• Journal of Advanced Navigation Technology
• /
• v.13 no.5
• /
• pp.763-772
• /
• 2009

According as information-oriented society is propelled, development of various information security systems is achieved, and introduction of information security system is increasing for service offer securing from nation and public institution. In particular, government information system is increasing interest about security assessment service of government information system because verification about security is weighed first of all. Accordingly, study about various security assessment services is preceded in domestic and overseas. In this paper, analyze security assessment service of Britain and Canada, and we proposed about pre-qualification introduction plan of government information system that can offer user of nation and public institution reliability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.973-983
• /
• 2019

The importance of information security has been increasingly emphasized at the national, organizational, and individual levels due to the widespread adoption of software applications. High-safety software, which includes embedded software, should run without errors, similar to software used in the airline and nuclear energy sectors. Software development techniques in the above sectors are now being used to improve software security in other fields. Secure coding, in particular, is a concept encompassing defensive programming and is capable of improving software security. In this paper, we propose a software security vulnerability detection method using an improved coding standard searching technique. Public static analysis tools were used to assess software security and to classify the commands that induce vulnerability. Software security can be enhanced by detecting Application Programming Interfaces (APIs) and patterns that can induce vulnerability.

• Korean Security Journal
• /
• no.36
• /
• pp.417-442
• /
• 2013

This study considers the characteristics of the separation of public and private security service during Koryo dynasty, and compares it with the modern security service. Modern day security service's definition of private and public security service was used to distinguish them. Given the different historical settings, it's difficult to argue that the distinction between public and private service during Koryo dynasty was clear, but it can be said that public security service was centered around palace guard and concerns the activities of protest, and military made for the relationship, and private security service was centered around power of DoBang and includes the activities of malingering, and Byolchogun. During the early days of Koryo, protest, district military and soldiers who stay in the palace were all parts of a palace revolt and this institutional improvement of soldiers who stay in the palace was accomplished during King Seongjong's rule. The tradition of a palace revolt can find its roots in the middle military, and after the unification, a palace revolt was reformed into the king's palace revolt of second and the 6th along the course of establishing the nation's system. All of the changes stem from the reformation for consolidating the royal authority. Gyung Dae Seoung wanted to protect himself and he slept with his army night and days and because of that, group of soldiers was created and it was called DOBANG. Some members were from dobang gyeonryong, The forced were powerful because it was gathered with a warriors with extraordinaire martial arts and competent management. Most of the soldiers followed gyeong dae seung because they believed that he has a strong leadership and loves his people, and had a strong faith in him. However, the general gyeong jang had a belief that politics must be reverted to the previous so the relationships between jungbang wasn't smooth. Because of the economic operational problems, due to fraud committed by the mens under his command failed to maintain integrity and was criticised.The misconception also fed up with the emperor and the deepening relationships between the soldiers, his dobang was dismantled. After he took over the dobang, for his personal safety and to strengthen his position he compensated gyeon dae seong's dobang and developed the organization. In the process of extending the dobang Choi chung heon recruited many talented people to strengthen the military base, and also accepted the advice and expanded the power of Dobang. Choi Chung Heon thus consolidated his political gains by weakening the power of the king's army and adjusting the myth, which could've threatened his regime, and this was called Dobang number 6th. Dobang number six got even more powerful by his son named Choi woo, and after ruling, he expanded into a room, and a substantial reorganization of Dobang was developed. And then the creation of yabyeolcho also showed the effect to prevent the crisis. Although the palace guards who were public security service of Koryo Dynasty was still maintained during the military rule era when the royal authority was incapacitated, it was only maintained to have a symbolic meaning as the actual authority including military power was with Choi, the master of Dobang, private security service group. Likewise, during the rule of Choi, private securty service could reign over public security service, and the noteworthy characteristic of Dobang is that it assisted the private soldier groups to seize the military power by reorganizing and modifying military system. Although both differences and similarities can be found when comparing the guards of Koryo Dynasty with those of contemporary society, they have a similarity in terms of the essence of guards that they guarantee the safety of their clients. As for differences, the royalty of Koryo Dynasty and the pursuit of profit of contemporary society are in contrast, and contemporary guards can be seen as the fulfillment of responsibility and duty by free will, whereas guards of Koryo Dynasty were ruled with military coercion.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.3-10
• /
• 2011

To provide efficient keyword search on encrypted data, a public key encryption with keyword search (PEKS) was proposed by Boneh et al. A sender encrypts an e-mail and keywords with receiver's public key, respectively and uploads them on a server. Then a receiver generates a trapdoor of w with his secret key to search an e-mail related with some keyword w. However, Byun et al. showed that PEKS and some related schemes are not secure against keyword guessing attacks. In this paper, we propose a public key encryption with keyword search for restricted testability (PEKS-RT) scheme and show that our scheme is secure against keyword guessing attacks.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.29-35
• /
• 2020

The cyber attacks targeting the systems of national and public organizations in the front line of cyber security have been advanced, and the number of cyber attacks has been on the constant rise. In this circumstance, it is necessary to develop the security evaluation technology to prevent cyber attacks to the systems of national and public organizations. Most of the studies of the vulnerability analysis on the information systems of national and public organizations almost focus on automation. In actual security inspection, it is hard to automate some parts. In terms of security policies for threats, many different plans have been designed and applied in the managerial, physical, and technical fields, giving particular answers no matter how they are subjective or situational. These tendencies can be standardized in OCIL(Open Checklist Interactive Language), and partial automation can be achieved. Therefore, this study tries to implement XML Converter in order for OCIL based security level evaluation with typical evaluation questions.

• Korean Security Journal
• /
• no.2
• /
• pp.259-289
• /
• 1999

The Security Industry has dynamic working conditions. So this study intends to find the advisable direction for the reduction of accidents. To achieve the aim, the investigation of documents and the examinations of actual proofs have been done to figure the theoretical background and to see the basic knowledge of security industry. The questionnaire was composed of two question sheets to search real data and actual proofs, with making targets of pure security organization and personnel. The one consists of 9 questions to find the scale and extent of security organizations and the population and character of security personnel, and the other 25 questions in 3 major areas to analyze the causes, the frequency rates, the factors, and the condition of accidents. The period of survey was July 15th to October 15th in 1997 by mail/telephone/interview. The questionnaires were efficiently returned from 102 different organizations including the public security groups of Seoul Metropolitan Police Bureau and so on, with the information of 8,222 persons having worked for Korean Security Industry in 1996. So being based on the reality, some meaningful facts were found, and were compared with the national statistics of the Government. This study is made up of 5 chapters : in the 1st chapter the motivation, the object, the method, the direction and the limitation of the approach were presented ,in the 2nd chapter the theoretical background were inferred ; in the 3rd chapter the collected data of accidents in Korean Security Industry were analyzed and explained on the base of the questionnaires , in the 4th chapter the advisable facts connected with preventing accidents were mentioned ; in the last the conclusion were stated. With the replies of 102 different organizations including the information of 8,222 persons in 1996, the main facts found or analyzed through this study are as follows. Firstly, accident is an unpredictable and occasional event. It occurs to man and/or thing, but the frequency rate of accidents in Korean Government and other Institutes has been calculated and evaluated only in the point of the accident related with man. Secondly, the factors of accidents are firstly relevant to the way preventing accidents in Security Industry in Korea. However the frequency rate is academically calculated and evaluated by at once man(population) and hour(time). But the Government has done the rate only by man(population). This can be improper and inaccurate rates. Thirdly, the confused concept of security is used in Korean Government, academic society, corporation and so on. Therefore the detailed formation of the concept is needed for the development of Security Industry in Korea. Fourthly, security organizations can be classified into 'public security(public law enforcement)' and 'private security' according to its identification, and furthermore 'private security' can be divided into 'facilities-guard service', 'body-guard service', and 'patrol service' according to its major role. Fifthly, in the viewpoint of the number of both organization and population,'facilities-guard service' is centered in Korean 'private security'. According to the analyzed results of the questionnaires in this study, the frequency rate of accidents of Korean Security Industry is 0.43(%) totally in 1996 : 'facilities-guard service' 0.54(%), 'body-guard service' 0.12(%), and 'patrol service' 0.21(%) in 'private security', and 'public security' 0.20(%). With regard to the accident frequency rate of organization and population, 'facilities-guard service' is the highest. The accident frequency rate of population in 'facilities-guard service' organization ranges dispersively from 0.20(%) to 11.11(%). Sixthly, the accidented rate of workers having serviced for under one year is 57.6(%). This can mean that the main factor of accidents in Korean Security Industry is the lack of role-understanding and training/education. And another factor can be found on the time of accident occurrence. Many accidents have been occurred on the relaxed points like as just after lunch and morning rush-hour. Lastly, the major advisable facts related to preventing accidents are as follows : The workers who are over fifty years old in 'facilities-guard service' organization need to be educated for preventing accidents ; It is desirable that the training and education to prevent accidents should be practiced in the time of pre-service ; As the style of accidents and the age of the accidented are not same according to major service area('public security' and 'private security' : 'facilities-guard service', 'body-guard service', and 'patrol service'), the plans to prevent accidents must be different and various. However fracture and bruise are general accidents in Korean Security Industry ; Workers must care about traffic accident and violent fall ; It seems that the grouped working with other two persons will reduce accident occurrence possibility rather than individually single working.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.12
• /
• pp.315-320
• /
• 2020

The purpose of this study is to analyze and interpret the current situation of private security companies·guards for the past three years, security companies by size, general·special (new education), and qualification system provided by the Police Agency, Security Association, etc. It provides a theoretical foundation for private security and provides a new perspective for interpreting private security. As a result, through the current situation, this private security has a concentration of metropolitan area and facility security, an abnormal personal protection company contrast, the number of personal protection institutes, there is a special security shift to regular jobs, and the current continuous education On the other hand, the education of special security guards has been shown to be limited. In the qualification system, the utilization of security instructor qualifications and the utilization and public relations of personal probation officer qualifications will appear. The current state of typical private security is as follows. The first is the balanced development of private security and the clarity of business divisions. Second, the quality of private security education and educational institutions must be high. Third is the recognition of the qualification system and active public relations.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5653-5672
• /
• 2019

In cloud computing era, an increasing number of resource-constrained users outsource their data to cloud servers. Due to the untrustworthiness of cloud servers, it is important to ensure the integrity of outsourced data. However, most of existing solutions still have challenging issues needing to be addressed, such as the identity privacy protection of users, the traceability of users, the supporting of dynamic user operations, and the publicity of auditing. In order to tackle these issues simultaneously, in this paper, we propose a traceable dynamic public auditing scheme with identity privacy preserving for cloud storage. In the proposed scheme, a single user, including a group manager, is unable to know the signer's identity. Furthermore, our scheme realizes traceability based on a secret sharing mechanism and supports dynamic user operations. Based on the security and efficiency analysis, it is shown that our scheme is secure and efficient.

• Journal of Korea Multimedia Society
• /
• v.7 no.12
• /
• pp.1719-1728
• /
• 2004

The fusion of Internet technology and applications with wireless communication provides a new business model and promises to extend the possibilities of commerce to what is popularly called mobile commerce, or m-commerce. In mobile Internet banking service through wireless local area network, security is a most important factor to consider. We describe the development of security service for mobile Internet banking on Personal Digital Assistants (PDAs). Banking Server and Authentication Server were developed to simulate banking business and to support certificate management of authorized clients, respectively. To increase security, we took hybrid approach in implementation: symmetric block encryption and public-key encryption. Hash function and random number generation were exploited to generate a secret key. The data regarding banking service were encrypted with symmetric block encryption, RC4, and the random number sequence was done with public-key encryption. PDAs communicate through IEEE 802.IIb wireless LAN (Local Area Network) to access banking service. Several banking services and graphic user interfaces, which emulatedthe services of real bank, were developed to verity the working of each security service in PDA, the Banking Server, and the Authentication Server.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4226-4241
• /
• 2014

Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.