• Journal of Korea Multimedia Society
• /
• v.6 no.2
• /
• pp.288-300
• /
• 2003

As the importance of information security gets recognized seriously, ciphers technology gets used more. Particularly, since public key ciphers are easier to control the key than symmetric key ciphers and also digital signature is easily implemented, public key ciphers are increased used. Nowadays, public key infrastructure is established and operated to use efficiently and securely the public key ciphers. In the public key infrastructure, the user registers at the certificate authority to generate the private key and public key pair and the certificate authority issues the certificate on the public key generated. Through this certificate, key establishment between users is implemented and encryption communication becomes possible. But, control function of session key established in the public key infrastructure is not provided. In this thesis, the certificate issuing protocol to support the key recovery of the session key established during the wireless authentication and key establishment is proposed.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.55-63
• /
• 2016

SOA(service oriented architecture) based ESB(enterprise service bus) model is widely adopted in many companies for the safe processing of enormous data and the integration of business system. The existing web service technologies for the construction of SOA, however, show unsatisfactory in practical applications though the standardization of web service security technologies is in progress due to their limitations in safe exchange of data. Internal end users using a large business system based on such environment are composed of the variety of organizations and roles. Companies might receive more serious damage from insider threat than that from external one when internal end users get unauthorized information beyond the limits of their authority for private profit and bad purposes. In this paper, we propose a security architecture capable of identifying and coping with the security threats of web service technologies arouse from internal end users.

• Journal of Information Technology Applications and Management
• /
• v.11 no.2
• /
• pp.179-190
• /
• 2004

This paper describes the design of hacking prevention systems using a smart card. It consists of two parts, i.e., PC authentication and Keyboard-buffer hacking prevention. PC authentication function is a procedure to handle the access control to the target PC. The card's serial number is used for PIN(Personal Identification Number) and is converted into hash-code by SHA-1 hash-function to verify the valid users. The Keyboard-buffer hacking prevention function converts the scan codes into the encoded forms using RSA algorithm on the Java Card, and puts them into the keyboard-buffer to protect from illegal hacking. The encoded information in the buffer is again decoded by the RSA algorithm and displayed on the screen. in this paper, we use RSA_PKCS#1 algorithm for encoding and decoding. The reason using RSA technique instead of DES or Triple-DES is for the expansion to multi-functions in the future on PKI. Moreover, in the ubiquitous computing environment, this smart card security system can be used to protect the private information from the illegal attack in any computing device anywhere. Therefore, our security system can protect PC user's information more efficiently and guarantee a legal PC access authority against any illegal attack in a very convenient way.

• International Journal of Computer Science & Network Security
• /
• v.23 no.11
• /
• pp.128-132
• /
• 2023

Investment authorities are broad financial institutions that carefully manage investments on behalf of the national government using a long-term value development approach. To provide a stronger structure or framework for In-vestment Authorities to govern the distribution of funds to public and private markets, we've started research to create a blockchain-based prototype for managing and tracking numerous finances of such authorities. We have taken the case study of Oman Investment Authority (OIA) of Sultanate of Oman. Oman's wealth is held in OIA. It is an organization that oversees and utilizes the additional capital generated by oil and gas profits in public and private markets. Unlike other Omani funds, this one focus primarily on assets outside the Sultanate. The operation of the OIA entails a huge number of transactions, necessitating a high level of transparency and administration among the parties involved. Currently, OIA relies on various manuals to achieve its goals, such as the Authorities and Responsibilities manual, the In-vestment Manual, and the Code of Business Conduct, among others. In this paper, we propose a Blockchain based framework to manage the operations of OIA. Blockchain is a part of the Fourth Industrial Revolution, and it is re-shaping every industry. The main components of every blockchain are assets and participants. The funds are the major assets in the proposed study, and the participants are the various fund shareholders/recipients. The block-chain's transactions are all safe, secure, and immutable, and it's part of a trustless network. The transactions are simple to follow and verify. By replacing intermediary firms with smart contracts, blockchain-based solutions eliminate any middlemen in the fund allocation process.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.173-182
• /
• 2023

The UAE government has set its sights on creating a smart, electronic-based government system that utilizes AI. The country's collaboration with India aims to bring substantial returns through AI innovation, with a target of over $20 billion in the coming years. To achieve this goal, the UAE launched its AI strategy in 2017, focused on improving performance in key sectors and becoming a leader in AI investment. To ensure public safety as the role of AI in government grows, the country is working on developing integrated cyber security solutions for SCADA systems. A questionnaire-based study was conducted, using the AI IQ Threat Scale to measure the variables in the research model. The sample consisted of 200 individuals from the UAE government, private sector, and academia, and data was collected through online surveys and analyzed using descriptive statistics and structural equation modeling. The results indicate that the AI IQ Threat Scale was effective in measuring the four main attacks and defense applications of AI. Additionally, the study reveals that AI governance and cyber defense have a positive impact on the resilience of AI systems. This study makes a valuable contribution to the UAE government's efforts to remain at the forefront of AI and technology exploitation. The results emphasize the need for appropriate evaluation models to ensure a resilient economy and improved public safety in the face of automation. The findings can inform future AI governance and cyber defense strategies for the UAE and other countries.

• Korean Security Journal
• /
• no.44
• /
• pp.7-35
• /
• 2015

The objective of this article is to inform and document the contemporary development of the private security industry in Queensland Australia, a premier holiday destination that provide entertainment for the larger region. The purpose of this review is to examine the comtemporary development of mandated licensing regimes regulating the industry, and the necessary reform agenda. The overall aim is threefold: first, to chart the main outcomes of the two-wave of reforms since the mid-'90s; second, to examine the effectiveness of changes in modes of regulation; and third, to identify the criteria that can be considered a best practice based on Button(2012) and Prenzler and Sarre's(2014) criteria. The survey of the Queensland regulatory regime has demonstrated that, despite the federal-guided reforms, there remain key areas where further initiatives remain pending, markedly case-by-case utilisation of more proactive strategies such as on-site alcohol/drug testing, psychological evaluations, and checks on close associates; lack of binding training arrangement for technical services providers; and targeted auditing of licensed premises and the vicinity of venues by the Office of Fair Trading, a licensing authority. The study has highlighted the need for more determined responses and active engagements in these priority areas. This study of the development of the licensing regimes in Queensland Australia provides useful insights for other jurisdictions including South Korea on how to better manage licensing system, including the measures required to assure an adequate level of professional competence in the industry. It should be noted that implementing a consistency in delivery mode and assessment in training was the strategic imperative for the Australian authority to intervene in the industry as part of stimulating police-private partnerships. Of particular note, competency elements have conventionally been given a low priority in South Korea, as exemplified through the lack of government-sponsored certificate; this is an area South Korean policymakers must assume an active role in implementing accredited scheme, via consulting transnational templates, including Australian qualifications framework.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.240-243
• /
• 2010

Smart Phone supplies are diffused and substitute the Internet PC with Mobile communications which they are applied. Smart Phone in Smart Grid where electric power watch and the IT of existing amalgamate are used with business. Consequently from Smart Grid network connections which lead Smart Phone in about connection and control in about security vulnerabilities and Smart Grid networks the research is necessary in about vulnerability. It uses Smart Phone from the present paper and when approaching electric power watch systems which lead Smart Grid networks, it researches in about connection vulnerability. Also it uses Smart Phone and after connecting in Smart Grid networks a vulnerability in seizure possibility and, electric power information and control information, about private data etc. access authority it analyzes with the problem point which occurs it confronts it researches. And the research direction for a security reinforcement under presenting boil in about Smart Grid network security vulnerabilities which lead Smart Phone.

• Strategy21
• /
• s.45
• /
• pp.148-187
• /
• 2019

This paper is to analyse the necessity and development direction of the ROK's maritime security strategy white paper. To this end the paper is composed of 5 chapters titled introduction; the necessity of the ROK's maritime security strategy white paper; the ROK's actual situation in relation to maritime security strategy and cases of major advanced oceanic countries; the vision, goals, strategic tasks, and implementation system of the ROK's 'national maritime security strategy'; and conclusion. The achievement of the national marine strategic vision, such as the 'Ocean G5,' is of course possible when Korea can maintain and strengthen the maritime safety and maritime security of the people. The Sewol Ferry incident reminds us that we need a 'national maritime security strategy white paper' like the advanced marine countries. In order for the national maritime security strategy to be carried our efficiently, as in advanced oceanic countries, mere should be a dedicated department with sufficient authority and status to mobilize the cooperation of related organizations including naval-coastal cooperation. It would be good to set up a tentatively named Maritime Security Council, an organization of minister-level officials involved under the National Security Council, and an executive body composed of working-level officials from related ministries. In order to successfully carry out the national maritime security strategy for the maritime safety and maritime security of the people like the United States and the United Kingdom, we need to further strengthen our domestic cooperation and cooperation system, international cooperation, and maritime security. We have to promote the establishment and promotion of maritime security strategies by the Navy; strengthening the operational link between the Navy and the Coast Guard; strengthening the maritime surveillance capability at the national level, and promoting sharing with the private sector, etc.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.3
• /
• pp.920-925
• /
• 2010

A home network system is made up of home devices and wire and wireless network can not only be the subject of cyber attack from a variety factors of threatening, but also have security weakness in cases of hacking, vicious code, worm virus, DoS attack, tapping of communication network, and more. As a result, a variety of problems such as abuse of private life, and exposure and stealing of personal information arose. Therefore, the necessity for a security protocol to protect user asset and personal information within a home network is gradually increasing. Thus, this dissertation designs and suggests a home network security protocol using user authentication and approach-control technology to prevent the threat by unauthorized users towards personal information and user asset in advance by providing the gradual authority to corresponding devices based on authorized information, after authorizing the users with a Public Key Certificate.

• Journal of Internet of Things and Convergence
• /
• v.6 no.4
• /
• pp.65-72
• /
• 2020

In this paper, we developed a web-based DApp system based on a private blockchain by applying machine learning techniques to automatically identify Android malicious apps that are continuously increasing rapidly. The optimal machine learning model that provides 96.2587% accuracy for Android malicious app identification was selected to the authorized experimental data, and automatic identification results for Android malicious apps were recorded/managed in the Hyperledger Fabric blockchain system. In addition, a web-based DApp system was developed so that users who have been granted the proper authority can use the blockchain system. Therefore, it is possible to further improve the security in the Android mobile app usage environment through the development of the machine learning-based Android malicious app identification block chain DApp system presented. In the future, it is expected to be able to develop enhanced security services that combine machine learning and blockchain for general-purpose data.