• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.911-918
• /
• 2014

Over the past few years, security breaches have been consistently reported around the world. Especially, people's personal information are at risk of being breached as the firms gather and utilize the information for their marketing purposes. As an effort to revamp their data infrastructures, companies have rebuilt their system that almost every data, including the personal information, are stored within the digital database. However, this migration provides easier access to the database but it has also increased the system vulnerability. As the data can be easily exposed to the unauthorized personnel both intentionally and unintentionally, it is necessary for companies to establish a set of security protocol and operate the personal information protection system. There are two major certified security system in South Korea; PIMS from KISA and PIPL from NIA. This paper analyzes the preferences of SMEs and small business using conjoint attributes of PIMS and PIPL. The study shows that the business owners take post certification rewards as the most important factor. It also shows that the attributes that have the highest utility rates are the following; 1) KISA certification, 2) 79 points of protection counter measurements, 3) 28 items of life cycle, 3) 50 percent discount on certification fee, and 4) Reduced amount of fine for personal information leakage incident.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.4
• /
• pp.41-46
• /
• 2016

Recently, many domestic and foreign corporates are concentrating in investment to wearable devices and users are provided with various service based on wearable devices 26% more than compared to last year. It is widely used in previous healthcare, smart work, smart home environment, and it is now introduced to get connection to fused service environment. However, as products of G company are commercialized, the security issue of personal information is causing dispute in society, and the danger of data management and security regarding telecommunication is increasing. Also, because the password system used in previous wireless environment is still in use, there are possible vulnerability considering the new and mutant security threat. This thesis conducted study about protocols that can exercise safe telecommunication in the basis of wearable devices. In the registration and certification process, the signature value is created based on the code value. The telecommunication method is designed to conduct safe telecommunication based on the signature value. As for the attack method occurring in the wearable device environment, the safety was analyzed and conducted performance evaluation of previous password system and proposal system, and verified about 14% of efficiency.

• The Journal of the Korea Contents Association
• /
• v.10 no.3
• /
• pp.101-112
• /
• 2010

The recent trend of the hacking deals with all the IT infrastructure related to the profit of the companies. Presently, they attack the service itself, the source of the profit, while they tried to access to the service infrastructure through the non-service port in the past. Although they affect the service directly, it is difficult to block them with the old security solution or the old system and they threaten more and more companies with the demand of money menacing the protection of customers and the sustainable management. This paper aims to design and implement multi-platform network packet scanner targeting the exception handling network intrusion detection system which determines normal, abnormal by traffic. Linux and unix have the various network intrusion detection and packet management tools like ngrep, snort, TCPdump, but most of them are based on CUI (Character based User Interface) giving users discomfort who are not used to it. The proposed system is implemented based on GUI(Graphical User Interface) to support the intuitive and easy-to-use interface to users, and using Qt(c++) language that supports multi-platform to run on any operating system.

• Korean Security Journal
• /
• no.21
• /
• pp.155-175
• /
• 2009

RFID that provide automatic identification by reading a tag attached to material through radio frequency without direct touch has some specification, such as rapid identification, long distance identification and penetration, so it is being used for distribution, transportation and safety by using the frequency of 125KHz, 134KHz, 13.56MHz, 433.92MHz, 900MHz, and 2.45GHz. Also it is one of main part of Ubiquitous that means connecting to net-work any time and any place they want. RFID is expected to be new growth industry worldwide, so Korean government think it as prospective field and promote research project and exhibition business program to linked with industry effectively. RFID could be used for access control of person and vehicle according to section and for personal certify with password. RFID can provide more confident security than magnetic card, so it could be used to prevent forgery of register card, passport and the others. Active RFID could be used for protecting operation service using it's long distance date transmission by application with positioning system. And RFID's identification and tracking function can provide effective visitor management through visitor's register, personal identification, position check and can control visitor's movement in the secure area without their approval. Also RFID can make possible of the efficient management and prevention of loss of carrying equipments and others. RFID could be applied to copying machine to manager and control it's user, copying quantity and It could provide some function such as observation of copy content, access control of user. RFID tag adhered to small storage device prevent carrying out of item using the position tracking function and control carrying-in and carrying-out of material efficiently. magnetic card and smart card have been doing good job in identification and control of person, but RFID can do above functions. RFID is very useful device but we should consider the prevention of privacy during its application.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.873-883
• /
• 2017

As Ransomware spreads, the target of the attack shifted from a single personal to organizations which lead attackers to be more intelligent and systematic. Thus, Ransomware's threats to domestic infrastructure, including the financial industry, have grown to a level that cannot be ignored. As a measure against these security issues, organizations use ISMS, which is an information protection management system. However, it is difficult for management to make decisions on the loss done by the security issues since amount of the damage done can not be calculated with just ISMS. In this paper, through FAIR-based loss measurement model based on scenario's to identify the extent of damage and calculate the reasonable damages which has been considered to be the problem of the ISMS, we identified losses and risks of Ransomeware on the financial industry and method to reduce the loss by applying the current ISMS and ISO 27001 control items rather than modifying the ISMS.

• The Korean Journal of Archival Studies
• /
• no.25
• /
• pp.3-46
• /
• 2010

Digital records management is one whole system in which many social and technical elements are interacting. To maintain the trustworthiness, the repository needs periodical audit and certification. Thus, individual electronic records management agency needs toolkit that can be used to self-evaluate their trustworthiness continuously, and self-assess their atmosphere and system to recognize deficiencies. The purpose of this study is development of self-certification toolkit for repositories, which synthesized and analysed such four international standard and best practices as OAIS Reference Model(ISO 14721), TRAC, DRAMBORA, and the assessment report conducted and published by TNA/UKDA, as well as MoRe2 and current national laws and standards. As this paper describes and demonstrate the development process and the framework of this self-certification toolkit, other electronic records management agencies could follow the process and develop their own toolkit reflecting their situation, and utilize the self-assessment results in-house. As a result of this research, 12 areas for assessment were set, which include (organizational) operation management, classification system and master data management, acquisition, registration and description, storage and preservation, disposal, services, providing finding aids, system management, access control and security, monitoring/audit trail/statistics, and risk management. In each 12 area, the process map or functional charts were drawn and business functions were analyzed, and 54 'evaluation criteria', consisted of main business functional unit in each area were drawn. Under each 'evaluation criteria', 208 'specific evaluation criteria', which supposed to be implementable, measurable, and provable for self-evaluation in each area, were drawn. The audit and certification toolkit developed by this research could be used by digital repositories to conduct periodical self-assessment of the organization, which would be used to supplement any found deficiencies and be used to reflect the organizational development strategy.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.8
• /
• pp.22-33
• /
• 2009

Mobile Ad Hoc Networks (MANETs) are self-organized networks that do not rely in their operation on wired infrastructure. As in any networking technology, security is an essential element in MANET as well, for proliferation of this type of networks. But supporting secure communication in MANETs proved to be a significant challenge, mainly due to the fact that the set of nodes in the network can change frequently and rapidly and due to the lack of access to the wired infrastructure. In particular, the trust model and the authentication protocols, which were developed for wired and infrastructure-based networks, cannot be used in MANETs. In [1], we addressed the problem of efficient authentication of distributed mobile users in geographically large networks and proposed a new authentication scheme for this case of MANETs. The proposed scheme exploits randomized groups to efficiently share authentication information among nodes that together implement the function of a distributive Certification Authority(CA). In this paper, we analyze numerically the performance of authentication method using randomized groups and compare with the simulation result.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.12
• /
• pp.257-263
• /
• 2011

Conventional middleware is software providing services between clients and servers efficiently, but it is not applicable to RFID systems because of low consistency due to the absence of context awareness function, and problems in the management of meaning, security system, etc. Accordingly, we need a quality selection process and a quality evaluation method for selecting RFID middleware based on new criteria. This Paper proposed a new selection process based on international standard ISO/IEC 14598, and extracted and selected optimal quality factors through the proposed process. The selected quality factors were mapped to the quality characteristics of standard quality model ISO/IEC 9126, and to quality factors of RFID middleware of SUN, Microsoft, EPCglobal, IBM, etc. The results of these works showed that the quality factors extracted and selected through the proposed process were fair and adequate for evaluating the quality of RFID middleware.

• Korean Security Journal
• /
• no.20
• /
• pp.271-289
• /
• 2009

In e-terrorism, terrorists use cyber spaces including the internet in order to strike terror into the heart of a nation. It is revealed that recently happening terror cases use cyber spaces as a strategic tool. This research aims to investigate efficient countermeasures against various types of terror attacks made by terrorists and their cyber networking, in order to contribute to the prevention of terrors from a modern standpoint. Based on the results of the investigation, relevant problems are suggested such that terrors are not cases happening in a specific country only because they take place in cyber spaces, that hacking incidents frequently happen in Korea which is used as a footstool by foreign hackers, and that Korea has poor professional security manpower and foundational facilities in comparison with other advanced countries. Answers to the problems include cultivating cyber information manpower to cope with e-terrorism, making an appropriate budget, setting up networks to integrate and systematize anti-e-terrorism organizations, and intensifying the collection of information of cyber attacks and the analysis of the information.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.135-137
• /
• 2014

The expansion of the transportation card, and the popularity of smart phones has been increasing social concern about the NFC technology. Has been focused on the use of e-commerce, most of the NFC, fulfilling the security problems or technical topic for this, but the reality is that the current debate on the new value added contents industry and a nonexistent connection. Leverage NFC for efficient order management system in order to build lunch or dinner by being pushed to ease restrictions on remodeling and renovation projects Food Truck vehicle through a small business support programs in the current government, but increasing interest in the Food Truck I study a model of ordering system for food truch 재소 s-guide system. A lot of the effectiveness of management as appropriate to the use of NFC for small business that operates as a server system is highly Food Truck tendencies tied to one router and server on the intranet without the need of internet connection system. I believe in this study S-Guide system contributes for business success for food truck of small business.