• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.157-167
• /
• 2009

Recently, the leakage of confidential information and personal information is taking place on the Internet more frequently than ever before. Most of such online security incidents are caused by attacks on vulnerabilities in web applications developed carelessly. It is impossible to detect an attack on a web application with existing firewalls and intrusion detection systems. Besides, the signature-based detection has a limited capability in detecting new threats. Therefore, many researches concerning the method to detect attacks on web applications are employing anomaly-based detection methods that use the web traffic analysis. Much research about anomaly-based detection through the normal web traffic analysis focus on three problems - the method to accurately analyze given web traffic, system performance needed for inspecting application payload of the packet required to detect attack on application layer and the maintenance and costs of lots of network security devices newly installed. The UTM(Unified Threat Management) system, a suggested solution for the problem, had a goal of resolving all of security problems at a time, but is not being widely used due to its low efficiency and high costs. Besides, the web filter that performs one of the functions of the UTM system, can not adequately detect a variety of recent sophisticated attacks on web applications. In order to resolve such problems, studies are being carried out on the web application firewall to introduce a new network security system. As such studies focus on speeding up packet processing by depending on high-priced hardware, the costs to deploy a web application firewall are rising. In addition, the current anomaly-based detection technologies that do not take into account the characteristics of the web application is causing lots of false positives and false negatives. In order to reduce false positives and false negatives, this study suggested a realtime anomaly detection method based on the analysis of the length of parameter value contained in the web client's request. In addition, it designed and suggested a WAF(Web Application Firewall) that can be applied to a low-priced system or legacy system to process application data without the help of an exclusive hardware. Furthermore, it suggested a method to resolve sluggish performance attributed to copying packets into application area for application data processing, Consequently, this study provide to deploy an effective web application firewall at a low cost at the moment when the deployment of an additional security system was considered burdened due to lots of network security systems currently used.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.311-326
• /
• 2018

This paper has experimented using News sample video with QCIF ($176{\times}144$) resolution in JM v10.2 code of H.264/AVC-MPEG. The region of interest (ROI) to be encrypted occurred the drift by unnecessarily referring to each frame continuously in accordance with the characteristics of the motion prediction and compensation of the H.264 standard. In order to mitigate the drift, the latest related research method of re-inserting encrypted I-picture into a certain period leads to an increase in the amount of additional computation that becomes the factor increasing the bit-rate overhead of the entire video. Therefore, the reference search range of the block and the frame in the ROI to be encrypted is restricted in the motion prediction and compensation for each frame, and the reference search range in the non-ROI not to be encrypted is not restricted to maintain the normal encoding efficiency. In this way, after encoding the video with restricted reference search range, this article proposes a method of RC4 bit-stream encryption for the ROI such as the face to be able to identify in order to protect personal information in the video. Also, it is compared and analyzed the experimental results after implementing the unencrypted original video, the latest related research method, and the proposed method in the condition of the same environment. In contrast to the latest related research method, the bit-rate overhead of the proposed method is 2.35% higher than that of the original video and 14.93% lower than that of the latest related method, while mitigating temporal drift through the proposed method. These improved results have verified by experiments of this study.

• Korean Security Journal
• /
• no.7
• /
• pp.95-124
• /
• 2004

It can be said that 'the September 11th Terrorist Attacks' in 2001 were not only the indiscriminate attacks on innocent people but also the whole - political, economical and military - attacks on human life. Also, 'the September 11th Terrorist Attacks' can be regarded as the significant events in the history of world, which were on the peak of the super-terrorism or new-terrorism that had emerged from the 1980s. However, if one would have analysed the developments of terrorism from the 1970s, they could have been foreknown without difficulty. The finding from this study can be summarized as the followings, First, in spite that the USA responsive system against terrorism had been assessed as perfect before 'the September 11th Terrorist Attacks', the fragilities were found in the aspects of the response on the new-terrorism or super-terrorism. The previous responsive system before 'the September 11th Terrorist Attacks' had the following defects as the followings: (1) it was impossible to establish the integrated strategy, because the organizations related to the response against terrorism had not integrated; (2) there were some weakness to collect and diffuse the informations related to terrorism; (3) the security system for the domestic airline service in USA and the responsive system of air defense against terrors on aircraft were very fragile. For these reasons, USA government established the 'Department of Homeland Security' of which the President is the head so that the many organizations related to terrorism were integrated into a single management system. And, it legislated a new act to protect security from terrors, which legalized of the wiretapping in spite of the risk of encroachment upon personal rights, increased the jail terms upon terrorists, froze the bank related to terrorist organization, and could censor e-mails. Second, it seem that Korean responsive system against terrors more fragile than that of USA. One of the reasons is that people have some perception that Korea is a safe zone from terrors, because there were little attacks from international terrorists in Korea. This can be found from the fact that the legal arrangement against terrorism is only the President's instruction No. 47. Under this responsive system against terrorism dependent on only the President's instruction, it is expected that there would be a poor response against terrors due to the lack of unified and integrated responsive agency as like the case of USA before 'the September 11th Terrorist Attacks'. And, where there is no legal countermeasure, it is impossible to expect the binding force on the outside of administrative agencies and the performances to prevent and hinder the terrorist actions can not but be limited. That is to say, the current responsive system can not counteract effectively against the new-terrorism and super-terrorism. Third, although there were some changes in Korean government's policies against terrorism. there still are problems. One of the most important problems is that the new responsive system against terrorism in Korea, different from that of USA, is not a permanent agency but a meeting body that is organized by a commission. This commission is controled by the Prime Minister and the substantial tasks are under the National Intelligence Service. Under this configuration, there can be the lack of strong leadership and control. Additionally, because there is no statute to response against terrorism, it is impossible to prevent and counteract effectively against terrorism. The above summarized suggests that, because the contemporary super-terrorism or new-terrorism makes numerous casualties of unspecified persons and enormous nationwide damages, the thorough prevention against terrorism is the most important challenge, and that the full range of legal and institutional arrangements for the ex post counteraction should be established. In order to do so, it is necessary for the government to make legal and institutional arrangements such as the permanent agency for protection from terrorism in which the related departments cooperates with together and the development of efficient anti-terror programs, and to show its willingness and ability that it can counteract upon any type of domestic and foreign terrorism so that obtain the active supports and confidence from citizens.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.46 no.1
• /
• pp.23-31
• /
• 2009

Recently, biometric techniques such as face recognition, finger-print recognition and iris recognition have been widely applied for various applications including door access control, finance security and electric passport. This paper presents the method of using finger-vein pattern for the personal identification. In general, when the finger-vein image is acquired from the camera, various conditions such as the penetrating amount of the infrared light and the camera noise make the segmentation of the vein from the background difficult. This in turn affects the system performance of personal identification. To solve this problem, we propose the novel and fast method for extracting the finger-vein region. The proposed method has two advantages compared to the previous methods. One is that we adopt a locally adaptive thresholding method for the binarization of acquired finger-vein image. Another advantage is that the simple morphological opening and closing are used to remove the segmentation noise to finally obtain the finger-vein region from the skeletonization. Experimental results showed that our proposed method could quickly and exactly extract the finger-vein region without using various kinds of time-consuming filters for preprocessing.

• Journal of Korean Public Health Nursing
• /
• v.12 no.2
• /
• pp.67-88
• /
• 1998

Present study was attempt to explore the relationship between perceived family support and depression and to emphasize the importance or needs of family support in psychological care especially among adolescents. Study subjects comprized of 308 high school students including vocational students in part, and data collection was done in the Kwangju City area in April. 1998. The Moos Family Environment Scale and the Zung's Self-Rating Depression Scale modified by investigators were used as measurement tools of 59 item questionnaire and in data analysis, statistical methods of T-test, ANOVA. and Pearson Correlation Coefficient were utilized. The study findings are as follows 1. The hypothesis of the study, 'the higher the degree of perceived family support among adolescents, the lower the level of depression', was supported (r=-0.4469, p<.001). 2. Some variables in demographic characteristics related to the degree of family support with statistical significance were school division of vacational vs non-vocational(t=-2.02, p<.05), age(f=5.47, p<.01), family monthly income (f=2.49, p<.05), mother's level of education (f=3.01. p<.05), residence at developmental stage (f=2.87, p<.05), personal problem of highest priority at present(f=7.73, p<.001), and family problem perceived by adolescents(f=7.38, p< .001). 3. Items In general characteristics related to the level of depression with statistical significance were sex(t=-2.91, p<.0l). mother's level of education(f=2.53. p<.05). residence at developmental stage (f=3.95. p<.0l). present personal problem of highest priority (f=3.68. p<.1l). and perceived in-family problem (f=4.58. p<.001). 4. The mean score of the degree of perceived family support was 61.26 $(SD=\pm14.45)$ in a range of 21.00 to 96.00 ; that of the level of depression. 43.74 $(SD=\pm8.04)$ in a range of 23.00 to 67.00. which demonstrated that the higher the degree of perceived family support, the lower the level of depression. In conclusion. it was found that the degree of family support perceived by adolescents is a variable affecting the level of depression. Based on the study outcome, further research suggestions can be made as such that repeated studies are needed in order to delineate the various factors affecting family support and depression, and a study involving family support implementation program is required as a nursing intervention for the development of emotional security among adolescents, perceived family support, depression, adolescence.

• Information Systems Review
• /
• v.17 no.3
• /
• pp.77-94
• /
• 2015

As Internet has become a popular media for sharing information, users create and share tremendous volume of information including large amount of personal information in cyberspace. Sharing private information online can enhance strength of social relationship but it could also bring negative consequences like information privacy invasion. Although many companies and governments address the importance of information privacy online, there are countless cases of crimes and hackings relating personal information online world wide. Since there are some researches investigating the role of governments and organizations on online privacy domain but there is little research regarding users' privacy protection behaviors. This study investigates relationship between Internet users' information privacy protection behavior and environmental factors. Especially, this study focuses on users' behaviors regarding information privacy protection technology adoption. According to our research results, users' online privacy protective behaviors positively affected by governmental regulations expressed as an information privacy protection law. In addition, if user is allowed to use anonymity when he or she uses online services, they have more tendencies to adopt privacy protection technologies. The detailed research findings and contribution are discussed as well.

• Journal of the Korean GEO-environmental Society
• /
• v.16 no.7
• /
• pp.43-53
• /
• 2015

More than 70 percent of the Korean territory consists of mountain area so development of mountain district is essential to urbanize continuously. Thus, technological developments for risk factors and standards and manuals must be needed to prevent mountain disaster. Risk Management Manual should be made and operated in government legislation related to national disaster, but there is still no Emergency Management Standard Manual and Emergency Response-Practical Manual to prevent mountain disaster. This study suggests the improvement plans that are legislated but not established cleary in the field of disaster in urban area. The main items are like as 1) adaptable standard and practical manual to prevent mountain disaster in urban area, 2) reinforcement between managing department and interagency vertically and horizontally in central and local government organization, 3) Personal SOP (Standard Operating Procedure) not EOP (Emergency Operation Plan), 4) considering 13 items selected by Ministry of Public Safety and Security, 5) schematization with personal action plan, 6) check list to do in the event of mountain disaster, and 7) regular practice per quarter.

• Informatization Policy
• /
• v.28 no.3
• /
• pp.49-72
• /
• 2021

This study analyzes the major content, significances, and future outlook of Three Data Acts amendment enacted in August 2020 in South Korea, with the focus on their impact on the financial and data industries. It seems that the revision of the Credit Information Act will enable the specification of a business which had previously only been regulated as the business of credit inquiry, and also enable the domestic data industry to activate the MyData industry, data trading and platforms, and specify data pseudonymization and trading procedures. For the rational and efficient implementation of the amendments to the Three Data Acts, the Personal Information Protection Committee must be as transparent and lawful in its activities as possible, and fairness must be guaranteed. Even in the utilization of personal information, the development or complementation of the related data processing technologies is essential, and clear data processing methods and areas must be regulated. Furthermore, the amendments must be supported with guarantees and the systematization of a fair competitive system in the data market, stricter regulations on penalties for illegal acts related to data, establishment and strengthening of the related security systems, and reinforcement of the system of cooperation for data transfer.

• Journal of Digital Forensics
• /
• v.12 no.3
• /
• pp.109-120
• /
• 2018

The smartphone is the communication device that is the most personal to the user, and it keeps a lot of information related to the user and makes information communication with other devices. With these characteristics, forensics on smartphones are one of the most basic methods of investigation in criminal investigations, and have actually contributed to the settlement of the case by providing many clues. However, recently, it is designed to encrypt data stored as a social issue related to the protection of user's personal information, or to delete deleted data or to delete log data together. So, any solutions? In this paper, I try to find the answer from cloud data stored by smartphone user account. Cloud forensics should approach complementary relationships rather than smartphone forensics. There are a lot of data stored in the cloud that can be meaningfully used in the investigation. Online activity information of users, such as Internet usage, YouTube view, and contents purchase information, cloud service such as e-mail, cloud drive, and location information are the most representative data. These data can be unvaluable, but here are some important clues in various types of criminal investigations. In this paper, I propose a method to extract data from the google cloud so that the data can be used for investigation, and to utilize the extracted data for investigation. And it explains the role of the extracted artifacts in the actual investigation business through virtual cases and proves its value.

• Journal of Intelligence and Information Systems
• /
• v.28 no.1
• /
• pp.29-43
• /
• 2022

With the advent of the Internet and the development of mobile digital devices such as smartphones and tablet PCs, the communication service paradigm began to shift from existing voice services to data services. Recently, as social network services (SNS) are activated and 4th industrial revolution technologies centered on ICT (Information and Communication Technologies) such as Big Data, Blockchain, Cloud, and 5G/6G are rapidly developed, the amount of shared data type and the amount of data are increasing rapidly. As the transition to a digital society begins actively, the importance of using data information, as well as the economic and social values of personal information are becoming increasingly important. As a result, they are actively discussing policies to revitalize the data information industry around the world and ways to efficiently obtain, analyze, and utilize increasingly diverse and vast data, as well as to protect/guarantee the rights of information subjects (providers) in various fields such as society, culture, economy, and politics.. In this paper, in order to improve the self-determination right of personal information on data produced by information subjects, and further expand the use of safe data and the data economy, a differentiated data trusts system was considered and suggested. In addition, the components and data trusts procedures necessary to efficiently operate the data trusts system in Korea were considered, and the non-profit data trusts system and the for-profit data trusts system were considered as a way to flexibly operate the data trusts system. Furthermore, the legal items necessary for the implementation of the data trusts system were investigated and considered. In this paper, in order to propose a domestic data trusts system, cases related to existing data trusts systems such as the United States, Japan, and Korea were reviewed and analyzed. In addition, in order to prepare legislation necessary for the data trusts system, data-related laws in major countries and domestic legal and policy trends were reviewed to study the rights that conflict or overlap with existing laws, and differences were investigated and considered. The Data trusts system proposed in this paper is a reasonable system that is expected to recognize the asset value of data in the capitalist market economy system, to provide legitimate compensation for data produced by data subjects, and further to contribute greatly to the use of safe data and creation of a new service market.