• Management & Information Systems Review
• /
• v.37 no.2
• /
• pp.149-167
• /
• 2018

The purpose of this study is to analyze the performance of Virtual Desktop Infrastructure(VDI) adoption. VDI performance was measured by IS manager (system quality, security, and managerial operation) and business user (usability, access, and user satisfaction). The survey questionnaires were developed for measuring VDI performance. 84 data samples were collected from the companies that had adopted cloud-based VDI. This research model was verified by Smart-PLS and SPSS. The research findings were as follows: First, the companies using VDI experienced actual performance, but they did not attain their expectation. Second, as results of comparing between IS managers and business users, IS administrators had considerably higher performance than business users, which indicates that there were big differences in performance perception among users. Compared with prior research such as technical trend, system construction, and performance improvement, this study has the following implications. First, by comparing the expected performance with the actual performance of the companies that have implemented and operating VDI, it was suggested how a company that wants to adopt VDI can manage the expectation level of VDI and achieve higher actual performance. Second, because the perception of VDI performance differs between business users and system managers, it is meaningful that a fair evaluation of VDI performance requires a balanced consideration of business users and system managers.

• The KIPS Transactions:PartD
• /
• v.10D no.6
• /
• pp.1059-1066
• /
• 2003

In this paper, the magnetic sensing system is designed and implemented for the safe security in internet commerce system. When the payment is required inthe internet commerce system, the magnetic sensing system will get the information from a credit card without keyboard input and then encrypt and transmit the information to server. The credit card sensing system, which is proposed in this paper, is safe from keyboard hacking because it encrypts card information immediately in its internal chip and sends the information to host system. For the protection of information, the magnetic sensing system is basically based on a synchronous stream cipher cryptosystem which is related to a group of matrices. The size of matrices and the bits of keys for the best performances are determined for various cases. It is shown that for credit card payments. matrices of size 2 have good performance even at most 128bits keys with the consideration of inverse matrices. For authentication of general-purpose data, the magnetic sensing system needs more than 1.5KB data and in this case, the optimum size of matrices is 2 or 3 at more 256bits keys with consideration of inverse matrices.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.8B
• /
• pp.730-737
• /
• 2003

In this paper, we present an efficient authentication proxy for IEEE 802.1x systems based on the port-based access control mechanism. An IEEE 802.1x system consists of PC supplicants, a bridge with authentication client functions, and an authentication server. For the network security and user authentication purposes, a supplicant who wants to access Internet should be authorized to access the bridge port using the Extended Authentication Protocol (EAP) over LAN. The frame of EAP over LAN is then relayed to the authentication server by the bridge. After several transactions between the supplicant and the server via the bridge, the supplicant may be either authorized or not. Noting that the transactions between the relaying bridge and the server will be increased as the number of supplicants grows in public networks, we propose a scheme for reducing the transactions by employing an authentication proxy function at the bridge. The proxy is allowed to cache the supplicant's user ID and password during his first transaction with the server. For the next authentication procedure of the same supplicant, the proxy function of the bridge handles the authentication transactions using its cache on behalf of the authentication server. Since the main authentication server handles only the first authentication transaction of each supplicant, the processing load of the server can be reduced. Also, the authentication transaction delay experienced by a supplicant can be decreased compared with the conventional 802.1x system.

• Journal of Software Assessment and Valuation
• /
• v.16 no.1
• /
• pp.65-79
• /
• 2020

As Programmable Logic Controllers (PLCs), popular components in industrial control systems (ICS), are incorporated with the technologies such as micro-controllers, real-time operating systems, and communication capabilities. As the latest PLCs have been connected to the Internet, they are becoming a main target of cyber threats. This paper proposes two sanitizers that improve the security of uC/OS-II based firmware for a PLC. That is, we devise BU sanitizer for detecting out-of-bounds accesses to buffers and UaF sanitizer for fixing use-after-free bugs in the firmware. They can sanitize the binary firmware image generated in a desktop PC before downloading it to the PLC. The BU sanitizer can also detect the violation of control flow integrity using both call graph and symbols of functions in the firmware image. We have implemented the proposed two sanitizers as a prototype system on a PLC running uC/OS-II and demonstrated the effectiveness of them by performing experiments as well as comparing them with the existing sanitizers. These findings can be used to detect and mitigate unintended vulnerabilities during the firmware development phase.

• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.163-178
• /
• 2014

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

• Korean Security Journal
• /
• no.18
• /
• pp.169-190
• /
• 2009

Today, the rapid advance of scientific technologies has brought about fundamental changes to the types and levels of terrorism while the war against the world more than one thousand small and big terrorists and crime organizations has already begun. A method highly likely to be employed by terrorist groups that are using 21st Century state of the art technology is cyber terrorism. In many instances, things that you could only imagine in reality could be made possible in the cyber space. An easy example would be to randomly alter a letter in the blood type of a terrorism subject in the health care data system, which could inflict harm to subjects and impact the overturning of the opponent's system or regime. The CIH Virus Crisis which occurred on April 26, 1999 had significant implications in various aspects. A virus program made of just a few lines by Taiwanese college students without any specific objective ended up spreading widely throughout the Internet, causing damage to 30,000 PCs in Korea and over 2 billion won in monetary damages in repairs and data recovery. Despite of such risks of cyber terrorism, a great number of Korean sites are employing loose security measures. In fact, there are many cases where a company with millions of subscribers has very slackened security systems. A nationwide preparation for cyber terrorism is called for. In this context, this research will analyze the current status of Korea's cyber security systems and its laws from a policy perspective, and move on to propose improvement strategies. This research suggests the following solutions. First, the National Cyber Security Management Act should be passed to have its effectiveness as the national cyber security management regulation. With the Act's establishment, a more efficient and proactive response to cyber security management will be made possible within a nationwide cyber security framework, and define its relationship with other related laws. The newly passed National Cyber Security Management Act will eliminate inefficiencies that are caused by functional redundancies dispersed across individual sectors in current legislation. Second, to ensure efficient nationwide cyber security management, national cyber security standards and models should be proposed; while at the same time a national cyber security management organizational structure should be established to implement national cyber security policies at each government-agencies and social-components. The National Cyber Security Center must serve as the comprehensive collection, analysis and processing point for national cyber crisis related information, oversee each government agency, and build collaborative relations with the private sector. Also, national and comprehensive response system in which both the private and public sectors participate should be set up, for advance detection and prevention of cyber crisis risks and for a consolidated and timely response using national resources in times of crisis.

• Journal of Hospice and Palliative Care
• /
• v.1 no.1
• /
• pp.39-46
• /
• 1998

Purpose : Hospice Care is considered as one of the most perfect solutions for the problems brought up as the number of chronically ill patients are increasing rapidly and most of social welfare oriented countries are seeking the quality of life. Our former studies(1996, 1997) were to find out the current status of the hospice care in Korea by surveying terminally ill patients and their family members as well as medical professionals. The former study was also to conduct the operation research by developing an information service system for training of hospice care teams and volunteers, and hospice patients management. The purpose of this study was that hospice information service system was tested by home visiting hospice care through visiting nurses. Methods : From October 1, 1997 to March 31, 1998, Twenty six terminal cancer patients were included in this study from Seoul National University Hospital and other hospital. Databases and homepage, hospice information service system were designed and developed for the information needed for the hospice care before this study by our research team and this services were available through the internet. Visiting nurses were trained about this system and they visited the patients with PC notebook and provided them hospice care with hospice information system. They collected physical, psychiatric, social data of the subjects at the first visit and during hospice care at home. Results : Sixteen subjects(61.5%) died during the study and the mean survival was 20.7 days. Anorexia(96.2%), immobility(88.5%) and pain(84.6%) were the major symptom in the 26 subjects, Altered nutrition(26.1%) and pain(12.4%) were the most frequent diagnoses in 226 nursing diagnoses of the subjects. Families understood and demanded the hospice care more than patients. And most patients and families didn't demand spiritual or social care. Conclusion : Through this demonstration study, it was found that we have to provide the information of pain management and nutritional support for patients by the nurses and visiting hospice nurse. The information service system needs to be upgraded with information and manpower of spiritual and social care according to the findings.

• Proceedings of the Korea Technology Innovation Society Conference
• /
• 2015.05a
• /
• pp.545-570
• /
• 2015

Korea is among the ten countries with the largest R&D budget and the highest R&D investment-to-GDP ratio, yet the subject of security and protection of R&D results remains relatively unexplored in the country. Countries have implemented in their legal systems measures to properly protect cutting-edge industrial technologies that would adversely affect national security and economy if leaked to other countries. While Korea has a generally stable legal framework as provided in the Regulation on the National R&D Program Management (the "Regulation") and the Act on Industrial Technology Protection, many difficulties follow in practice when determining details on security management and obligations and setting standards in carrying out national R&D projects. This paper proposes to modify and improve security level classification standards in the Regulation. The Regulation provides a dual security level decision-making system for R&D projects: the security level can be determined either by researcher or by the central agency in charge of the project. Unification of such a dual system can avoid unnecessary confusions. To prevent a leakage, it is crucial that research projects be carried out in compliance with their assigned security levels and standards and results be effectively managed. The paper examines from a practitioner's perspective relevant legal provisions on leakage of confidential R&D projects, infringement, injunction, punishment, attempt and conspiracy, dual liability, duty of report to the National Intelligence Service (the "NIS") of security management process and other security issues arising from national R&D projects, and manual drafting in case of a breach. The paper recommends to train security and technological experts such as industrial security experts to properly amend laws on security level classification standards and relevant technological contents. A quarterly policy development committee must also be set up by the NIS in cooperation with relevant organizations. The committee shall provide a project management manual that provides step-by-step guidance for organizations that carry out national R&D projects as a preventive measure against possible leakage. In the short term, the NIS National Industrial Security Center's duties should be expanded to incorporate national R&D projects' security. In the long term, a security task force must be set up to protect, support and manage the projects whose responsibilities should include research, policy development, PR and training of security-related issues. Through these means, a social consensus must be reached on the need for protecting national R&D projects. The most efficient way to implement these measures is to facilitate security training programs and meetings that provide opportunities for communication among industrial security experts and researchers. Furthermore, the Regulation's security provisions must be examined and improved.