• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.235-237
• /
• 2018

The Internet has allowed many things to move fast, including sharing of data, files and others within a second. Many domains use applications range from IoT, smart cities, healthcare, and organizations to share the data when necessary. However, there are some challenges faced by existing systems that works on centralized nature. Such challenges are data breach, trustiness issue, unauthorized access and data fraud. Therefore in this work, we focus on using a smart contract which is used by blockchain platform and works on decentralized form. Furthermore, in this work our contract provides an access to the file uploaded onto the decentralized storage such as IPFS. By leveraging smart contract-role based which consist of a contract owner who can manage the users when access the certain resources such as a file and as well as use of decentralized storage to avoid single point of failure and censorship over secure communication channel. We checked the gas cost of the smart contract since most of contracts tends to be a high cost.

• Informatization Policy
• /
• v.25 no.3
• /
• pp.95-115
• /
• 2018

This study aims to examine organization members' intention to violate security policies based on the Person-Environment Fit Model. This study investigated the effect of the relationship between organizational security environment and the individual security value on the intention of organizational security policy violation. The security environments are classified into the organizational information security culture and peers' behavior of security compliance, while the personal values are classified into reconstructing the conduct, distorting the consequence, and devaluing the organization as presented in the moral disengagement theory. Based on the concept of the moral disengagement theory, we measured the individual security values as a second order factor. This study found that the information security culture had a statistically significant impact on devaluing the organization, but did not have as much impact on reconstructing the conduct and distorting the consequence. Peers' behavior of security compliance had a significant impact on reconstructing the conduct, distorting the consequence and devaluing the organization, all of which also had relevant impact on the organizational members' intention of security policy violation.This study measured a persons' perception on security policy breach by presenting scenarios of password sharing that is common in many organizations. This study is expected to make practical contributions, as it deals with challenges that many organizations are actually faced with.

• Convergence Security Journal
• /
• v.15 no.1
• /
• pp.69-82
• /
• 2015

This dissertation introduce how to react against the cybercrime and analysis of malware detection. Also this dissertation emphasize the importance about efficient control of correspond process for the information security. Cybercrime and cyber breach are becoming increasingly intelligent and sophisticated. To correspond those crimes, the strategy of defense need change soft kill to hard kill. So this dissertation includes the study of weak point about OS, Application system. Also this dissertation suggest that API structure for handling and analyzing big data forensic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.725-734
• /
• 2016

SCADA(Supervisory Control and Data Acquisition) system is widely used for remote monitoring and control throughout the domestic industry. Due to a recent breach of security on SCADA systems, such as Stuxnet, the need of correctly established secure certification of a control system is growing. Currently, EDSA-CRT (Embedded Device Security Assurance-Communication Robustness Test), which tests the ability to provide core services properly in a normal/abnormal network protocol, is only focused on the testing of IP-based protocols such as IP, ARP, TCP, etc. Thus, in this paper, we propose test requirements for DNP3 protocol based on EDSA-CRT. Our analysis show that the specific test cases provide plentiful evidences that DNP3 should follow based on its functional requirements. As a result, we propose 33 specific test case for DNP3 protocol.

• Proceedings of the Korea Association of Information Systems Conference
• /
• 2000.05a
• /
• pp.171-175
• /
• 2000

The firewall is normally an intermediate system between the secure internal networks and the less secure external networks. It is intended to keep corporate systems safe from intruders, hackers, and accidental entry into the corporate system. The primary types of firewalls are screening routers, proxy servers, and stateful inspectors. Encryption is another form of firewall protection which is being incorporated along with other firewall methods. Before choosing a firewall architecture, a company must have the right mind set about the threat. The future will see more integration of firewall technologies and the increased use of standards in the industry. It must also determine what are the possible consequences of a breach in security and then develop a system to counter the threat. Additionally, new firewall technologies will address the potential dangers associated with the use of Java applets and Active X-controls on the Internet.

• Journal of Distribution Science
• /
• v.20 no.7
• /
• pp.107-117
• /
• 2022

Purpose: The scope of forensic investigations serves to identify malicious activities, including leakage of crucial corporate information. The investigations also identify security lapses in available networks. The purpose of the present study is to explore how to block distribution channels to protect illegal leakage in supply chain through digital forensic method. Research design, data and methodology: The present study conducted the qualitative textual analysis and its data collection process entails five steps: identifying and collecting data, determining coding categories, coding the content, checking validity and reliability, and analyzing and presenting the results. This methodology is a significant research method due to its high quality of previous resources. Results: Applying previous literature analysis to the results of this study, the author figured out that there are four solutions as an evidences to block distribution channels, preventing illegal leakage regarding company information. The following subtitles show clear solutions: (1) Communicate with Stakeholders, (2) Preventing and addressing illegal leakage, (3) Victims of Data Breach, (4) Focusing Solely on Technical Teams. Conclusion: There are difficult scenarios that continue to introduce difficult questions surrounding engagement with digital evidence. Consequently, it is important to enhance data handling to provide answers for organizations that suffer due to illegal leakages of sensitive information.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.1-12
• /
• 2006

Malicious codes have been widely documented and detected in information security breach occurrences of Microsoft Windows platform. Legacy information security systems are particularly vulnerable to breaches, due to Window kernel-based malicious codes, that penetrate existing protection and remain undetected. To date there has not been enough quality study into and information sharing about Windows kernel and inner code mechanisms, and this is the core reason for the success of these codes into entering systems and remaining undetected. This paper focus on classification and formalization of type target and mechanism of various Windows kernel-based attacks, and will present suggestions for effective response methodologies in the categories of, "Kernel memory protection", "Process & driver protection" and "File system & registry protection". An effective Windows kernel protection system will be presented through the collection and analysis of Windows kernel and inside mechanisms, and through suggestions for the implementation methodologies of unreleased and new Windows kernel protection skill. Results presented in this paper will explain that the suggested system be highly effective and has more accurate for intrusion detection ratios, then the current legacy security systems (i.e., virus vaccines and Windows IPS, etc) intrusion detection ratios. So, It is expected that the suggested system provides a good solution to prevent IT infrastructure from complicated and intelligent Windows kernel attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.987-997
• /
• 2018

Blockchain has tamper-free, so many applications are developing to leverage tamper-free features of blockchain. MIT Media Labs proposed BlockCerts, educational certificate blockchain System, to solve problems of legacy certificate verifications. Existing educational certificate blockchain Systems are based on public blockchain such as bitcoin, Ethereum, so any entity can participate educational institute in principal. Moreover, the exisitng educational certricate blockchain system utilizes the integrity of blockchain, but the confidentiality of the educational certificate is not provided. This paper propose a digital certificate system based on private blockchain, name HyperCerts. Therefore, only trusted entity can participate in the private blockchain network, Hyperledger, as the issuer of digital certificate. Furthermore, the practical byzantine fault tolerance is used as consensus algorithm, HyperCerts reduce dramatically the latency of issuing digital certificate and required computing power. HyperCerts stores the hash value of digital certificate into the ledger, so breach of personal information by malicious entity in the private blockchain is protected.

• Journal of the Korea Convergence Society
• /
• v.8 no.9
• /
• pp.1-7
• /
• 2017

As the network environment develops and speeds up, a lot of smart devices is developed, and a high-speed smart society can be realized while allowing people to interact with objects. As the number of things Internet has surged, a wide range of new security risks and problems have emerged for devices, platforms and operating systems, communications, and connected systems. Due to the physical characteristics of IoT devices, they are smaller in size than conventional systems, and operate with low power, low cost, and relatively low specifications. Therefore, it is difficult to apply the existing security solution used in the existing system. In addition, IoT devices are connected to the network at all times, it is important to ensure that personal privacy exposure, such as eavesdropping, data tampering, privacy breach, information leakage, unauthorized access, Significant security issues can arise, including confidentiality and threats to facilities. In this paper, we investigate cases of security threats and cases of network of IoT, analyze vulnerabilities, and suggest ways to minimize property damage by Internet of things.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.12
• /
• pp.1786-1793
• /
• 2022

Cyber-attacks such as smishing and hacking mail exploiting COVID-19, political and social issues, have recently been continuous. Machine learning and deep learning technology research are conducted to prevent any damage due to cyber-attacks inducing malicious links to breach personal data. It has been concluded as a lack of basis to judge the attacks to be malicious in previous studies since the features of data set were excessively simple. In this paper, nine main features of three types, "URL Days", "URL Word", and "URL Abnormal", were proposed in addition to lexical features of URL which have been reflected in previous research. F1-Score and accuracy index were measured through four different types of machine learning algorithms. An improvement of 0.9% in a result and the highest value, 98.5%, were examined in F1-Score and accuracy through comparatively analyzing an existing research. These outcomes proved the main features contribute to elevating the values in both accuracy and performance.