• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.517-524
• /
• 2013

Although password-based authentication as known as knowledge-based authentication was commonly used but intrinsic problems such as dictionary attack remain unsolved. For that the study on possession-based authentication was required. User remote authentication using smartcard is proceeding actively since Lee et al. proposed user remote authentication using knowledge-based information(password) and possession-base information(smartcard) in 2002. in 2009, Xu et al. proposed a new protocol preserving user anonymity and Shin et al. proposed enhanced scheme with analysis of its vulnerabilities on user anonymity and masquerading attack in 2012. In this paper, we analyze Shin et al. scheme on forward secrecy and insider attack and present novel user authentication based on elliptic curve cryptosystem which is secure against forward secrecy, insider attack, user anonymity and masquerading attack.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.77-85
• /
• 2018

With the convergence of communications network between control system and public network, such threats like information leakage/falsification could be fully shown in control system through diverse routes. Due to the recent diversification of security issues and violation cases of new attack techniques, the security system based on the information database that simply blocks and identifies, is not good enough to cope with the new types of threat. The current control system operates its security system focusing on the outside threats to the inside, and it is insufficient to detect the security threats by insiders with　the authority of security access. Thus, this study conducted the importance analysis based on the main event log list of "Spotting the Adversary with Windows Event Log Monitoring" announced by NSA. In the results, the matter of importance of event log for the detection of insider threats to control system was understood, and the results of this study could be contributing to researches in this area.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.25-34
• /
• 2009

Many conference systems over the Internet require authenticated group key agreement (AGKA) for secure and reliable communication. After Shamir [1] proposed the ID-based cryptosystem in 1984, ID-based AGKA protocols have been actively studied because of the simple public key management. In 2006, Zhou et al. [12] proposed two-round ID-based AGKA protocol which is very efficient in communication and computation complexity. However, their protocol does not provide user identification and suffers from the impersonation attack by malicious participants. In this paper, we propose improved ID-based AGKA protocol to prevent impersonation attack from Zhou et al.'s protocol. In our protocol, the malicious insider cannot impersonate another participants even if he knows the ephemeral group secret value. Moreover, our protocol reduces the computation cost from Zhou et al.'s protocol.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.1
• /
• pp.1-12
• /
• 2022

An insider's information security incidents continue to occur, there is a growing demand for strengthening information security within the organization. However, when strict information security policies and rules are applied to employees of the organization, it can result as an information security stress and resistance behavior. The purpose of this study is to suggest the causes of insiders' negative information security behavior and factors that mitigate the cause. In particular, the study identifies how the mutual influence of individual (psychological empowerment) and organizational (justice climate) factors mitigates negative behavior. In this study, a sample was obtained by surveying workers of organizations that reflect information security policies to insiders, and hypothesis testing was performed by structural equation modeling. As a result of the analysis, role stress had a partial mediating effect on the effect of psychological empowerment on security policy resistance, and the justice climate strengthened the effect of psychological empowerment. Our results suggest a direction for reducing insider information security policy resistance, so it helps to establish a strategy for achieving internal information security goals.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.9-17
• /
• 2024

This paper examines the security threats to enterprise Generative Artificial Intelligence systems and proposes countermeasures. As AI systems handle vast amounts of data to gain a competitive edge, security threats targeting AI systems are rapidly increasing. Since AI security threats have distinct characteristics compared to traditional human-oriented cybersecurity threats, establishing an AI-specific response system is urgent. This study analyzes the importance of AI system security, identifies key threat factors, and suggests technical and managerial countermeasures. Firstly, it proposes strengthening the security of IT infrastructure where AI systems operate and enhancing AI model robustness by utilizing defensive techniques such as adversarial learning and model quantization. Additionally, it presents an AI security system design that detects anomalies in AI query-response processes to identify insider threats. Furthermore, it emphasizes the establishment of change control and audit frameworks to prevent AI model leakage by adopting the cyber kill chain concept. As AI technology evolves rapidly, by focusing on AI model and data security, insider threat detection, and professional workforce development, companies can improve their digital competitiveness through secure and reliable AI utilization.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.7
• /
• pp.3062-3071
• /
• 2011

This study proposed to compare the performance differences between a manufacturing company and a construction company in accordance with the mutual relations and ownership structures with the management performance based on the increase or decrease of the large shareholders' share-holding ratio (insider ownership, foreign share-holding, institutional investors' share-holding) of a KOSPI listed company in Korea during 10 years(1998-2007). To sum up the research work, first, the increase of foreign share-holding supported the results of previous studies which foreign share-holding has a positive effect on the long term performance by having a positive(+) effect on MTB, and the increase of an insider ownership supported the management entrenchment hypothesis of previous studies by having a negative(-) effect on MTB. However, relations between institutional investors's share-holding and MTB could not find out linkages in spite of the results of previous studies where dealt with the active monitoring hypothesis. Also, to examine the linkages of ROA and the ownership structure, though the increases of foreign share-holding and insider ownership had a positive(+) effect on ROA, the increases of institutional investors' share-holding had a negative(-) effect on it. It showed different analysis results from the active monitoring hypothesis of institutional investors. As a result of verifying whether there is "any difference in the management performances between the construction industry and the manufacturing industry according to the equity structure" which is the second hypothesis, nothing of the insider ownership and whether or not there is the construction industry, foreign share-holding and whether or not there is the construction, and the institutional ownership and whether or not there is the construction industry gave a statistical difference to MTB and ROA. Accordingly, it was possible to find out there is no difference in the management performance between the construction industry and the manufacturing industry based on the ownership structure in spite of different characteristics from the manufacturing industry such as the revenue recognition in ordering, production and accounting.

• Journal of Korean Academy of Nursing Administration
• /
• v.10 no.2
• /
• pp.265-276
• /
• 2004

Purpose: This study was to define structural subjectivity pattern of whistle-blowing of hospital nurses. Method: This study was conducted using Q-methodology in order to classify the types of perception to an whistle-blowing from the inside of the incumbent hospital nurses. Nineteen members, including hospital nurses, professors and students majoring in the nursing department made 47 statements about the insider's accusation after an in-depth interview about the statements. Forty incumbent hospital nurses were the participants for the Q-Methodology. The statement data was analyzed with QUANL PC Program and five different types were classified according to how the nurse had replied to the statements. Result: The first one is a Propeller type. The second one is a Denial type. The third type is a Patient Advocate type. The fourth one is a Anonymous type. The fifth is a Netizen type. Conclusion: this study as a momentum, a reasonable and constitutional legislation in the nurses organization should be established as soon as possible.

• The Korean Journal of Financial Management
• /
• v.13 no.1
• /
• pp.285-309
• /
• 1996

Using initial public offerings of 512 UK companies newly admitted to London Stock Exchange between 1985 and 1990, we explored the reason of underpricing of new issues. We particularly examined the underpricing of new issues in terms of signalling hypothesis. We found that there is a positive relationship between the value of the issuing firms and the fraction of equity retained by entrepreneurs. This finding is consistent with Leland and Pyle's model(1977) and the evidence of Downes and Heinkel(1982). We also found a positive association between the firm value and the degree of underpricing. In addition, our empirical evidence revealed that the underpricing of the UK IPOs is positively related to the fraction of equity retained by the original shareholders. Thus, our results support Grinblatt and Hwang's model(1989) which predicts a positive relationship between the value of firm and the degree of underpricing.

• Asia pacific journal of information systems
• /
• v.12 no.1
• /
• pp.123-138
• /
• 2002

For the last two decades, there has been much research on computer abuse from the perspective of the general deterrence theory based on objectism, which covers security policy, security awareness programs, and physical security system. The traditional view offered by the general deterrence theory indicates that security policy, security awareness, and security system play a major role in preventing computer abuse. In spite of continuous organizational efforts and investments based on these systematic factors, the incidence of computer abuse in organizations is still rapidly increasing. This paper proposes another perspective-the social control theory based on subjectism-in preventing computer abuse. According to the social control theory, organizational trust, which comprises organizational attachment, commitment, involvement and norms, can prevent computer abuse by reducing insider's computer abuse. The aim of this article is to assess the role of organizational trust come from attachment, commitment, involvement, norms in preventing computer abuse. The results indicate that both organizational trust and deterrent factors are effective in preventing computer abuse.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.3
• /
• pp.41-49
• /
• 2016

Recently, many biometrics-based user authentication schemes for telecare medicine information systems (TMIS) have been proposed to improve the security problems in user authentication system. In 2014, Mishra et al. proposed an improvement of Awasthi-Srivastava's biometric based authentication for TMIS which is secure against the various attacks and provide mutual authentication, efficient password change. In this paper, we discuss the security of Mishra et al.'s authentication scheme, and we have shown that Mishra et al.'s authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to remove these security problems of Mishra et al.'s authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved biometric based authentication scheme is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack and provides mutual authentication between the user and the telecare system.