• Journal of Convergence for Information Technology
• /
• v.9 no.11
• /
• pp.8-14
• /
• 2019

Due to the development of computer technology, IoT technology is being used in various fields of industry, economy, medical service and education. However, multimedia information processed through IoT equipment is still one of the major issues in the application sector. In this paper, a big data protection model for users of IoT based IoT is proposed to ensure integrity of users' multimedia information processed through IoT equipment. The proposed model aims to prevent users' illegal exploitation of big data information collected through IoT equipment without users' consent. The proposed model uses signatures and authentication information for IoT users in a hybrid cryptographic method. The proposed model feature ensuring integrity and confidentiality of users' big data collected through IoT equipment. In addition, the user's big data is not abused without the user's consent because the user's signature information is encrypted using a steganography-based cryptography-based encryption technique.

• Journal of Practical Engineering Education
• /
• v.13 no.2
• /
• pp.301-304
• /
• 2021

In this study, we developed a module that can perform two functions at the same time through interworking between a personal recognition module and a heat detection module in the era of COVID-19. This can simultaneously solve the problem of compatibility of the personal recognition module that occurs in the existing system and the problem of secondary infection that can occur during congestion due to the separate implementation of heat detection. Therefore, in this study, NFC and Bluetooth motherboards were developed, and an array-type non-contact temperature sensor was applied to detect heat. The developed system is expected to be able to realize both access control of floating population and effective quarantine at the same time in public institutions or private companies that require AI automated access control. In addition, it is judged that it is possible to link the embedded programming and web programming implementation method using the module of the development system to the educational program.

• Journal of Information Technology Services
• /
• v.20 no.6
• /
• pp.45-62
• /
• 2021

After the COVID-19 outbreak in 2019, the spread of COVID-19 has not been easily caught despite preventive measures in each country. The spread of COVID-19 has hit the world, especially in the economic and tourism sectors. Countries around the world are easing restrictions on the movement of vaccinated people in preparation for the post-corona era. Under the name of "Vaccine Passport," "Vaccination Certificate," and "Digital Health Pass," vaccination measures are being implemented to allow vaccination recipients to use multi-use facilities. However, there is no international agreement on the movement of countries, and each country has its own immigration policy. In order to return to pre-corona daily life, global agreements must be reached from the movement of vaccinated people between countries, and standards and implementation methods must be determined. This study focuses on the implementation and utilization of vaccination certificates suitable for the COVID-19 era. We will look at the spread of COVID-19 and its international response policies. In the case of COVID-19, we will investigate why vaccination certificate installation should be standardized and how far the current standardization has been discussed, and discuss the characteristics of vaccination certificate installation and considerations. In order for the immunization certificate discussed in the previous chapter to be recognized internationally, institutional and technical considerations are identified and security factors that may occur in each implementation are also presented. Finally, the international recognition case of vaccination certificate is discussed, and the method of installation and utilization of vaccination certificate is proposed. This paper can be used as a policy because of its timeliness in studying the standards of vaccination certificates and considerations for international recognition to restore movement between countries in the spread of COVID-19. In addition, if other infectious diseases occur in the future or similar cases where movement between countries is restricted, it can be used as a reference to support the movement of verified people.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.299-308
• /
• 2019

As the utilization value of personal information becomes higher, discussions about providing personal information are being conducted actively. One of the most common methods of providing personal information is that a group obtains a personal information with a consent of individual. However, the above method has 2 problems. First, more information is exposed than the information required by organization for utilization of personal information. Second, trusted party should provide organization with an authentication of personal information whenever they require personal information. To solve these problems, we propose a personal information management system with blockchain using zk-SNARK(zero-knowledge Succinct Non-interactive ARgument of Knowledge) for privacy. Our proposal enables individuals to guarantee reliability of their information and protect their privacy concurrently using zk-SNARK when they provid organization with their personal information. In addition, it is possible to manage the personal information data while ensuring the integrity of the data using blockchain and it is possible to share the personal information more conveniently than existing systems.

• Journal of the Korea Convergence Society
• /
• v.10 no.2
• /
• pp.7-11
• /
• 2019

Due to diversification and popularization of devices that use rapid transmission, there are many security issues related to radio waves. As the disturbance and interference of the radio wave can cause a direct inconvenience to a life, it is a very important issue. In this paper, as a means to prevent radio disturbance and interference, the projected image of the reference grid and the deformed grid is obtained by measuring the projected $moir{\acute{e}}$ using the white light source, projecting grid and the light source, and a $moir{\acute{e}}$ pattern is generated with an image processing algorithm by applying a phase diagram algorithm, and generated $moir{\acute{e}}$ pattern phase diagram creates a three-dimensional shape. By making an encrypted token using this measured face shape, the transmission of the information through token ring is determined in order to transmit the horizontal transmission having the dynamic security characteristics which includes authentication strength and caller information, etc. And by confirming the uniqueness of the token and by sending and receiving the horizontal transmission using java serialization and deserialization function, a problem solving method is suggested.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1585-1594
• /
• 2018

In recent years The importance of information security management for securing information collection and analysis, production and distribution is increasing. Companies are assured of confidence in information security through authentication of information Security Management System. However, level assessment and use of domains that make up the management system is limited. On the other hand, the security maturity model is able to diagnose the level of information protection of the enterprise step by step. It is also possible to judge the area to be improved urgently. It is a tool to support goal setting according to the characteristics and level of company. In this paper, C2M2, which is an example of security maturity model, is compared and analyzed with Korea Information Security Management System certification. Benchmark the model to check the level of information security management and derive the priority among the items that constitute the detailed area of information security measures of ISMS certification. It also look at ways to check the level of information security management step by step.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.565-577
• /
• 2019

In recent years, biometric authentication has been used for various applications. Since biometric features are unchangeable and cannot be revoked unlike other personal information, there is increasing concern about leakage of biometric information. Recently, Jin et al. proposed a new cancelable biometric scheme, called "Index-of-Max" (IoM) to protect fingerprint template. The authors presented two realizations, namely, Gaussian random projection-based and uniformly random permutation-based hashing schemes. They also showed that their schemes can provide high accuracy, guarantee the security against recently presented privacy attacks, and satisfy some criteria of cancelable biometrics. However, the authors did not provide experimental results for other biometric features (e.g. finger-vein, iris). In this paper, we present the results of applying Jin et al.'s scheme to iris data. To do this, we propose a new method for processing iris data into a suitable form applicable to the Jin et al.'s scheme. Our experimental results show that it can guarantee favorable accuracy performance compared to the previous schemes. We also show that our scheme satisfies cancelable biometrics criteria and robustness to security and privacy attacks demonstrated in the Jin et al.'s work.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.2
• /
• pp.303-308
• /
• 2019

Spring framework is widely used as a base technology for e-government frameworks and to the extent it is a standard for web service development tools of Korean public institutions. However, recently, a remote code execution vulnerability(CVE-2018-1270) was found in an application using a spring framework. This paper proposes a method of analyzing the vulnerability experiment using a hacking scenario, Proof Of Concept(POC), in which the spring framework is a hazard to the server. We propose the patch to version 4.3.16 and version 5.0.5 or later as an ultimate response. It is also expected that the proposed experiment analysis on vulnerability of hacking scenario will be used as a data for improving performance of security programs and establishing a new authentication system.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.13 no.6
• /
• pp.1145-1154
• /
• 2018

In order to prevent interference and interference of the frequency, it is required to convert the regulatory standard into the center of the radiation power radiated to the actual public. Since the radiation power regulation is related to general radio management such as technical standards, permits, and inspections, it is gradually introduced in consideration of applicability and urgency, and the radiation power related laws of major countries And a method of controlling the output of the radio equipment such as measurement, inspection, and authentication. In Korea, the proportion of antenna power supply is high, and in Europe, radiation power is high. Since the number of radio stations will increase and diversify in the future, institutional improvement should be made so that it can be measured in parallel with the radiocommunication infrastructure of the space manager. In order to convert to the radiative power management system, the system for the related radio system needs(Technical standards, certification, inspection of radio stations, post-management, etc.) to be improved.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.11
• /
• pp.1554-1561
• /
• 2018

This paper surveys the DDS, a real - time communication middleware, and proposes ways to improve the DDS secure communication performance. DDS is a communication middleware standard by the OMG. The OMG has released the DDS Security standard to resolve the security issues. The security performance of DDS can be considered into transmission speed and confidentiality. In terms of confidentiality, AES-GCM, currently the encryption algorithm specified by DDS Security, is a very strong encryption algorithm, but there are well known weaknesses associated with authentication. In terms of speed, The computational load for the security function is a restriction to use DDS in systems which requires real-time performance. Therefore, in order to improve the DDS security, algorithms that are faster than AES-GCM and strong in encryption strength are needed. In this paper, we propose a DDS message encryption method applying AES-OCB algorithm to meet these requirements and Compared with the existing DDS, the transmission performance is improved by up to 12%.