• Journal of Korea Society of Industrial Information Systems
• /
• v.13 no.4
• /
• pp.64-72
• /
• 2008

Recently security is being an important issue in almost every field of industry. This situation has affected port logistics industry deeply. Ports are now leaving operational methods that only focus on productivity, and shifting to new ones which focus on safety and customer services on the basis of it. Thus a lot of companies and institutions have offered various solutions as this issue becomes more and more intense. Among them, most typical solutions involve installing special devices to ordinary containers to improve its security, such as CSD (Container Security Device) of GE (General Electric) and eSeal of Savi Networks. On the other hand, these devices focus only on international standards or technical implementation, and this causes inconvenience to actual users like cargo owners, sea carriers, or stevedoring companies. This is considered to be due to lack of sufficient consideration on user demands. This research uses QFD (Quality Function Deployment) method for deducting system requirements in order to solve the problems of previous security devices and to develop a security system that can not only reflect the demands of the users but also considers real-world conditions. According to the QFD results, a total of 21 system CTO's were deducted under 5 categories.

• Journal of Communications and Networks
• /
• v.11 no.3
• /
• pp.211-228
• /
• 2009

After clarifying the underlying problems in a secure network storage, we introduce two important requirements, leakageresilience and availability in higher levels respectively, for data keys that are used to protect remotely-stored data. As a main contribution of this paper, we give a new security layer for overlay networks by proposing a leakage-resilient authentication and data management system. In this system, we specifically propose a single mode and a cluster mode where the latter provides a higher level of both leakage-resilience and availability for the data key.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.35-40
• /
• 2021

The study aimed to realize one of the basic requirements for designing and building the integrated automated system for scientific research at Northern Border University, which includes the establishment of an automated interconnected system to manage all academic and financial operations of scientific research. From receiving the budget of the funded research courses, then the regular financial regulation of all the research team's rewards, the cost of publishing, translation and equipment, then receiving the research plans and linking them financially, preparing the total and detailed financial value for all stages, then financial disbursement operations, financial closure of research when published, and preparing financial reports The research team used the analytical approach to build the main and subsidiary requirements for designing the financial system, and the study concluded that all the elements required for the stages of financial management for scientific research at Northern Border University can be met based on sufficient by sequencing these processes and how they are sequenced as e It is designed in the research study.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.61-76
• /
• 2002

To ensure PKI systems' reliability, the security for PKI systems evaluation is required. But, unfortunately, the systematic security evaluation and certification of PKI systems is insufficient. In Korea, Firewall and intrusion detection system's security evaluation and certification has been enforced, but research of PKI systems’ evaluation is insufficient. This paper provides a PKI system evaluation criteria. This paper specifies a 7 level of the functional and assurance security requirements for a PKI system. And this PKI system evaluation criteria provides a compatibility with CC(Common Criteria) and KISES(Korea Information Security Evaluation Systems).

• Information Systems Review
• /
• v.10 no.2
• /
• pp.253-267
• /
• 2008

As the importance of information security becomes a major concern, there has been growing effort to educate information security professionals. This study aims to analyze the level of required knowledge and skills for four information security skills groups: strategy and planning; research and development; system management and operation; and accident control. For this study, we selected 55 critical knowledge and skills for information security professionals by literature review and Delphi method, and we conducted a survey of information security knowledge and skills requirements for information security professionals to perform their jobs. As a result, we analyzed the current status of the information security professionals' knowledge and skills level and suggested some guidelines for establishing the demand-based curriculum for training information security professionals.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.1
• /
• pp.52-83
• /
• 2009

In this technical report, we have examined the basic building blocks of mobile ad-hoc networks. The paper discusses various security requirements of ad-hoc networks, attacks in ad-hoc networks, Security Implementation and Routing Protocols. The primary purpose of the paper is to address the Optimized Link State Routing (OLSR) protocol in detail, along with the various possible attacks. Finally, algorithms for securing OLSR are proposed, via the addition of digital signatures, as well as more advanced techniques such as cross checking of advertised routing control data with the node's geographical position. The main aim of this research work is the addition of security features to the existing OLSR protocol. In order to effectively design a secure routing protocol, we present a detailed literature survey of existing protocols, along with the various attacks. Based on the information gathered from the literature survey, a secure routing protocol for OLSR is proposed. The proposed secure routing protocol involves the addition of a digital signature as well as more advanced techniques such as the reuse of previous topology information to validate the actual link state. Thus, the main objective of this work is to provide secure routing and secure data transmission.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.781-799
• /
• 2024

Recently, the US and EU have been institutionally introducing and promoting Coordinated Vulnerability Disclosure(CVD) to strengthen the response to security vulnerabilities in ICT products and services, based on collaboration with white-hat hackers. In response to these changes in cybersecurity, we propose a three-step approach to introduce CVD through the Information and Communications Network Act(ICNA). In the first step, to comprehend the necessity and requirements for legislating CVD, we survey the current situation in Korea and the trends of CVD in the US, EU, and OECD. In the second step, we analyze the necessity for legislating CVD and derive the requirements for its legislation. In this paper, we analyze the necessity for legislating CVD from three perspectives: the need for introducing CVD, the need for institutionalization based on law, and the suitability of the ICNA as the legislation. The derived requirements for CVD legislation include the establishment and publication of Vulnerability Disclosure Policy(VDP), legal protection for white-hat hackers, and designation and role assignments of coordinator. In the third step, we introduce approaches to apply the requirements for CVD legislation to the ICNA, which is the law governing prevention and response to cybersecurity incidents in private sector.

• The Journal of Korean Association of Computer Education
• /
• v.8 no.6
• /
• pp.13-21
• /
• 2005

In this study, we study and analysis on e-Learning based Information Security curriculum. e-Learning based university education courses will be much more established in Korea based on advanced IT technology. Computer related majors such as 'Computer Science' and 'Software' can be easily combined with e-Learning system. And Advanced Information Security Expert (AISE) educational course must be broadly opened for satisfying national requirements. In this study, we analyze e-Learning course on Information Security major based on off-line curriculum and suggest new model for further research.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.175-184
• /
• 2022

Voice over Internet Protocol (VoIP) has grown in popularity as a low-cost, flexible alternative to the classic public switched telephone network (PSTN) that offers advanced digital features. However, additional security vulnerabilities are introduced by the VoIP system's flexibility and the convergence of voice and data networks. These additional challenges add to the normal security challenges that a VoIP system's underlying IP data network infrastructure confront. As a result, the VoIP network adds to the complexity of the security assurance task faced by businesses that use this technology. It's time to start documenting the many security risks that a VoIP infrastructure can face, as well as analyzing the difficulties and solutions that could help guide future efforts in research & development. We discuss and investigate the challenges and requirements of VoIP security in this research. Following a thorough examination of security challenges, we concentrate on VoIP system threats, which are critical for present and future VoIP deployments. Then, towards the end of this paper, some future study directions are suggested. This article intends to guide future scholars and provide them with useful guidance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.161-174
• /
• 2009

IPTV provides their services only for their subscribers who have a eligibility to watch it by using Conditional Access System(CAS). CAS has been servicing their contents for subscribers by using set-top box or cable card so far, but these days, to solve the compatibility between kinds of devices, linkage with other services as DRM and confirming stability, the research of Downloadable CAS(DCAS) is being advanced steadily. On this paper, we analyse the vulnerability of DCAS based on the OpenCable and make up for the vulnerability in DCAS, then proposes to use secure DCAS system for IPTV. Also we show the result of the research and analyse the satisfaction of requirements.