• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.40-52
• /
• 2024

Cyber-Physical Systems (CPS) are introduced as complex, interconnected systems that combine physical components with computational elements and networking capabilities. They bridge the gap between the physical world and the digital world, enabling the monitoring and control of physical processes through embedded computing systems and networked communication. These systems introduce several security challenges. These challenges, if not addressed, can lead to vulnerabilities that may result in substantial losses. Therefore, it is crucial to thoroughly examine and address the security concerns associated with CPS to guarantee the safe and reliable operation of these systems. To handle these security concerns, different existing security requirements methods are considered but they were unable to produce required results because they were originally developed for software systems not for CPS and they are obsolete methods for CPS. In this paper, a Security Requirements Engineering Methodology for CPS (CPS-SREM) is proposed. A comparison of state-of-the-art methods (UMLSec, CLASP, SQUARE, SREP) and the proposed method is done and it has demonstrated that the proposed method performs better than existing SRE methods and enabling experts to uncover a broader spectrum of security requirements specific to CPS. Conclusion: The proposed method is also validated using a case study of the healthcare system and the results are promising. The proposed model will provide substantial advantages to both practitioners and researcher, assisting them in identifying the security requirements for CPS in Industry 4.0.

• Korea Journal of Hospital Management
• /
• v.24 no.2
• /
• pp.56-66
• /
• 2019

PURPOSE: To demonstrate that the training of information protection for members at medical institutions increases the information protection activities of employees. METHODS: We used the chi-square test and the logistic regression model to analyze the data of the "Healthcare Information and Communication Status Survey in 2017" (n = 2002) conducted by the Korea Health Industry Development Institute RESULTS: As a result of the analysis, the information protection activity increased when the education was received and the number of received more than the education was not received. Especially, when the management receives education, it affects the information protection activities of the employees. CONCLUSION: In order to protect medical information, medical institutions need to provide education on information protection for management and employees.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.10
• /
• pp.2708-2730
• /
• 2012

The growing concern for the protection of personal information has made it critical to implement effective technologies for privacy and data management. By observing the limitations of existing approaches, we found that there is an urgent need for a flexible, privacy-aware system that is able to meet the privacy preservation needs at both the role levels and the personal levels. We proposed a conceptual system that considered these two requirements: a graph-based, access control model to safeguard patient privacy. We present a case study of the healthcare field in this paper. While our model was tested in the field of healthcare, it is generic and can be adapted to use in other fields. The proof-of-concept demos were also provided with the aim of valuating the efficacy of our system. In the end, based on the hospital scenarios, we present the experimental results to demonstrate the performance of our system, and we also compared those results to existing privacy-aware systems. As a result, we ensured a high quality of medical care service by preserving patient privacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.913-921
• /
• 2012

On the strength of the rapid development and propagation of U-healthcare service, the service technologies are full of important changes. However, U-healthcare service has security problem that patient's biometric information can be easily exposed to the third party without service users' consent. This paper proposes a distributed model according authority and access level of hospital officials in order to safely access patients' private information in u-Healthcare Environment. Proposed model can both limit the access to patients' biometric information and keep safe system from DoS attack using time stamp. Also, it can prevent patients' data spill and privacy intrusion because the main server simultaneously controls hospital officials and the access by the access range of officials from each hospital.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.493-506
• /
• 2008

In this paper we suggest dynamic access control model based on context satisfied with requirement of u-healthcare environment through researching the role based access control model. For the dynamic security domain management, we used a distributed object group framework and context information for dynamic access control used the constructed database. We defined decision rule by knowledge reduction in decision making table, and applied this rule in our model as a rough set theory. We showed the executed results of context based dynamic security service through u-healthcare application which is based on distributed object group framework. As a result, our dynamic access control model provides an appropriate security service according to security domain, more flexible access control in u-healthcare environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1551-1560
• /
• 2016

With the advancement of wearable devices and wireless body are networks, smart healthcare systems based on such technologies have been emerging to effectively monitor patient health and disease progression. In order to implement viable smart healthcare systems, the security and privacy of patient's personal health information must be considered. Yang et al. proposed a privacy-preserving authentication scheme using key-insulation technique for remote health monitoring system, however, key-insulation technique is not properly adapted to their scheme which in turn causes a security pitfall contrary to their assertions. Besides, Yang et al.'s scheme does not guarantee user anonymity against healthcare service provider. Therefore, in this paper, we discuss the security concerns for Yang et al.'s scheme and present an improved anonymous authentication scheme.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2012.07a
• /
• pp.395-396
• /
• 2012

본 연구에서는 의료정보공유가 활발하게 이루어지게 될 u-Healthcare환경에서 발생할 수 있는 보안 취약점에 대하여 알아보고 안전하게 의료정보를 공유하기 위한 보안요구사항을 제안한다.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.45 no.5
• /
• pp.155-161
• /
• 2008

An automated healthcare monitoring is demand of time, lot of problems occurring just because of less monitoring of patients health condition on time. In this paper an embedded healthcare service is proposed by an iSCSI protocol on an automated multi-agent coordination by resource-constrained devices controlled system for healthcare service. The coordination between the resource constrained devices (e.g. PDA, SmartPhone, Tablet PC), and automated agents are maintained by a two-way handshaking mode iSCSI protocol. The automated health care control could be useable, and beneficial in the repetitive way. A fully centralized control is not applicable for this kind of approach.

• International Journal of Computer Science & Network Security
• /
• v.21 no.4
• /
• pp.313-324
• /
• 2021

This study empirically investigates the factors influencing the intention to accept mobile technology in Saudi healthcare service delivery using the extended unified theory of acceptance and use of technology model (UTAUT) with perceived reliability and price value. Accordingly, a conceptual model combining behavioral constructs with those linked to the technology acceptance model is developed. This model aims to identify factors that predict patients' acceptance of mobile technology healthcare service delivery. The developed model is examined using responses obtained from a survey on 545 participants receiving healthcare services in Saudi Arabia. Thus, we have conceptualized the developed model and validated seven hypotheses involving key constructs. Results suggest that performance expectancy, effort expectancy, social influence, facilitating conditions, price value, and perceived reliability are direct predictors of user behavior to accept mobile technology in healthcare service delivery. The results provide empirical evidence to the literature on the effect of facilitating conditions and effort expectancy on mobile health (mHealth) adoption. The results show that the COVID-19 pandemic has significantly increased the adoption of mHealth services in Saudi Arabia.

• Journal of the Institute of Convergence Signal Processing
• /
• v.21 no.3
• /
• pp.142-147
• /
• 2020

The Internet of Things is valuable as a means of solving social problems such as personal, public, and industrial. Recently, the application of IoT technology to the healthcare industry is increasing. It is important to ensure reliability and security in IoT-based healthcare services. Communication protocols, wireless transmit/receive techniques, and reliability-based message delivery are essential elements in IoT healthcare devices. The system was designed and implemented to measure body temperature and activity through body temperature and acceleration sensors and deliver them to the oneM2M-based Mobius platform.