• 융합보안논문지
• /
• 제17권5호
• /
• pp.101-110
• /
• 2017

이 연구는 사물인터넷 디바이스로 인해 발생가능 한 기업의 주요 핵심정보의 유출위협에 대해 살펴보고 유출예방을 위한 방안들을 관리보안과 기술보안 측면에서 살펴보는 것이 목적이다. 연구결과로서 관리보안측면에서는 첫째, 기업내부로 출입이 인가된 모든 사람들에 대해 사물인터넷 디바이스로 기업데이터가가 유출될 수 있음을 교육하고 주요 출입이 허가된 구역에 출입시점부터 사물인터넷 기기의 사용을 제한하는 가이드라인을 비치할 필요가 있다. 둘째, 사용자 요청 혹은 기업 자체의 보안운영 가이드라인을 마련할 필요가 있으며, 무선인터넷 공유가 가능한 전자기기에 무선인터넷 모듈을 도입시기부터 제거할 필요가 있다. 기술보안측면에서는 첫째, 컴퓨터에 대한 제어 솔루션으로서 기업정보들이 주로 저장되고 있는 컴퓨터 및 서버에 매체제어 솔루션 활용을 통해 사물인터넷 디바이스와 공유되는 경로를 대상으로 통제 솔루션을 실시해야 한다. 둘째, 네트워크에 대한 접근통제로서 네트워크에 공유된 사물인터넷 디바이스와 등록된 사물인터넷 디바이스의 현황을 정기적으로 확인하는 과정을 통해 보안관리 차원의 누수를 최소화해야 한다. 셋째, 암호화 방안으로서 컴퓨터, 서버 등의 정보자산에서 데이터 저장 및 암호화가 함께 이루어짐으로써 생성된 데이터가 외부로 불법적으로 유출되는 것을 예방하여야 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권7호
• /
• pp.2919-2937
• /
• 2020

Post-Quantum Cryptography (PQC) is rapidly developing as a stable and reliable quantum-resistant form of cryptography, throughout the industry. Similarly to existing cryptography, however, it does not prevent a third-party from using the secret key when third party obtains the secret key by deception, unauthorized sharing, or unauthorized proxying. The most effective alternative to preventing such illegal use is the utilization of biometrics during the generation of the secret key. In this paper, we propose a biometric-based secret key generation scheme for multivariate quadratic signature schemes, such as Rainbow. This prevents the secret key from being used by an unauthorized third party through biometric recognition. It also generates a shorter secret key by applying Principal Component Analysis (PCA)-based Confidence Interval Analysis (CIA) as a feature extraction method. This scheme's optimized implementation performed well at high speeds.

• Safety and Health at Work
• /
• 제11권4호
• /
• pp.500-508
• /
• 2020

Background: Research on the status of many chemicals used in the semiconductor industry is needed. The purpose of this study was to describe the overall status of chemical use in the semiconductor industry in Korea and to examine it from a health perspective. Methods: Data on the status of chemical use and safety data sheets at 11 of 12 major semiconductor workplaces in Korea were collected. The number of chemical products and chemical constituents, quantities of chemicals, and trade secret ingredients used, as well as the health hazards were examined. Results: On average, 210 chemical products and 135 chemical constituents were used at the surveyed workplaces. Among all chemical products, 33% (range: 16-56%) contained at least one trade secret ingredient. Most of the trade secret ingredients were used in the photolithography process. Several carcinogens, including sulfuric acid, chromic acid, ethylene oxide, crystalline silica, potassium dichromate, and formaldehyde were also used. Only 29% (39 of 135) of the chemical constituents had occupational exposure limits, and more than 60% had no National Fire Protection Association health, safety, and reactivity ratings. Based on the aforementioned results, this study revealed the following. First, many chemical products and constituents are being used in the semiconductor industry and many products contained trade secret ingredients. Second, many products contained significant amounts of carcinogenic, mutagenic, and reproductive toxicant materials. Conclusion: We conclude that protecting workers in the semiconductor industry against harm from chemical substances will be difficult, due to widespread use of trade secret ingredients and a lack of hazard information. The findings of the status of chemical use and the health and safety risks in semiconductor industry will contribute to epidemiological studies, safe workplace, and worker health protection.

• Journal of Multimedia Information System
• /
• 제8권1호
• /
• pp.57-60
• /
• 2021

Industry 4.0 is continuous automation by applying the latest smart technologies to traditional manufacturing industries. It means that large-scale M2M (Machine-to-Machine) communication and IoT (Internet of Things) technologies are well integrated to build efficient production systems by analyzing and diagnosing various issues without human intervention. Edge computing is widely used for M2M services that handle real-time interactions between devices at industrial machinery tool sites. Here, secure data transmission is required while interacting. Thus, this paper focused on a method of creating and maintaining secret key and security tag used for message authentication between end-devices and edge-device.

• 한국컴퓨터산업학회논문지
• /
• 제5권9호
• /
• pp.1069-1078
• /
• 2004

본 논문에서는 광 시각 암호기술에 근거한 개인 정보보호 방식을 제안하였다. 실험에 사용된 지문 데이터는 광 시각 암호 기술과 개방형 네트워크를 통해 전달된 공유 데이터의 일부를 고려한 secret sharing 방법에 의해 처리되었다. 필요에 따라 한 개인은 자신의 지문을 다른 공유 정보에 제공하는 방식으로 본인의 것을 확인할 수 있다. 다양한 환경 조건에서도 어려움 없이 효과적으로 지문을 인식 할 수 있음을 실험을 통해 검증하였다.

• 한국산업보건학회지
• /
• 제29권1호
• /
• pp.27-33
• /
• 2019

Objective: This study analyzed the status of the application of trade secrets in MSDSs according to size and type of industry. The contents of the MSDS non-public approval policy are summarized. We suggest proactive improvement requirements related to the operation of the MSDS non-public approval policy. Methods: To review this subject, we selected 153 manufacturers and six importers in such fields as organic chemical production. The trade secrets application status and ratio (%) of MSDSs by industry size and industry classification were investigated. Improvements toward a proactive system related to the operation of the MSDS non-public approval policy under the Occupational Safety and Health Act(OSHA) were summarized. Results and Conclusions: According to the results, the trade secret ratio in MSDSs by industry size was 33% in workplaces with less than 50 employees, 23.1% in workplaces with more than 50 but less than 100 workers, 73% in workplaces with more than 100 workers, and 83.4% in workplaces with 300 or more workers. For the trade secret writing rate for MSDSs by industry, the highest was MOCCP (Manufacture of ink, paint, coating and similar products) at 80.9%. MOC (Manufacture of other chemicals) was the lowest at 16.2%. We propose four proactive efforts to minimize the administrative burden of implementation of the MSDS non-public approval policy. The results of this study can be used as basic data for policy improvements to make more effective use of MSDS.

• 디지털산업정보학회논문지
• /
• 제12권2호
• /
• pp.25-29
• /
• 2016

Owing to the change of economic trends, the importance of the tourism industry is growing more and more. In particular, the number of foreign tourists continues to increase and the type of tourists is being changed into FIT (Foreign Independent Traveler). Therefore it is an important issue to provide the effective information to foreign tourists. To solve these problems, a variety of IT technology is being used in the tourism information systems. Especially the location based tour information service is being emerged. This kinds of tourism information service is a type of LBS (Location Based Services). But if the security of the location based tourism information service is not guaranteed, it can lead to many dangers. In this paper, the trends of location based tourism information service are surveyed. Also the security threats and countermeasures for the location based tourism information service are analyzed. This paper suggests secret considerations for the location based tourism information service.

• 디지털산업정보학회논문지
• /
• 제5권4호
• /
• pp.139-150
• /
• 2009

Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two clients attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients trying to establish a secret key are registered with different authentication servers. In fact, the recent protocol by Yeh and Sun seems to be the only password authenticated key exchange protocol in the four-party setting. But, the Yeh-Sun protocol adopts the so called "hybrid model", in which each client needs not only to remember a password shared with the server but also to store and manage the server's public key. In some sense, this hybrid approach obviates the reason for considering password authenticated protocols in the first place; it is difficult for humans to securely manage long cryptographic keys. In this work, we introduce a key agreement protocol and a key distribution protocol, respectively, that requires each client only to remember a password shared with its authentication server.

• 융합보안논문지
• /
• 제15권6_1호
• /
• pp.69-78
• /
• 2015

산업스파이에 의한 핵심기술 유출이 점차 지능화, 첨단화, 복잡화 되어가고 있으며 이로 인한 피해 또한 심각해지고 있다. 이러한 상황에 대응하는 방안으로 융합보안이 대두되었고 모든 산업분야에 점차 확대되고 있다. 특히 국가적 핵심기술과 인력 및 시설을 포함하고 있는 방위산업은 융합보안이 더 요구되는 산업분야이다. 방위산업은 국가의 안전보장에 필요한 방위산업물자를 연구, 개발, 생산하는 산업이다. 방위산업은 군사기밀, 산업비밀, 핵심기술인력, 방위산업물자, 국가중요시설, 정보통신체계 등 다양한 보안요소를 포함하고 있다. 방위산업보안은 군사보안과 산업보안의 복합체이며 방위산업의 모든 보안요소를 통합하는 융합보안이다. 따라서 방위산업보안은 융합보안의 대표적인 실천모델이라고 할 수 있다. 방위산업보안에 대한 연구는 일반적인 다른 산업분야에서의 보안과 관련된 연구에 비해 미흡한 실정이다. 방위산업의 핵심기술 유출을 방지하고 기술인력 및 시설을 보호하기 위해서, 방위산업보안을 융합보안의 개념에서 연구하고 실천하는 노력이 절실한 시점이다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권3호
• /
• pp.1231-1245
• /
• 2015

People have transferred their business model from traditional commerce to e-commerce in recent decades. Both shopping and payment can be completed through the Internet and bring convenience to consumers and business opportunities to industry. These trade techniques are mostly set up based on the Secure Sockets Layer (SSL). SSL provides the security for transaction information and is easy to set up, which makes it is widely accepted by individuals. Although attackers cannot obtain the real content even when the transferred information is intercepted, still there is risk for online trade. For example, it is impossible to prevent credit card information from being stolen by virtual merchant. Therefore, we propose a new mechanism to solve such security problem. We make use of the disposable dynamic security code (DSC) to replace traditional card security code. So even attackers get DSC for that round of transaction, they cannot use it for the next time. Besides, we apply visual secret sharing techniques to transfer the DSC, so that interceptors cannot retrieve the real DSC even for one round of trade. This way, we can improve security of credit card transaction and reliability of online business. The experiments results validate the applicability and efficiency of the proposed mechanism.