• Advances in environmental research
• /
• v.12 no.2
• /
• pp.113-122
• /
• 2023

Biometric authentication has become an essential part of modern-day security systems, especially in financial institutions like banks. A face recognition-based ATM is a biometric authentication system, that uses facial recognition technology to verify the identity of bank account holders during ATM transactions. This technology offers a secure and convenient alternative to traditional ATM transactions that rely on PIN numbers for verification. The proposed system captures users' pictures and compares it with the stored image in the bank's database to authenticate the transaction. The technology also offers additional benefits such as reducing the risk of fraud and theft, as well as speeding up the transaction process. However, privacy and data security concerns remain, and it is important for the banking sector to instrument solid security actions to protect customers' personal information. The proposed system consists of two stages: the first stage captures the user's facial image using a camera and performs pre-processing, including face detection and alignment. In the second stage, machine learning algorithms compare the pre-processed image with the stored image in the database. The results demonstrate the feasibility and effectiveness of using face recognition for ATM authentication, which can enhance the security of ATMs and reduce the risk of fraud.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.10
• /
• pp.1375-1380
• /
• 2021

Korea's security response to application service app is still insufficient due to the initial opening of the public safety network. Therefore, preemptive security measures are essential. In this study, we proposed to establish a 'public safety network app security system' to prevent potential vulnerabilities to the app store that distributes app in public safety network and android operating system that operate app on dedicated terminal devices. In order for an application service app to be listed on the public safety network mobile app store, a dataset of malicious and normal app is first established to extract characteristics and select the most effective AI model to perform static and dynamic analysis. According to the analysis results, 'Safety App Certificate' is certified for non-malicious app to secure reliability for listed apps. Ultimately, it minimizes the security blind spots of public safety network app. In addition, the safety of the network can be secured by supporting public safety application service of certified apps.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1305-1317
• /
• 2019

Although encryption for data protection is essential in the big data platform environment of public institutions and corporations, much performance verification studies on encryption algorithms considering actual big data workloads have not been conducted. In this paper, we analyzed the performance change of AES, ARIA, and 3DES for each of six workloads of big data by adding data and nodes in MongoDB environment. This enables us to identify the optimal block-based cryptographic algorithm for each workload in the big data platform environment, and test the performance of MongoDB by testing various workloads in data and node configurations using the NoSQL Database Benchmark (YCSB). We propose an optimized architecture that takes into account.

• The KIPS Transactions:PartC
• /
• v.17C no.2
• /
• pp.165-172
• /
• 2010

Sensor network can be applied in many areas in our life, and security is very important in applying sensor network. For secure sensor communication, pairwise key establishment between sensor nodes is essential. In this paper, we cluster the network field in hexagonal shapes and preassign three different kinds of key information for each sensor according to its expected location. We adopt overlapped key string pool concept for our clustered network architecture and every node uses the part of sub-strings for setting up pairwise keys with all neighboring nodes in its own cluster and from different clusters according to respective position with small amount of information. Our proposal decreases the memory requirement and increases security level efficiently.

• Journal of Information Processing Systems
• /
• v.15 no.4
• /
• pp.765-784
• /
• 2019

The smart city is one of the most promising, prominent, and challenging applications of the Internet of Things (IoT). Smart cities rely on everything connected to each other. This in turn depends heavily on technology. Technology literacy is essential to transform a city into a smart, connected, sustainable, and resilient city where information is not only available but can also be found. The smart city vision combines emerging technologies such as edge computing, blockchain, artificial intelligence, etc. to create a sustainable ecosystem by dramatically reducing latency, bandwidth usage, and power consumption of smart devices running various applications. In this research, we present a comprehensive survey of emerging technologies for a sustainable smart city network. We discuss the requirements and challenges for a sustainable network and the role of heterogeneous integrated technologies in providing smart city solutions. We also discuss different network architectures from a security perspective to create an ecosystem. Finally, we discuss the open issues and challenges of the smart city network and provide suitable recommendations to resolve them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.2
• /
• pp.101-111
• /
• 2004

Risk analysis process, which identifies vulnerabilities and threat causes of network assets and evaluates expected loss when some of network assets are damaged, is essential for diagnosing ISP network security levels and response planning. However, most existing risk analysis systems provide only methodological analysis procedures, and they can not reflect continually changing vulnerabilities and threats information of individual network system on real time. For this reason, this paper suggests new system design methodology which shows a scheme to collects and analyzes data from network intrusion detection system and vulnerability analysis system and estimate quantitative risk levels. Additionally, experimental performance of proposed system is shown.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.4
• /
• pp.73-82
• /
• 2024

In 2017, the United Nations reported that the population aged 60 and above was increasing more rapidly than all younger age groups worldwide, projecting that by 2050, the population aged 60 and above would constitute at least 25% of the global population, excluding Africa. The world is experiencing a decline in the rate of increase in the working-age population due to global aging, and the younger generation tends to avoid difficult and challenging occupations. Although theoretically, AI equipped with artificial intelligence can replace humans in all fields, in the realm of practical information security, human judgment and expertise are absolutely essential, especially in ethical considerations. Therefore, this paper proposes a method to retrain and reintegrate IT professionals aged 50 and above who are retiring or seeking career transitions, aiming to bring them back into the industry. For this research, surveys were conducted with 21 government/public agencies representing demand and 9 security monitoring companies representing supply. Survey results indicated that both demand (90%) and supply (78%) unanimously agreed on the absolute necessity of such measures. If the results of this research are applied in the field, it could lead to the strategic development of senior information security professionals, laying the foundation for a new market in the Korean information security industry amid the era of low birth rates and longevity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1063-1070
• /
• 2021

The development of IT technology emphasizes the importance of training IT professionals, and the need for education for elementary and secondary education as well as adult education for training technical talent is expanding. In particular, information curriculum will be added as an essential course from the 2015 revised curriculum, and IT technology will be understood in the curriculum for elementary and secondary schools and will be required to develop applicability to solve problems based on understanding. Currently, research is under way to integrate IT technologies to provide new services, and if the use of personal information is required in the process, thorough security for the leakage of personal information is pre-empted. It also prevents the identification of personal information in the process of transmitting data to the outside world. In this paper, we propose a training method for elementary school subjects to understand the non-identification process that occurs in the process of transferring data using pipe games so that they can understand the principles of non-identification and develop applications to solve real-life problems.

• IEIE Transactions on Smart Processing and Computing
• /
• v.1 no.2
• /
• pp.95-105
• /
• 2012

The widespread implementation of RFID in ubiquitous computing is constrained considerably by privacy and security unreliability of the wireless communication channel. This failure to satisfy the basic, security needs of the technology has a direct impact of the limited computational capability of the tags, which are essential for the implementation of RFID. Because the universal application of RFID means the use of low cost tags, their security is limited to lightweight cryptographic primitives. Therefore, EPCGen2, which is a class of low cost tags, has the enabling properties to support their communication protocols. This means that satisfying the security needs of EPCGen2 could ensure low cost security because EPCGen2 is a class of low cost, passive tags. In that way, a solution to the hindrance of low cost tags lies in the security of EPCGen2. To this effect, many lightweight authentication protocols have been proposed to improve the privacy and security of communication protocols suitable for low cost tags. Although many EPCgen2 compliant protocols have been proposed to ensure the security of low cost tags, the optimum security has not been guaranteed because many protocols are prone to well-known attacks or fall short of acceptable computational load. This paper proposes a remedy protocol to the flyweight RFID authentication protocol proposed by Burmester and Munilla against a desynchronization attack. Based on shared pseudorandom number generator, this protocol provides mutual authentication, anonymity, session unlinkability and forward security in addition to security against a desynchronization attack. The desirable features of this protocol are efficiency and security.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.101-109
• /
• 2017

The Internet of things is a system that connects and communicates all sorts of things such as people, objects, and data. It's to create and share information by its own each other. It can be used to enhance the function of private security and has brought about innovative development of private security. The Internet of things is a system that allows devices connected to the Internet to communicate independently of people-objects, objects-objects connected to the Internet. That and can be used in many industries, especially in the private security sector, its value is high. The use of the Internet of things to private security sector can reinforce security zones with always-on surveillance systems, also be enhanced by its own preparedness and response to the situation. However, this study will discusse the application and development of private security in the Internet of things. The practical application of the virtual space is an immediate task and it is also an essential factor in securing security.