• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.259-273
• /
• 2016

After realizing through the three large-scale data leakage incidents that intentional or accidental insider jobs are more serious than external intrusions, financial companies in Korea have been taking measures to prevent data leakage from occuring again. But, the IT system architecture reflecting the domestic financial environment is highly complicated and thereby difficult to grasp. It is obvious that despite administrative, physical, and technical controls, insider threats are likely to cause personal data leakage. In this paper, we present a process that based on metadata defines and manages personally identifiable attribute data, and that through inter-table integration identifies personal information broadly and controls access. This process is to decrease the likelihood of violating compliance outlined by the financial supervisory authority, and to reinforce internal controls. We derive and verify a decision-making model that reflects the proposed process.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.469-480
• /
• 2008

The recently proposed RFID(Radio Frequency Identification) authentication protocol based on a hash function can be divided into two types according to the type of information used for authentication between a reader and a tag: either a value fixed or one updated dynamically in a tag memory. In this paper, we classify the protocols into a static ID-based and a dynamic-ID based protocol and then analyze their respective strengths and weaknesses. Also, we define a new security model including forward/backward traceability, synchronization, forgery attacks. Based on the model, we analyze the previous protocols and propose a new dynamic-ID based RFID mutual authentication protocol. Our protocol provide enhanced RFID user privacy compared to previous protocols and identify a tag efficiently in terms of the operation quantity of a tag and database.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.6
• /
• pp.1462-1470
• /
• 2013

This paper proposes an SWAD-KNH(Sybil & Wormhole Attack Detection using Key, Neighbor list and Hop count) technique which consists of an SWAD(Sybil & Wormhole Attack Detection) module detecting an Worm attack and a KGDC(Key Generation and Distribution based on Cluster) module generating and an sense node key and a Group key by the cluster and distributing them. The KGDC module generates a group key and an sense node key by using an ECDH algorithm, a hash function, and a key-chain technique and distributes them safely. An SWAD module strengthens the detection of an Sybil attack by accomplishing 2-step key acknowledgement procedure and detects a Wormhole attack by using the number of the common neighbor nodes and hop counts of an source and destination node. As the result of the SWAD-KNH technique shows an Sybil attack detection rate is 91.2% and its average FPR 3.82%, a Wormhole attack detection rate is 90%, and its average FPR 4.64%, Sybil and wormhole attack detection rate and its reliability are improved.

• Journal of Digital Convergence
• /
• v.16 no.6
• /
• pp.105-115
• /
• 2018

With the development of information and communication technologies, popularization of smart phones, and relaxation of the government regulation, mobile easy payment service is rapidly growing as a major financial service. Therefore, this study examines factors that influence the intention to use mobile easy payment service through empirical analysis. We collected 386 responses by survey and formed structural equation modeling with AMOS 22.0. The results show that technical factors(relative advantage, security), individual factor(self-efficacy), situational factors(trust in prior services and satisfaction of prior services) had a positive effect on the perceived value. In addition, perceived value had a positive effect on the intention to use mobile easy payment services. Lastly, subjective norms are closely related to the relationship between perceived value and intention to use mobile easy payment services. The results can be expected to provide useful references to the Fintech related industry fields.

• The Journal of the Convergence on Culture Technology
• /
• v.2 no.4
• /
• pp.71-76
• /
• 2016

In this study, de-identification policies of the US, the UK, Japan, China and Korea are compared to suggest a future direction of de-identification regulations and a method for vitalizing the big data industry. Efficiently using the de-identification technology and the standard of adequacy evaluation contributes to using personal information for the industry to develop services and technology while not violating the right of private lives and avoiding the restrictions specified in the Personal Information Protection Act. As a counteraction, the re-identification issue may occur, for re-identifying each person as a de-identified data collection. From the perspective of business, it is necessary to mitigate schemes for discarding some regulations and using big data, and also necessary to strengthen security and refine regulations from the perspective of information security.

• Journal of the Society of Disaster Information
• /
• v.7 no.3
• /
• pp.240-246
• /
• 2011

The professional ethics for the guard is defined as the professional ethics that the person working as a guard to have. The professional ethics education builds the certainty and confidence about professional ethics recognition as well as behavior for guards so that helps the successful performance of the job. Therefore, this study tried to consider previous researches, understand the current professional ethics education for the department related to the guard and the case studies of incidents due to lack of professional ethics education to suggest the measures of activating professional ethics education. First, it is to consider the specialty of the guard to build the guard-martial spirit. Second, the professional ethics education must be out of the central culture study but develop as a major subject. Third, the quality and professionalism of the responsible professor of the professional ethics subject shall be considered. Forth, the professional ethics education must be performed not only at school but also continuously through the various ethics programs of the work places as well as organizations.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.33 no.7
• /
• pp.98-105
• /
• 2005

In this paper, the decryption function of CCSDS telecommand of CTU EQM for the security of communications satellite was verified. In order to intensify the security level of DES CFB decryption algorithm applied to CTU EM, 3DES CFB decryption algorithm using three keys is implemented in the CTU EQM. As the decryption keys increased due to the 3DES algorithm, the keys and IV are stored in PROM memory, and used for the telecommand decryption by taking the keys and IVs corresponding to the selected key and IV indexes from the memory. The operation of the 3DES CFB is validated through the timing simulation of 3DES CFB algorithm, and then the 3DES CFB core implemented on the A54SX32 FPGA. The test environment for the telecommand decryption verification of the CTU EQM was built up. Through sending and decrypting the encrypted command, monitoring the opcodes, and confirming LED on/off by executing the opcodes, the 3DES CFB telecommand decryption function of the CTU EQM is verified.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.1
• /
• pp.73-81
• /
• 2013

This research proposes design and construction of Korean type SWC based on user oriented smart work system. To achieve this proposal, the research suggested improvements of related law, changes to working environment, and strengthening information security for users, stronger Korean ICT based; the study investigated for an efficient and suitable Korean type SWC by analyzing Korean government plans and foreign developed countries' cases. The user-oriented smart work service platform suggested in this study aims to offer a solution to national crisis and establish infrastructure to knowledge-industry and creative-industry by collaborative smart work environment of 'Context Awareness' and 'Tangible User Interface'. As a result, smart work suggests methods to produce creative work by IT workers and efficient work environment for better standing in world competition. In conclusion, Korean SWC system is proved to be superior in satisfaction rate at 75.41%, 20.18% higher than average score shown in 5 categories in 5 countries from USA, Japan, and EU's which was 55.23%.

• Journal of Digital Convergence
• /
• v.9 no.4
• /
• pp.245-252
• /
• 2011

This study review about smart work to appear the use of smart device, and find the management plan for activating of smart work. Our national's smart work that is the best internet environment in worldwide fall behind foreign country. This study offers for the activating strategies of smart work. Fist, it is to change perception about smart work. Second, it should be clear up legal definition and category of smart-work. Third, it is that tighten up security of smart equipment. It is hard to achieve effects, as long as we get used to face-to-face work processing. Based on accurate perception about smart work on both employees and manager, this study suggest that it is important to change perception and to make actively use of smart work.

• Journal of Convergence for Information Technology
• /
• v.7 no.6
• /
• pp.135-141
• /
• 2017

Recently, as elderly people suffering from chronic diseases have increased and disasters such as traffic accidents have increased, urgent rescue workers and doctors need to respond effectively to such emergencies. For elderly people, the difficulty in communicating their condition especially the health condition during disaster is one of the problems in which delay on immediate handling by rescue team can cause death. Providing a solution for this problem is one of the main issues in our research. In this paper, we use the QR code to communicate the minimum personal information and medical history needed for emergency medical treatment to emergency medical personnel, and to transmit the medical history and treatment data to the doctors of the hospital through QR code and fingerprint recognition, respectively. Especially, by using both QR code of smart phone and fingerprint of individual, we can protects personal information and strengthens privacy and security of medical information by allowing only authorized physicians to check medical records of the old patient.