• Informatization Policy
• /
• v.31 no.2
• /
• pp.82-104
• /
• 2024

Smart home services are growing rapidly as the development of the Internet of Things (IoT) opens the era of the so-called "Connected Living." Although personal information leaks through smart home cameras are increasing, however, users-while concerned-tend to take passive measures to protect their personal information. This study theoretically explained and verified how to design effective software update notification messages for smart home cameras to ensure that users comply with the recommended security behavior (i.e., update installation). In a survey experiment participated in by 120 actual users, the effectiveness of both emotional appeals (i.e., security breach warning images for fear appeals) and rational appeals (i.e., loss-framed messages emphasizing the negative consequences of not installing the updates) were confirmed. The results of this study provide theoretical interpretations and practical guidelines on the message design features that are effective for threat appraisals (i.e., severity, vulnerability) of smart home camera users and their protection motivation.

• Fire Science and Engineering
• /
• v.29 no.4
• /
• pp.61-66
• /
• 2015

PVC pipe has excellent corrosion resistance and chemical resistance and is broadly used. However there are no regulations regarding exposed piping material in buildings. There is growing concern about the vulnerability of piping to fires and generating toxic gas. Exposed piping should be made of incombustible materials to prevent spreading of toxic gas and to minimize damage to life and property in case of fire. Many big structures are being built, and concerns regarding damage by fire are continuously growing. In these circumstances, we should reinforce fire safety standards for buildings and heighten safety consciousness to become a well-developed country. For these reasons, we investigated the materials used for exposed piping and the standards of well-developed countries to enhance safety. We tried to figure out the alternatives by examining the actual conditions of each region's buildings. Based on the use of incombustible materials for exposed piping in each region, we tried to enhance the effectiveness for safety by suggesting revisions for related laws and regulations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.417-428
• /
• 2018

The intelligent video surveillance environment is a system that extracts various information about a video object and enables automated processing through the analysis of video data collected in CCTV. However, since the privacy exposure problem may occur in the process of intelligent video surveillance, it is necessary to take a security measure. Especially, video metadata has high vulnerability because it can include various personal information analyzed based on big data. In this paper, we propose a COP-Transformation scheme to protect video metadata. The proposed scheme is advantageous in that it greatly enhances the security and efficiency in processing the video metadata.

• The Journal of the Korea Contents Association
• /
• v.10 no.9
• /
• pp.57-67
• /
• 2010

Smart grid technology can expand energy efficiency into the home by monitoring consumer energy usage in real time and communicating with household devices that respond to demands to shut off during periods of non-use, allowing individual consumers to control their electricity usage more effectively. But, the information collected on a smart grid will form a library of personal information, the mishandling of which could be highly invasive of consumer privacy. There will be major concerns if consumer-focused principles of transparency and control are not treated as essential design principles from beginning to end. In this paper, using. All-Or-Nothing Transform encryption mode for providing smart grid security, we propose efficient distributed data Management based on XOR operation. The contribution of this paper is to provide a secure algorithm that manages efficiently distributed data in the field of private data in smart grid environment.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.25 no.7
• /
• pp.757-766
• /
• 2014

In this paper, economic loss due to high power electromagnetic pulse is estimated and the methodology used for calculating its impacts is suggested using a macro approach. In order to investigate the most critical infrastructure for the high power electromagnetic pulse assault, the vulnerability assessment that provides information on the threats of concern is conducted. As a result, this study concentrates on the electric power networks. The presented assessment model is considered with gross domestic product (GDP) and energy consumption when the electric power networks are damaged due to high power electromagnetic pulse. In addition, economic losses are calculated by the extent of damages considering different types of the high power electromagnetic pulse assault generated by nuclear and man-made weapon. Through the estimation of these damages, the resulted economic loss will be compared with the protection cost. Consequently, protection of the vulnerable infrastructures can be prepared against electromagnetic pulse attack.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.143-158
• /
• 2010

The illegal leakage of enterprise digital confidential information will threaten the enterprise with bankruptcy. Today since most small-and-medium companies have no capability to fight against illegally compromising their critically confidential documents in spite of knowing the leakage of them, strongly safe distribution system of the digital confidential documents should be designed so in secure as to prevent any malicious intent of embezzlement from accessing the critical information. Current DRM-based protection system is not always perfect to protect the digital secrets, even seems to leave the secrets open. Therefore our study has analyzed the illegal leakage paths that hackers attack against and the vulnerability of the current protection systems. As result, we study the group communication based system architecture satisfying the security conditions to make even legitimate working employee keep out of the confidential documents, without performance degradation. The main idea of this architecture is to stay every secrets in encrypted form; to isolate the encrypted documents from the crypto-key; to associate every entity with one activity and to authenticate every entity with DSA-based public key system; multiple authentication method make hackers too busy to get a privilege to access the secrets with too many puzzle pieces. This paper deal with the basic architectural structure for the above issues.

• Journal of Information Technology Services
• /
• v.16 no.3
• /
• pp.147-165
• /
• 2017

Recently, there have been numerous issues about password breaches and it is becoming important for the users to manage their passwords. In practice, the online service provider are asking the online users to change their passwords periodically. However, majority of the users are not changing their passwords regularly, and this can increase the risk of password breach. The purpose of this study is to investigate whether 'fear appeals' and 'message framing' enhance the behavior of changing passwords by the online users. Furthermore, we identify the mechanism on how the behavior of changing passwords is enabled using protection motivation theory. The results of an online experiment show that the online users who are exposed to 'fear appeals' perceived a more vulnerability and severity of password breaches, which in turn, increased the intention of changing their password. In addition, we found that perceived severity of password breaches affect fear positively. Moreover, we found that fear has significant impact on the willingness of changing passwords. Finally, Message framing plays a moderating role between fear and change intentions. That is, in a situation where 'fear appeal' is presented, it means that 'gain framing' is more effective than 'loss framing' These findings suggest that the online service providers may need to use 'fear appeals' to the online users. Security managers can address issues related to the password breaches by carefully designing 'fear appeals'.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.1
• /
• pp.244-250
• /
• 2015

Survivability is avoidance and tolerance ability of combat systems for accomplishing mission in battle field. Therefore, the combat system has to protect or minimize any damage from threats. For this reason, many modeling and simulation based studies which analyze vulnerability of the combat system by threats, are in progress to improve survivability of the combat system. In this paper, we developed a 3D penetration analysis program for survivability analysis of combat system. To do this, we applied the penetration analysis equation to threat and protection performance of tank. Also we implemented simple tank models based on 3D CAD, and tested the developed program using the implemented tank models. As a result, we verified the developed program that is possible to analyze penetration by threat and protection performance of tank and to visualize its result, based on scenarios.

• Journal of Convergence for Information Technology
• /
• v.9 no.10
• /
• pp.9-15
• /
• 2019

Recently, in the field of next-generation e-commerce and finance, interest in blockchain-based technologies such as Bitcoin and Ethereum is great. Although the security of blockchain technology is known to be secure, hacking incidents / accidents related to cryptocurrencies are being issued. The main causes were vulnerabilities in the external environment, such as taking over login sessions on cryptocurrency wallets, exposing private keys due to malware infection, and using simple passwords. However, private key management recommends general methods such as utilizing a dedicated application or local backup and physical archiving through document printing. In this paper, we propose a white box password-based private key protection scheme. As a result of safety and performance analysis, we strengthened the security against vulnerability of private key exposure and proved the processing efficiency of existing protocol.

• Journal of Information Technology Services
• /
• v.21 no.4
• /
• pp.63-74
• /
• 2022

Globally researchers at medical institutions are actively sharing COHORT data of patients to develop vaccines and treatments to overcome the COVID-19 crisis. OMOP-CDM, a common data model that efficiently shares medical data research independently operated by individual medical institutions has patient personal information (e.g. PII, PHI). Although PII and PHI are managed and shared indistinguishably through de-identification or anonymization in medical institutions they could not be guaranteed at 100% by complete de-identification and anonymization. For this reason the security of the OMOP-CDM database is important but there is no detailed and specific OMOP-CDM security inspection tool so risk mitigation measures are being taken with a general security inspection tool. This study intends to study and present a model for implementing a tool to check the security vulnerability of OMOP-CDM by analyzing the security guidelines for the US database and security controls of the personal information protection of the NIST. Additionally it intends to verify the implementation feasibility by real field demonstration in an actual 3 hospitals environment. As a result of checking the security status of the test server and the CDM database of the three hospitals in operation, most of the database audit and encryption functions were found to be insufficient. Based on these inspection results it was applied to the optimization study of the complex and time-consuming CDM CSF developed in the "Development of Security Framework Required for CDM-based Distributed Research" task of the Korea Health Industry Promotion Agency. According to several recent newspaper articles, Ramsomware attacks on financially large hospitals are intensifying. Organizations that are currently operating or will operate CDM databases need to install database audits(proofing) and encryption (data protection) that are not provided by the OMOP-CDM database template to prevent attackers from compromising.