• The Journal of Information Systems
• /
• v.25 no.3
• /
• pp.117-146
• /
• 2016

Purpose The purpose of this paper is to examine factors and mechanism inducing end users' faithful appropriation of information security behavior through the information security system. This study is also trying to find out the role of Employees' adaptive activities like learning and feedback seeking behavior for the information security in organizations. Design/methodology/approach An empirical study was carried out with a sample of employees working in the financial service company. Employees(n = 268) completed a written questionnaire. Structural equation modeling was used to analyze the data. Findings Results indicated that employees' learning activities and feedback seeking behavior fully mediated the effect of major information security factors toward end users' faithfulness of appropriation of information security systems. In order to increase the level of employees information security behavior in accordance with security guideline, organizations should facilitate interactions that support the feedback seeking process between employees on information security awareness and behavior. Additionally, organizations may reinforce these behaviors by periodical training and adopting bounty hunter systems.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.1
• /
• pp.17-26
• /
• 2020

As more users use mobile devices, shoulder surfing attacks have emerged as an important issue in security. According to research report, in fact, the result showed that about 30% of smartphone users are hit by shoulder surfing attacks. To this end, in this paper, we consider a shoulder surfing attack and propose a partially hidden password system to resistant to its attack. In order to help readers understand, we describe the proposed password system in more detail using one simple example. The core idea behind the proposed system is to place the user's password randomly in the specified grid instead of entering a password directly. As a result, even if an attacker makes a shoulder surfing attack to observe the password, the user can hide the preset password and defend against the attack. We also show how the security of the password system proposed in this paper is improved. In addition, even if there are consecutive shoulder surfing attacks, the security of the proposed password system is robust.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.55-63
• /
• 2016

SOA(service oriented architecture) based ESB(enterprise service bus) model is widely adopted in many companies for the safe processing of enormous data and the integration of business system. The existing web service technologies for the construction of SOA, however, show unsatisfactory in practical applications though the standardization of web service security technologies is in progress due to their limitations in safe exchange of data. Internal end users using a large business system based on such environment are composed of the variety of organizations and roles. Companies might receive more serious damage from insider threat than that from external one when internal end users get unauthorized information beyond the limits of their authority for private profit and bad purposes. In this paper, we propose a security architecture capable of identifying and coping with the security threats of web service technologies arouse from internal end users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.13-29
• /
• 2003

Web-mail system is worthy of note as a next generation e-mail system for its mobility and easiness. But many web-mail system does not have any kind of security mechanism. Even if web-mail system provides security services, its degree of strength is too low. Using these web-mail systems, the e-mail is tabbed, modified or forged by attacker easily. To solve these problems, we design and implement secure web-mail system based on the international e-mail security standard S/MIME in this thesis. This secure web-mail system is composed of server system and client system The server system performs basic mail functions - sending/receiving the mails, storing the mails, and management of user information, etc. And the client system performs cryptographic functions - encryption/decryption of the mails, digital signing and validation, etc. Because client system performs cryptographic functions this secure web-mail system gives its reliability and safety, and provides end-to-end security between mail users. Also, this secure web-mail system increase system efficiency by minimize server load.

• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.261-269
• /
• 2023

We propose to design a Holochain-based security and privacy protection system for resource-constrained IoT healthcare systems. Through analysis and performance evaluation, the proposed system confirmed that these characteristics operate effectively in the IoT healthcare environment. The system proposed in this paper consists of four main layers aimed at secure collection, transmission, storage, and processing of important medical data in IoT healthcare environments. The first PERCEPTION layer consists of various IoT devices, such as wearable devices, sensors, and other medical devices. These devices collect patient health data and pass it on to the network layer. The second network connectivity layer assigns an IP address to the collected data and ensures that the data is transmitted reliably over the network. Transmission takes place via standardized protocols, which ensures data reliability and availability. The third distributed cloud layer is a distributed data storage based on Holochain that stores important medical information collected from resource-limited IoT devices. This layer manages data integrity and access control, and allows users to share data securely. Finally, the fourth application layer provides useful information and services to end users, patients and healthcare professionals. The structuring and presentation of data and interaction between applications are managed at this layer. This structure aims to provide security, privacy, and resource efficiency suitable for IoT healthcare systems, in contrast to traditional centralized or blockchain-based systems. We design and propose a Holochain-based security and privacy protection system through a better IoT healthcare system.

• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.157-163
• /
• 2023

The attack technique targeting end-users through phishing URLs is very dangerous nowadays. With this technique, attackers could steal user data or take control of the system, etc. Therefore, early detecting phishing URLs is essential. In this paper, we propose a method to detect phishing URLs based on supervised learning algorithms and abnormal behaviors from URLs. Finally, based on the research results, we build a framework for detecting phishing URLs through end-users. The novelty and advantage of our proposed method are that abnormal behaviors are extracted based on URLs which are monitored and collected directly from attack campaigns instead of using inefficient old datasets.

• The Journal of Information Systems
• /
• v.14 no.1
• /
• pp.19-40
• /
• 2005

The history of computer virus comes along with that of computer. Computer virus han surfaced as a serious problem in information age. The advent of open network and widespread use of Internet made the problem even more urgent. As a method of defense for computer virus most companies use anti-virus software. Selecting appropriate anti-virus software involves various criteria and thus it is a multiple-attribute decision making problem. The purpose of this study is to prioritize anti-virus software evaluation factors. To do that, first of all, important evaluation factors are selected based on previous research on anti-virus software as well as general software evaluation models. Then, a questionnaire survey was conducted on end-users, system administrators and anti-virus software developers. The survey result was analyzed with ExpertChoice 2000 which is based on Analytic hierarchy Process technique. This study found that there are clear differences among three survey groups regarding the relative importance of overall evaluation factors. End-user group ranked "cost" first, but it was the least important factor to developer group. Developers pointed out "operational support" ad the most important factor. There were also obvious differences in the relative importance of detail evaluation items. Both end-users and system administrators shared 7 common items among top 10 most important items. Moreover, neither of the two groups ranked any of the items in the "operational support" factor in top 10, whereas all 4 items in the factor were included in top 10 by developer group.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.67-74
• /
• 2022

One type of network security breach is the availability breach, which deprives legitimate users of their right to access services. The Denial of Service (DoS) attack is one way to have this breach, whereas using the Intrusion Detection System (IDS) is the trending way to detect a DoS attack. However, building IDS has two challenges: reducing the false alert and picking up the right dataset to train the IDS model. The survey concluded, in the end, that using a real dataset such as MAWILab or some tools like ID2T that give the researcher the ability to create a custom dataset may enhance the IDS model to handle the network threats, including DoS attacks. In addition to minimizing the rate of the false alert.

• Smart Media Journal
• /
• v.12 no.7
• /
• pp.27-42
• /
• 2023

The development of cloud services and IoT technology has radically changed the cloud environment, and has evolved into a new concept called fog computing and F2C (fog-to-cloud). However, as heterogeneous cloud/fog layers are integrated, problems of access control and security management for end users and edge devices may occur. In this paper, an F2C-based IoT smart health monitoring system architecture was designed to operate a medical information service that can quickly respond to medical emergencies. In addition, a role-based service access control technology was proposed to enhance the security of user's personal health information and sensor information during service interoperability. Through simulation, it was shown that role-based access control is achieved by sharing role registration and user role token issuance information through blockchain. End users can receive services from the device with the fastest response time, and by performing service access control according to roles, direct access to data can be minimized and security for personal information can be enhanced.

• IE interfaces
• /
• v.13 no.3
• /
• pp.548-555
• /
• 2000

TAn E-Mail system is one of the most important services for enterprise and electronic commerce end users on the Internet. However, security for an E-Mail service is not satisfied yet, an E-Mail system with security service is definitely required especially in electronic commerce system. In this paper, an E-Mail system with confirmation of e-mail delivery is proposed, The certification of delivery of E-Mail message is not provided in conventional E-Mail systems. The proposed E-Mail system is composed of this certification of delivery and basic security services. The certification of delivery can prove sender's E-Mail message is securely sent to legitimate receivers. The system is designed and implemented by Java Cryptography API.