• Journal of Digital Convergence
• /
• v.12 no.6
• /
• pp.311-316
• /
• 2014

Social network server due to the popularity of smart phones, and data stored in a big usable access data services are increasing. Big Data Big Data processing technology is one of the most important technologies in the service, but a solution to this minor security state. In this paper, the data services provided by the big -sized data is distributed using a double hash user to easily access to data of multiple distributed hash chain based data processing technique is proposed. The proposed method is a kind of big data data, a function, characteristics of the hash chain tied to a high-throughput data are supported. Further, the token and the data node to an eavesdropper that occurs when the security vulnerability to the data attribute information to the connection information by utilizing hash chain of big data access control in a distributed processing.

• The Journal of Korean Association of Computer Education
• /
• v.13 no.6
• /
• pp.91-98
• /
• 2010

NAC(Network Access Control) has been developed as a solution for the security of end-point user, to be a target computer of worm attack which does not use security patch of OS and install Anti-Virus, which spreads the viruses in the Intra-net. Currently the NAC products in market have a sufficient technology of pre-connect, but insufficient one of post-connect which detects the threats after the connect through regular authentication. Therefore NAC users have been suffered from Zero-day attacks and malware infection. In this paper, to solve the problems in the post-connect step we generate the normal behavior profiles using the traffic information of each host, host information through agent, information of open port and network configuration modification through network scanner addition to authentication of host and inspection of policy violation used before. Based on these we propose the system to detect the hosts infected malware.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.25-36
• /
• 2019

With the development of information and communication technology, hospitals that electronically process and manage medical information of patients are increasing. However, if medical information is processed electronically, there is still room for infringing personal information of the patient or medical staff. Accordingly, in 2017, the International Organization for Standardization (ISO) published ISO TS 25237 Health Information - Pseudonymization[1]. In this paper, we examine the re - identification process based on ISO TS 25237, the procedure and the problems of our proposed method. In addition, we propose a new processing scheme that adds a re-identification procedure to our secure differential privacy method [2] by keeping a mapping table between de-identified data sets and original data as ciphertext. The proposed method has proved to satisfy the requirements of ISO TS 25237 trust service providers except for some policy matters.

• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.159-167
• /
• 2020

The Korean government has pursued various policies to revitalize the cloud industry since 2009. In particular, the government enacted the 'Cloud Computing and Privacy Security Act' for the first time in the world in 2015, creating institutions and support programs to boost the cloud industry. As a result, the volume of the cloud industry has increased significantly, and the number of companies and professionals have increased. In this paper, the researches analyzed the situation of Korean cloud market, usage of cloud computing in enterprises, effects and problems of cloud-enabled companies based on the industrial survey conducted from 2016 to 2019, In this study, the results showed concerns of security, uncertainty about cost savings, and IT capabilities of enterprises as problems in revitalizing the cloud industry. The researches also propose strategies, perception changes, and development processes for companies to resolve the problems.

• Journal of Korean Society of Disaster and Security
• /
• v.5 no.2
• /
• pp.81-87
• /
• 2012

Critical infrastructures (energy, information technology and communications, banking, transportation, public government services, etc.) are now more vital to modern society. Citizens, businesses and governments all rely on an array of interlinked physical and information infrastructures to satisfy their needs and perform their daily operations. At the same time, these infrastructures are becoming increasingly interdependent, such that failure of one of them can often propagate and result in domino effects. Recent dramatic episodes, from 9/11 to the Madrid train bombings, the April 2010 ash cloud the power cuts in Korea in 2011, and the cyber-attacks have highlighted the need for a comprehensive, internationally coordinated policy for the protection of critical infrastructures. For the purposes of this report, we define critical infrastructure as infrastructure whose failure would result in substantial damage to society and/or the economy.

• Convergence Security Journal
• /
• v.13 no.2
• /
• pp.195-202
• /
• 2013

Defense reform our military for the globalization of information. Scientific command structure, troop structure, unit structure, step-by-step into the power structure while promoting a history of quantitative-oriented structure, and structure of the quality of state-of-the-art technology-driven transition in the middle of the bottle numberplans about the current 3.3-fold increase in reducing the cadre(officers and NCOs). NCO groups in the executive, especially expanding the current level of 100% increase in the rate of long-serving, while ensuring a stable job and to superior resources to secure a stable policy through science. Military alliance is now underway. In the midst of this group, and urged the group at the University of the leading military and specialized resources to ensure each agreement required by subjects to reflect. Thus effectively improve the quality of education and the demands of the job analysis, DACUM curriculum development methods and procedures can be applied at the time of urgent need for foster an excellent resource for the discharge of curriculum development at the University of Selected as a core job, career, and job classification configuration inside of Duty according to KST derived from the group reflect on the training courses to meet the requirements in the curriculum through the development of curriculum, job definition, job model set to propose.

• Journal of Digital Convergence
• /
• v.13 no.5
• /
• pp.219-226
• /
• 2015

OTP(One Time Password) is for user authentication of Internet banking and users should carry their security card or OTP generator to use OTP. If they lost their security card or OTP generator, there is at risk for OTP leak. This paper suggests a new User Authentication Framework using personal health information from diverse technology of u-Health. It will cover the problem of OTP loss and illegal reproduction A User Authentication Framework is worthy of use because it uses various combinations of user's physical condition which is inconstant. This protocol is also safe from leaking information due to encryption of reliable institutes. Users don't need to bring their OTP generator or card when they use bank, shopping mall, and game site where existing OTP is used.

• Journal of Digital Convergence
• /
• v.15 no.7
• /
• pp.201-211
• /
• 2017

Wireless network using dynamic IP and mobile IP technology provides the user with convenience of access and movement. However, this causes the attacker who disguises normal user(pretending to be a regular user) to have more opportunity in regard to access and acquisition of information. This paper help the network administrator and the service provider quickly to recognize the attacker's intention to access network and service. Therefore network administrator and service provider can specify and respond the location of the attacker appropriately. To achieve above, we define an entity (W_L_M) that manages user information of WiFi and LTE network, and propose messages and procedures for attacker's location identification and alarm. The performance evaluation of this paper is based on qualitative analysis. By using the proposed method, some cost (message creation, processing and transmission) occurred but it was analyzed to be less than the total network operation cost. The proposal of this paper is a management method that utilizes existing network information and structure. This method can be used as a reference material to enhance security.

• Journal of Digital Convergence
• /
• v.17 no.12
• /
• pp.235-241
• /
• 2019

The structure of the IoT can be divided into devices, gateways, and servers. First, the gateway collects data from the device, and the gateway sends data to the server through HTTP protocol, Websocket protocol, and MQTT protocol. The processing server then processes, analyzes, and transforms the data, and the database makes it easy to store and use this data. These IoT services are basically centralized structures with servers, so attacks on the entire platform are concentrated only on the central server, which makes hacking more successful than distributed structures. One way to solve this problem is to develop IoT that combines blockchain. Therefore, the proposed research suggests that the blockchain is a distributed structure, in which blocks containing small data are connected in a chain form, so that each node agrees and verifies the data with each other, thereby increasing reliability and lowering the probability of data forgery.

• Journal of the Society of Disaster Information
• /
• v.5 no.1
• /
• pp.78-100
• /
• 2009

This study is to protect peoples' life, minimize the property damage by coping with threats quickly and take more preventive measures in advance against nuclear bomb, CBR, and potential explosive. For this, CBRNE(Chemical, Biological, Radiological, Nuclear, Explosive) program research was used. Thanks to advance in technology, terrorist groups and even individuals make or keep nuclear and CBR weapons. And also it's likely that disaster and threats from a toxic gas, acute pathogens, accidents in the nuclear power plants and a high explosive could be happened a lot. Recently more organized terrorist groups maintain random attacks for unspecified individuals and also it's highly likely that a large-scale terrorist attack by WMD and CBRNEwill be done. To take strict measures against CBRNE attacks by terrorists is on the rise as an urgent national task. Moreover biological weapons are relatively easy and inexpensive to obtain or produce and cause mass casualties with a small amount. For this reason, more than 25 countries have already possessed them. In the 21 st century, the international safety environment marks the age of complicated threats : transnational threats such as comprehensive security and terror, organized crime, drug smuggling, illegal trade of weapons of mass destruction, and environmental disruption along with traditional security threats. These cause military threats, terror threats, and CBRNE threats in our daily life to grow. Therefore it needs to come up with measures in such areas as research development, policy, training program. Major industrial nations on CBRNE like USA, Canada, Switzerland, and Israel have implemented various educational programs. These researches could be utilized as basic materials for drawing up plans for civil defense, emergency services and worldwide countermeasures against CBRNE.