• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.2
• /
• pp.123-138
• /
• 1997

In this paper, we design a model of security management in the EDI(Electronic Data Interchange) system implemented on the basis of ITU-T X.400 series. First of all, we defined requirements and functions for providing the security management facility in the EDI system which manipulates a lot of commercial documents. The model to satisfy the requirements is also designed for SEDI (Secure EDI) system which provides security services.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2006.11a
• /
• pp.467-481
• /
• 2006

In the era of the Internet and ubiquitous computing, IS users are still facing a variety of threats. Therefore, a need of more tightened information security service increases unprecedentedly. In this sense, this study is aimed at proposing a new research model in which IT assets (i.e., network, system, and information influence) and Information Security Service (i.e., confidentiality, integrity, nonrepudiation, authentication) affect information security qualty positively, leading to users' satisfaction eventually To prove the validity of the proposed research model, PLS analysis is applied with valid 177 questionnaires. Results reveal that both IT assets and Information Security Service influence informations security quality positively, and user satisfaction as well. From the results, it can be concluded that Korean government's recent orchestrated efforts to boost the IT assets and Information Security Service helped great improve the information security quality and user satisfaction.

• Korean Security Journal
• /
• no.3
• /
• pp.273-305
• /
• 2000

The knowledge substitutes the traditional factors of production - land, labor, and capital - and has become one of the most important new resources. The Internet Knowledge Society is where the knowledge is the major source of development and competition. Now more than 350mi11ion computers are connected to internet servers and the internet users are more than 250mi11ion. The purpose of this paper is to propose some key factors for implementing the Police Knowledge Management System(PKMS) based on Intranet. With Information Technology(IT), the police administrative system will be much more efficient. Introducing the If into the system is critical for restructuring the police administrative system. This paper concludes as follows : ■ Knowledge is divided into tacit and explicit one. Knowledge process is divided into acquisition, accumulation, distribution and creation of knowledge. ■ The IntraNet is composed of Web server, FTP server, electric-mail server, and is constructed security system to safety. ■ All policemen are bound to serve as a new knowledge worker. ■ Police organization needs to operate data management system. The organization also needs to the Police Knowledge Management Center(PKMC). And the Police Chief Knowledge Officers(PCKO) needs to be appointed to manage the PKMC. ■ An information and knowledge infrastructure(various databases are the most important factor) should be established within the organization to promote the self-directed management, the interactive communication, and the learning ability of the members.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.65-76
• /
• 2007

The P2P file sharing system sends the results to users by searching the files in the shared folders. In the process of it, the problem is that the transferred information includes the pathname and file information and it can be revealed who searches which files. In related to this problem, anonymous file sharing P2P protocol has been an active research area where a number of works have been produced. However, the previous studies still have a few of weakness. Therefore, We propose two anonymous P2P file sharing protocols based on the decentralized and unstructured Random Walk. The first scheme uses the dynamic onion routing where the requester can receive the wanted file without knowing other peers' IDs. The second scheme uses the IP multicast method which lowers the computational overhead. Both of them are more suited for the dynamic P2P system.

• Journal of Communications and Networks
• /
• v.12 no.4
• /
• pp.382-394
• /
• 2010

Cross-domain event information sharing is a topic of great interest in the area of event based network management. In this work we use data sets which represent actual attacks in the operational Internet. We analyze the data sets to understand the dynamics of the attacks and then go onto show the effectiveness of sharing incident related information to contain these attacks. We describe universal data acquisition system for event based management (UniDAS), a novel system for secure and automated cross-domain event information sharing. The system uses a generic, structured data format based on a standardized incident object description and exchange format (IODEF). IODEF is an XML-based extensible data format for security incident information exchange. We propose a simple and effective security model for IODEF and apply it to the secure and automated generic event information sharing system UniDAS. We present the system we have developed and evaluate its effectiveness.

• International Journal of Computer Science & Network Security
• /
• v.23 no.1
• /
• pp.71-77
• /
• 2023

In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, to realize it, concept of the Internet PBNM Scheme is proposed as the final step.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.4
• /
• pp.131-142
• /
• 2010

Due to the development of the Internet, Internet banking that we are liberated from time and space has evolved into banking system. So modern life became comfortable. However, Dysfunction (malicious Information leakage and hacking etc.) of the Internet development has become a serious social problem. According to this, The need for security is rapidly growing. In this paper, we proposed the Internet Banking Authentication System using a dual-channel in OTP(One Time Password) authentication. This technology is that A user transfer transaction information to Bank through one Internet channel then bank transfer transaction information to user using the registered mobile phone or smart phone. If user confirm transaction information then bank request user's OTP value. User create OTP value and transfer to bank and bank authenticate them throgth the ARS. If authentication is pass then transaction permitted. Security assessment that the proposed system, the security requirement that the confidentiality and integrity, authentication, repudiation of all of the features provide a key length is longer than the current Internet banking systems, such as using encryption, the security provided by the Financial Supervisory Service Level 1 rating can be applied to more than confirmed.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.3
• /
• pp.59-68
• /
• 2013

In this study, airport security check process is analyzed to modeling a simulation. Simulation is compared with real security system to verify. Utilizing verified simulation, spends time in the current security check is calculated and suggests alternatives. Considering the movement of passengers and security check system of all four cases the results yielded by the experiment. The results show that security check time decreased significantly to 20.8%. The simulation was developed in this study; including the introduction of a new security system at security check can be used as a decision support tool is expected.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.27-34
• /
• 2017

In recent years, major security data such as research data and confidential documents have been leaked to the outside due to the carelessness of the companies and research institutes performing IT related services such as information technology projects and research and development of financial institutions, companies and public institutions is. Leakage cases are caused by leakage of personal information due to lack of security management of information system maintenance companies, such as unauthorized leakage or storage of related materials in outsourcing service process. In this paper, we analyzed the types and management status of service business through the environmental survey of corporate informatization business and analyzed the problems in development and maintenance using external service companies. Furthermore, in this paper, we provide an information system service that focuses on the business activities based on the items considered, and at the same time, it provides the informatization service for companies that can prevent infiltration of viruses and hacking from the outside. This paper presents a methodology for enhancing security for the system construction.

• Journal of Information Technology Services
• /
• v.2 no.2
• /
• pp.97-109
• /
• 2003

As the importance and the need for network security is increased, many organization uses the various security systems. They enable to construct the consistent integrated security environment by sharing the vulnerable information among firewall, intrusion detection system, and vulnerable scanner. And Policy-based network provides a means by which the management process can be simplified and largely automated. In this article we build a foundation of policy-based network modeling environment. The procedure and structure for policy rule induction from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Based) is conducted. It also transforms the policy rules into PCIM (Policy Core Information Model).