• Title/Summary/Keyword: Security Enhancement

Search Result 362, Processing Time 0.028 seconds

One-Time Virtual Card Number Generation & Transaction Protocol using Integrated Authentication Center (통합인증센터를 활용한 일회용 가상카드번호 생성 및 결제서비스 프로토콜)

  • Seo, Seung-Hyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.3
    • /
    • pp.9-21
    • /
    • 2010
  • Recently, famous online shopping websites were hit by hacking attack, and many users' personal information such as ID, password, account number, personal number, credit card number etc. were compromised. Hackers are continuing to attack online shopping websites, and the number of victims of these hacking is increasing. Especially, the exposure of credit card numbers is dangerous, because hackers maliciously use disclosed card numbers to gain money. In 2007 Financial Cryptography Conference, Ian Molly et al. firstly proposed dynamic card number generator, but it doesn't meet reuse resistant. In this paper, we analyzed security weaknesses of Ian Molly's scheme, and we proposed a new one-time virtual card number generator using a mobile device which meets security requirements of one-time virtual card numbers. Then, we propose one-time credit card number generation and transaction protocol using Integrated Authentication Center for user convenience and security enhancement.

Research on the Zero Trust Trend Analysis and Enterprise Security Enhancement (제로트러스트 동향 분석 및 기업 보안 강화 연구)

  • Min Gyu Kim;Chanyoung Kang;Sokjoon Lee
    • Smart Media Journal
    • /
    • v.12 no.5
    • /
    • pp.46-57
    • /
    • 2023
  • As the COVID-19 pandemic and the development of IT technology have led to the gradual popularization of remote and telecommuting, cloud computing technology is advancing, and cyber attack techniques are becoming more sophisticated and advanced. In response to these trends, companies are increasingly moving away from traditional perimeter-based security and adopting Zero Trust to strengthen their security. Zero Trust, based on the core principle of doubting and not trusting everything, identifies all traffic and grants access permissions through a strict authentication process to enhance security. In this paper, we analyze the background of Zero Trust adoption and the adoption policies and trends of countries that are proactively promoting its implementation. Additionally, we propose necessary efforts from governments and organizations to strengthen corporate security and considerations for companies when applying Zero Trust.

User Perception of Personal Information Security: An Analytic Hierarch Process (AHP) Approach and Cross-Industry Analysis (기업의 개인정보 보호에 대한 사용자 인식 연구: 다차원 접근법(Analytic Hierarch Process)을 활용한 정보보안 속성 평가 및 업종별 비교)

  • Jonghwa Park;Seoungmin Han;Yoonhyuk Jung
    • Information Systems Review
    • /
    • v.25 no.4
    • /
    • pp.233-248
    • /
    • 2023
  • The increasing integration of intelligent information technologies within organizational systems has amplified the risk to personal information security. This escalation, in turn, has fueled growing apprehension about an organization's capabilities in safeguarding user data. While Internet users adopt a multifaceted approach in assessing a company's information security, existing research on the multiple dimensions of information security is decidedly sparse. Moreover, there is a conspicuous gap in investigations exploring whether users' evaluations of organizational information security differ across industry types. With an aim to bridge these gaps, our study strives to identify which information security attributes users perceive as most critical and to delve deeper into potential variations in these attributes across different industry sectors. To this end, we conducted a structured survey involving 498 users and utilized the analytic hierarchy process (AHP) to determine the relative significance of various information security attributes. Our results indicate that users place the greatest importance on the technological dimension of information security, followed closely by transparency. In the technological arena, banks and domestic portal providers earned high ratings, while for transparency, banks and governmental agencies stood out. Contrarily, social media providers received the lowest evaluations in both domains. By introducing a multidimensional model of information security attributes and highlighting the relative importance of each in the realm of information security research, this study provides a significant theoretical contribution. Moreover, the practical implications are noteworthy: our findings serve as a foundational resource for Internet service companies to discern the security attributes that demand their attention, thereby facilitating an enhancement of their information security measures.

A Study on the Performance Enhancement of Communication Mechanism for Distributed Intrusion Detection (분산 침입 탐지 통신 메커니즘의 성능 향상에 관한 연구)

  • 장정숙;전용희
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2002.11a
    • /
    • pp.16-19
    • /
    • 2002
  • 분산 침입 탐지시스템은 감시되는 호스트 수에 비례하여 데이터 분석이 다수의 위치에서 수행되는 시스템이다. 따라서, 침입 탐지를 위하여 구성된 컴포넌트 사이의 효율적인 정보 분배가 중요한 문제이며, 통신 메커니즘은 신뢰성, 효율성, 안전성 그리고 확장성이 요구된다. 분산 침입 탐지 시스템의 통신 형태를 나타내는 통신모델 중에서, 높은 확장성 때문에 고려되고 있는 모델로 피어 대 피어 통신 모델이 있다. 이 모델은 특정한 형태의 관심전파와 데이터 전달 방법에 따라 다시 계층적 구조와 직접 연결로 분류할 수 있다. 본 논문에서는, 분산 침입탐지에서 침입 탐지정보를 전달하는 두 가지 방법에 대하여 분석하고, 통신 메커니즘의 성능을 향상시키는 방안을 제시하고자 한다.

  • PDF

On the Security Enhancement of the OTAR Protocol and Cryptosystems (무선 키 갱신 프로토콜 OTAR의 암호 시스템 개선 방안)

  • Lee HoonJae;Lee SangGon;Park Jongwook;Yoon JangHong
    • Journal of Internet Computing and Services
    • /
    • v.6 no.3
    • /
    • pp.31-43
    • /
    • 2005
  • OTAR system is a highly authentic key management system that has functions with access control. data integrity and data confidentiality, In this paper, we analyze the existing TIA/EIA Over-The-Air-Rekeying key managements protocol. focused to symmetric ciphers. It can be used to understand the technical trend on technologies about TIA/EIA OTAR standardization. This results can be used to evaluate security properties of a remote rekeying, The proposed system contains a highly reliable system synchronization.

  • PDF

A Study on the Early-Age Strength Property of Concrete Using Liquid Admixture (액상형 조강제를 사용한 콘크리트의 초기강도 특성에 관한 연구)

  • Song, Tae-Hyeob;Lee, Sea-Hyun;Ryu, Deug-Hyun;Park, Cho-Bum
    • Proceedings of the Korea Concrete Institute Conference
    • /
    • 2006.05b
    • /
    • pp.469-472
    • /
    • 2006
  • Amount used of admixture fare is increasing for concrete economic efficiency and ability security. Security of economic efficiency and ability can expect by use of this admixture fare but is displaying a lot of problems on early age strength hold by hydrate delay relatively. Specially, in the case of construction site, concrete strength can speak that interrelation is high with mold removal of forms time. Therefore, is economical and need examination of plan that can secure robber within 3 days using admixture fare such as fly ash and blast furnace slage differential speech to secure function. In this study, adding liquid admixture within 1% of a binding agent quantity to examine these problem with physical characteristic after hardening ago specially, strength change at standard and air dry curing of observed change in priority. Air dried and water curing total strength enhancement effects appeared by thing which is in case of add test result liquid admixture by below 1% and strength deputy by passage of age could know is not big.

  • PDF

Performance Enhancement Scheme for RR Protocol in MIPv6 (MIPv6에서 RR프로토콜 성능개선 방안)

  • 나재훈;이달원;손승원;조인준
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2003.07a
    • /
    • pp.267-271
    • /
    • 2003
  • IETF mobileip WG에서 MN(Mobile Node)의 위치를 나타내는‘바인딩정보’를 안전하게 CN(Correspond Node)에게 송신하여 최적경로를 설정하는 RR(Return Routability)프로토콜을 드래프트 문서로 제안하고 있다[1]. 하지만 이 프로토콜은 최적경로설정이 MN에 의해 시작됨에 따라 최적경로설정 지연에 따른 최적경로설정 확률의 저하와 불필요한 메시지 교환에 따른 통신부담을 문제점으로 지적할 수 있다. 본 논문에서는 상기와 같은 문제점 해결방안으로 HA(Home Agent)가 CN으로부터 첫번째 패킷을 수신했을 때 최적경로설정을 시작하도록 개선된 RR프로토콜을 제안하였다. 이를 통해서 최적경로 설정에 소용되는 시간을 단축하고 교환되는 메시지 수를 감소시켜 통신부담 경감효과를 얻을 수 있다. 이럼에도 불구하고 기존의 RR프로토콜과 동일한 보안수준을 제공한다.

  • PDF

Study of the Enhancement of Military Operation Supporting System (비상시 정부의 효율적인 군사작전 지원방안 연구)

  • Choi, Jae-Kyung
    • Journal of National Security and Military Science
    • /
    • s.5
    • /
    • pp.87-130
    • /
    • 2007
  • ROK and the United States finally reached accord on the controversial transition of Wartime Operational Control on February, 2007, and ROK Government needs to strengthen the role of supporting for the comprehensive threats of futuristic warfare. The crucial point of the supporting for Military Operation depends on the nation's mobilization capabilities. For the effective mobilization the following facets can be improved further. First of all, the organizational integrity of the mobilization network within the government can be bolstered along the vertical command chain. The process of mobilization must be improved and it is import to utilize the information system. On the other side the government plan to distribute timely the mobilized resources must be made up for the weak points and developed continuously. We can expect these points to be improved steadily with the execution of the National Defence Reform 2020.

  • PDF

±80kV 60MW HVDC Operational Strategy in Abnormal State (비상상태에서의 제주 ±80kV 60MW HVDC 운전 방안 연구)

  • Yoon, Jong-Su;Seo, Bo-Hyeok
    • The Transactions of The Korean Institute of Electrical Engineers
    • /
    • v.61 no.5
    • /
    • pp.664-668
    • /
    • 2012
  • This paper presents the operation strategy of KEPCO(Korea Electric Power COporation) ${\pm}80kV$ 60MW Bipole HVDC system that will be applied between Guemak C/S(converter station) and Hanlim C/S in Jeju island. Unlike intertie HVDC system, this system is located in AC power grid inside. Therefore, the enhancement of system security related with line flow and bus voltages can be major operation strategy. In this paper, in particular, the optimal operation algorithm in the abnormal(not steady state) power system is presented and simulated.

A Study on Contingency Constrained Optimal Power Flow Algorithm (상정사고를 고려한 최적조류계산 알고리즘에 관한 연구)

  • Joung, Sang-Houn;Chung, Koo-Hyung;Kim, Bal-Ho
    • The Transactions of the Korean Institute of Electrical Engineers A
    • /
    • v.55 no.3
    • /
    • pp.123-127
    • /
    • 2006
  • The recent movement to deregulated and competitive electricity market requires new concepts in applying dispatch algorithms to system operation and planning. As power systems tend to be operated more closely to their ultimate ratings, the role of Contingency Constrained Optimal Power Flow is changed and the importance for security enhancement will be more increased in the new and competitive electricity market. This paper presents a contingency constrained optimal power flow (CCOPF) algorithm. The proposed algorithm maintains the nodal voltage levels and transmission line's power flow within the specified limits before and after a contingency. A case study demonstrates the proposed algorithm with the IEEE-14RTS under N-1 contingency criterion.