• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.33-44
• /
• 2021

Data outsourcing utilizing the Cloud faces a problem of the third-party exposure, modulation, and reliability for the provided computational delegation results. In order to solve those problematic security issues, homomorphic encryption(HE) which executes calculation and analysis on encrypted data becomes popular. By extension, a new type of HE with a authentication functionality, homomorphic authenticated encryption(HAE) is suggested. However, a research on the HAE is on the initial stage. Furthermore, based on a message authenticated scheme with HE, the method and analysis to design is still absent. This paper aims to analyze an HAE, with a generic combination of a message authenticated scheme and a HE, known as "Encrypt with Authentication". Following a series of analysis, we show that by adopting a unforgeable message authenticated scheme, the generically constructed HAE demonstrated an unforgeability as well. Though, a strong unforgeability is not the case. This paper concludes that although indistinguishable HE can be applied to design the HAE, a security issue on the possibility of indistinguishability is still not satisfied.

• The Korean Journal of Archival Studies
• /
• no.67
• /
• pp.267-318
• /
• 2021

The purpose of this study is to analyze how the "memory approach" has affected archival methodology and activities, and suggest the directions of archival activities in each field. Although there have been many discussions on the memories and collective memories in Archival Studies, it is necessary to analyze them more practically from the viewpoint of archival activism. In this study, the memory approaches in archival discourse are classified into four categories in terms of archival activism; i) the role of archives as social memory organizations, ii) the memory struggle for finding out the truth of the past, iii) archival activities of restorative justice for people who suffer from trauma memories after social disasters and human rights violations, and iv) the memory process of communities' archiving for strengthening community identities. The meaning and issues are analyzed for each category, and the practice based on archival expertise and political and social practices are examined together as necessary competencies for archival activism.

• The Journal of the Korea Contents Association
• /
• v.21 no.1
• /
• pp.284-291
• /
• 2021

As the current security monitoring system is operated as a passive system only for response after an attacker's attack, it is common to respond to intrusion incidents after an attack occurs. In particular, when new assets are added and actual services are performed, there is a limit to vulnerability testing and pre-defense from the point of view of an actual hacker. In this paper, a new security monitoring model has been proposed that uses multiple hacking-related search engines to add proactive vulnerability response functions of protected assets. In other words, using multiple search engines with general purpose or special purpose, special vulnerabilities of the assets to be protected are checked in advance, and the vulnerabilities of the assets that have appeared as a result of the check are removed in advance. In addition, the function of pre-checking the objective attack vulnerabilities of the protected assets recognized from the point of view of the actual hacker, and the function of discovering and removing a wide range of system-related vulnerabilities located in the IP band in advance were additionally presented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.149-160
• /
• 2011

Smart Grid is the next-generation intelligent power grid that maximizes energy efficiency with the convergence of IT technologies and the existing power grid. It enables consumers to check power rates in real time for active power consumption. It also enables suppliers to measure their expected power generation load, which stabilizes the operation of the power system. However, there are high possibility that various kinds of security threats such as data exposure, data theft, and privacy invasion may occur in interactive communication with intelligent devices. Therefore, to establish a secure environment for responding to such security threat with the smart grid, the key management technique, which is the core of the development of a security mechanism, is required. Using a hash chain, this paper suggests a group key management mechanism that is efficiently applicable to the smart grid environment with its hierarchical structure, and analyzes the security and efficiency of the suggested group key management mechanism.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.447-461
• /
• 2012

A social network service(SNS) is gaining popularity as a new real-time information sharing mechanism. However, the user's privacy infringement is occurred frequently because the information that is shared through a social network include the private information such as user's identity or lifestyle patterns. To resolve this problem, the research about privacy preserving data sharing in social network are being proceed actively. In this paper, we proposed the efficient scheme for privacy preserving data sharing in social network. The proposed scheme provides an efficient conjunctive keyword search functionality. And, users who granted access right to storage server can store and search data in storage server. Also,, our scheme provide join/revocation functionality suited to the characteristics of a dynamic social network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1145-1157
• /
• 2012

Google Android employs a security model based on application permissions to control accesses to system resources and components of other applications from a potentially malicious program. But, this model has security vulnerabilities due to lack of user comprehension and excessive permission requests by 3rd party applications. Broadcast intent message is widely used as a primary means of communication among internal application components. However, this mechanism has also potential security problems because it has no security policy related with it. In this paper, we first present security breach scenarios caused by inappropriate use of application permissions and broadcast intent messages. We then analyze and compare usage patterns of application permissions and broadcast intent message for popular applications on Android market and malwares, respectively. The analysis results show that there exists a characteristic set for application permissions and broadcast intent receiver that are requested by typical malwares. Based on the results, we propose a scheme to detect applications that are suspected as malicious and notify the result to users at installation time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1419-1427
• /
• 2012

This paper deals with the online privacy policy, which is designed to solve the information asymmetry problem between websites and internet users. We empirically analyze the recognition, confirmation of the online privacy policy, and its effects on online transaction behavior using a rich survey data representing 5,422 Korean internet users. Major results are as follows. First, there exists a significant difference between recognition and confirmation, and confirmation behavior is positively related with the importance of privacy issue and the experience of privacy invasion. Second, binary variable regressions show that internet user tends to participate in online transaction if he/she confirms the online privacy policy positively. Finally, if websites would make online privacy policy easy and short, a yearly online transaction market size of Korea would increase by 0.46 million participants and 22.4 billion KRW.

• Knowledge Management Research
• /
• v.22 no.4
• /
• pp.41-70
• /
• 2021

The use of social media has many advantages such as knowledge sharing, social networking, and communicating with other people. However, it has given rise to various side effects including stress, Which is defined as social network stress in this study. This study aims to conceptualize social network stress and investigate its effect on switching behavior in social media. For this purpose, we present a research model that consists of the antecedents and consequences of social network stress and test it empirically using LISREL 8.7 based on the structural equation model. The empirical results showed that knowledge sharing and self-disclosure had positive impact on social network stress, which in turn positively influenced social media switching behaviors. In conclusion, we discussed both theoretical and practical implications of this research and suggested its limitations.

• Journal of Internet Computing and Services
• /
• v.23 no.4
• /
• pp.73-85
• /
• 2022

In the era of the 4th industrial revolution, where automation and connectivity are maximized with artificial intelligence, the importance of data collection and utilization for model update is increasing. In order to create a model using artificial intelligence technology, it is usually necessary to gather data in one place so that it can be updated, but this can infringe users' privacy. In this paper, we introduce federated learning, a distributed machine learning method that can update models in cooperation without directly sharing distributed stored data, and introduce a study to optimize distributed consensus among participants without an existing server. In addition, we propose a pattern and group-based distributed consensus optimization algorithm that uses an algorithm for generating patterns and groups based on the Kirkman Triple System, and performs parallel updates and communication. This algorithm guarantees more privacy than the existing distributed consensus optimization algorithm and reduces the communication time until the model converges.

• Informatization Policy
• /
• v.29 no.4
• /
• pp.67-90
• /
• 2022

The March 2022 presidential election held at the peak of the COVID-19 pandemic drew flak for undermining the principle of universal suffrage by failing to guarantee properly the voting rights of confirmed and quarantined persons. Guaranteeing their voting rights requires thinking about e-voting that can fundamentally overcome the temporal and spatial limitations of current paper voting polling stations. The question is how to deal with the increased possibility of contradicting or violating the principles of equality and direct and secret suffrage due to the expansion of universal suffrage. In order to obtain implications for this, we looked at the case of Estonia, which has been holding 11 national elections without any problems since the introduction of e-voting in 2005. Estonia was successfully building trust in the system, government, and society through the institutionalization and routinization of the overall socio-technical system of e-voting, along with political and constitutional agreements on the principles of elections. Therefore, we should not only consider the possibility of e-voting in terms of technological development and level but also discuss the establishment of trust by mediating conflicts between election principles from a normative point of view to reach a social consensus.