• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.61-74
• /
• 2004

Risk analysis model is systematic and structural process that considers internal security problems and threat factors of the information systems to find optimal level of security control. But, the risk analysis model is just only defined conceptually and there are not so many empirical studies. This research used structural equation modeling(SEM) research methodology with rigorously validated research instrument. Based on results of this study, risk analysis methodology was proved to be practically useful in e-commerce environment. Factors like threat and control were significantly related to risk. In conclusion, the results of this study can be applied to general situation or environment of information security for analyzing and managing the risk and providing new approach to comprehend concept of risk in e-commerce environment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.2
• /
• pp.382-389
• /
• 2018

Recently cyber attacks can cause serious damage on various information systems. Log data analysis would be able to resolve this problem. Security log analysis system allows to cope with security risk properly by collecting, storing, and analyzing log data information. In this paper, a security log analysis system is designed and implemented in order to analyze security log data using the Logstash in the Elasticsearch, a distributed search engine which enables to collect and process various types of log data. The Kibana, an open source data visualization plugin for Elasticsearch, is used to generate log statistics and search report, and visualize the results. The performance of Elasticsearch-based security log analysis system is compared to the existing log analysis system which uses the Flume log collector, Flume HDFS sink and HBase. The experimental results show that the proposed system tremendously reduces both database query processing time and log data analysis time compared to the existing Hadoop-based log analysis system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.27-35
• /
• 2009

Differential Power Analysis (DPA) based on the statistical characteristics of collected signals has been known as an efficient attack for uncovering secret key of crypto-systems. However, the attack performance of this method is affected very much by the temporal misalignment and the noise of collected side channel signals. In this paper, we propose a new method based on wavelet analysis to surmount the temporal misalignment and the noise problem simultaneously in DPA. The performance of the proposed method is then evaluated while analyzing the power consumption signals of Micro-controller chips during a DES operation. The experimental results show that our proposed method based on wavelet analysis requires only 25% traces compared with those of the previous preprocessing methods to uncover the secret key.

• Journal of Information Technology Applications and Management
• /
• v.23 no.2
• /
• pp.177-194
• /
• 2016

This study analyzed President Park's speeches and the government's industry policy in the field of information security using cognitive map. The relationship analysis between policy tool variables and policy goal variables was employed to derive revitalization strategy of information security. This paper found that entrepreneurship revitalization has very strong causality with expansion of domestic market and global market. But, on the other hand, HR development has very weak causality with job creation and future growth driver because the labor market in the information security industry is poor and its transfer rate to other industry is very high. This study showed that this cognitive map could be characterized by a scarcity of feedback loops and a strong emphasis on the positive loops in the structure of virtuous circle. In this paper, we also constructed a comprehensive cognitive map on the policy vision of information security, showing that there are a risk of cyber threat, an opportunity of new fusion security market, information security reinforcing circle, global economic circle, and domestic market circle.

• Journal of Korean Society for Quality Management
• /
• v.49 no.1
• /
• pp.47-60
• /
• 2021

Purpose: This study proposes methods and procedures for evaluating imaging security systems quality of cabinet x-ray screening system to enhance performance certification technology. Also, conducted a comparative analysis of the literature of test-kit for imaging security quality evaluation. Methods: Comparative analysis of the test-kits and related documents for image quality assessment of cabinet x-ray screening equipment. This allows assessment items were selected and the methods for each assessment item were proposed. In addition, the configuration method of the assessment team was established by applying the technology readiness assessment(TRA). Results: Four of the assessment items were selected when estimate image quality by a comparative analysis of literature. For each assessment item, the evaluation method and minimum level of availability were determined. Finally, this paper proposes an imaging quality assessment of cabinet X-ray imaging security systems. Conclusion: Development of imaging security systems evaluation procedures for cabinet X-ray screening systems can be help improve performance certification of aviation security equipment.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.37-47
• /
• 2022

The need for smart city is emerging all over the world to solve these urban problems such as urban resource and infrastructure shortage, traffic congestion, energy problems and to preemptively respond to the fourth industrial revolution. The analysis that the security of smart city technology is dangerous is dominant all over the world. In this paper, we analyze the technology, security threats and responses of smart city, which are the main security issues of smart city, limited to smart grid, smart building, and smart traffic. In the future, the analysis of various technologies of smart city construction and the research on cyber security are actively progressing, and this paper is expected to be the beginning of the solution plan.

• Journal of Information Processing Systems
• /
• v.20 no.1
• /
• pp.38-52
• /
• 2024

The 5G is the 5th generation mobile network that provides enhanced mobile broadband, ultra-reliable & low latency communications, and massive machine-type communications. New services can be provided through multi-access edge computing, network function virtualization, and network slicing, which are key technologies in 5G mobile communication. However, these new technologies provide new attack paths and threats. In this paper, we analyzed the overall threats of 5G mobile communication through a literature review. First, defines 5G mobile communication, analyzes its features and technology architecture, and summarizes possible security issues. Addition, it presents security threats from the perspective of user devices, radio access network, multi-access edge computing, and core networks that constitute 5G mobile communication. After that, security requirements for threat factors were derived through literature analysis. The purpose of this study is to conduct a fundamental analysis to examine and assess the overall threat factors associated with 5G mobile communication. Through this, it will be possible to protect the information and assets of individuals and organizations that use 5G mobile communication technology, respond to various threat situations, and increase the overall level of 5G security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.575-584
• /
• 2012

A established military security tast based on existing manual and off-line needs the change and development to support effective and systematic task performance according to environment change of informational and scientific project in the military. Therefore this study suggests to set up the standard model of the defense integrated security system to automate and informationize major defense security task based on actual and problem in the area of major defense of security task and case analysis of these in America, England and other countries. The standard model consist of unit systems were made up integrated security system, security management system, man entrance system, vehicle entrance system, high-tech guard system, terror prevention system and the security accident analysis system, and this suggested model based on possible technology and system. If this model is apply to each real military unit, we will expect the development of defense security.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.243-253
• /
• 2016

Company strengthen various information security policy and activity in order to protect important information assets that the company has been dealing with and prevents information security accidents such as personal information spill. However, some study said these policy and activity increase employee's information security stress and still information security accidents by employees have happened so far. Therefore, this study will review preceding theories and studies used in many various fields including Information Security areas needed to explain human's behavioral intention and determinants and summarize characteristic factors that have influence on control of human's behavioral intention in the results of the above theories and studies. Secondly, this study will implement exploratory analysis on characteristic factors perceived by employees that has been stemmed from various company's information security policy and activity in order to increase employee/'s information security compliance intention under the its surrounding security circumstance. Thirdly, this study will fulfil multiple-regression analysis in order to identify cause-effect relationship between employee's perceived information security stress and employee's perceived characteristic factor. Finally, this study will explain casual relationship with same analysis methods between information security stress and information security compliance intention based on results of the survey conducted on the financial firm's employees with same analysis methods.

• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.635-644
• /
• 2002

We propose the PBSM(Protocol-Based Security Module) system which guarantees the secure data transmission under web environments. There are two modules in the PBSM architecture. One is Web Server Security Module(WSSM) which is working on a web server, the other is the Winsock Client Security Module(WSCSM) which is working on a client. The WSCSM security module decrypts the encrypted HTML document that is received from the security web server. The decrypted HTML document is displayed on the screen of a client. The WSSM module contains the encryption function for HTML file and the decryption function for CGI(Common Gateway Interface). The formal analysis methodology is imported from format theory for analyzing the data flow of the PBSM system. The formal analysis methodology is based on the order theory.