• Journal of Information Processing Systems
• /
• v.19 no.1
• /
• pp.118-129
• /
• 2023

The expansion of smart cities drives the growth of data generated from sensor devices, benefitting citizens with enhanced governance, intelligent decision-making, optimized and sustainable management of available resources. The exposure of user data during its collection from sensors, storage in databases, and processing by artificial intelligence-based solutions presents significant security and privacy challenges. In this paper, we investigate the various threats and attacks affecting the growth of future smart cities and discuss the available countermeasures using artificial intelligence and blockchain-based solutions. Open challenges in existing literature due to the lack of countermeasures against quantum-inspired attacks are discussed, focusing on postquantum security solutions for resource-constrained sensor devices. Additionally, we discuss future research and challenges for the growing smart city environment and suggest possible solutions.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.1-10
• /
• 2024

In the era of big data, the growth of e-commerce transactions brings forth both opportunities and risks, including the threat of data theft and fraud. To address these challenges, an automated real-time fraud detection system leveraging machine learning was developed. Four algorithms (Decision Tree, Naïve Bayes, XGBoost, and Neural Network) underwent comparison using a dataset from a clothing website that encompassed both legitimate and fraudulent transactions. The dataset exhibited an imbalance, with 9.3% representing fraud and 90.07% legitimate transactions. Performance evaluation metrics, including Recall, Precision, F1 Score, and AUC ROC, were employed to assess the effectiveness of each algorithm. XGBoost emerged as the top-performing model, achieving an impressive accuracy score of 95.85%. The proposed system proves to be a robust defense mechanism against fraudulent activities in e-commerce, thereby enhancing security and instilling trust in online transactions.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.19-24
• /
• 2021

The purpose of this study was to add CPTED to the information security area. The control items of ISO 27001 (11 types) and the application principles of CPTED (6 types) were mapped. And the relevance between the items was verified through the FGI meeting through 12 security experts. As a result of the survey, the control items with a relevance of at least 60% on average are security policy, physical and environmental security, accident management, and conformity. As a result, the comprehensive policy was shared with CPTED's items as a whole. The specialized control items are security organization, asset management, personnel security, operation management, access control, system maintenance, and continuity management. However, specialized control items were mapped with each item of CPTED. Therefore, information security certification and septed are related. As a result, environmental security can be added to the three major areas of security: administrative security, technical security, and physical security.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.67-75
• /
• 2019

Recently, the Ministry of National Defense has included embedded software for weapon systems as targets for the Defense cyber security. The Concept has been extended and evolved from the cyber security area that was previously limited to the information domain. The software is becoming increasingly important in weapon systems, and it is clear that they are subject to cyber threats. Therefore, We would like to suggest a improvement direction by diagnosing problems in terms of cyber security of the weapon systems for the life cycle. In order to improve cyber security of weapon systems, comprehensive policy including the weapon embedded software management should be established and the involved stakeholder should be participated in the activities.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.9
• /
• pp.4609-4623
• /
• 2017

The commercialization of LTE/SAE technologies has begun a new era in which data can be transmitted at remarkably high rates. The security of the LTE/SAE network, however, remains problematic. The forward security in LTE/SAE X2 handover key management can be threatened by key compromise and de-synchronization attacks as base station in public spaces can be compromised. This study was conducted to address the lack of forward key security in X2 handover key management in scenarios in which an adversary controls a legal base station. We developed the proposed X2 handover key management by changing the parameter in the renewing step and adding a verification step. We compare the security and performance of our proposal with other similar schemes. Our enhancement scheme ensures forward separation security accompanied by favorable signal and computation load performance.

• Journal of Information Processing Systems
• /
• v.13 no.6
• /
• pp.1613-1627
• /
• 2017

The concept of the Internet of Things (IoT) enables physical objects or things to be virtually accessible for both consuming and providing services. Undue access from irresponsible activities becomes an interesting issue to address. Maintenance of data integrity and privacy of objects is important from the perspective of security. Privacy can be achieved through various techniques: password authentication, cryptography, and the use of mathematical models to assess the level of security of other objects. Individual methods like these are less effective in increasing the security aspect. Comprehensive security schemes such as the use of frameworks are considered better, regardless of the framework model used, whether centralized, semi-centralized, or distributed ones. In this paper, we propose a new semi-centralized security framework that aims to improve privacy in IoT using the parameters of trust and reputation. A new algorithm to elect a reputation coordinator, i.e., ConTrust Manager is proposed in this framework. This framework allows each object to determine other objects that are considered trusted before the communication process is implemented. Evaluation of the proposed framework was done through simulation, which shows that the framework can be used as an alternative solution for improving security in the IoT.

• East Asian Journal of Business Economics (EAJBE)
• /
• v.9 no.2
• /
• pp.1-10
• /
• 2021

Purpose - The purpose of this study is to measure the efficiency of social security expenditure in 31 provinces, cities and autonomous regions in China and proposes corresponding improvement plans. Research design, data, and methodology - The data were obtained from the statistical yearbook of each province. The BCC and CCR models of DEA model and Malmquist index are used to analyze the efficiency, and the input-output index is expanded. Result - The results show that the social security performance of the Chinese government has improved on the whole despite the unbalanced development in different regions. Each region should look for strategies to improve the efficiency of social security according to its own problems. The study suggests that provinces affected by TCI should improve their internal environment, such as raising social security fund structure and strengthening fund supervision, to improve efficiency. Areas affected by TECI need to be more responsive to policy, socio-economic and technological development. Conclusion - The research conclusion can provide reference for Chinese provinces to improve the efficiency of social security expenditure in the future. This study is not comprehensive enough in the selection of input-output indicators, which can be further expanded in the future.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.153-158
• /
• 2022

The Internet of Things (IoT) has gotten a lot of research attention in recent years. IoT is seen as the internet's future. IoT will play a critical role in the future, transforming our lifestyles, standards, and business methods. In the following years, the use of IoT in various applications is likely to rise. In the world of information technology, cyber security is critical. In today's world, protecting data has become one of the most difficult tasks. Different type of emerging cyber threats such as malicious, network based and abuse of network have been identified in the IoT. These can be done by virus, Phishing, Spam and insider abuse. This paper focuses on emerging threats, various challenges and vulnerabilities which are faced by the cyber security in the field of IoT and its applications. It focuses on the methods, ethics, and trends that are reshaping the cyber security landscape. This paper also focuses on an attempt to classify various types of threats, by analyzing and characterizing the intruders and attacks facing towards the IoT devices and its services.

• Journal of Convergence for Information Technology
• /
• v.7 no.2
• /
• pp.119-124
• /
• 2017

Information is a valuable asset regardless of the size of the enterprise and information security is an essential element for the survival and prosperity of the enterprise. However, in the case of large corporations, Security is ensured through rapid introduction of information security management system. but In the case of SMEs, security systems are not built or construction is delayed due to complex factors such as budget constraints, insufficient security guidelines, lack of security awareness. In this paper, we analyze the actual situation of information security management of SMEs through questionnaires, and We would like to suggest a comprehensive security plan for SMEs in free or inexpensive ways. We believe that by applying the method presented in this paper, SMEs will be able to implement the lowest cost basic information security and will benefit SMEs who plan to establish an information security plan.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.615-625
• /
• 2009

Worldwide inter-operability for microwave access (WiMAX) is a promising technology that provides high data throughput with low delays for various user types and modes of operation. While much research had been conducted on physical and MAC layers, little attention has been paid to a comprehensive and efficient security solution for WiMAX. We propose a hybrid security solution combining identity-based cryptography (IBC) and certificate based approaches. We provide detailed message exchange steps in order to achieve a complete security that addresses the various kind of threats identified in previous research. While attaining this goal, efficient fusion of both techniques resulted in a 53% bandwidth improvement compared to the standard's approach, PKMv2. Also, in this hybrid approach, we have clarified the key revocation procedures and key lifetimes. Consequently, to the best of knowledge our approach is the first work that unites the advantages of both techniques for improved security while maintaining the low overhead forWiMAX.