• Proceedings of the KIEE Conference
• /
• 1997.07c
• /
• pp.1130-1132
• /
• 1997

This paper proposed an application of artificial neural networks to security assessment(SA) in power system. The SA is a important factor in power system operation, but conventional techniques have not achieved the desired speed and accuracy. Since the SA problem involves classification, pattern recognition, prediction, and fast solution, it is well suited for Kohonen neural network application. Self organizing feature map(SOFM) algorithm in this paper provides two dimensional multi maps. The evaluation of this map reveals the significant security features in power system. Multi maps of multi prototype states are proposed for enhancing the versatility of SOFM neural network to various operating state.

• KIPS Transactions on Software and Data Engineering
• /
• v.2 no.1
• /
• pp.7-18
• /
• 2013

These days, the teaching and learning system has been increasing for the rapid advancement of the information technologies. We can access education systems of good quality anytime, anywhere and we can use the individually personalized teaching and learning system depending on developing the wireless communication technology and the multimedia processing technology. The more the various systems develop, the more software security systems become important. There are a lot kind of fault analysis methods to evaluate software security systems. However, the only assessment method to evaluate software security system is not enough to analysis properly on account of the various types and characteristic of software systems by progressing information technology. Therefore, this paper proposes an integrative method of Fault Tree Analysis (FTA) and Fault Modes and Effect Analysis(FMEA) to evaluate the security of e-teaching and learning system as an illustration.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.9-14
• /
• 2010

The network architecture and analysis model for evaluating the information security are presented to distribute the reliable and secure multimedia digital contents. Using the firewall and IDS, the function of the proposed model includes the security range, related data collection/analysis, level evaluation and strategy proposal. To develop efficient automatic analysis tool, the inter-distribution algorithm and network design based on the traffic analysis between web-server and user are needed. Furthermore, the efficient algorithm and design of DRM/PKI also should be presented before the development of the automatic information security model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.6057-6078
• /
• 2018

Smart home systems provide a safe, comfortable, and convenient living environment for users, whereby users enjoy featured home services supported by the data collected and generated by smart devices in smart home systems. However, existing smart devices lack sufficient protection in terms of data security and privacy, and challenging security and privacy issues inevitably emerge when using these data. This article aims to address these challenging issues by proposing a private blockchain-based access control (PBAC) scheme. PBAC involves employing a private blockchain to provide an unforgeable and auditable foundation for smart home systems, that can thwart illegal data access, and ensure the accuracy, integrity, and timeliness of access records. A detailed security analysis shows that PBAC could preserve data security against various attacks. In addition, we conduct a comprehensive performance evaluation to demonstrate that PBAC is feasible and efficient.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.463-478
• /
• 2024

The limitations of previous research on improving security vulnerabilities in power generation control systems were analyzed, and as an alternative, a cyber security information sharing model is proposed. Understanding the operational characteristics of power generation control systems, we examined the concepts and policies of cyber security information sharing, analyzing practical implementation cases. We presented effective policies and technological approaches that can be applied to power generation control systems, and their efficacy was verified through a model evaluation to validate their impact.

• Journal of Digital Contents Society
• /
• v.5 no.2
• /
• pp.95-100
• /
• 2004

For improve level of information security, the necessity of evaluation and certification of Information Security System(ISS) in increasing. Evalustion and Certification Institute have evaluated ISS for risk prevention of information dysfunction in an advanced countries. But, the problem of the time and cost occurred when it is caused by with application of unlike evaluation criteria each other. The result of effort to solution, Common Criteria(CC) and Common Evaluation Methodology(CEM) is using for evaluation of ISS and mutual recognition. Evaluation participant is needed flexible and active interpretation of CC and CEM for an efficient evaluation preparation and performance.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.91-97
• /
• 2021

The United States is responding to evolving cyberattacks through the Commercial Solutions for Classified Program (CSfC). Authorized safety evaluation and certification are being carried out so that US government agencies can quickly introduce civilian commercial security products into the national pavilion. Commercial security products registered in the CSfC process can be used by defense agencies through a rapid approval process. Defense agencies approve commercial security products without duplicate evaluation. Approved security products can reduce the time, cost, and cost of the approval process required to implement the defense information system. In this study, security control for 4 types of network security architecture MSC (Multi-Site Connectivity), MA (Mobile Access), Campus WLAN, and DAR (Data at Rest) proposed by the US National Security Agency (NSA) for introduction to national defense A detailed analysis was performed on the items.

• Journal of Information Technology Services
• /
• v.15 no.3
• /
• pp.33-50
• /
• 2016

In a dynamic IT environment, employees often utilize external IT resources to work more efficiently and flexibly. However, the use of external IT resources beyond its control may cause difficulties in the company. This is known as "Shadow IT." In spite of efficiency gains or cost savings, Shadow IT presents problems for companies such as the outflow of enterprise data. To address these problems, appropriate measures are required to maintain a balance between flexibility and control. Therefore, in this study, we developed a new information security management system called AIIMS (Advanced IT service & Information security Management System) and the Shadow IT Evaluation Model. The proposed model reflects a Shadow IT's attributes such as innovativeness, effectiveness, and ripple effect. AIIMS consists of five fields: current analysis; Shadow IT management plans; management process; education and training; and internal audit. There are additional management items and sub-items within these five fields. Using AIIMS, we expect to not only mitigate the potential risks of Shadow IT but also create successful business outcomes. Now is the time to draw to the Light in the Shadow IT.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.12
• /
• pp.6243-6259
• /
• 2019

As a foundation of next-generation air transportation systems, automatic dependent surveillance-broadcast (ADS-B) helps pilots and air traffic controllers create a safer and more efficient national airspace system. Owing to the open communication environment, it is easy to insert fake aircraft into the system via spoofing or the insertion of false messages. Efforts have thus been made in academic research and practice in the aviation industry to ensure the security of transmission of messages of the ADS-B system. An identity-based batch verification (IBV) scheme was recently proposed to enhance the security and efficiency of the ADS-B system, but current IBV schemes are often too resource intensive because of the application of complex hash-to-point operations or bilinear pairing operations. In this paper, we propose a lightweight IBV signature scheme for the ADS-B system that is robust against adaptive chosen message attacks in the random oracle model, and ensures the security of batch message verification and against the replaying attack. The proposed IBV scheme needs only a small and constant number of point multiplication and point addition computations instead of hash-to-point or pairing operations. Detailed performance analyses were conducted to show that the proposed IBV scheme has clear advantages over prevalent schemes in terms of computational cost and transmission overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.61-74
• /
• 2007

In Common Criteria evaluation scheme, sponsor and evaluator should estimate evaluation cost and duration of IT security system evaluation in contracting the evaluation project. In this paper, We analyzed study result that achieve at 2003 and 2005, and utilized part of study result. And we empirically estimate relative evaluation effort ratios among evaluation assurance levels($EAL1{\sim}EAL7$) in CC v2.3 and CC v3.1. Also, we estimate the ratios from 'developer action elements', adjusted 'content and presentation of evidence elements', and 'evaluator action elements 'for each assurance component. We, especially, use ratio of amount of effort for each 'evaluator action elements', that was obtained from real evaluators in KISA in 2003. Our result will useful for TOE sponsor as well as evaluation project manager who should estimate evaluation cost and duration for a specific EAL and type of TOE, in a new CC v3.1 based evaluation schem.