• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.235-255
• /
• 2019

Recent technological advances and industry changes, the game industry is maximizing fun by supporting cross-play that can be enjoyed by different platform users in PC, Mobile and Console games. If the boundaries are lost through the cross play, unexpected security threats can occur due to new services, even if existing security is maintained above a certain level. The existing online game security researches are mostly fraud detection that can occur in PC and mobile environment, but it is also necessary to study the security of the console game as cross play becomes possible. Therefore, this paper systematically identifies the security threats that can occur when enjoying cross play against console game users using STRIDE and LINDDUN threat modeling, derives security requirements using the international common evaluation standard.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.27-38
• /
• 2003

Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modem communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated ky exchange between clients based only on their two different Passwords without my Pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange(C2C-PAKE). Security notions and types of possible attacks are newly defined according to the new framework We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-sorrel setting.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.103-111
• /
• 2009

Recently, cyber attacks against public communications networks are getting more complicated and varied. Moreover, in some cases, one country could make systematic attacks at a national level against another country to steal its confidential information and intellectual property. Therefore, the issue of cyber attacks is now regarded as a new major threat to national security. The conventional way of operating individual information security systems such as IDS and IPS may not be sufficient to cope with those attacks committed by highly-motivated attackers with significant resources. As a result, the monitoring and control of cyber security, which enables attack detection, analysis and response on a real-time basis has become of paramount importance. This paper discusses how to improve efficiency and effectiveness of national cyber security monitoring and control services. It first reviews major threats to the public communications network and how the responses to these threats are made and then it proposes a new approach to improve the national cyber security monitoring and control services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.135-144
• /
• 2009

This paper discusses an issue of serious security risks at web log which contains private information, and suggests solutions to protect them. These days privacy is core information to produce value-added in information society. Its scope and type is expanded and is more important along with the growth of information society. Web log is a privacy information file enacted as law in South Korea. Web log is not protected properly in spite of that has private information It just is treated as residual product of web services. Many malicious people could gain private information in web log. This problem is occurred by no classified data and improper development of web application. This paper suggests the technical solutions which control data in development phase and minimizes that the private information stored in web log, and applies in operation environment. It is very efficient method to protect private information and to observe the law.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.145-152
• /
• 2009

SCADA(Supervisory Control And Data Acquisition) systems are widely used for control and monitoring of critical infrastructures including electricity, gas and transportation. Any compromise in the security of SCADA systems could result in massive chaos and disaster at a national level if a malicious attacker takes the control of the system. Therefore, sound countermeasures must be provided when the SCADA systems are being developed as well as when they are being operated. Unlike general information processing system, SCADA systems have different service responses, communication protocols and network architectures and therefore a different approach should be applied to each SCADA systems that takes into consideration of each system's security characteristics and architectures. In addition, legal basis should be established to ensure the nationwide management of the systems security. This paper examines the vulnerabilites of SCADA systems and proposes action plans to protect the systems against cyber attacks.

• Journal of The Korean Society of Integrative Medicine
• /
• v.12 no.2
• /
• pp.111-119
• /
• 2024

Purpose : This study aimed to demonstrate the effects of visiting cognitive activities using brain training on cognition, subjective memory complaints and depression among elderly participants residing in community living in Gwangmyeong city. Methods : Over a 14-month period (October 2022 to December 2023), four brain training instructors visited the homes of older adults and conducted the intervention using a brain training kit. The participants included 32 elderly individuals aged 65 years and older, who were living in Gwangmyeong city. The assessments were conducted by an occupational therapist, a nurse and a social worker at the Gwangmyeong dementia relief center. These assessments included the following the subjective memory complaints questionnaire (SMCQ), short geriatric depression scale-Korean (SGDS-K), a cognitive impairment screening test (CIST), the consortium to establish a registry for Alzheimer's disease-Korean (CERAD-K). The participants were divided into three groups (A: 20-30 points, B: 10-19 points, C: 1-9 points) based on the CIST score. For data analysis, descriptive statistics and wilcoxon signed-rank test were performed using SPSS 24.0, and the statistical level was at a=.05. Results : The results of the intervention showed that the SMCQ score of group A improved significantly (p<.05), the CIST score of group B also improved significantly (p<.05). However, the SGDS-K score of group C improved, but did not demonstrate statistical significance (p=.080). Conclusion : The visiting cognitive activities using brain training produced significant effects on cognition, depression, and subjective memory disorders, depending on the cognitive level of the elderly participants. In the future, it will be necessary to demonstrate the effects according to cognitive level in various aspects with more elderly people.

• Korean Journal of Heritage: History & Science
• /
• v.47 no.3
• /
• pp.86-107
• /
• 2014

The large stone cist tomb 8501 of Lingcheng prefecture Xiaoheishigou, according to Chinese chronology, was built during the late Western Zhou period. However in this tomb not only Chinese Zhongyuan style bronze ceremonial vessels but also indigenous style bronze ceremonial vessels and instruments and hybrid bronze ceremonial vessels with a mixture of both indigenous and Chinese styles were excavated in large numbers. The bronze ceremonial vessel assemblage of Xiaoheishigou, in comparison with the decorum regulations and bronze cauldron and coffer system of the Chinese Zhongyuan region of the same time period, belong to that of the lowest status category. However, in contrast to the lowest class category tombs of the Chinese Zhongyuan region, in this tomb, with the exception of cauldrons and coffers, the remaining food and wine vessels of the assemblage match the standard of emperors and feudal rulers of vassal states. This is reinforced by the burial of musical instruments. Of the bronze ceremonial vessels of Xiaoheishigou large stone cist tomb 8501, the indigenous and hybrid styles, in consideration of manufacture technology seem to have been manufactured locally. However, the form, pattern and also the standards of the Western Zhou style bronze ceremonial vessels are identical to those of the Chinese Zhongyuan region and therefore it is clear that they were manufactured in Western Zhou. The reason for these precious ceremonial vessels which were manufactured and used in the many individual vassal states of the Chinese Zhongyuan region being buried in Xiaoheishigou, seems to have been the result of economic exchange and friendly political relations between the Xiaoheishigou and other groups rather than these vessels having been plundered by the Xiaoheishigou group. A distinct cultural sphere existed between the Upper Xiajiadian culture and Western Zhou which interacted frequently with both sides.

• The Journal of Society for e-Business Studies
• /
• v.18 no.3
• /
• pp.125-142
• /
• 2013

As a reinforcing strategic-alignment of IT business, Financial Service becomes more rely on IT systems. It needs to continuous information security activities to provide a secure and reliable finance service. Performance measurement of information security activities can be useful for decision and management support. The purpose of this study is to derive CSF(Critical Success Factor) and KPI(Key Performance Indicator) based on K-ISMS, Financial IT Information Security Standards. Providing a rationale can be used to determine key performance indicators, which are utilized as basic data for establishing security policies for financial IT security competency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.107-122
• /
• 2014

The DDoS attacks and the APT attacks occurred by the zombie computers simultaneously attack target systems at a fixed time, caused social confusion. These attacks require many zombie computers running attacker's commands, and unknown malware that can bypass detecion of the anti-virus products is being executed in those computers. A that time, many methods have been proposed for the detection of unknown malware against the anti-virus products that are detected using the signature. This paper proposes a method of unknown malware detection using digital forensic techniques and describes the results of experiments carried out on various samples of malware and normal files.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.897-912
• /
• 2017

This paper focuses on how the protection of information security incident is effective in via Information security awareness when conducting information security activities of enterprises. Research models have theorized that the information security activity and the information security awareness will reduce the incidence of information security. The general characteristics of analysis targets have been carried out in the frequency analysis, and the reliability of the measuring tool has been utilized to calculate the coefficient of Cronbach's information protection. Evidence has been demonstrated regarding the relationship between information security activities and information security awareness and information security incidents.