• Title/Summary/Keyword: 데이터 유출 방지

Search Result 140, Processing Time 0.192 seconds

A Decision-Making Model for Handling Personal Information Using Metadata (메타데이터를 활용한 개인정보 처리에 대한 의사결정 모델)

  • Kim, Yang-Ho;Cho, In-Hyun;Lee, Kyung-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.1
    • /
    • pp.259-273
    • /
    • 2016
  • After realizing through the three large-scale data leakage incidents that intentional or accidental insider jobs are more serious than external intrusions, financial companies in Korea have been taking measures to prevent data leakage from occuring again. But, the IT system architecture reflecting the domestic financial environment is highly complicated and thereby difficult to grasp. It is obvious that despite administrative, physical, and technical controls, insider threats are likely to cause personal data leakage. In this paper, we present a process that based on metadata defines and manages personally identifiable attribute data, and that through inter-table integration identifies personal information broadly and controls access. This process is to decrease the likelihood of violating compliance outlined by the financial supervisory authority, and to reinforce internal controls. We derive and verify a decision-making model that reflects the proposed process.

Internal Network Partition Security Model Based Authentication using BlockChain Management Server in Cloud Environment (클라우드 환경에서 블록체인관리서버를 이용한 인증기반 내부망 분리 보안 모델)

  • Kim, Young Soo;Lee, Byoung Yup
    • The Journal of the Korea Contents Association
    • /
    • v.18 no.6
    • /
    • pp.434-442
    • /
    • 2018
  • Recently, the threat to the security and damage of important data leaked by devices of intranet infected by malicious code through the Internet have been increasing. Therefore, the partitioned intranet model that blocks access to the server for business use by implementing authentication of devices connected to the intranet is required. For this, logical net partition with the VDI(Virtual Desktop Infrastructure) method is no information exchange between physical devices connected to the intranet and the virtual device so that it could prevent data leakage and improve security but it is vulnerable to the attack to expose internal data, which has access to the server for business connecting a nonregistered device into the intranet. In order to protect the server for business, we suggest a blockchain based network partition model applying blockchain technology to VDI. It contributes to decrease in threat to expose internal data by improving not only capability to verify forgery of devices, which is the vulnerability of the VDI based logical net partition, but also the integrity of the devices.

A Design of File Leakage Response System through Event Detection (이벤트 감지를 통한 파일 유출 대응 시스템 설계)

  • Shin, Seung-Soo
    • Journal of Industrial Convergence
    • /
    • v.20 no.7
    • /
    • pp.65-71
    • /
    • 2022
  • With the development of ICT, as the era of the 4th industrial revolution arrives, the amount of data is enormous, and as big data technologies emerge, technologies for processing, storing, and processing data are becoming important. In this paper, we propose a system that detects events through monitoring and judges them using hash values because the damage to important files in case of leakage in industries and public places is serious nationally and property. As a research method, an optional event method is used to compare the hash value registered in advance after performing the encryption operation in the event of a file leakage, and then determine whether it is an important file. Monitoring of specific events minimizes system load, analyzes the signature, and determines it to improve accuracy. Confidentiality is improved by comparing and determining hash values pre-registered in the database. For future research, research on security solutions to prevent file leakage through networks and various paths is needed.

Data Communication Method Based on Hybrid Encryption in Smartphone (스마트폰에서의 하이브리드 암·복호화 기반 데이터 통신 방법)

  • Jo, Sung-hwan;Kim, Seong-Hoon;Han, Gi-Tae;Lee, Hyo-Seung
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2014.07a
    • /
    • pp.71-74
    • /
    • 2014
  • 스마트폰의 활용 범위가 점점 확장됨에 따라 데이터 통신량도 증가되어 가고 있으며, 데이터 유출을 방지하기 위해 다양한 암 복호화 알고리즘을 필요로 하고 있다. 본 논문에서는 기존의 비대칭 알고리즘과 대칭 알고리즘을 이용한 하이브리드 암 복호화 기반 데이터 교환방법을 제안한다. 비대칭 알고리즘은 RSA방법을 사용하여 상호간에 대칭키의 절반인 반키(Half Key)를 교환할 수 있도록 하였으며, 대칭 알고리즘은 AES를 사용하여 데이터를 암 복호화 할 수 있도록 하였다. 또한 기존의 AES 알고리즘의 S-Box와 키 스케쥴링 과정을 변형하여 무차별 대입 공격에 대해 방어할 수 있도록 하였다. 그 결과 기존의 비대칭 또는 대칭 알고리즘을 단독으로 사용하는 방법보다 안전하고 빠른 보안수준을 보장할 수 있음을 확인하였다.

  • PDF

Blockchain-based safety MyData Service Model (블록체인 기반 안전한 마이데이터 서비스 모델)

  • Lee, Kwang Hyoung;Jung, Young Hoon
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.21 no.12
    • /
    • pp.873-879
    • /
    • 2020
  • The importance of data as a core resource of the 4th industrial revolution is emerging, and companies illegally collect and use personal data. In the financial sector, active research is conducted to safely manage personal data and provide better services using blockchain, big data, and AI technology. In this paper, we propose a system that can safely manage personal data by using blockchain technology, which can be used without changing the existing system. The composition of this system consists of a blockchain, blockchain linkages, a service provider, and a user (i.e., an app). Blockchain can be used regardless of its type and form, and services are provided by classifying blockchains and services in the blockchain linkages. Service providers can access personal data only after requesting and receiving delegated permission from users. Existent MyData services store all data in a user's mobile phone, so information may get leaked due to jailbreaks or rooting. But in the proposed system, personal data are stored in blockchain so information leakage can be prevented. In the future, we will study ways to provide customized services using personal data stored in blockchain.

The Proactive Threat Protection Method from Predicting Resignation Throughout DRM Log Analysis and Monitor (DRM 로그분석을 통한 퇴직 징후 탐지와 보안위협 사전 대응 방법)

  • Hyun, Miboon;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.2
    • /
    • pp.369-375
    • /
    • 2016
  • Most companies are willing to spend money on security systems such as DRM, Mail filtering, DLP, USB blocking, etc., for data leakage prevention. However, in many cases, it is difficult that legal team take action for data case because usually the company recognized that after the employee had left. Therefore perceiving one's resignation before the action and building up adequate response process are very important. Throughout analyzing DRM log which records every single file's changes related with user's behavior, the company can predict one's resignation and prevent data leakage before those happen. This study suggests how to prevent for the damage from leaked confidential information throughout building the DRM monitoring process which can predict employee's resignation.

A Study on Synthetic Data Generation Based Safe Differentially Private GAN (차분 프라이버시를 만족하는 안전한 GAN 기반 재현 데이터 생성 기술 연구)

  • Kang, Junyoung;Jeong, Sooyong;Hong, Dowon;Seo, Changho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.5
    • /
    • pp.945-956
    • /
    • 2020
  • The publication of data is essential in order to receive high quality services from many applications. However, if the original data is published as it is, there is a risk that sensitive information (political tendency, disease, ets.) may reveal. Therefore, many research have been proposed, not the original data but the synthetic data generating and publishing to privacy preserve. but, there is a risk of privacy leakage still even if simply generate and publish the synthetic data by various attacks (linkage attack, inference attack, etc.). In this paper, we propose a synthetic data generation algorithm in which privacy preserved by applying differential privacy the latest privacy protection technique to GAN, which is drawing attention as a synthetic data generative model in order to prevent the leakage of such sensitive information. The generative model used CGAN for efficient learning of labeled data, and applied Rényi differential privacy, which is relaxation of differential privacy, considering the utility aspects of the data. And validation of the utility of the generated data is conducted and compared through various classifiers.

A study on IPsec algorithm for internet Security (인터넷용 IPsec 알고리즘에 관한 연구)

  • Go, Eun-Ju;Sohn, Seung-Il
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2001.10b
    • /
    • pp.1009-1012
    • /
    • 2001
  • 최근, 인터넷을 이용한 기업 내 애플리케이션 활용범위가 확대되고, 원격지와의 Mobile 컴퓨팅 환경 구축 및 인트라넷의 확산에 따라 기업내부의 정보 유출로 인한 피해가 급증하고 있다. 이에 따라 신원 확인, 암호화 송수신, Logging, 부인방지 등 강력한 보안에 대한 요구가 증대되면서, 기업 내 시스템 관리가 복잡해지고, 내부 사용자 인증을 통한 보안체계 구축도 절실히 필요하게 되었다. 본 논문에서는 network layer의 보안 프로토콜을 위하여 개방형 구조와 유연한 구조를 제공하는 IPsec 프로토콜을 제안하였다. 즉, 패킷 안의 데이터를 검증 가능한 서명과 결합시켜 데이터 송신자의 신원을 확인하고 데이터가 변하지 않았음을 검증 처리하는 AH(Authentication Header)프로토콜과 패킷의 데이터를 네트워크 상에서 부정을 행하려는 자가 불법적으로 해독찬 수 없도록 처리하는 ESP(Encapsulating Security Payload) 프로토콜을 설계하였다.

  • PDF

Access Control for Secrecy Document Protection in the Company (사내 기밀문서 유출방지를 위한 데이터 접근제어 시스템)

  • Kim, Kyu-Il;Hwang, Hyun-Sik;Ko, Hyuk-Jin;Lee, Hae-Kyung;Kim, Ung-Mo
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2006.11a
    • /
    • pp.349-352
    • /
    • 2006
  • 현재, 대기업이나 중소기업에서는 회사 내 정보보호 및 누출을 막기 위해 데이터 접근 기술을 적용 및 개발하고 있다. 하지만 기존 XML기반 RBAC 접근제어 기술은 회사환경에 적용하기에 무리가 있고 한계를 지나고 있기 때문에 사용자로부터 회사의 기밀정보를 보호하고, 시스템 디바이스에 대한 사용을 제어하기 위해서는 회사는 시스템의 보안 관리자에 의해 관리될 수 있는 보안매커니즘의 확립이 필요하다. 따라서 본 연구에서는 회사 특성에 맞는 데이터 접근방법을 제시하고자 한다. 제안방법은 기존 XML 기반 RBAC 확장하여 사내 데이터 접근환경에서 사용자를 식별할 수 있는 인증 매커니즘과 사용자의 사용권한을 식별하는 인가 메커니즘을 설계 및 구현한다. 또한 각 부서에 성격에 맞는 메시지 프로토콜을 정의하고 제시함으로써 해당 부서에 요청하는 시스템에 따라 다른 정책을 제공할 수 있다.

  • PDF

Role Administration Security Model based on MAC and Role Gragh (강제적 접근방식과 역할 그래프를 기반으로 한 역할관리 보안모델)

  • Park, Ki-Hong;Kim, Ung-Mo
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2001.10a
    • /
    • pp.73-76
    • /
    • 2001
  • 다중등급을 갖고 있는 대용량 데이터베이스 환경에서 각 보안등급을 갖고 있는 사용자가 데이터베이스에 접근할 때 확장된 강제적 접근제어(MAC:Mandatory Access Control) 방식과 역한 그래프(Role Graph)를 이용해 하위등급의 사용자가 상위등급의 데이터를 추론하거나 인지하는 데이터 유출을 방지하여 데이터의 무결성(integrity)과 데이터베이스 관리시스템(DBMS:Database Management System) 전체의 보안을 유지하며 각 보안등급의 데이터와 사용자를 효율적으로 관리하고 제어한 수 있는 역할관리 보안모델을 제안한다.

  • PDF