• Journal of the Institute of Electronics and Information Engineers
• /
• v.51 no.11
• /
• pp.127-133
• /
• 2014

In order to protect information asset from various malicious code, Honeypot system is implemented. Honeypot system is designed to elicit attacks so that internal system is not attacked or it is designed to collect malicious code information. However, existing honeypot system is designed for the purpose of collecting information, so it is designed to induce inflows of attackers positively by establishing disguised server or disguised client server and by providing disguised contents. In case of establishing disguised server, it should reinstall hardware in a cycle of one year because of frequent disk input and output. In case of establishing disguised client server, it has operating problem such as procuring professional labor force because it has a limit to automize the analysis of acquired information. To solve and supplement operating problem and previous problem of honeypot's hardware, this thesis suggested hybrid honeypot. Suggested hybrid honeypot has honeywall, analyzed server and combined console and it processes by categorizing attacking types into two types. It is designed that disguise (inducement) and false response (emulation) are connected to common switch area to operate high level interaction server, which is type 1 and low level interaction server, which is type 2. This hybrid honeypot operates low level honeypot and high level honeypot. Analysis server converts hacking types into hash value and separates it into correlation analysis algorithm and sends it to honeywall. Integrated monitoring console implements continuous monitoring, so it is expected that not only analyzing information about recent hacking method and attacking tool but also it provides effects of anticipative security response.

• Journal of Internet Computing and Services
• /
• v.13 no.2
• /
• pp.21-32
• /
• 2012

We develop architecture of a virtual aggregation gateway (VAG) which enables composite application streaming based on N-Screen-as-a-Service (NaaS) using cloud computing in thin-client environment. We also discuss the problem of server computing burden in large scale multi-client case for screens sharing with composite application streaming over the internet. In particular, we propose an efficient Framework of N-Screen Session Manager which manages all media signaling that are necessary to deliver demanded contents. Furthermore, it will provides user with playback multimedia contents method (TV Drama, Ads, and Dialog etc) which is not considered in other research papers. The objectives of proposing N-Screen Session Manager are to (1) manage session status of all communication sessions (2) manage handling of received request and replies (3) allow users to playback multimedia contents anytime with variety of devices for screen sharing and (4) allow users to transfer an ongoing communication session from one device to another. Furthermore, we discuss the major security issues that occur in Session Initiation Protocol as well as minimizing delay resulted from session initiations (playback or transfer session).

• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.109-120
• /
• 2018

The smartphone is the communication device that is the most personal to the user, and it keeps a lot of information related to the user and makes information communication with other devices. With these characteristics, forensics on smartphones are one of the most basic methods of investigation in criminal investigations, and have actually contributed to the settlement of the case by providing many clues. However, recently, it is designed to encrypt data stored as a social issue related to the protection of user's personal information, or to delete deleted data or to delete log data together. So, any solutions? In this paper, I try to find the answer from cloud data stored by smartphone user account. Cloud forensics should approach complementary relationships rather than smartphone forensics. There are a lot of data stored in the cloud that can be meaningfully used in the investigation. Online activity information of users, such as Internet usage, YouTube view, and contents purchase information, cloud service such as e-mail, cloud drive, and location information are the most representative data. These data can be unvaluable, but here are some important clues in various types of criminal investigations. In this paper, I propose a method to extract data from the google cloud so that the data can be used for investigation, and to utilize the extracted data for investigation. And it explains the role of the extracted artifacts in the actual investigation business through virtual cases and proves its value.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.2B
• /
• pp.302-312
• /
• 2010

Internet Protocol Television (IPTV) service is the convergence service of the telecommunication and broadcasting that provides various bidirectional multimedia contents by IPTV service subscribe's request through the high-speed internet. However, the proposed technologies current do not guarantee the security such as authentication between Set-Top-Box (STB) and the user mobile devices available IPTV service at home domain, and authentication of mobile user device at out of door. This paper proposes the authentication protocol for distributing content securely from STB to the users' mobile devices at home domain and authentication for network access and IPTV service access when the user's mobile device is moved out of the house. The proposed scheme using the proxy signature enables to distribute and protect securely the contents protected through an underlying Conditional Access System (CAS) without re-encrypting then that the existing scheme should employ. Then this protocol supports the authentication scheme to get service access authentication based on network access authentication using the signature, which the STB issued on behalf of the trust authority of IPTV service provider. Also the proposed authentication protocol reduces the total communication overhead and computation time comparing to the other authentication protocol.

• The Journal of the Korea Contents Association
• /
• v.22 no.9
• /
• pp.64-75
• /
• 2022

The method of accessing multiple control systems in the OT control network centered on operation technology uses the operator authentication technology of each control system. An example is ID/PW operator authentication technology. In this case, since the OT control network is composed of multiple control systems, operator authentication technology must be applied to each control system. Therefore, the operator must bear the inconvenience of having to manage authentication information for each control system he manages. To solve these problems, SSO technology is used in business-oriented IT networks. However, if this is introduced into the OT control network as it is, the characteristics of the limited size of the OT control network and rapid operator authentication are not reflected, so it cannot be seen as a realistic alternative. In this paper, a public key-based authentication mechanism was newly proposed as an operator authentication technology to solve this problem. In other words, an integrated public key certificate that applies equally to all control systems in the OT control network was issued and used to access all control systems, thereby simplifying the authentication information management and making access to the control system more efficient and secure.

• Journal of Intelligence and Information Systems
• /
• v.16 no.3
• /
• pp.147-161
• /
• 2010

As broadcasting and communication are converged recently, communication is jointed to TV. TV viewing has brought about many changes. The IPTV (Internet Protocol Television) provides information service, movie contents, broadcast, etc. through internet with live programs + VOD (Video on demand) jointed. Using communication network, it becomes an issue of new business. In addition, new technical issues have been created by imaging technology for the service, networking technology without video cuts, security technologies to protect copyright, etc. Through this IPTV network, users can watch their desired programs when they want. However, IPTV has difficulties in search approach, menu approach, or finding programs. Menu approach spends a lot of time in approaching programs desired. Search approach can't be found when title, genre, name of actors, etc. are not known. In addition, inserting letters through remote control have problems. However, the bigger problem is that many times users are not usually ware of the services they use. Thus, to resolve difficulties when selecting VOD service in IPTV, a personalized service is recommended, which enhance users' satisfaction and use your time, efficiently. This paper provides appropriate programs which are fit to individuals not to save time in order to solve IPTV's shortcomings through filtering and recommendation-related system. The proposed recommendation system collects TV program information, the user's preferred program genres and detailed genre, channel, watching program, and information on viewing time based on individual records of watching IPTV. To look for these kinds of similarities, similarities can be compared by using ontology for TV programs. The reason to use these is because the distance of program can be measured by the similarity comparison. TV program ontology we are using is one extracted from TV-Anytime metadata which represents semantic nature. Also, ontology expresses the contents and features in figures. Through world net, vocabulary similarity is determined. All the words described on the programs are expanded into upper and lower classes for word similarity decision. The average of described key words was measured. The criterion of distance calculated ties similar programs through K-medoids dividing method. K-medoids dividing method is a dividing way to divide classified groups into ones with similar characteristics. This K-medoids method sets K-unit representative objects. Here, distance from representative object sets temporary distance and colonize it. Through algorithm, when the initial n-unit objects are tried to be divided into K-units. The optimal object must be found through repeated trials after selecting representative object temporarily. Through this course, similar programs must be colonized. Selecting programs through group analysis, weight should be given to the recommendation. The way to provide weight with recommendation is as the follows. When each group recommends programs, similar programs near representative objects will be recommended to users. The formula to calculate the distance is same as measure similar distance. It will be a basic figure which determines the rankings of recommended programs. Weight is used to calculate the number of watching lists. As the more programs are, the higher weight will be loaded. This is defined as cluster weight. Through this, sub-TV programs which are representative of the groups must be selected. The final TV programs ranks must be determined. However, the group-representative TV programs include errors. Therefore, weights must be added to TV program viewing preference. They must determine the finalranks.Based on this, our customers prefer proposed to recommend contents. So, based on the proposed method this paper suggested, experiment was carried out in controlled environment. Through experiment, the superiority of the proposed method is shown, compared to existing ways.

• The Korean Society of Law and Medicine
• /
• v.20 no.1
• /
• pp.203-242
• /
• 2019

Since 2006, local governments in Korea have been providing premiums for social insurance, such as the National Health Insurance System, for the health care of local residents. The purpose of this study is to analyze the content of self-governing legislation that defines these policies. The method of conducting the research was based on the articles of the ordinance related to the 'public health insurance premium' of the self-governing statutes published on the website of the National Law Information Center. As of May 2019, 201 municipalities have enacted ordinances to support public health insurance premiums. In the case of state local governments, 8 out of 17 were found, and in the case of basic local governments, 193 out of 226. The constitution of the ordinance consisted of purpose, time of enactment, type of social insurance premium, object of social insurance premium, amount of social insurance premium support, method and process of social insurance premium support, time of social insurance premium support. This study analyzed contents of these articles. Finally, this study presented issues that could be controversial from the policy and legal viewpoints and suggestions for improvement.

• Journal of KIISE:Databases
• /
• v.32 no.3
• /
• pp.243-253
• /
• 2005

Dissemination of XML data on the internet could breach the privacy of data providers unless access to the disseminated XML data is carefully controlled. Recently, the methods using encryption have been proposed for such access control. However, in these methods, the performance of processing queries has not been addressed. A query processor cannot identify the contents of encrypted XML data unless the data are decrypted. This limitation incurs overhead of decrypting the parts of the XML data that would not contribute to the query result. In this paper, we propose the notion of query-aware decryption for efficient processing of queries against encrypted XML data. Query-aware decryption allows us to decrypt only those parts that would contribute to the query result. For this purpose, we disseminate an encrypted XML index along with the encrypted XML data. This index, when decrypted, informs us where the query results are located in the encrypted XML data, thus preventing unnecessary decryption for other parts of the data. Since the size of this index is much smaller than that of the encrypted XML data, the cost of decrypting this index is negligible compared with that for unnecessary decryption of the data itself. The experimental results show that our method improves the performance of query processing by up to 6 times compared with those of existing methods. Finally, we formally prove that dissemination of the encrypted XML index does not compromise security.

• Journal of Digital Convergence
• /
• v.14 no.5
• /
• pp.11-19
• /
• 2016

SNS users are continuously increasing and SNS is emerging as a major PR channel of government. In particular, SNS can be a useful tool, but also the challenges for risk communication. This study is examined how nuclear regulatory organizations' SNS management and visitors' responses to the facebook pages in Korea and U.S.. Results indicated that both organizations frequently used information-oriented posting. Concerning the types of PR, NSSC tended to mainly use 'Relationship-Management PR', NRC mainly use 'Image PR.' In addition, our analyses on visitors' responses showed that visitors usually in response to participational and visual(ex. video, card news) typed contents. Based on its' results, this study provides practical suggestions for government's future SNS management strategies.

• Journal of Digital Convergence
• /
• v.14 no.10
• /
• pp.535-542
• /
• 2016

This study was to explore the meanings and follow-up tasks for enactment of Act on Supply and Utilization Promotion of Assistive Technology Devices for People with Disabilities and Seniors(Assistive Technology Act) in Korea. I conducted analysis about contents and establishment process of the Act. The study found meaningful effects ; it provided the basis for supporting assistive technology devices based on the social model, it led to an Implementation of the national obligations such as UN Convention on the Rights of Persons with Disabilities, it provided terms related to assistive technology. It is suggested to conduct follow-up studies and to put the efforts to strengthen additional laws for backing up the effective policy for extended support of assistive technology devices and for security of budget, for establishing regional service centers, for phasing of professional qualification, for controlling quality, for establishing an information system, and for promoting industries.