• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.269-281
• /
• 2018

Many organizations are threatened by numerous information security attacks which are resulting in information security incidents. To prevent information security incidents, organizations invest on various information security measures like information security products, monitoring services and security training and educations. However they do not have enough knowledge about measurable utilities of information security investments. Since there is little studies empirically examining the effect of information security investments, this research aims to find out utilities of information security investment. We especially focuse on information security service investments. This study examined the data from the survey on information security for business sector which was conducted by Korean information & security agency. We utilized negative binomial regression model, which is a suitable model for over-dispersed count data. We found out that an investment on information security education and vulnerability testing have direct impact on reducing information security incidents. This research academically contributed to shed light on the utility of information security investments on reducing information security incidents. This research practically contributed to providing information security investment guideline for organizations which want to reduce information security incidents efficiently.

• The Journal of Society for e-Business Studies
• /
• v.22 no.4
• /
• pp.175-191
• /
• 2017

The basis of economic statistics for evaluating the security industry's growth and inter-industry impacts is to create a standardized industry classification along with the scope of the security industry. The industrial classification should be written in such a way that it complies with and complies with the standards of the international and domestic standardized standard industrial classifications. Representative classifications of information security, physical security, and convergence security as well as classification of products and services related to security at present are not in line with the criteria of industrial classification based on the characteristics of production activities for products. The results of the convergence security industrial classification study are also consumer-oriented classification, which differs from the supplier-centric classification officially used in statistics, law, and policy enforcement in the present country. In this study, we first summarized the criteria of Korean and international industrial classification, and then examined whether the current classification of security meets these criteria. Next, to examine the classification directions of newly formed industries such as security industry, we reviewed some cases of domestic industrial special classification and types, and proposed the industrial classification criteria and direction of the security industry on the basis of them.

• Review of KIISC
• /
• v.25 no.3
• /
• pp.52-65
• /
• 2015

제조 분야의 미래유망기술로써 각광받고 있는 3D프린터 기술은 다양한 방식으로 활용되고 있다. 시제품의 제작비용과 시간을 절감시키고 1인 맞춤형 제품 생산이 가능하게 하였으며, 의료 및 산업분야 전반에 걸쳐 그 시장과 규모는 나날이 증대되고 있다. 하지만 이에 반하여 환경오염, 무기제작, 지적재산권, 의료 윤리 및 규제, 국가 보안 위험 등과 같은 문제점 또한 적지 않게 제기되고 있다. 본 고에서는 정보보호 관점에서 네트워크와 연결된 3D프린터가 가진 잠재적인 취약점에 대해 알아보고, 조직에서 이를 예방하기 위한 관리적 방법에 대해 NIST IR 8023의 생명주기에 기반 한 단계별 위험관리 및 위험평가에 대한 가이드를 제공하고자 한다.

• Review of KIISC
• /
• v.15 no.2
• /
• pp.54-62
• /
• 2005

기존의 신용카드 등이 최근에는 암호 기능을 갖춘 스마트카드로 대체되고 있다 그러나 스마트카드의 제한적인 연산기능으로 인하여 탑재되는 암호 알고리즘을 고속화하여 탑재해야 하는데, 이렇게 고속화된 암호 알고리즘은 사이드 채널 공격(Side Channel analysis)에 취약점을 갖는다. 암호 알고리즘의 동작 중에 시간차, 전자파, 전력 등 부가적으로 얻어지는 정보를 분석하는 사이드 채널 공격은 이론적으로 안전성이 증명된 알고리즘에서도 구현상의 문제로 인하여 공격이 가능하기 때문에 그 위험성이 매우 높다. 본 고에서는 2003년 신규 정보보호제품 평가대상으로 확대된 스마트 카드의 안전성 평가방안에 대하여 설명하고 스마트카드 상에서 공격 가능한 사이드 채널 공격을 타이밍 공격, 오류삽입 공격, 단순/차분 전력분석 공격으로 나누어 기술하고 이러한 공격에 대한 대응기법을 소개한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1099-1116
• /
• 2019

Industrial control systems(ICS) are widely used in various industrial area and critical infrastructure. To mitigate security threats on ICS, the security assurance test for industrial control devices has been introduced and operating. The test includes testing of the security function of the device itself and testing of communication robustness. In this paper, we describe the security requirements of EDSA, Achilles, and Korea's TTA standard(security requirements for ICS). And also, we analyzed the characteristics of communication robustness test(CRT) of each certification. CRT verifies the device's operation of essential function while transmitting fuzzing and stress packets. Existing test methods are mostly focused on the embedded devices and are difficult to apply to various devices. We propose a method to test communication robustness which reflect the characteristics of control H/W, control S/W, field devices and network devices in ICS. In the future, we will apply the proposed communication robustness test to actual products and present solutions for arising issues.

• The Journal of Society for e-Business Studies
• /
• v.9 no.1
• /
• pp.303-320
• /
• 2004

Smart card is a useful tool used in electronic payment systems and it is very important to test whether a smart card operates correctly. In this paper, we analyze previous researches on testing smart cards, such as ISO/IEC and KS standard documents, and Guideline of Card Quality Test. We also propose the functional test results done on the Highpassplus card of Korea Highway Corporation. By testing the Hipgpassplus card we can get card systems with reliable functionality and security. Furthermore, this can help developing more reliable security systems. The test results of the Highpassplus card proposed in this paper are the first research on testing smart cards in services in Korea and we expect that the test methods of smart card will be advanced based on our results.

• Information Systems Review
• /
• v.25 no.3
• /
• pp.139-162
• /
• 2023

With the emergence of new digital technologies into a supply chain, it is essential for companies to incorporate these technologies in managing their supply chains. However, various challenges have been identified in digital supply chain management, especially when it comes to its assessment. There are no universally agreed measurements for the performance of digital supply chain management within the research community so far. This paper explores an option of using user experience as one of possible measurements. Therefore, three different focus-group discussions were held and later analyzed with a qualitative content analysis. The subscription-based video on demand service, Netflix was used as an example in those discussions. Due to the fact that Netflix provides a digital product as a streamline service, user experience is critical for the company. Especially, user experience with a recommender system and related privacy issues have become significant for a company to retain existing customers and attract new customers in many fields. Since the recommender system and related privacy issues are parts of a digital supply chain, user experience can be one of appropriate measurements for digital supply chain management. This study opens a new perspective for research on performance measurements of digital supply chain management.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.10c
• /
• pp.455-458
• /
• 2007

생체 인식에 있어서 가장 높은 성능을 가진 것으로 알려진 홍채인식 시스템은 고도의 보안성을 요구하는 시스템에 적합하지만 높은 하드웨어 비용 때문에 널리 보급되고 있지는 못하고 있는 실정이다. 한편, 단초점 CMOS센서는 높은 하드웨어 비용을 보완할 수 있고 개인을 식별하기에 충분한 해상도를 제공한다. 본 논문에서는 단초점 센서를 사용하여 하드웨어 비용을 줄이고 홍채패턴의 코드화는 상용화된 제품에 사용되어 이미 안정적이라 평가받은 John G. Daugman 의 Gabor Wavelet Transform 을 기반으로 하여 홍채인식 시스템을 구현하고 이를 실생활에 적용할 수 있는 근태관리 시스템을 개발하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1257-1268
• /
• 2015

Multi-functional devices was originally an equipment performing image processing, but function transmitting image data digitized by combining fax function and function of network are added and it was rapidly developed. Also, functions of internet application, application expansion, remote sharing and image treatment were added to multi-functional devices. But, multi-functional devices can cause security vulnerability such as data exposure, eavesdropping, etc. because of the threatening by network connection. Therefore, common criteria of multi-functional devices are necessary, but there is no protection profile for multi-functional devices now. Therefore, concrete standards of evaluation are not applied to evaluate secure for products, so it was difficult to maintain uniformity of evaluation quality. Therefore, this paper developed protection profile for multi-functional devices based on common criteria of evaluation so as to analyze threats of multi-functional devices and use secure multi-functional devices.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.4
• /
• pp.41-46
• /
• 2016

Recently, many domestic and foreign corporates are concentrating in investment to wearable devices and users are provided with various service based on wearable devices 26% more than compared to last year. It is widely used in previous healthcare, smart work, smart home environment, and it is now introduced to get connection to fused service environment. However, as products of G company are commercialized, the security issue of personal information is causing dispute in society, and the danger of data management and security regarding telecommunication is increasing. Also, because the password system used in previous wireless environment is still in use, there are possible vulnerability considering the new and mutant security threat. This thesis conducted study about protocols that can exercise safe telecommunication in the basis of wearable devices. In the registration and certification process, the signature value is created based on the code value. The telecommunication method is designed to conduct safe telecommunication based on the signature value. As for the attack method occurring in the wearable device environment, the safety was analyzed and conducted performance evaluation of previous password system and proposal system, and verified about 14% of efficiency.