• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.333-340
• /
• 2014

Despite the security weakness of reusing passwords, many Internet users are likely to use a single ID and password on various sites to avoid the inconvenience of remembering multiple credentials. This paper proposes a scheme for securely storing, retrieving, and updating randomly chosen (ID, password) pairs by using smart cards as secure and portable storages. The scheme makes a user free from remembering her (ID, password) pairs for Internet accesses. By splitting and scattering the (ID, password) pairs of a user across the user's smart card memory and a remote server's storage, it can protect the logon credentials even from the theft or loss of the smart card. Also, a user, if deemed necessary, can issue and let the server to delete all information belonging to the user. Hence even an attacker who cracked the smart card memory would not be able to obtain any (ID, password) pair of the victim thereafter. The scheme requires a user to input a site information and pass-phrase to her smart card to obtain the logon credentials, but it should be an acceptable overhead considering the benefits of not remembering the freely chosen (ID, password) pairs at all.

• Journal of Digital Convergence
• /
• v.11 no.3
• /
• pp.415-426
• /
• 2013

Smart work has recently introduced as a way to solve problems such as greenhouse gas emissions, low birth rate and aging as well as to improve productivity. Because of development of ICT infrastructure and the proliferation of smart devices, the mobile office has the most commonly used within types of smart work in Korea. But the adoption of the mobile office in small businesses is only half of that of large corporations. The security issue appears to be one of the biggest obstacles to the introduction of smart work in small businesses. Therefore, the purpose of this study is to analyze the information security factors that should be considered when the mobile office is introduced to small businesses. By analyzing the previous studies, the information security factors of the mobile office are classified 5 groups composed of 24 factors. 5 groups are terminals, applications and platforms, networks, servers and users. According to the survey result using AHP, 'User' was drawn to the most important group, and 'Data Encryption', 'Wireless LAN Control' and 'Terminal Recovery When Leaving' were drawn to the important information security factors of the mobile office among 24 factors.

• The Journal of the Korea Contents Association
• /
• v.21 no.11
• /
• pp.333-349
• /
• 2021

As information is recognized as an important asset of an organization, organizations are increasing their resource input for knowledge management. In particular, the enterprise content management system(ECMS) is a solution for organization-oriented content management, and it has high utility by helping to achieve business performance through systematic utilization of content and improve the level of internal information security. The purpose of this study is to suggest a plan to improve the intention to use organizational employee's ECMS and to suggest the effect of the relationships between information system quality characteristics and work environment characteristics on intention to use. In this study, a research hypothesis was presented based on previous studies, a questionnaire was conducted on workers of organizations that adopted an ECMS, and the hypothesis was verified by applying structural equation modeling. As a result of the analysis, information and service quality of the ECMS and task interdependence increased the intention to use, but task conflict decreased the intention to use. In addition, task interdependence and task conflict moderated the positive relationship between the quality factors of the ECMS and the intention to use it. This study has implications in terms of suggesting the direction of the organization's behavior through factors that increase the use of ECMS.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.42 no.2 s.302
• /
• pp.27-36
• /
• 2005

This thesis proposed an effective encryption method for the DCT-based image/video contents and made it possible to operate in a high speed by implementing it as an optimized hardware. By considering the increase in the amount of the calculation in the image/video compression, reconstruction and encryption, an partial encryption was performed, in which only the important information (DC and DPCM coefficients) were selected as the data to be encrypted. As the result, the encryption cost decreased when all the original image was encrypted. As the encryption algorithm one of the multi-mode AES, DES, or SEED can be used. The proposed encryption method was implemented in software to be experimented with TM-5 for about 1,000 test images. From the result, it was verified that to induce the original image from the encrypted one is not possible. At that situation, the decrease in compression ratio was only $1.6\%$. The hardware encryption system implemented in Verilog-HDL was synthesized to find the gate-level circuit in the SynopsysTM design compiler with the Hynix $0.25{\mu}m$ CMOS Phantom-cell library. Timing simulation was performed by Verilog-XL from CadenceTM, which resulted in the stable operation in the frequency above 100MHz. Accordingly, the proposed encryption method and the implemented hardware are expected to be effectively used as a good solution for the end-to-end security which is considered as one of the important problems.

• Smart Media Journal
• /
• v.11 no.10
• /
• pp.46-53
• /
• 2022

Today, due to the 4th industrial revolution and extensive R&D funding, domestic companies have begun to possess world-class industrial technologies and have grown into important assets. The national government has designated it as a "national core technology" in order to protect companies' critical industrial technologies. Particularly, technology leaks in the shipbuilding, display, and semiconductor industries can result in a significant loss of competitiveness not only at the company level but also at the national level. Every year, there are more insider leaks, ransomware attacks, and attempts to steal industrial technology through industrial spy. The stolen industrial technology is then traded covertly on the dark web. In this paper, we propose a system for detecting industrial technology leaks in the dark web environment. The proposed model first builds a database through dark web crawling using information collected from the OSINT environment. Afterwards, keywords for industrial technology leakage are extracted using the KeyBERT model, and signs of industrial technology leakage in the dark web environment are proposed as quantitative figures. Finally, based on the identified industrial technology leakage sites in the dark web environment, the possibility of secondary leakage is detected through the PageRank algorithm. The proposed method accepted for the collection of 27,317 unique dark web domains and the extraction of 15,028 nuclear energy-related keywords from 100 nuclear power patents. 12 dark web sites identified as a result of detecting secondary leaks based on the highest nuclear leak dark web sites.

• Journal of Digital Convergence
• /
• v.12 no.6
• /
• pp.341-347
• /
• 2014

Among methods of the big data process, big data process under the cloud environment is becoming a main topic. As part of solving faced problem and strengthening industrial competitiveness in the medical and health industry, discussion on ways to activate big data is actively being conducted. Because the reason is a paradigm shift, saving pressure for increasing health care costs, and increased consumer interest for the level of service. In this paper, we find out the relationship between the cloud and big data. And we are to research and analysis a cloud-based big data case in the medical field. Finally we propose the efficient utilization and future outlook. For the smooth functioning of cloud-based medical big data, we have to solve the problems like infrastructure extension, analysis/application software development, and professional manpower training. In addition, we have to correct insufficient laws maintenance to the Cloud utilization, and improve the security and the recognition to personal information, and solve authority for data centralization.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.41 no.4
• /
• pp.1-10
• /
• 2004

In NGNs(Next Generation Networks), It is necessary for Integrated management of resource and information to satisfy high-quality users'demands, such as stable speed, guarantee of high level service and service requirement in various fields. In relation to this, technology for efficiently using limited resources is becoming interesting things more and more. Therefore policy of network service is dealt essentially. Recently, DEN(Directory Enabled Network)-based personalization service is user-dependent services in NGNs, and integrated management and efficient use of limited resources. Also, PBNM(Policy-Based Network Management) is new technology defined and applied by policies of communication service environments and users on demand. Subsequently to study on how to optimizing the PBNM is of great importance. In this paper, we propose a technology of the PBNM based on DEN standardized in DMTF(Distributed Management Task Force).

• Informatization Policy
• /
• v.21 no.2
• /
• pp.24-48
• /
• 2014

Smart working, along with the spread of smart device use, has recently garnered increased interest. The issue has become focused on low labor productivity over working time, work-life balance and social discussion. There has also been a shift in working styles due to the development of mobile, security, and cloud computing-related IT technology support and activation of the smart work environment. However, former research show concern that smart working may not meet the initially expected levels of productivity. This empirical study was carried out to introduce the impact of teleworking on increased productivity and satisfaction in companies and public institutions through user interviews, a socio-technical systems approach and surveys. To summarize the results of this study, 'Telework satisfaction' is directly influenced by 'Work-life balance', 'Telework-system fit, and 'Telework-job fit'. Direct impact factors of 'Telework productivity'are 'Telework-job fit', 'Telework satisfaction', and 'Telework environment quality'.

• Journal of Software Engineering Society
• /
• v.28 no.1
• /
• pp.7-12
• /
• 2019

Recently, as the weight of software in the weapon system increases, the quality of the software becomes a very important factor. In order to improve the quality of the weapon system software, DAPA(Defense Acquisition Program Administration) has institutionalized software reliability in Weapon System Software Development and Management Manual. The manual presents specific methods and procedures to improve the weapon system software quality. In order to meet the required reliability test standards specified in the manual, it is necessary to continuously detect and correct defects throughout the entire development period. However, it is difficult to build proper reliability test environment due to the cost of software reliability tools, setting up secured and separated network environment, and etc. Therefore, in this study, we propose an efficient environment construction method for software reliability test of defense industry field in restricted development environment and limited resources.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.743-755
• /
• 2013

In recent years, the malicious apps with malicious code in normal apps are increasingly redistributed in Android market, which may incur various problems such as the leakage of authentication information and transaction information and fraudulent transactions when banking apps to process the financial transactions are exposed to such attacks. Thus the financial authorities established the laws and regulations as an countermeasures against those problems and domestic banks provide the integrity verification functions in their banking apps, yet its reliability has not been verified because the studies of the safety of the corresponding functions have seldom been conducted. Thus this study suggests the vulnerabilities of the integrity verification functions of banking apps by using Android reverse engineering analysis techniques. In case the suggested vulnerabilities are exploited, the integrity verification functions of banking apps are likely to be bypassed, which will facilitate malicious code inserting attacks through repackaging and its risk is very high as proved in a test of this study. Furthermore this study suggests the specific solutions to those vulnerabilities, which will contribute to improving the security level of smartphone financial transaction environment against the application forgery attacks.