• Knowledge Management Research
• /
• v.23 no.4
• /
• pp.133-157
• /
• 2022

As data becomes a new core resource with high attention, MyData service is spreading to various fields such as finance, medical care, and the public sector. However, research on the behavior of MyData service users is insufficient. Therefore, this study aims to empirically examine the effect of MyData service traits on value perception and acceptable behavior particularly in the financial sector where MyData service is most active. To this end, this study proposed a research model based on the literature. 295 survey responses were collected from individuals and analyzed using AMOS 26.0 for hypothesis testing. As a result of the analysis, it was found that self-information control, financial convenience, and personalized service had a significant effect on perceived value, and that perceived value had a significant effect on the intention to accept MyData service. Furthermore, this study examined the role of personal innovation and technological security in the relationship between variables by suggesting them as moderators. Results show that individual innovation was found to strengthen the relationship between two variables(self-information control and personalized service) and perceived value. Also, technological security was shown to strengthen the relationship between perceived value and intention to accept financial MyData services. The findings are expected to provide useful information to understand the factors affecting the acceptance of financial MyData service users and to understand the importance of individual innovation levels and technological security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.513-525
• /
• 2020

Until today, the personal information of subjects has been centralized in many companies or institutions. However, in recent days, the paradigm has gradually changed in the direction that subjects control their personal information and persue their self-sovereignty. Globally, individual data sovereignty is strengthened by the European Union's General Data Protection Regulation(GDPR) and the US California Consumer Privacy Act(CCPA). In Korea, a few alliances consist of various companies are creating technology research and service application cases for decentralized ID service model. In this paper, the current decentralized ID service model and its limitations are studied, and a improved decentralized ID service model that can solve them is proposed. The proposed model has a function of securely storing decentralized ID to the third party and a linkage function that can be interoperated even if different decentralized ID services are generated. In addition, a more secure and convenient model by identifying the security threats of the proposed model and deriving the security requirements, is proposed. It is expected that the decentralized ID technology will be applied not only to the proof of people but also to the device ID authentication management of the IoT in the future.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.21-26
• /
• 2024

The security model in the previous network environment has a vulnerability in which resource access control for trusted users is not properly achieved using the Perimeter model based on trust. The Zero Trust is an absolute principle to assume that the users and devices accessing internal data have nothing to trust. Applying the Zero Trust principle is very successful in reducing the attack surface of an organization, and by using the Zero Trust, it is possible to minimize damage when an attack occurs by limiting the intrusion to one small area through segmentation. ZTNA is a major technology that enables organizations to implement Zero Trust security, and similar to Software Defined Boundary (SDP), ZTNA hides most of its infrastructure and services, establishing one-to-one encrypted connections between devices and the resources they need. In this study, we review the functions and requirements that become the principles of the ZTNA architecture, and also study the security requirements and additional considerations according to the construction and operation of the ZTNA solution.

• The KIPS Transactions:PartC
• /
• v.8C no.6
• /
• pp.711-720
• /
• 2001

An enlarging a scale of logical domain organizing Internet, security policy association among entities become complicated. Establishment and control of security policies for each system is a hard problem to solve because of the environment and composite factors with variable properties. In this paper, to solve this actual problems, we orgainze a hierarchical structure of network and than we design the structure of database to apply security policies for secure communication. This enables efficient management of security data and association of security policy by using designed data structure between different domain in hierarchical structure with make secure communication possible.

• International journal of advanced smart convergence
• /
• v.13 no.2
• /
• pp.48-60
• /
• 2024

With the exponential growth of satellite data utilization, machine learning has become pivotal in enhancing innovation and cybersecurity in satellite systems. This paper investigates the role of machine learning techniques in identifying and mitigating vulnerabilities and code smells within satellite software. We explore satellite system architecture and survey applications like vulnerability analysis, source code refactoring, and security flaw detection, emphasizing feature extraction methodologies such as Abstract Syntax Trees (AST) and Control Flow Graphs (CFG). We present practical examples of feature extraction and training models using machine learning techniques like Random Forests, Support Vector Machines, and Gradient Boosting. Additionally, we review open-access satellite datasets and address prevalent code smells through systematic refactoring solutions. By integrating continuous code review and refactoring into satellite software development, this research aims to improve maintainability, scalability, and cybersecurity, providing novel insights for the advancement of satellite software development and security. The value of this paper lies in its focus on addressing the identification of vulnerabilities and resolution of code smells in satellite software. In terms of the authors' contributions, we detail methods for applying machine learning to identify potential vulnerabilities and code smells in satellite software. Furthermore, the study presents techniques for feature extraction and model training, utilizing Abstract Syntax Trees (AST) and Control Flow Graphs (CFG) to extract relevant features for machine learning training. Regarding the results, we discuss the analysis of vulnerabilities, the identification of code smells, maintenance, and security enhancement through practical examples. This underscores the significant improvement in the maintainability and scalability of satellite software through continuous code review and refactoring.

• Journal of the Korea Society for Simulation
• /
• v.23 no.2
• /
• pp.25-33
• /
• 2014

In this study, the border security problem of the ROK Army is examined by applying the agent-based modeling and simulation (ABMS) concept as well as its platform, MANA. Based on the approximately optimized behavior of the infiltrator obtained using genetic algorithm (GA), we evaluate the GOP border security system which consists of human resources, surveillance, as well as command and control (C2) systems. We use four measures of effectiveness (MOEs) to evaluate its performance, and we apply a near optimal latin hypercube (NOLH) design to deal with the large number of factors of interest in our model. By using a NOLH design, our simulation runs are implemented efficiently. We hope the results of this study provide valuable data for deciding the configuration of the border security system structure and the number of soldiers assigned in the platoon.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.908-911
• /
• 2003

In this study, the security system (Firewall and IDS) was installed in high speed information network and analyzed for a change in the speed of data transfer and the possibility of invasion. The selection of appropriate system, efficient detection and protection and surveillance method were suggested and analyzed. In order to do experiments, an experimental model was comprized to analyze the parameters that was affected by the detection and protection system in network. This will give a standard how much we can pull up the security system maintaining the network speed.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.6
• /
• pp.1256-1264
• /
• 2009

When unapproved users access to healthcare system and use medical information for other malicious purposes, it could severely threaten important information related to patients' life, because in ubiquitous environment healthcare service makes patient's various examination results, medical records or most information of a patient into data. Therefore, to solve these problems, we design RBAC(Role Based Access Control) for U-healthcare that can access control with location, time and context-awareness information like status information of user and protect patient's privacy. With implementation of the proposed model, we verify effectiveness of the access control model for healthcare in ubiquitous environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.5
• /
• pp.2427-2445
• /
• 2016

In contrast to traditional "store-and-forward" routing mechanisms, network coding offers an elegant solution for achieving maximum network throughput. The core idea is that intermediate network nodes linearly combine received data packets so that the destination nodes can decode original files from some authenticated packets. Although network coding has many advantages, especially in wireless sensor network and peer-to-peer network, the encoding mechanism of intermediate nodes also results in some additional security issues. For a powerful adversary who can control arbitrary number of malicious network nodes and can eavesdrop on the entire network, cryptographic signature schemes provide undeniable authentication mechanisms for network nodes. However, with the development of quantum technologies, some existing network coding signature schemes based on some traditional number-theoretic primitives vulnerable to quantum cryptanalysis. In this paper we first present an efficient network coding signature scheme in the standard model using lattice theory, which can be viewed as the most promising tool for designing post-quantum cryptographic protocols. In the security proof, we propose a new method for generating a random lattice and the corresponding trapdoor, which may be used in other cryptographic protocols. Our scheme has many advantages, such as supporting multi-source networks, low computational complexity and low communication overhead.

• The Journal of Information Systems
• /
• v.28 no.2
• /
• pp.129-152
• /
• 2019

Purpose The purpose of this study is to empirically identify the risky behavior of mobile device users using the Internet of Things on a situational perspective. Design/methodology/approach This study made a design of the research model based on model of the determinants of risk behavior. Data were collected through a survey including hypothetical scenario. SmartPLS 2.0 was used for the structural model analysis and t-test was conducted to compare the between normal and situational behavior. Findings The results were as follows. First, the central roles of risk propriety and risk perception were verified empirically. Second, we identified the role of locus of control as a new factor of impact on risky behavior. Third, mobile risk propensity has been shown to increase risk perception. Fouth, it has been shown that risk perception does not directly affect risky behavior and reduce the relationship between mobile risk propensity and risk behavior. According to the empirical analysis result, Determinants of risk behavior for mobile users were identified based on a theoretical framework. And it raised the need to pay attention to the impact of locus of control on risk behavior in the IS security field. It provided direction to the approach to risky behavior of mobile device users. In addition, this study confirmed that there was a possibility of taking risky behavior in the actual decision-making.