• 디지털융복합연구
• /
• 제19권10호
• /
• pp.287-293
• /
• 2021

최근 국가가 공인하는 인증기관에서 발행하는 공인인증서를 폐지하고 인터넷 기업이 자체적으로 공동인증서를 발급하면서 그 책임을 부여하는 방법으로 전자서명법이 개정되었다. 인터넷 기업이 인증기관으로서 발행하는 공동 인증서의 사용이 허용되면서 공개키 인증서 도용에 따른 사기 피해의 확대가 예상된다. 무결성과 보안성이 내재된 블록체인에 PKI를 결합한 보안 게이트웨이에서 사용할 수 있는 인증 모델을 제안하였다. 제안 모델의 실용성 평가를 위해서 전문가 집단을 활용한 델파이 기법으로 중요도를 도출하고 인간의 주관성을 배제하는 평가방법인 수게노의 계층퍼지적분을 이용한 인증 모델의 보안성을 평가했다. 블록체인 기반 공동인증서는 무분별한 공인인증서의 발행과 오남용을 방지하고 보안성과 편의성이 확보된 서비스의 기반기술로 활용이 기대된다.

• International Journal of Computer Science & Network Security
• /
• 제21권6호
• /
• pp.312-318
• /
• 2021

Lack of knowledge and digital skills is a threat to the information security of the state and society, so the formation and development of organizational culture of information security is extremely important to manage this threat. The purpose of the article is to assess the state of information security of the state and society. The research methodology is based on a quantitative statistical analysis of the information security culture according to the EU-27 2019. The theoretical basis of the study is the theory of defense motivation (PMT), which involves predicting the individual negative consequences of certain events and the desire to minimize them, which determines the motive for protection. The results show the passive behavior of EU citizens in ensuring information security, which is confirmed by the low level of participation in trainings for the development of digital skills and mastery of basic or above basic overall digital skills 56% of the EU population with a deviation of 16%. High risks to information security in the context of damage to information assets, including software and databases, have been identified. Passive behavior of the population also involves the use of standard identification procedures when using the Internet (login, password, SMS). At the same time, 69% of EU citizens are aware of methods of tracking Internet activity and access control capabilities (denial of permission to use personal data, access to geographical location, profile or content on social networking sites or shared online storage, site security checks). Phishing and illegal acquisition of personal data are the biggest threats to EU citizens. It have been identified problems related to information security: restrictions on the purchase of products, Internet banking, provision of personal information, communication, etc. The practical value of this research is the possibility of applying the results in the development of programs of education, training and public awareness of security issues.

• 한국IT서비스학회지
• /
• 제16권2호
• /
• pp.97-110
• /
• 2017

Due to development of IT, various Internet services via the non-face-to-face are increasing rapidly. In the past, the resident registration numbers (RRN) was used a mean of personal identification, but the use of RRN is prohibited by the relevant laws, and the personal identification services using alternative means are activated. According to the prohibition policy of RRN, i-PIN service appeared as an alternative means to identify a person. However, the user's knowledge-based i-PIN service continues to cause fraudulent issuance, account hijacking, and fraud attempts due to hacking accidents. Due to these problems, the usage rate of i-PIN service which performs a nationwide free personal identification service, is rapidly decreasing. Therefore, this paper proposes a technical safety enhancement method for security enhancement in the i-PIN-based personal identification service. In order to strengthen the security of i-PIN, this paper analyzes the encryption key exposure, key exchange and i-PIN authentication model problems of i-PIN and suggests countermeasures. Through the proposed paper, the i-PIN can be expected to be used more effectively as a substitution of RRN by suggesting measures to enhance the safety of personal identification information. Secured personal identification services will enable safer online non-face-to-face transactions. By securing the technical, institutional, and administrative safety of the i-PIN service, the usage rate will gradually increase.

• 한국축산식품학회지
• /
• 제37권4호
• /
• pp.599-605
• /
• 2017

Korean native honey (KNH) is much more expensive than European honey (EH) in Korea, because KNH is a favored honey which is produced less than EH. Food fraud of KNH has drawn attention of the government office concerned, which is in need of a method to differentiate between KNH and EH which are produced by the Asiatic honeybee, Apis cerana and the European honeybee, Apis mellifera, respectively. A method to discriminate KNH and EH was established by using duplex polymerase chain reaction (PCR) in this study. Immunochromatographic assay (IC) was examined to analyze the duplex PCR product. The DNA sequences of primers for the duplex PCR were determined by comparing cytochrome C oxidase genes of the two honey bee species. Chelex resin method was more efficient in extracting genomic DNA from honey than the other two procedures of commercial kits. The duplex PCR amplifying DNA of 133 bp were more sensitive than that amplifying DNA of 206 bp in detecting EH in the honey mixture of KNH and EH. Agarose gel electrophoresis and IC detected the DNA of 133 bp at the ratios of down to 1% and 5% EH in the honey mixture, respectively and also revealed that several KNH products distributed by internet shopping sites were actually EH. In conclusion, the duplex PCR with subsequent IC could also discriminate between KNH and EH and save time and labor.

• 유통과학연구
• /
• 제18권8호
• /
• pp.75-87
• /
• 2020

Purpose: This study uses the protection motivation theory and information processing theory to discuss the high number of fraud phenomenon in Indonesia which causes worries to the internet users. The second problem is the large amount of information transparency in e-commerce which actually hinders the users in making decisions so it causes a negative behavior pattern, namely discontinue usage intention. Design/methodology: Therefore, this research hopes to provide insight to the online or e-commerce business community, especially for Tokopedia, to develop its business from understanding the factors influencing consumer attitude when shopping online. The sample are students from Universitas Indonesia, Institut Teknologi Bandung, Institut Pertanian Bogor, Universitas Gadjah Mada and Institut Teknologi Surabaya, with total 900 respondents. Result: The results of this research indicate that ubiquitous connectivity (UC) variable significantly affects variables such as the privacy concern (PC), information transparency (IT) and information overload (IO). PC and IO variables also significantly affect Discontinue Usage Intention (DUI). Conclusion: This study gives a new perspective that despite the phenomenon, the millennial generation especially are not entirely concerned about the privacy concern, however, this study clearly shows that the privacy issue in the digital word continues to be something that needs to be cared for.

• Journal of information and communication convergence engineering
• /
• 제8권4호
• /
• pp.427-432
• /
• 2010

The fast-emerging of cloud computing technology today has sufficiently benefited its wide range of users from individuals to large organizations. It carries an attractive characteristic by renting myriad virtual storages, computing resources and platform for users to manipulate their data or utilize the processing resources conveniently over Internet without the need to know the exact underlying infrastructure which is resided remotely at cloud servers. However due to the loss of direct control over the systems/applications, users are concerned about the risks of cloud services if it is truly secured. In the literature, there are cases where attackers masquerade as cloud users, illegally access to their accounts, by stealing the static login password or breaking the poor authentication gate. In this paper, we propose a two-factor authentication framework to enforce cloud services' authentication process, which are Public Key Infrastructure (PKI) authentication and mobile out-of-band (OOB) authentication. We discuss the framework's security analysis in later session and conclude that it is robust to phishing and replay attacks, prohibiting fraud users from accessing to the cloud services.

• 한국정보통신학회논문지
• /
• 제12권12호
• /
• pp.2171-2178
• /
• 2008

최근 초고속통신망의 발달로 네트워크 보안 및 시스템 침해 사고에 대응하기 위한 다양한 인증 및 접근 제어 시스템이 도입되고 있다. 하지만 초고속인터넷 환경에서 보안 자체가 취약성을 보이고 있다. 따라서 인터넷 이용자의 다양한 욕구를 충족하고, 보다 안전하고 신뢰성있는 새로운 인증 시스템 도입이 필요한 시점이다. 본 논문에서는 다원화된 네트워크 환경에서 기술방식에 따라 차별적으로 적용하는 기존의 다양한 인증 체계를 하나로 통합하여 네트워크 보안을 강화하고, 보다 안정적인 서비스 제공 기반을 마련하기 위하여 단일 웹 인증 설계를 통한 새로운 인증 체계 방안을 제시하고자 한다.

• International Journal of Computer Science & Network Security
• /
• 제21권3호
• /
• pp.127-133
• /
• 2021

Today, phishing attacks represent one of the biggest security threats targeting users of the digital world. They consist of an attempt to steal sensitive information, such as a user's identity or credit and debit card details, using various methods that include fake emails, fake websites, and fake social media messages. Protecting the user's security and privacy therefore becomes complex, especially when those users are children. Currently, children are participating in Internet activity more frequently than ever before. This activity includes, for example, online gaming, communication, and schoolwork. However, children tend to have a less well-developed knowledge of privacy and security concepts, compared to adults. Consequently, they often become victims of cybercrime. In this paper, the effects of security awareness on users who are children are investigated, looking at their ability to detect phishing attacks in social media. In this approach, two Experiments were conducted to evaluate the effects of security awareness on WhatsApp application users in their daily communication. The results of the Experiments revealed that phishing awareness training has a significant positive effect on the ability of children using WhatsApp to identify phishing messages and thereby avoid attacks.

• 한국BIM학회 논문집
• /
• 제13권3호
• /
• pp.12-20
• /
• 2023

Deep learning-based anomaly detection technology is used in various fields such as computer vision, speech recognition, and natural language processing. In particular, this technology is applied in various fields such as monitoring manufacturing equipment abnormalities, detecting financial fraud, detecting network hacking, and detecting anomalies in medical images. However, in the field of construction and architecture, research on deep learning-based data anomaly detection technology is difficult due to the lack of digitization of domain knowledge due to late digital conversion, lack of learning data, and difficulties in collecting and processing field data in real time. This study acquires necessary data through IoT (Internet of Things) from the viewpoint of monitoring for environmental management of architectural spaces, converts them into a database, learns deep learning, and then supports anomaly patterns using AI (Artificial Infelligence) deep learning-based anomaly detection. We propose an implementation process. The results of this study suggest an effective environmental anomaly pattern detection solution architecture for environmental management of architectural spaces, proving its feasibility. The proposed method enables quick response through real-time data processing and analysis collected from IoT. In order to confirm the effectiveness of the proposed method, performance analysis is performed through prototype implementation to derive the results.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권5호
• /
• pp.2628-2645
• /
• 2017

This paper proposes a new offline electronic payment (e-payment) system that satisfies the major security requirements of e-payment, i.e. anonymity, unlinkability, unforgeability, double spending control, conditional traceability, and fraud prevention. The central idea is the use of Hwang et al.'s RSA-based untraceable blind signature (BS), which disables the link between the e-coin and its owner and ensures the anonymity of both the customer and the merchant. It attaches an expiration, a deposit and the transaction dates to each e-coin in order to manage the database of the bank effectively, to correctly calculate the interest on the e-coin and to aid arbitration if a dishonest customer attempts to double-spend the coin. It also ensures the anonymity of the customer as long as the coin is spent legitimately. Only when a fraudulent e-coin transaction is detected can the bank, with the help of the central authority (a trusted entity), determine the identity of the dishonest customer. The system is referred to as offline since the bank does not need to be concurrently involved in transactions between a customer and a merchant. Finally, analyses of the performance of the prototype and the primary security requirements of the proposed system are also presented.