• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권9호
• /
• pp.4588-4608
• /
• 2017

The measurement of information security levels is a very important but difficult task. So far, various measurement methods have studied the development of new indices. Note, however, that researches have focused on the problem of attaining a certain level but largely neglecting research focused on the issue of how different types of possible flaws in security controls affect each other and which flaws are more critical because of these effects. Furthermore, applying the same weight across the board to these flaws has made it difficult to identify the relative importance. In this paper, the interrelationships among security flaws that occurred in the security controls of K-ISMS were analyzed, and the relative impact of each security control was measured. Additionally, a case-control study was applied using empirical data to eliminate subjective bias as a shortcoming of expert surveys and comparative studies. The security controls were divided into 2 groups depending on whether or not a security flaw occurs. The experimental results show the impact relationship and the severity among security flaws. We expect these results to be applied as good reference indices when making decisions on the removal of security flaws in an enterprise.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2018년도 춘계학술발표대회
• /
• pp.320-322
• /
• 2018

Data analysis is a process of generating useful information by evaluating real-world raw data for making better decisions in business development. In the freight transport logistics companies, the analysis of freight data is increasingly garnering considerable importance among the users for making better decisions regarding freight cost reductions. Consequently, in this study, we used R programming language to analyze the freight data that are collected from freight transport logistics company. Usually, the freight rate varies based on chosen day of the week. In here, we analyzed and visualized the results such as frequency of cost vs days, frequency of requested goods in ton vs days, frequency of order vs days, and frequency of order status vs days for the last one-year freight data. These analysis results are beneficial in the viewpoint of the users in ordering process.

• 한국소프트웨어감정평가학회 논문지
• /
• 제15권2호
• /
• pp.121-128
• /
• 2019

컴퓨팅 시스템들은 사이버공격에 대한 다양한 취약점을 가지고 있다. 특히 정보화 사회에서 지능화된 다양한 사이버공격은 사회적으로 심각한 문제와 경제적 손실을 초래한다. 전통적인 침입탐지시스템은 오용침입탐지(misuse)기반의 기술로 사이버공격을 정확하게 탐지하기 위해서는 지속적인 새로운 공격 패턴 갱신과 수많은 보안 장비에서 생성되는 방대한 양의 데이터에 대한 실시간 분석을 해야만 한다. 하지만 전통적인 보안시스템은 실시간으로 탐지 및 분석을 통한 대응을 할 수 없기 때문에 침해 사고의 인지시점이 지체되어 많은 피해를 야기할 수도 있다. 따라서 머신 러닝과 빅데이터 분석 모델 기반으로 끊임없이 증가하는 사이버 보안 위협을 신속하게 탐지, 분석을 통한 대응과 예측할 수 있는 새로운 보안 시스템이 필요하다. 본 논문에서는 머신 러닝과 빅데이터 기술을 활용한 IDS 구축 방안을 제시한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권12호
• /
• pp.5189-5208
• /
• 2015

To address the contradiction between data aggregation and data security in wireless sensor networks, a Recoverable Privacy-preserving Integrity-assured Data Aggregation (RPIDA) scheme is proposed based on privacy homomorphism and aggregate message authentication code. The proposed scheme provides both end-to-end privacy and data integrity for data aggregation in WSNs. In our scheme, the base station can recover each sensing data collected by all sensors even if these data have been aggregated by aggregators, thus can verify the integrity of all sensing data. Besides, with these individual sensing data, base station is able to perform any further operations on them, which means RPIDA is not limited in types of aggregation functions. The security analysis indicates that our proposal is resilient against typical security attacks; besides, it can detect and locate the malicious nodes in a certain range. The performance analysis shows that the proposed scheme has remarkable advantage over other asymmetric schemes in terms of computation and communication overhead. In order to evaluate the performance and the feasibility of our proposal, the prototype implementation is presented based on the TinyOS platform. The experiment results demonstrate that RPIDA is feasible and efficient for resource-constrained sensor nodes.

• 디지털산업정보학회논문지
• /
• 제6권2호
• /
• pp.71-80
• /
• 2010

This thesis is purposed on developing security product co-evaluation statistics administrate program which is can administrate or analysis CC accreditation product using by DEVS modeling via portal site of member of CCRA. Via developing security product evaluation statistics administrate program, it can analysis the trend of all countries of the world in many ways, and noticed the ways of evaluation and accreditation of most countries via scheme analysis. Except this, it can analysis the situation of accreditation trend of any countries via data analysis of ICCC 2009. Also, For trend analysis to evaluation technique of CCRA member, it analyzed up to date technology and policy of the evaluation organization and the Certification Authority of most countries. And it peformed analysis the most trend of information security of evaluation authorization in CCRA member countries. In this program, It provide the function of trend statistics analysis which can statically analyzed the evaluation accreditation trends of most countries and automatical statistics by categorization ( by Product, Class and statistics in national) and report creation functions which can easily extraction and use the needed data. It has been updated the related informations until latest accredited product using by CC(Common Criteria) portal home page's data.

• 시큐리티연구
• /
• 제51호
• /
• pp.275-290
• /
• 2017

1976년 용역경비업법이 제정된 이후 우리나라의 민간경비산업 또한 괄목할 만한 성장을 하였고, 더불어 민간경비원의 다양한 역할이 요구되어지고 있다. 민간경비원은 다중이용시설에 이용자들의 최초접촉자(first contactor)로서 어떠한 사건 사고가 발생하였을 때 가장 먼저 사고 현장상황을 파악하고 대처해야 하며, 응급의료진이 오기 전까지는 가능한 범위 안에서 응급처치를 시행하여야 한다. 그러나 시설이용자들의 안전을 책임지고 있는 민간경비원의 응급처치 교육은 현저히 부족한 실정이라고 사료된다. 따라서 본 연구에서는 첫째, 민간경비원들의 직무 및 응급처치 교육 횟수를 알아보고, 교육 횟수가 응급처치 능력에 어떠한 영향을 미치는지 알아본다. 둘째, 민간경비원들의 응급처치 교육 만족도가 응급처치 능력에 미치는 영향을 살펴볼 필요가 있다고 사료된다. 이와 같은 목적을 위하여 수도권에서 근무하고 있는 민간경비원을 대상으로 응급처치능력에 대한 설문조사를 실시하였다. 자료 분석을 위해서 Stata se/ 14.0ver 을 사용하였으며, 타당도 및 신뢰도분석을 위해 탐색적 요인분석과 Cronbach's a 값을 도출하였다. 응급처치교육의 실태를 살펴보기 위해서 빈도분석, 집단 간 차이분석과 다중회귀분석을 실시하였다. 자료 분석 결과 민간경비원에 대한 직무교육 및 응급처치교육 횟수가 부족 현저히 부족하다는 것을 확인하였으며, 직무 및 응급처치교육의 횟수에 따라서 응급처치교육 만족도 및 응급처치능력에 차이가 있다는 것을 알 수 있었다. 또한, 응급처치 교육만족도가 응급처치능력에 부분적으로 영향을 미치는 것으로 나타났다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권12호
• /
• pp.3398-3415
• /
• 2023

Internet-of-Things (IoT) is an emerging technology that interconnects millions of small devices to enable communication between the devices. It is heavily deployed across small scale to large scale industries because of its wide range of applications. These devices are very capable of transferring data over the internet including critical data in few applications. Such data is exposed to various security threats and thereby raises privacy-related concerns. Even devices can be compromised by the attacker. Modern cryptographic algorithms running on traditional machines provide authentication, confidentiality, integrity, and non-repudiation in an easy manner. IoT devices have numerous constraints related to memory, storage, processors, operating systems and power. Researchers have proposed several hardware and software implementations for addressing security attacks in lightweight encryption mechanism. Several works have made on lightweight block ciphers for improving the confidentiality by means of providing security level against cryptanalysis techniques. With the advances in the cipher breaking techniques, it is important to increase the security level to much higher. This paper, focuses on securing the critical data that is being transmitted over the internet by PRESENT using key-based dynamic S-Box. Security analysis of the proposed algorithm against other lightweight block cipher shows a significant improvement against linear and differential attacks, biclique attack and avalanche effect. A novel key-based dynamic S-Box approach for PRESENT strongly withstands cryptanalytic attacks in the IoT Network.

• 한국정보통신학회논문지
• /
• 제14권6호
• /
• pp.1323-1330
• /
• 2010

음향데이터 수집체계가 다양화되고 고성능화 됨에 따라 수집되는 음향데이터의 양은 기하급수적으로 증가되었다. 이렇게 수집된 음향데이터는 정밀한 분석을 위하여 분석환경으로의 전송이 필요하다. 이러한 수집/분석 체계에서는 빠르고 안정적인 전송은 물론 고도의 완벽한 보안이 요구된다. 하지만 기존시스템은 체송방식을 사용하기 때문에 자료전달에 많은 시간이 필요하다. 아울러 네트워크를 사용하는 경우에 비보호 저속망은 전송 안정성과 자료 보호성이 취약하여 구현이 불가능하다. 이에 본 논문에서는 일반적으로 사용되는 비보호 저속망 환경에서 고용량의 수집 음향데이터를 전송하고 보호하는 시스템을 제시한다. 구현된 시스템은 비보호 저속망 환경에서도 안전하게 음향데이터를 전송하고 다양한 위협 요소로부터 안전하게 음향데이터를 보호한다.

• 시스템엔지니어링학술지
• /
• 제18권2호
• /
• pp.149-159
• /
• 2022

This study investigated the relationship between economic growth and energy security risk levels in Korea using linear and non-linear ARDL methods. While there are many studies on the relationship between energy consumption and economic growth, few studies focus on the relationship between energy security and economic growth considering 4A dimensions of energy security such as energy availability, accessibility, acceptability, and affordability. Energy risk index from Global Energy Institue and GDP data from world bank are used for ARDL and NARDL analysis. Our result of ARDL shows that there is no long-term relationship between energy security risk levels and economic growth. On the other hand, NARDL result shows that there is an asymmetric relationship between economic growth and energy security risk levels in the long run. The results show the importance of expending further research on ensuring energy security to policymakers.

• International Journal of Computer Science & Network Security
• /
• 제23권2호
• /
• pp.89-95
• /
• 2023

Cloud computing today provides huge computational resources, storage capacity, and many kinds of data services. Data sharing in the cloud is the practice of exchanging files between various users via cloud technology. The main difficulty with file sharing in the public cloud is maintaining privacy and integrity through data encryption. To address this issue, this paper proposes an Enhanced RSA encryption schema (ERSA) for data sharing in the public cloud that protects privacy and strengthens data integrity. The data owners store their files in the cloud after encrypting the data using the ERSA which combines the RSA algorithm, XOR operation, and SHA-512. This approach can preserve the confidentiality and integrity of a file in any cloud system while data owners are authorized with their unique identities for data access. Furthermore, analysis and experimental results are presented to verify the efficiency and security of the proposed schema.