• The KIPS Transactions:PartC
• /
• v.16C no.4
• /
• pp.461-476
• /
• 2009

Digital Printers that are mainly used in enterprises and public institutions are compound machinery and tools which are combined into various functions such as printing, copying, scanning, and fax so on. Digital Printers has security functionality for protecting the important data related with confidential industry technology from leaking. According to the trends, CC(Common Criteria) evaluation and assurance about digital printer is on progress in Japan and USA. Domestically CC evaluation and assurance is started recently. However, the know-how about the digital printer evaluation is not enough and the developers and the evaluators have difficulty in CC evaluation of digital printer products in the country. Therefore, the testing method of digital printer security functionality and evaluation technology is essentially needed for increasing demand for the evaluation afterwards. In this study, we analyze the security functionality and developing trends of digital printer products from internal and external major digital printer companies. Moreover, we research the characters of each security functions and propose guideline for digital printer security functionality evaluation and vulnerability testing methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.809-826
• /
• 2018

The entropy evaluation method for noise sources is one of the evaluation methods for the random number generator that is the essential element of modern cryptographic systems and cryptographic modules. The primary entropy evaluation methods outside of the country are more suitable to apply to hardware noise sources than software noise sources, and there is a difficulty in quantitative evaluation of entropy by software noise source. In this paper, we propose an entropy evaluation method that is suitable for software noise sources, considering characteristics of software noise sources. We select time-dependent noise sources that are software noise sources of Windows OS, and the heuristic analysis and experimental analysis are performed considering the characteristics of each time-dependent noise source. Based on these analyses, we propose an entropy harvest method from the noise source and the min-entropy estimation method as the entropy evaluation method for time-dependent noise sources. We also show how to use our entropy evaluation method in the Conditioning Component described in SP 800-90B of NIST(USA).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.763-780
• /
• 2024

As the domestic and international landscape undergoes rapid changes, the importance of implementing security measures in response to the growing threats that businesses face is increasing. In this context, the need for Security by Design (SbD), integrating security from the early design stages, is becoming more pronounced, with threat modeling recognized as a fundamental tool of SbD. Particularly, to save costs and time by detecting and resolving security issues early, the application of the Shift Left strategy requires the involvement of personnel with limited security expertise, such as software developers, in threat modeling. Although various automated threat modeling tools have been released, their lack of user-friendliness for personnel lacking security expertise poses challenges in conducting threat modeling effectively. To address this, we conducted an analysis of research related to threat modeling tools and derived usability evaluation criteria based on the GQM(Goal-Question-Metric) approach. An expert survey was conducted to validate both the validity and objectivity of the derived criteria. We performed usability evaluations of three threat modeling tools (MS TMT, SPARTA, PyTM), and the evaluation results led to the conclusion that MS TMT exhibited superior usability compared to other tools. This study aims to contribute to the creation of an environment where personnel with limited security expertise can effectively conduct threat modeling by proposing usability evaluation criteria.

• Journal of Information Technology Services
• /
• v.12 no.4
• /
• pp.187-204
• /
• 2013

In this study, we developed a comprehensive model to measure the National Information Security Level based on PRM framework. The proposed model reflected a rapidly changing technology environments such as social network service, mobile devices, and etc. This new model consists of three layers:Infrastructure Layer, the Action Layer and the Performance Layer, and there are 16 sub-indexes under the 3 layers. To develop new model and sub-indexes for measuring the National Information Security Level, much amounts of documents related to security indexes or deliberation criteria and security guidelines from international organization were reviewed and then most probable index pool were composed. The Index pool were verified by expert group consisting of professors and specialists. Through five times of screening and having an evaluation review, 16 sub-indexes were deduced and then Delphi and AHP have been conducted to obtain validity and objectiveness of the indexes. Thus the new proposed national information security index will show more exact national information security level and we expect that the indexes give much implications for establishing information protection policy.

• International Journal of Computer Science & Network Security
• /
• v.21 no.8
• /
• pp.55-64
• /
• 2021

In the last few years, the massive development in wireless networks, high internet speeds and improvement in car manufacturing has shifted research focus to Vehicular Ad-HOC Networks (VANETs). Consequently, many related frameworks are explored, and it is found that security is the primary issue for VANETs. Despite that, a small number of research studies have taken into consideration the identification of performance standards and parameters. In this paper, VANET security frameworks are explored, studied and analysed which resulted in the identification of a list of performance evaluation parameters. These parameters are defined and categorized based on the nature of parameter (security or general context). These parameters are identified to be used by future researchers to evaluate their proposed VANET security frameworks. The implementation paradigms of security frameworks are also identified, which revealed that almost all research studies used simulation for implementation and testing. The simulators used in the simulation processes are also analysed. The results of this study showed that most of the surveyed studies used NS-2 simulator with a percentage of 54.4%. The type of scenario (urban, highway, rural) is also evaluated and it is found that 50% studies used highway urban scenario in simulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.591-605
• /
• 2022

As drones are widely used, attack attempts using drone vulnerabilities are increasing, and drone security is growing in importance. This paper derives security requirements for reconnaissance drone delivered to government office through threat modeling. Threats are analyzed by the data flow of the drone and collecting possible vulnerabilities. Attack tree is built by analyzed threats. The security requirements were derived from the attack tree and compared with the security requirements suggested by national organizations. Utilizing the security requirements derived from this paper will help in the development and evaluation of secure drones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.79-95
• /
• 2004

The Common Criteria can be used as a guideline for one CCRA member to avoid re-evaluating IT security products which were already evaluated by other CCRA members. In this paper, we have analyzed the evaluated IT security products under CC scheme in several nations, such as Unite States, Great Britain and Australia. and defined new category of the IT security products for the domestic CC evaluation. And we have analyzed the domestic and international market on the information security products, have conducted a poll to receive opinions and demands of the Korean industries for Korea policy decision maker to select the possible IT security products which will be evaluated in Korea under CC scheme. As a conclusion, we have selected 15 IT products based on the response to a poll by the industries, the market size, the evaluation amount demanded by the user, manufacturer, and evaluator, to select the possible IT security product under CC schemes in Korea during next 5 years. Moreover, the characteristics, the benefit, and the demerit of the selected IT products were analyzed. This paper can be used as a guideline document for Korea policy decision maker to select the IT products to be evaluated under CC scheme in Korea for next 5 years.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.71-80
• /
• 2010

This thesis is purposed on developing security product co-evaluation statistics administrate program which is can administrate or analysis CC accreditation product using by DEVS modeling via portal site of member of CCRA. Via developing security product evaluation statistics administrate program, it can analysis the trend of all countries of the world in many ways, and noticed the ways of evaluation and accreditation of most countries via scheme analysis. Except this, it can analysis the situation of accreditation trend of any countries via data analysis of ICCC 2009. Also, For trend analysis to evaluation technique of CCRA member, it analyzed up to date technology and policy of the evaluation organization and the Certification Authority of most countries. And it peformed analysis the most trend of information security of evaluation authorization in CCRA member countries. In this program, It provide the function of trend statistics analysis which can statically analyzed the evaluation accreditation trends of most countries and automatical statistics by categorization ( by Product, Class and statistics in national) and report creation functions which can easily extraction and use the needed data. It has been updated the related informations until latest accredited product using by CC(Common Criteria) portal home page's data.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.11-17
• /
• 2012

Network security performance evaluation is a complex and diverse system environments, a single, specific performance measurements alone performance evaluation measure itself and the meaning of the reliability of the evaluation results do not limit the number of days only. In this paper, we propose a method to measure the security features of security, QoS measurement techniques using MOS satisfaction. MOS(Mean Opinion Score) Rating specifications for network security, QoS satisfaction and how to operate the development and operational model for future customer's satisfaction for information systems that can be used to evaluate the QoS measurement/analysis be utilized in the field. Objectified in the form of standards and performance measurement system provider (supplier development) and consumers(users) all the results available so that how to develop a system. Development is the development of information security features, the performance of these two features networking capabilities and a comprehensive evaluation of a three-gaeyoungyeok Correlating performance measurement methodology. Systematic measurement environment designed using the proposed methodology of this study, when the operating system is on the satisfaction of the security, QoS can be calculated. Forward In addition, a variety of performance metrics and performance measurement methods by extending the network security system satisfaction rating upgrade by the way will be.

• Journal of Advanced Navigation Technology
• /
• v.12 no.4
• /
• pp.384-391
• /
• 2008

These days, along with the information society, the value of information has emerged as a powerful factor for a company's development and sustainability, and therefore, the importance of the Information Security and Management System (ISMS) has emerged and become an integral part of all areas of business. In this paper, ISMS evaluation methods from around the world are compared and analyzed with the standards of various management guidelines, definitions, management of threats and vulnerability, approaches to result calculations, and the evaluation calculation indexes for domestic to propose the best method to evaluate the Information Security Management System that will fit the domestic environment.