• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.125-137
• /
• 2023

Companies that handle sensitive information, led by public institutions, establish separate networks for work and the Internet and protect important data through strong access control measures to prevent cyber attacks. Therefore, systems that involve the junction where the Intranet(internal LAN for work purposes only) and the Internet network are connected require the establishment of a safe security environment through both administrative and technical measures. Mobile Device Management(MDM) solutions to control mobile devices used by institutions are one such example. As this system operates by handling sensitive information such as mobile device information and user information on the Internet network, stringent security measures are required during operation. In this study, a model was proposed to manage sensitive information data processing in systems that must operate on the Internet network by managing it on the internal work network, and the function design and implementation were centered on an MDM solution based on a network interconnection solution.

• Health Policy and Management
• /
• v.5 no.2
• /
• pp.173-201
• /
• 1995

A causal model of organizational commitment on the basis of Western literature was tested with a sample of 1,164 employees from two university hospitals in Korea. The model contains three groups of determinants : environmental variables(job opportunity, spouse support, and parent support), psychological variables(met expectations, work involvement, positive affectivity, and negative affectivity), and structural variables(job autonomy, work unit control, routinization, supervisor support, coworker support, role ambiguity, role conflict, workload, resource inadequacy, distributive justice, promotional chances, job security, job hazarda, and pay). The data were colleted with questionnaires and analyzed with the LISREL maximum likelihood method. It is found that (1) the following variables, listed in order of size, have significant total effects on organizational commitment : job satisfaction, met expectations, supervisor support, job security, routinization, job opportunity, negative affectivity, work involvement, distributive justice, and promotional opportunity, (2) the model explains fifty-nine percent of the variance in organizational commitment, and (3) the link with expectancy theory is justified by the results for met expectations. Two conclusions can be drawn from these findings. First, the model of organizational commitment appears to be generalizable to Korean hospitals. Second, the model of organizational commitment should include such theoretical variables as environmental, psychological, and structural factors.

• Journal of KIISE:Databases
• /
• v.31 no.6
• /
• pp.684-698
• /
• 2004

The Hippocratic database model recently proposed by Agrawal et al. incorporates privacy protection capabilities into relational databases. Since the Hippocratic database is based on the relational database, it needs extensions to be adapted for XML databases. In this paper, we propose the Hippocratic XML database model, an extension of the Hippocratic database model for XML databases and present an efficient access control mechanism under this model. In contrast to relational data, XML data have tree-like hierarchies. Thus, in order to manage these hierarchies of XML data, we extend and formally define such concepts presented in the Hippocratic database model as privacy preferences, privacy policies, privacy authorizations, and usage purposes of data records. Next, we present a new mechanism, which we call the authorization index, that is used in the access control mechanism. This authorization index, which is Implemented using a multi-dimensional index, allows us to efficiently search authorizations implied by the authorization granted on the nearest ancestor using the nearest neighbor search technique. Using synthetic and real data, we have performed extensive experiments comparing query processing time with those of existing access control mechanisms. The results show that the proposed access control mechanism improves the wall clock time by up to 13.6 times over the top-down access control strategy and by up to 20.3 times over the bottom-up access control strategy The major contributions of our paper are 1) extending the Hippocratic database model into the Hippocratic XML database model and 2) proposing an efficient across control mechanism that uses the authorization index and nearest neighbor search technique under this model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.261-273
• /
• 2019

Recently, with the development of IT technology, there is an increasing interest in cloud services as the number of users using mobile devices such as mobile phones and tablets is increasing. However, there is a need for techniques to control or control various methods of accessing data as the user's service demands increase. In this paper, we propose a dual key based user authentication model that improves the user 's authentication efficiency by using two keys (secret key and access control key) to access the users accessing various services provided in the cloud environment. In the proposed model, the operation process and the function are divided through the sequence diagram of the algorithms (key generation, user authentication, permission class permission, etc.) for controlling the access right of the user with dual keys. In the proposed model, two keys are used for user authentication and service authorization class to solve various security problems in the cloud service. In particular, the proposed model is one of the most important features in that the algorithm responsible for access control of the user determines the service class of the user according to the authority, thereby shortening the management process so that the cloud administrator can manage the service access permission information of the user.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.151-166
• /
• 2009

To prove the integrity of digital evidence on the investigation procedure, the data which is using the MD 5(Message Digest 5) hash-function algorithm has to be discarded, if the integrity was damaged on the investigation. Even though a proof restoration of the deleted area is essential for securing the proof regarding a main phase of a case, it was difficult to secure the decisive evidence because of the damaged evidence data due to the difference between the overall hash value and the first value. From this viewpoint, this paper proposes the novel model for the mobile forensic procedure, named as "E-Finder(Evidence Finder)", to ,solve the existing problem. The E-Finder has 5 main phases and 15 procedures. We compared E-Finder with NIST(National Institute of Standards and Technology) and Tata Elxsi Security Group. This paper thus achieved the development and standardization of the investigation methodology for the mobile forensics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.513-525
• /
• 2022

The immutability of blockchain is core elements of security of blockchain and guarantee data integrity. However, the characteristic that the data recoreded once in the blockchain cannot be modified has place for abuse by a specific user. In fact improper contents that is inappropriate to be recorded on the blockchain, such as harmful data and user personal data, is exposed on Bitcoin. As a way to manage improper content existing in the blockchain, there is a redactable blockchain using chameleon hash proposed for the first time by Ateniese. The redactable blockchain meet the right to be forgotten of GDPR by allowing data modification and deletion. Recently, Research on personal data management is being conducted in a redactable blockchain. Research by Jia et al. proposed a model that enables users to manage their personal data in the redactable blockchain. However, semi trusted regulators, which are blockchain participation nodes, have powerful authority in the blockchain, such as modification rights and deprivation of transaction rights for all blocks, which may cause side effects. In this paper, to weaken the authority of regulators in Y. Jia et al., we propose a method of authority subject altering and authority sharing, and propose a redactable blockchain-based authority change and access control system model based on applicable scenarios.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.10a
• /
• pp.885-888
• /
• 2009

Radio Frequency IDentification (RFID) is a method of remotely storing and retrieving data using small and inexpensive devices called RFID tags. In this paper we propose a proxy agent framework that uses a personal device for privacy enforcement and increased protection against eavesdropping, impersonation and cloning attacks. Using the proxy model a user decides when and where information carried in a tag will be released. In particular, the user can put tags under her/his control, authenticated requests, release tags, transfer them to new owners, and so on. In this paper, we analyses a new type of simple a framework for enhancing RFID security by means of a proxy, a personal device that assumes control of a user's tags.

• Asia-Pacific Journal of Business
• /
• v.10 no.3
• /
• pp.125-142
• /
• 2019

The study wanted to verify the effect of emotional sub-compression, a negative variable of emotional labor, on job performance, on security personnel working at private security companies, and further to verify how the impact on emotional sub-compression can affect job performance through the first draft of regulation. Empirical analysis through the study model showed that emotional edema was not a significant effect, but a negative effect on job performance, and that it did not affect the control focus itself. This revealed that emotional harmony has been shown to have a negative impact on performance due to the present state and conflicting situations in one's emotions, which means that emotional harmony does not affect negative or positive effects depending on a person's attributes. It also showed that the temperamental control focus on job performance had a positive impact on employees with an improvement focus and had a negative impact on employees with a preventive focus, and that a temperamental control focus between emotional dissonance and job performance had an effect. This indicated that job performance was affected by a temperamental control focus and that employees with an improvement focus had a positive effect and had a positive effect on performance. The implications of the study in this study are that it can have target differentiation in the areas where the study was conducted on guard workers, a social issue related to the study of emotional labor, and it can be meaningful that the study of emotional labor had a control focus and measured both positive and negative tendencies. It is also believed that there will be contributions to the verification of differences in performance resulting from employee propensity and by linking it with a variable called emotional instability. However, the data collected have the limitations of the subject and region, and the emphasis on cross-sectional analysis and the representative of the various emotions to verify the negative effects of emotional labor, and the problem of securing reliability related to the adjustment focus verification are the limitations of the research.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.2
• /
• pp.123-131
• /
• 2009

Process Control Systems (PCSs) or Supervisory Control and Data Acquisition (SCADA) systems have recently been added to the already wide collection of wireless sensor networks applications. The PCS/SCADA environment is somewhat more amenable to the use of heavy cryptographic mechanisms such as public key cryptography than other sensor application environments. The sensor nodes in the environment, however, are still open to devastating attacks such as node capture, which makes designing a secure key management challenging. Recently, Nilsson et al. proposed a key management scheme for PCS/SCADA, which was claimed to provide forward and backward secrecies. In this paper, we define four different types of adversaries or attackers in wireless sensor network environments in order to facilitate the evaluation of protocol strength. We then analyze Nilsson et al. 's protocol and show that it does not provide forward and backward secrecies against any type of adversary model.

• International Journal of Computer Science & Network Security
• /
• v.23 no.12
• /
• pp.27-80
• /
• 2023

Nowadays usage of different applications of identity management IDM demands prime attention to clarify which is more efficient regarding preserve privacy as well as security to perform different operations concerning digital identity. Those operations represent the available interactions with identity during its lifecycle in the digital world e.g., create, update, delete, verify and so on. With the rapid growth in technology, this field has been evolving with a number of IDM models being proposed to ensure that identity lifecycle and face some significant issues. However, the control and ownership of data remines in the hand of identity service providers for central and federated approaches unlike in the self-sovereign identity management SSIM approach. SSIM is the recent IDM model were introduced to solve the issue regarding ownership of identity and storing the associated data of it. Thus, SSIM aims to grant the individual's ability to govern their identities without intervening administrative authorities or approval of any authority. Recently, we noticed that numerous IDM solutions enable individuals to own and control their identities in order to adapt with SSIM model. Therefore, we intend to make comparative study as much of these solutions that have proper technical documentation, reports, or whitepapers as well as provide an overview of IDM models. We will point out the existing research gaps and how this study will bridge it. Finally, the study will propose a technical enhancement, everKEY solution, to address some significant drawbacks in current SSIM solutions.