• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.29-34
• /
• 2021

The article formulates the key characteristics and features of country models of corporate governance. It was revealed that all countries are characterized by a fairly high concentration of ownership, insider control; Key gaps in the implementation of corporate governance principles were found: transparency and disclosure of information, protection of shareholders' rights, gender diversity of boards of directors, implementation of recommendations on the share of independent directors; The criterion of countries' efficiency (total investments) was identified and recommendations for their improvement were developed.

• Journal of Korea Society of Industrial Information Systems
• /
• v.27 no.1
• /
• pp.125-133
• /
• 2022

We examined the impact of CEO's insiderness on innovation performance. Our results using U.S. patent data revealed that insider CEO shows higher innovation performance than outsider CEO. Also, level of CEO's insiderness had positive impact on innovation performance. Further analysis has shown that relationship between level of CEO's insiderness and innovation performance is more evident in high-tech industry compared to non-high-tech industry. These findings are expected to provide implications for a company's choice of the next CEO.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.1
• /
• pp.287-304
• /
• 2022

With the development of quantum computers, ring signature schemes based on large integer prime factorization, discrete logarithm problem, and bilinear pairing are under threat. For this reason, we design a ring signature scheme based on lattice with a fixed verification key. Compared with the previous ring signature scheme based on lattice, our design has a fixed verification key and does not disclose the signer's identity. Meanwhile, we propose an anonymous electronic voting scheme by using our ring signature scheme based on lattice and (t, n) threshold scheme, which makes up for the lack of current anonymous electronic voting that cannot resist attacks of the quantum computer. Finally, under standard model (SM), we prove that our ring signature scheme based on lattice is anonymous against the full-key exposure, and existentially non-forgeable against insider corruption. Furthermore, we also briefly analyze the security of our anonymous electronic voting scheme.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.348-351
• /
• 2021

본 논문에서는 지속적으로 늘어나고 있는 내부의 유출자를 탐지하기위해 컨소시엄 블록체인 기술을 활용하여 기업간 직원의 PC사용 행위 로그 데이터를 가명처리하여 블록에 기록하여 네트워크에 참여한 다른 기업들간의 안전한 공유를 통해 내부자 유출 데이터 및 시나리오의 확장하여 내부에서의 유출을 탐지할 수 있는 데이터 셋을 확보하는 연구를 제안한다. 현재 내부자 위협탐지의 한계점중 가장 큰 요소를 차지하는 부족한 실제 사례의 내부자 유출 데이터 셋의 문제점을 본 연구를 통해서 네트워크 참여 기업간의 내부자 유출 데이터를 확장하고 타기업의 유출 사례를 활용해 기업에서 발생할 수 있는 내부자 유출을 미연에 방지할 수 있다.

• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.107-114
• /
• 2023

The study provides the identification of vulnerabilities in the security issues by Wireless Network. To achieve it the research focus on packet flow analysis, end to end data communication, and the security challenges (Cybercrime, insider threat, attackers, hactivist, malware and Ransomware). To solve this I have used the systematic literature review mechanisms and demonstrative tool namely Wireshark network analyzer. The practical demonstration identifies the packet flow, packet length time, data flow statistics, end- to- end packet flow, reached and lost packets in the network and input/output packet statics graphs. Then, I have developed the proposed model that used to secure the Wireless network solution and prevention vulnerabilities of the network security challenges. And applying the model that used to investigate the security challenges and vulnerabilities of cloud computing services is used to fulfill the network security goals in Wireless network. Finally the research provides the model that investigate the security challenges and vulnerabilities of cloud computing services in wireless networks

• Journal of Legislation Research
• /
• no.41
• /
• pp.367-399
• /
• 2011

This Article examines the regulation of outsider trading under the Financial Investment Services and Capital Markets Act (the "Capital Markets Act"). Outsider trading occurs when a market participant who is not a traditional corporate insider trades securities based on either "inside" or "outside" nonpublic information. Unlike "inside" information, "outside" information is referred to as information not derived directly or indirectly from the issuer. "Outside" information includes both "corporate" and "market" information. "Corporate information" is information about events or circumstances which affect the company's assets or earning power. "Outside corporate information" is information about the company's assets or earning power not derived directly or indirectly from the issuer. "Market information" is information about events or circumstances which affect the market for a company's securities but which do not affect the company's assets or earning power. The Capital Markets Act prohibits both "temporary insiders" from using "corporate" information in trading securities and "outsiders" from using "market" information, such as (i) information regarding the initiation or discontinuance of a tender offer; or (ii) information regarding acquisition or disposition of stocks in bulk. However, the Act does not encompass circumstances (i) where an outsider trades securities based on confidential corporate information obtained through certain types of wrongful conduct; (ii) where an outsider trades securities based on corporate information obtained through eavesdropping; and (iii) where an outsider trades securities based on either outside corporate information or market information created by the outsider himself. In order to plug a few of the gaps left open in the law of outsider trading under the Capital Markets Act, this Article suggests that regulators adopt a relatively broad reading of the scope of ${\S}$ 178(1) of the Act, which is similar to SEC Rule 10b-5, to include outsiders with no relationship to the corporation that had issued the securities. Since ${\S}$ 178(1) of the Act does not require "deception" for liability, it would seem to evade the limitations imposed by the U.S. misappropriation theory. Key Words : Outsider Trading, Insider Trading, Material Nonpublic Information, the Capital Markets Act, Misappropriation Theory, Fiduciary Theory.

• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.27-36
• /
• 2015

Current leakage of industrial technologies with revealing state secret against nation is gradually increasing and scope of the spill is diversified from technology-oriented leakage to new economic security sector like information and communication, electrical and electronic, defense industry, illegal export of strategic material, economic order disturbance by foreign country, infringement of intellectual property, etc. So the spill damage can affect not only leaked company but also national interests and entire domestic industry. According to statistics from National Industrial Security Center of National Intelligence Service, a major cause of technology leakage is not only by external things about hacking and malignant code, but internal leakage of former and current employees account for about 80%. And technology leakage due to temptation of money and personal interests followed by technology leakage of subcontractor is steadily increased. Most studies in the field of security have tended to focus on measuring security capability of company in order to prevent leakage core assets or developing measurement Indicators for management rather than security activities of the company members that is most important. Therefore, this study analyzes the effect of most underlying security education in security activities on security capabilities of enterprise. As a result, it indicates that security education have a positive(+) correlation with security capabilities.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.3
• /
• pp.1144-1156
• /
• 2014

In Internet, IP multicast has been used successfully to provide an efficient, best-effort delivery service for group communication applications. However, applications such as multiparty private conference, distribution of stock market information, pay per view and other subscriber services may require secure multicast to protect integrity and confidentiality of the group traffic, and validate message authenticity. Providing secure multicast for group communication is problematic without a robust group key management. In this paper, we propose a group key management scheme based on the secret sharing technology to require each member by itself to generate the group key when receiving a rekeying message multicast by the group key distributor. The proposed scheme enforces mutual authentication between a member and the group key distributor while executing the rekeying process, and provides forward secrecy and backward secrecy properties, and resists replay attack, impersonating attack, group key disclosing attack and malicious insider attack.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.273-278
• /
• 2013

Recently, user authentication schemes using smart cards for multi-server environment have been proposed for practical applications. In 2009, Liao-Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environment that can withstand the various possible attacks and provide user anonymity. In this paper, we analyze the security of Liao-Wang's scheme, and we show that Liao-Wang's scheme is still insecure against the forgery attack, the password guessing attack, the session key attack, and the insider attack. In addition, Liao-Wang's scheme does not provide user anonymity between the user and the server.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.967-979
• /
• 2013

Now a day, Wireless Sensor Networks (WSNs) are being widely used in different areas one of which is healthcare services. A wireless medical sensor network senses patient's vital physiological signs through medical sensor-nodes deployed on patient's body area; and transmits these signals to devices of registered medical professionals. These sensor-nodes have low computational power and limited storage capacity. Moreover, the wireless nature of technology attracts malicious minds. Thus, proper user authentication is a prime concern before granting access to patient's sensitive and private data. Recently, P. Kumar et al. claimed to propose a strong authentication protocol for healthcare using Wireless Medical Sensor Networks (WMSN). However, we find that P. Kumar et al.'s scheme is flawed with a number of security pitfalls. Information stored inside smart card, if extracted, is enough to deceive a valid user. Adversary can not only access patient's physiological data on behalf of a valid user without knowing actual password, can also send fake/irrelevant information about patient by playing role of medical sensor-node. Besides, adversary can guess a user's password and is able to compute the session key shared between user and medical sensor-nodes. Thus, the scheme looses message confidentiality. Additionally, the scheme fails to resist insider attack and lacks user anonymity.