staff will be given access to high-level medical information and can even checked patient medical information that could not be seen under normal situation. The authentication service model based context-awareness system not only fully considered the ubiquitous medical information system environment, but also enhanced patient-centered systematic security and access transparency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.491-501
• /
• 2019

In side-channel analysis, which exploit physical leakage from a cryptographic device, deep learning based attack has been significantly interested in recent years. However, most of the state-of-the-art methods have been focused on classifying side-channel information in a profiled scenario where attackers can obtain label of training data. In this paper, we propose a new method based on deep learning to improve non-profiling side-channel attack such as Differential Power Analysis and Correlation Power Analysis. The proposed method is a signal preprocessing technique that reduces the noise in a trace by modifying Auto-Encoder framework to the context of side-channel analysis. Previous work on Denoising Auto-Encoder was trained through randomly added noise by an attacker. In this paper, the proposed model trains Auto-Encoder through the noise from real data using the noise-reduced-label. Also, the proposed method permits to perform non-profiled attack by training only a single neural network. We validate the performance of the noise reduction of the proposed method on real traces collected from ChipWhisperer board. We demonstrate that the proposed method outperforms classic preprocessing methods such as Principal Component Analysis and Linear Discriminant Analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.261-273
• /
• 2019

Recently, with the development of IT technology, there is an increasing interest in cloud services as the number of users using mobile devices such as mobile phones and tablets is increasing. However, there is a need for techniques to control or control various methods of accessing data as the user's service demands increase. In this paper, we propose a dual key based user authentication model that improves the user 's authentication efficiency by using two keys (secret key and access control key) to access the users accessing various services provided in the cloud environment. In the proposed model, the operation process and the function are divided through the sequence diagram of the algorithms (key generation, user authentication, permission class permission, etc.) for controlling the access right of the user with dual keys. In the proposed model, two keys are used for user authentication and service authorization class to solve various security problems in the cloud service. In particular, the proposed model is one of the most important features in that the algorithm responsible for access control of the user determines the service class of the user according to the authority, thereby shortening the management process so that the cloud administrator can manage the service access permission information of the user.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.585-600
• /
• 2012

Security issues in online games are increasing as the online game industry grows. Real money trading (RMT) by online game users has become a security issue in several countries including Korea because RMT is related to criminal activities such as money laundering or tax evasion. RMT-related activities are done by professional work forces, namely gold-farmers, and many of them employ the automated program, bot, to gain cyber asset in a quick and efficient way. Online game companies try to prevent the activities of gold-farmers using game bots detection algorithm and block their accounts or IP addresses. However, game bot detection algorithm can detect a part of gold-farmer's network and IP address blocking also can be detoured easily by using the virtual private server or IP spoofing. In this paper, we propose a method to detect gold-farmer groups by analyzing their connection patterns to the online game servers, particularly information on their routing and source locations. We verified that the proposed method can reveal gold-farmers' group effectively by analyzing real data from the famous MMORPG.

• Journal of Digital Convergence
• /
• v.19 no.6
• /
• pp.239-250
• /
• 2021

When considering the introduction of a new technology, it is important to accurately grasp and selectively apply the technical characteristics related to the technology in order to fully utilize the advantages of the technology. In this study, the technical characteristics of high relative importance were analyzed in order to increase the efficiency of new application of blockchain technology by companies. The technical characteristics of the blockchain identified through previous research were reclassified from the perspective of the system hierarchy, and sub-factors of the technical characteristics were derived. In addition, a questionnaire survey on the relative importance of technical characteristics was conducted for internal experts and SI experts using the Analytical Hierarchy Process (AHP) technique. As a result of the analysis, respondents evaluated data protection as the most important factor in the threat of hacking related to security. In addition, it was different that the comparison results of the importance of the technical characteristics between the experts in the company and the SI experts and the priority of the technical characteristics between the expert groups by industry. It is expected that the results of this study will be usefully utilized when using blockchain technology in enterprises in line with the upcoming changes of the 4th industrial revolution. An empirical analysis of the internal and external factors required for adoption of blockchain technology by industry and the effect of technology introduction will be a meaningful study.

• Smart Media Journal
• /
• v.9 no.4
• /
• pp.81-90
• /
• 2020

Due to the recent economic development and the improvement of income level in China, the desire for quality medical services is increasing compared to the past. As an alternative to satisfy these needs, various applications using smart phones and the like are being developed. The new corona that occurred in December 2019 began to show great interest in non-face-to-face telemedicine services using smart phones due to the worldwide spread of the coronavirus. Therefore, in this study, a total of 200 people were surveyed on the top three mobile medical applications in China, and the data of 120 people who actually used medical applications were analyzed based on Venkatesh's UTAUT2 theory. A study was conducted on the intent to use and the factors affecting the in-law behavior. First, it has become clear that the interactive characteristics, expectations for effort, price value, interest in privacy, habits, and promotional conditions have a positive impact on the user's use. Second, it was investigated that the user's intention to use influences the behavior of use, and among the intentions of use, it was found that the mobilization characteristic expectation, hedonistic motivation, price value, habits, and promotion conditions affect the use behavior. Third, a study result was derived that the controlling variables such as gender, age, school age, and annual income do not affect the user's intention to use mobile medical applications as a controlling variable. Finally, due to the nature of mobile devices that use the Internet, various security vulnerabilities exist, and this can cause great damage or personal and social impact. Therefore, for the development of mobile medical services in China, it is necessary to re-establish a research model through comprehensive and in-depth considerations to supplement these problems in the future.

• The Journal of the Korea Contents Association
• /
• v.21 no.8
• /
• pp.356-366
• /
• 2021

The high-tech industry, a leader in the national economy, has a larger investment cost compared to general buildings, a shorter construction period, and requires continuous investment. Therefore, accurate construction cost prediction and quick decision-making are important factors for efficient cost and process management. Overseas, the construction information classification system has been standardized since 1980 and has been continuously developed, improving construction productivity by systematically collecting and utilizing project life cycle information. At domestic construction sites, attempts have been made to standardize the classification system of construction information, but it is difficult to achieve continuous standardization and systematization due to the absence of a standardization body and differences in cost and process management methods for each construction company. Particular, in the case of the high-tech industry, the standardization and systematization level of the construction information classification system for high-tech facility construction is very low due to problems such as large scale, numerous types of work, complex construction and security. Therefore, the purpose of this study is to construct a construction information classification system suitable for high-tech facility construction through collection, classification, and analysis of related project data constructed in Korea. Based on the WBS (Work Breakdown Structure) and CBS (Cost Breakdown Structure) classified and analyzed through this study, a code system through hierarchical classification was proposed, and the cost model of buildings by linking WBS and CBS was three-dimensionalized and the utilized method was presented. Through this, an information classification system based on inter-relationships can be developed beyond the one-way tree structure, which is a general construction information classification system, and effects such as shortening of construction period and cost reduction will be maximized.

• Journal of Korea Society of Industrial Information Systems
• /
• v.27 no.3
• /
• pp.89-108
• /
• 2022

The purpose of this study is to reveal the specific current and future shapes of the collaborative network among organizations witch cope the COVID-19 in Korea. For this, this study conducted social network analysis, based on the response data of 73 experts from 36 COVID-19-related organizations. As a result of the analysis, it was confirmed that the Korea Disease Control and Prevention Agency (KDCA) plays a pivotal role as a control tower in coping COVID-19 in all of the analysis of degree, betweenness, and closeness centrality. In addition, the results revealed concrete forms of collaborative relationships among participating organizations in the public and private sectors that constitute the present and future networks centered on the KDCA. Furthermore, this study presented which organizations and relationships should be the focus of establishing a future collaborative network through comparative analysis between the current cooperative network and the network to be built in the future. The analysis results and discussions of this study are expected to be used as useful information for policy development related to collaborative networks that can effectively respond to disasters caused by new diseases in the future.

• The Journal of the Korea Contents Association
• /
• v.22 no.7
• /
• pp.81-88
• /
• 2022

This study is to investigate the perception of domestic appraisers about the possibility of using artificial intelligence (AI) and related risks from the use of AI in the appraisal industry. We conducted a mobile survey of evaluators from February 10 to 18, 2022. We collected survey data from 193 respondents. Frequency analysis and multiple response analysis were performed for basic analysis. When AI is used in the appraisal industry, factor analysis was used to analyze various types of risks. Although appraisers have a positive perception of AI introduction in the appraisal industry, they considered collateral, consulting, and taxation, mainly in areas where AI is likely to be used and replaced, mainly negative effects related to job losses and job replacement. They were more aware of the alternative risks caused by AI in the field of human labor. I was very aware of responsibilities, privacy and security, and the risk of technical errors. However, fairness, transparency, and reliability risks were generally perceived as low risk issues. Existing studies have mainly studied analysis methods that apply AI to mass evaluation models, but this study focused on the use and risk of AI. Understanding industry experts' perceptions of AI utilization will help minimize potential risks when AI is introduced on a large scale.

• Journal of Internet Computing and Services
• /
• v.23 no.3
• /
• pp.21-33
• /
• 2022

This paper is to suggest the secure secret sharing system in order to outstandingly reduce the damage caused by the leakage of the corporate secret. This research system is suggested as efficient P2P distributed system kept from the centrally controlled server scheme. Even the bitcoin circulation system is also based on P2P distribution scheme recenly. This research has designed the secure circulation of the secret shares produced by Threshold Shamir Secret Sharing scheme instead of the shares specified in the torrent file using the simple, highly scalable and fast transferring torrent P2P distribution structure and its protocol. In addition, this research has studied to apply both Shamir Threshold Secret Sharing scheme and the securely strong multiple user authentication based on Collaborative Threshold Autentication scheme. The secure transmission of secret data is protected as using the efficient symmetric encryption with the session secret key which is safely exchanged by the public key encryption. Also it is safer against the leakage because the secret key is effectively alive only for short lifetime like a session. Especially the characteristics of this proposed system is effectively to apply the threshold secret sharing scheme into efficient torrent P2P distributed system without modifying its architecture of the torrent system. In addition, this system guaranttes the confidentiality in distributing the secret file using the efficient symmetric encryption scheme, which the session key is securely exchanged using the public key encryption scheme. In this system, the devices to be taken out can be dynamically registered as an user. This scalability allows to apply the confidentiality and the authentication even to dynamically registerred users.