• Title/Summary/Keyword: 보안문화

Search Result 232, Processing Time 0.025 seconds

Inter-device Mutual authentication and Formal Verification in M2M Environment (M2M 환경에서 장치간 상호 인증 및 정형검증)

  • Bae, WooSik
    • Journal of Digital Convergence
    • /
    • v.12 no.9
    • /
    • pp.219-223
    • /
    • 2014
  • In line with the advanced wireless communication technology, M2M (Machine-to-Machine) communication has drawn attention in industry. M2M communication features are installed and operated in the fields where human accessibility is highly limited such as disaster, safety, construction, health and welfare, climate, environment, logistics, culture, defense, medical care, agriculture and stockbreeding. In M2M communication, machine replaces people for automatic communication and countermeasures as part of unmanned information management and machine operation. Wireless M2M inter-device communication is likely to be exposed to intruders' attacks, causing security issues, which warrants proper security measures including cross-authentication of whether devices are legitimate. Therefore, research on multiple security protocols has been conducted. The present study applied SessionKey, HashFunction and Nonce to address security issues in M2M communication and proposed a safe protocol with reinforced security properties. Notably, unlike most previous studies arguing for the security of certain protocols based on mathematical theorem proving, the present study used the formal verification with Casper/FDR to prove the safety of the proposed protocol. In short, the proposed protocol was found to be safe and secure.

The Relationship between Organizational Culture, Job Characteristics and Job Continuance among Police Officers (경찰공무원의 조직문화와 직무특성 및 직무지속의지의 관계)

  • Kim, Chan sun;Park, Young Man
    • Convergence Security Journal
    • /
    • v.14 no.6_2
    • /
    • pp.63-72
    • /
    • 2014
  • The purpose of this study is to investigate the relationship between organizational culture, job characteristics and job continuance will among police officers. This study targets the police officers dispatched in the Seoul metropolitan area in 2012, and it uses judgment sampling method to analyze 187 samples. This study conducted the statistical analysis, including frequency analysis, factor analysis, reliability analysis and multiple regression analysis, by using SPSS WIN 18.0. The result is as follows. First, the organizational culture among police officers has effects on job characteristics. That is, the feedback increases as the organizational culture becomes more mutual development- or agreement-oriented, or as it becomes more hierarchical; on the other hand, the job importance increases as more hierarchical and rational a culture becomes. Also, self-determination increases as an organization becomes more mutual development- or agreement-oriented. Second, the organizational culture among police officers has effects on the job continuance will. That is, the expected satisfaction increases but intentional insincerity decreases as the organizational culture becomes more mutual development- or agreement-oriented. Also, risk-perceiving behavior increases as an organizational culture becomes more hierarchical. Third, police officers' job characteristics have effects on the job continuance will. That is, the feedback and job importance increases the expected satisfaction while reducing functional diversity. The feedback also reduces the contraction factor. The job importance increases intentional insincerity while reducing functional diversity. The functional diversity not only increase alternative expectation but also increases risk-perceiving factors.

Relation of Empowerment and Organization Attachment with the Organization Culture of Security Organization (시큐리티조직의 조직문화와 임파워먼트 및 조직애착도의 관계)

  • Kim, Chan Sun
    • Convergence Security Journal
    • /
    • v.14 no.1
    • /
    • pp.33-41
    • /
    • 2014
  • The purpose of this study is to establish the relationship of empowerment and organization attachment with the organization culture of security organization. This study is based by setting the security organization employed in security firms in the capital area(Seoul) in 2012 as the parent population and using the purposive sampling method to analyze a total amount of 280 examples. The frequency analysis, analysis on primary factors, reliability analysis, multiple regression analysis, path analysis methods using SPSSWIN 18.0 were used in analysis. The reliability of the survey showed a Cronbach's ${\alpha}$ value of over 0.690. The results are like the following. First, the organization culture of security organization affect empowerment. Thus, the more a practical development culture is settled, the more the capability of self-determinism, meaningfulness, and effect is amplified. Moreover, the more a consensual culture is established, the more the capability of self-determinism is enhanced, and the more a hierarchical culture is established, the more the meaningfulness is enhanced. Second, the organization culture of security organization affect organization attachment. Thus, the continuous normative attachment is enhanced when a more hierarchical culture is established. Moreover, emotional attachment is enhanced when a more practical development culture is established. Third, the empowerment of security organization affects organization attachment. Thus, the continuous normative attachment is decreased when one's capability of self-determinism is more lacking. However, the continuous normative attachment is higher when the meaningfulness and effect is enhanced. Moreover, emotional attachment is enhanced when meaningfulness is increased. Fourth, the organization culture of security organization directly/indirectly affects empowerment and organization attachment. Thus, empowerment is an important mediating factor between organization culture and organization attachment.

Experiments and Analysis for Security Vulnerabilities on Teredo (Teredo 보안 취약점 실험 및 분석)

  • Cho, Hyug-Hyun;Kim, Jeong-Wook;Noh, Bong-Nam;Park, Jong-Youll
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2007.11a
    • /
    • pp.1158-1161
    • /
    • 2007
  • IPv6는 IETF가 IPv4를 대체하기 위해 제안한 프로토콜이다. 하지만 현재 모든 네트워크를 IPv4에서 IPv6로 전환하는 것은 비용과 시간적인 측면에서 힘들기 때문에 상당 기간 IPv4와 IPv6가 공존하는 IPv4/IPv6 혼재 네트워크가 유지될 것이다. IPv4/IPv6 혼재 네트워크에서 통신을 위해 다양한 메커니즘들이 개발되었다. Teredo는 이러한 메커니즘들 중에 하나로 NAT 내에 위치한 IPv4 호스트가 IPv6를 이용할 수 있게 하고, 향후 다수의 사용자에 의해 사용이 예상되는 윈도우 비스타에서 기본적으로 이용할 수 있기 때문에 혼재 네트워크에서 상당히 오랜 기간 동안 사용될 것이다. 하지만 Teredo 메커니즘은 NAT 내의 보안 장비 우회, Teredo 구성 요소의 신뢰성 등 보안 취약점을 가지고 있다. 본 논문에서는 Teredo를 이용하는 네트워크에서 발생 가능한 보안 취약점들에 대해서 기술하고, 그 중에서 캐쉬 오버플로우 공격에 대한 실험 결과를 기술한다.

Development of U-ICT Disaster Management System of Based on LBS(Location Based Services) (LBS기반 U-ICT 재난.재해관리 관제시스템개발)

  • Kim, Dong-Hyun;Jang, Yeon-Tae;Jeon, Hee-Jo
    • Proceedings of the Korea Institute of Fire Science and Engineering Conference
    • /
    • 2011.04a
    • /
    • pp.233-236
    • /
    • 2011
  • GPS 기반의 위치관제 시스템은 현재 교통, 물류관제, 보험, 보안 등 다양한 분야에서 활용되고 있다. 재난 재해관리를 방재 분야에서도 다양한 형태의 위기 상황에 대응하기 위해 재난 재해 종류 및 규모별로 다양한 정보자원을 이용해야 하고 인적 물적 자원을 활용하여 빠르게 대응해야 한다. 특히 산불, 산사태, 태풍, 홍수해 등의 광역의 자연재해뿐만 아니라 주요시설물 및 문화재 등의 인위적 재난 방재 분야에서도 중앙정부 차원의 U-ICT기술을 이용한 실시간 통합 예방 대응관리 시스템이 필요하다. 본 연구에서는 스마트 폰 및 GPS-CDMA단말기를 이용한 산불을 사례로 한 '자연재해관제시스템' 개발과 함께 문화재를 대상으로 한 'LBS기반 문화재위험관리시스템'에 대한 구현 방법에 대하여 제안하며 기존의 인적 자원과 물적 자원의 총괄적인 관리와 차세대 문화재 위험관리 시스템 구축 방향을 제시하였다.

  • PDF

출판인 구속사태 무슨 일 때문인가

  • Lee, Seong-Su
    • The Korean Publising Journal, Monthly
    • /
    • s.152
    • /
    • pp.22-22
    • /
    • 1994
  • 출판인 구속사태가 잇따르고 있다. 출판계에서는 문민정부 출범 이후 처음 있는 이같은 출판인 구속이 점차 그 범위가 확대되고 있는 게 아닌가 의아해 하고 있다. 특히 지난 4월 15일 대검찰청이 '좌익출판물에 대한 일제단속'을 전국 검찰과 경찰에 지시한 바 있어, 앞으로 출판물에 대한 국가보안법 적용이 어떤 식으로 진행될지 그 귀추가 주목된다.

  • PDF

An Architecture for Securing Digital Documents Using Radio Frequency Identification(RFID) (RFID를 이용한 디지털 문서 보안 아키텍처)

  • Choi, Jae-Hyun;Lee, Woo-Jin;Chon, Ki-Won
    • The KIPS Transactions:PartC
    • /
    • v.12C no.7 s.103
    • /
    • pp.965-972
    • /
    • 2005
  • Digital documents have become the mainstay of the paperless office. This is due to the increased usage of computer networks and the widespread digital culture. Along with the increased usage of digital documents comes the problem of securing them. The documents nay have very important information such as confidential business policies and intellectual Property statements. Generally, most of users protect them by using a password or secured flash memory or security software, but it has several weaknesses. Accordingly, we propose a new architecture for securing digital documents. The proposed architecture bases on RFID and several encrypting techniques. It makes up for the weakness of traditional securing architectures, and supports various Policies for digital documents of users.

Financial Industry Security: A Qualitative Study for Reducing Internal Fraud in Banking Institutions (금융산업보안: 은행권 내부부정 방지를 위한 질적 연구)

  • Suh, Joon Bae
    • Korean Security Journal
    • /
    • no.56
    • /
    • pp.165-185
    • /
    • 2018
  • Because financial industry is closely related to the daily lives of people, internal fraud such as embezzlement by the employees can cause serious damage to the national economy, including credit crunch and contagious bankruptcy, as once demonstrated in the Savings Bank Scandal in 2011. Therefore, the importance of financial industry security is being emphasized and developed into converged security that combines physical, human and cyber security. In this study, to prevent fraud caused by internal employees in Korean financial sector, in-depth semi-structured interviews were conducted with a total of 16 participants including bankers, officials of financial regulators, and security experts, who were in charge of risk management in the industry. The collected data were analyzed at three stratification levels such as individual, organization, and socio-cultural factor. Based on this analysis, policy recommendations were suggested for the development of financial industry security and reducing internal fraud in banking institutions.

Protection Technologies against Large-scale Computing Attacks in Blockchain (블록체인에서 대용량 컴퓨팅 공격 보호 기술)

  • Lee, Hakjun;Won, Dongho;Lee, Youngsook
    • Convergence Security Journal
    • /
    • v.19 no.2
    • /
    • pp.11-19
    • /
    • 2019
  • The blockchain is a technique for managing transaction data in distributed computing manner without the involvement of central trust authority. The blockchain has been used in various area such as manufacturing, culture, and public as well as finance because of its advantage of the security, efficiency and applicability. In the blockchain, it was considered safe against 51% attack because the adversary could not have more than 50% hash power. However, there have been cases caused by large-scale computing attacks such as 51% and selfish mining attack, and the frequency of these attacks is increasing. In addition, since the development of quantum computers can hold exponentially more information than their classical computer, it faces a new type of threat using quantum algorithms. In this paper, we perform the security analysis of blockchain attacks composing the large computing capabilities including quantum computing attacks. Finally, we suggest the technologies and future direction of the blockchain development in order to be safe against large-scale computing attacks.

Secured Authentication Scheme and Charging & Discharging System Operation for Electric Vehicles (정보보호를 고려한 전기자동차 충방전 시스템의 인증과 운영에 관한 연구)

  • Lee, Sunguk
    • The Journal of the Convergence on Culture Technology
    • /
    • v.7 no.1
    • /
    • pp.551-557
    • /
    • 2021
  • With increase of electric vehicle in the road, the number of charging/discharging infrastructure for electric vehicle in public space is also increased rapidly. To charge or discharge the electric vehicle the user of electric vehicle and service provider should verify the each other's identity to minimize security vulnerability. This paper proposes mutual authentication scheme between electric vehicle and charging/discharging service provider with help of hash function and Message Authentication Code(MAC). Also efficient operating scheme for charging/discharging service system is proposed. The analysis shows that the system has robustness against security vulnerability. Also this system can keep the sensitive personal information of service user safely.