• The KIPS Transactions:PartC
• /
• 제15C권5호
• /
• pp.375-382
• /
• 2008

As the use of Internet and information communication technology is being generalized, the SSL protocol is essential in Internet because the important data should be transferred securely. While the SSL protocol is designed to defend from active attack such as message forgery and message alteration, the cipher suite setting can be easily modified. If the attacker draw on a malfunction of the client system and modify the cipher suite setting to the symmetric key algorithm which has short key length, he should eavesdrop and cryptanalysis the encrypt data. In this paper, we examine the domestic web site whether they generate the security session in the symmetric key algorithm which has short key length and propose the solution of the cipher suite setting problem.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• 제16권6호
• /
• pp.25-31
• /
• 2016

With the development of IOT technology and the expansion of ICT services recently, a variety of home network services have been advanced based on wired and wireless high speed telecommunication. Domestic and global companies have been studying on the innovative technology for the users using IOT based technology and the environment for the smart home services has been gradually developed. The users live their lives with more convenience due to the expansions and developments of smart phones. However, the threatening on the security of the smart home network had occurred by various attacks with the connection to the smart environment telecommunication, lack of applications on low powered and light weight telecommunication, and the problems of security guideline. In addition, the solutions are required for the new and variant attacking cases such as data forgery and alteration of the device for disguising approach with ill will. In this article, the safe communication protocol was designed using certification management technique based on AKI which supplemented the weakness of PKI, the existing certification system in the smart environment. Utilizing the signature technique based on ECDSA, the efficiency on the communication performance was improved, and the security and the safety were analyzed on the security threat under the smart home environment.

• Journal of Food Hygiene and Safety
• /
• 제35권6호
• /
• pp.574-580
• /
• 2020

In this study we sought to determine the food fraud by discriminating species of commercial seafood product such as Larimichthys polyactis, Larimichthys crocea, Pennahia argentatus, and Miichthys miiuy, which are difficult to morphologically discriminate. After amplifying the mitochondrial cytochrome c oxidase subunit I gene of the reference fish, the DNA sequences of the amplified PCR products were analyzed. As a result, a 655 bp sequence for species identification was selected for use as DNA barcodes. To confirm the DNA data and primer set, the DNA barcode sequence of each fish was compared to that in that in the NCBI. All of the DNA barcode data were matched with the gene sequence of each fish in the NCBI. A total of 32 processed seafood products (8 L. polyactis, 12 L. crocea, 3 Pennahia argentatus, and 9 Miichthys miiuy) were investigated. Homology of 97% or more in DNA sequences was judged as the same species. As a result of the monitoring, there were no discovered cases of forgery or alteration. However, the use of a raw material name having no matching standard name in the Korea Food Code may cause consumer confusion. Therefore, it is suggested that the standard name or scientific name be co-labeled with the raw material name on seafood products to prevent consumer confusion.

• KIPS Transactions on Computer and Communication Systems
• /
• 제7권2호
• /
• pp.49-58
• /
• 2018

A certificate is a means to certify users by conducting the identification of the users, the prevention of forgery and alteration, and non-repudiation. Most people use an accredited certificate when they perform a task using online banking, and it is often used for the purpose of proving one's identity in issuing various certificates and making electronic payments in addition to online banking. At this time, the issued certificate exists in a file form on the disk, and it is possible to use the certificate issued in an existing device in a new device only if one copies it from the existing device. However, most certificate duplication methods are a method of duplication, entering an 8-16 digit verification code. This is inconvenient because one should enter the verification code and has a weakness that it is vulnerable to security issues. To solve this weakness, this study proposes a method for enhancing security certificate duplication in a multi-channel using TCP and BLE. The proposed method: 1) shares data can be mutually authenticated, using BLE Advertising data; and 2) encrypts the certificate with a symmetric key algorithm and delivers it after the certification of the device through an ECC-based electronic signature algorithm. As a result of the implementation of the proposed method in a mobile environment, it could defend against sniffing attacks, the area of security vulnerabilities in the existing methods and it was proven that it could increase security strength about $10^{41}$ times in an attempt of decoding through the method of substitution of brute force attack existing method.

• Journal of Food Hygiene and Safety
• /
• 제36권4호
• /
• pp.331-341
• /
• 2021

DNA barcode sequences of commercial seafood products, which are difficult to morphologically discriminate, were analyzed to determine cases of food fraud. The gene sequences were analyzed by amplifying the COX I (cytochrome C oxidase subunit I) gene region of mitochondrial DNA, which is mainly used for species identification. The DNA barcode sequences were compared with the gene sequence of each fish registered in the US National Center for Biotechnology. A total of 46 processed seafood products (12 Pagrus majo, 4 Oplegnathus fasciatus, 7 Dentex tumifrons, 2 Acanthopagrus schlegelii, 7 Oreochromis niloticus, 6 Branchiostegus japonicus, 8 Branchiostegus albus) were investigated. Having DNA sequence identity of more than 97% was judged as the same species. As a result of this study, no cases of forgery and alteration were detected. However, some disparities in the commercial names used in local markets and the standard names given in the Korea Food Code were found, which may cause confusion for consumers. It is therefore suggested that the standard name or scientific name be displayed on seafood product labels.

• The Journal of the Korea Contents Association
• /
• 제21권6호
• /
• pp.1-11
• /
• 2021

The Neis System is a system integrating administrative information that was operated in elementary and secondary schools in Korea. Currently, this system is operated by a central server method and contains school administration information and important educational information of students. Among student information, the student life record contains important information for a student to advance to a higher level institution, but problems such as information leakage or manipulation may occur due to malicious attacks. In this paper, we propose a hybrid blockchain system that combines the server and blockchain technology managed by the existing Neis system. The proposed system records the query information of the database in a block when student information is accessed. When a request for correction of student information or issuance of a certificate is received, the query of the blockchain, the information in the database, and the student's key value are checked to determine whether the information has been leaked or manipulated, and only if the data is normal, the request for revision of the record is performed. This process is more secure than the existing central server because it checks the manipulation of data through the blockchain. The proposed system was implemented on the Ethereum platform, and the query information of the blockchain was experimentally verified using smart contracts. This study contributes to enhancing the reliability of the Nice system by strengthening the security against forgery and alteration of student data by combining the existing Nice system with a block chain.

• The Korean Society of Law and Medicine
• /
• 제21권2호
• /
• pp.75-103
• /
• 2020

There is a growing voice that medical information should be shared because it can prepare for genetic diseases or cancer by analyzing and utilizing medical information in big data or artificial intelligence to develop medical technology and improve patient care. The utilization and protection of patients' personal information are the same as two sides of the same coin. Medical institutions or medical personnel should take extra caution in handling personal information with high environmental distinct characteristics and sensitivity, which is different from general information processors. In general, the patient's personal information is processed by medical personnel or medical institutions through the processes of collection, creation, and destruction. Still, the use of terms related to personal information in the Medical Service Act is jumbled, or the scope of application is unclear, so it relies on the interpretation of precedents. For the medical personnel or the founder of the medical institution, in the case of infringement of Article 24(4), it cannot be regarded that it means only medical treatment information among personal information, whether or not it should be treated the same as the personal information under Article 23, because the sensitive information of patients is recorded, saved, and stored in electronic medical records. Although the prohibition of information leakage under Article 19 of the Medical Service Act has a revision; 'secret' that was learned in business was revised to 'information', but only the name was changed, and the benefit and protection of the law is the same as the 'secret' of the criminal law, such that the patient's right to self-determination of personal information is not protected. The Privacy Law and the Local Health Act consider the benefit and protection of the law in 'information learned in business' as the right to self-determination of personal information and stipulate the same penalties for personal information infringement such as leakage, forgery, alteration, and damage. The privacy regulations of the Medical Service Act require that the terms be adjusted uniformly because the jumbled use of terms can confuse information subjects, information processors, and shows certain limitations on the protection of personal information because the contents or scope of the regulations of the Medical Service Law for special corporations and the Privacy Law may cause confusion in interpretation. The patient's personal information is sensitive and must be safely protected in its use and processing. Personal information must be processed in accordance with the protection principle of Privacy Law, and the rights such as privacy, freedom, personal rights, and the right to self-determination of personal information of patients or guardians, the information subject, must be guaranteed.