• The Journal of Bigdata
• /
• v.3 no.2
• /
• pp.1-10
• /
• 2018

In the field of smart water management, there is an increasing demand for strengthening competitiveness through big data analysis. As a result, systematic management (Governance) of big data is becoming an important issue. Big data governance is a systematic approach to evaluating, directing and monitoring data management, such as data quality assurance, privacy protection, data lifetime management, data ownership and clarification of management rights. Failure to establish big data governance can lead to serious problems by using low quality data for critical decisions. In addition, personal privacy data can make Big Brother worry come true, and IT costs can skyrocket due to the neglect of data age management. Even if these technical problems are fixed, the big data effects will not be sustained unless there are organizations and personnel who are dedicated and responsible for data-related issues. In this paper, we propose a method of building data governance for smart water data management based on big data.

• Journal of the Korean Society of Systems Engineering
• /
• v.14 no.2
• /
• pp.73-82
• /
• 2018

In this work, a hardware based cryptographic module for the cyber security of nuclear power plant is developed using a system engineering approach. Nuclear power plants are isolated from the Internet, but as shown in the case of Iran, Man-in-the-middle attacks (MITM) could be a threat to the safety of the nuclear facilities. This FPGA-based module does not have an operating system and it provides protection as a firewall and mitigates the cyber threats. The encryption equipment consists of an encryption module, a decryption module, and interfaces for communication between modules and systems. The Advanced Encryption Standard (AES)-128, which is formally approved as top level by U.S. National Security Agency for cryptographic algorithms, is adopted. The development of the cyber security module is implemented in two main phases: reverse engineering and re-engineering. In the reverse engineering phase, the cyber security plan and system requirements are analyzed, and the AES algorithm is decomposed into functional units. In the re-engineering phase, we model the logical architecture using Vitech CORE9 software and simulate it with the Enhanced Functional Flow Block Diagram (EFFBD), which confirms the performance improvements of the hardware-based cryptographic module as compared to software based cryptography. Following this, the Hardware description language (HDL) code is developed and tested to verify the integrity of the code. Then, the developed code is implemented on the FPGA and connected to the personal computer through Recommended Standard (RS)-232 communication to perform validation of the developed component. For the future work, the developed FPGA based encryption equipment will be verified and validated in its expected operating environment by connecting it to the Advanced power reactor (APR)-1400 simulator.

• Health Policy and Management
• /
• v.31 no.3
• /
• pp.244-254
• /
• 2021

The management of emerging infectious diseases cannot help but completely depend on non-pharmaceutical interventions in the early stages of the outbreak. Consequently, South Korea has developed and implemented the 3T (test-trace-treat) models, non-pharmaceutical infection prevention and control (IPC) measures, in response to the coronavirus disease 2019 (COVID-19) pandemic. The IPC measures have gained global attention, rendering them to be essential in the development of a shareable, reusable, and applicable protocol for future pandemics. This study was conducted to identify the requirements necessary for standardizing the IPC measures. Three new work items of the 18 3T models were proposed to ISO/TC 304 (International Organization for Standardization/Technical Committee 304; healthcare organization management). Requirements for each IPC measure, identified by participating members (P-members) countries during the ISO ballots, were analyzed in this study. The three new work items were approved by the P-members countries after a 3-month ballot. There was a consensus that the three IPC measure models should be International Standards (IS). Other comments include (1) the models should include not only COVID-19 but also any respiratory pandemic; and (2) keep donning of level D protection at screening sites as an optional protocol, in consideration for the lack of personal protective equipment. Standardization is a systematic process of developing internationally agreed-upon wisdom and knowledge that consider and respect the diversity and universality of each country. It is expected that such standardized applicable IPC measure models contribute to global efforts to rapidly respond to a public health emergency of international concern during its early stages.

• Journal of Digital Convergence
• /
• v.19 no.8
• /
• pp.205-217
• /
• 2021

Decentralized SSI(Self Sovereign Identity) has become an alternative to a new digital identity solution, but an efficient de-identification technique has not been proposed due to the unique algorithmic characteristics of data transactions. In this study, to ensure the decentralized operation of SSI, we propose a de-identification technique that does not remove identifiers by restructuring the verification results of ZKP (Zero Knowledge Proof) into a form that can be provided to the outside by the verifier. In addition, it is possible to provide restructured de-identification data without the consent of data subject by proposing the concept of differential sovereignty management for each entity participating in verification. As a result, the proposed model satisfies the domestic personal information protection law in a decnetralized SSI, in addition provides secure and efficient de-identification processing and sovereignty management.

• Journal of the Korea Convergence Society
• /
• v.11 no.12
• /
• pp.309-317
• /
• 2020

In the post-corona era, telemedicine is becoming more important. This is the case in which it is written, in terms of this study, and in relation to the relationship between the Koreans and the Korean government. In addition, the aim is to prepare effective measures and seek policy suggestions for expanding the introduction of domestic telemedicine in the future. Although Japan has insisted on the necessity of introducing telemedicine in the medical community, it has institutionalized it with a cautious attitude until the establishment of telemedicine. On the other hand, South Korea lacks clear provisions on medical fees for telemedicine and legal measures regarding the responsibility for medical malpractice. Therefore, a clear legal interpretation of the telemedicine subject is needed, and a strategic approach is prioritized, including guidelines and measures for the legal responsibilities and limitations of physicians and patients.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.5
• /
• pp.35-45
• /
• 2005

There has recently been an increase of phishing attacks, attacks which lure users into revealing their personal information to an attacker who in turn exploits this information for economic gain. The conventional methods of fooling the user with similarly modified mail or address are constantly evolving and have diversified to include the forgery of mail or domain addresses. Recently the injury incurred by these attacks has greatly increased as attackers exploit the weaknesses found on a few web browsers and used these to conduct phishing attacks based on URL spoofing. Furthermore we are now witnessing the entrance of highly advanced phishing techniques that no longer simply rely on vulnerabilities, but employ ordinary script, HTML, DNS sniffing, and the list goes on. In this paper we first discuss means of investigating and preventing the advanced URL spoofing techniques used in phishing attacks, and then propose a scheme for fundamentally restricting them altogether.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1283-1292
• /
• 2012

As delivery services market has grown the damage cases are also continuously increased. When using delivery services, Customers would not be compensated in any way. Perhaps worse, losing a cargo would create a great deal of trouble. Because the lack of evidence, they takes a lot of time to clarify who is responsible. To prevent these things, we must create, collect, maintain and confirm. In this paper, we introduce new delivery system with a trusted third party for non-repudiation services. Moreover, in damage case, we show that the proposed system is efficient and provide non-repudiation. Using sending and receiving codes, the proposed system identifies a responsible subject with quickness and clearness.

• Journal of Convergence for Information Technology
• /
• v.11 no.7
• /
• pp.21-30
• /
• 2021

With the development of IoT technology, various cloud computing-based services such as smart cars, smart healthcare, smart homes, and smart farms are expanding. With the advent of a new environment, various problems continue to occur, such as the possibility of exposure of important information such as personal information or company secrets, financial damage cases due to hacking, and human casualties due to malicious attack techniques. In this paper, we propose a message communication protocol for smart home-based secure communication and user data protection. As a detailed process, secure device registration, message authentication protocol, and renewal protocol were newly designed in the smart home environment. By referring to the security requirements related to the smart home service, the stability of the representative attack technique was verified, and as a result of performing a comparative analysis of the performance, the efficiency of about 50% in the communication aspect and 25% in the signature verification aspect was confirmed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.291-307
• /
• 2021

There has been global efforts to prevent the further spread of the COVID-19 and get society back to normal. 'Contact tracing' is a crucial way to detect the infected person. However the contact tracing makes another concern about the privacy violation of the personal data of infected people, released by governments. Therefore Google and Apple are announcing a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design. However, in order to provide the improved tracing application, it is necessary to identify potential security threats and investigate vulnerabilities for systematically. In this paper, we provide security analysis of Privacy-Preserving COVID-19 Contact Tracing App with STRIDE and LINDDUN threat models. Based on the analysis, we propose to adopt a verifiable computation scheme, Zero-knowledge Succinctness Non-interactive Arguments of Knowledges (zkSNARKs) and Public Key Infrastructure (PKI) to ensure both data integrity and privacy protection in a more practical way.

• Journal of radiological science and technology
• /
• v.44 no.6
• /
• pp.629-633
• /
• 2021

This article is designed to look into the radiation exposure dose to each body part and the shielding effect for workers using an additional shielding to reduce their radiation exposured by scattering radiation which is generated in a space between the operating table and lead curtain during interventional radiology(IR) procedures. After placing a human phantom on the table of SIEMENS' angiography machine, the following measurements were taken, depending on the presence of an additional shield of lead equivalent of 0.25 mmPb, manufactured for this purpose: dose to gonad, dose to an area where the personal dosimeter is placed, and dose to an area of eye lens is located. An ion chamber(chamber volume 1,800 cc) was utilized to measure scattering radiation. The two imaging tests were carried out as follows: fluoroscopy of the abdomen (66 kV, 100 mA, 60 seconds) and of the head (70 kV, 65 mA, 60 seconds); and digital subtraction angiography(DSA) of the abdomen (67 kV, 264 mA, 20 seconds) and of the head (79 kV, 300 mA, 20 seconds). In all the experiments, the shielding efficiency of the gonad position was the largest at 59.8%. In case an additional shielding was used as protection against scattering radiation that came through the operating table and the lead curtain during an IR, the radiation shielding efficiency was estimated to be up to 59.8%, leading to a conclusion that its presence may effectively reduce the radiation exposure dose of medical staffs.