• Journal of Digital Convergence
• /
• v.17 no.1
• /
• pp.141-148
• /
• 2019

The advancement of digital technology accelerates intelligence, convergence, and demands better change beyond traditional methods in all aspects of business models and technologies, infrastructure, processes, and platforms. Risk management is becoming more important because of various security risks, depending on the changing business environment and aligned to business goals is emerging from the existing information asset based risk management. For business aligned risk management, it is essential to understand the risk appetite for achieving business goals, which provides a basis for decision-making in subsequent risk management processes. In this paper, we propose a framework for analyzing the risk management framework, pre - existing risk analysis, and protection motivation theory that influences decisions on security risk management. To examine the practical feasibility of the developed risk appetite framework, we reviewed the applicability and significance of the proposed risk appetite framework through an advisory committee composed of security risk management specialists.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.9
• /
• pp.1573-1581
• /
• 2006

To utilize actively the agent which is one of the elements of revitalization of Agro-Foods Mobile I-commerce, an essential prerequisite is agent security. IF using partial PKI(Public Key Infrastructure)-based confirmation mechanism providing security for the agent, the size of agent is becoming larger, the result of the transmission speed is slow, and the confirmation speed is tardy as well because of performing calculation of public keys such as RSA and needing linkage with the CA for the valid examination of certificates. This paper suggests a mechanism that can cross certification and data encryption of each host in the side of improving the problems of key distribution on agent by shaping key chain relationship. This mechanism can guarantee the problem of ky distribution by using agent cipher key(ACK) module and generating random number to fit mobile surroundings and to keep the secret of the agent. Suggested mechanism is a thing that takes into consideration security and efficiency to secure agent for the revitalization of M-Commerce, and is a code skill to make the agent solid and is a safe mechanism minimizing the problems of memory overflow.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.101-106
• /
• 2004

Recently, a network defense simulator becomes essential in studying cyber incidents because the cyber terror become more and more interesting. The network defense simulator is a tool to estimate damages and an effectiveness of a defense mechanism by modeling network intrusions and defense mechanisms. Using this tool, users can find efficient ways of preventing a cyber terror and recovering from the damage. Previous simulators start the simulation after entire scenario has made and been loaded to simulation engine. However, in this way it can't model human judgement and behavior, and it can't simulate the real cyber terror very well. In this paper, we have added a dynamic simulation component to our previous network security simulator. This component improved accurate modeling of network intrusions and defense behaviors. We have also proposed new modified architecture of the simulation system. Finally we have verified correct simulation results from stammer worn simulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.151-166
• /
• 2009

To prove the integrity of digital evidence on the investigation procedure, the data which is using the MD 5(Message Digest 5) hash-function algorithm has to be discarded, if the integrity was damaged on the investigation. Even though a proof restoration of the deleted area is essential for securing the proof regarding a main phase of a case, it was difficult to secure the decisive evidence because of the damaged evidence data due to the difference between the overall hash value and the first value. From this viewpoint, this paper proposes the novel model for the mobile forensic procedure, named as "E-Finder(Evidence Finder)", to ,solve the existing problem. The E-Finder has 5 main phases and 15 procedures. We compared E-Finder with NIST(National Institute of Standards and Technology) and Tata Elxsi Security Group. This paper thus achieved the development and standardization of the investigation methodology for the mobile forensics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.135-145
• /
• 2002

Active networks represent a new approach to network architecture. Nodes(routers, switches, etc.) can perform computations on user data, while packets can carry programs to be executed on nodes and potentially change the state of them. While active networks provide a flexible network iufrastructure, they are more complex than traditional networks and raise considerable security problems. Nodes are Public resources and are essential to the proper and contract running of many important systems. Therefore, security requirements placed upon the computational environment where the code of packets will be executed must be very strict. Trends of research for active network security are divided into two categories: securing active nodes and securing active packets. For example, packet authentication or monitoring/control methods are for securing active node, but some cryptographic techniques are for the latter. This paper is for transferring active packets securely between active nodes. We propose a new method that can transfer active packets to neighboring active nodes securely, and execute executable code included in those packets in each active node. We use both public key cryptosystem and symmetric key cryptosystem in our scheme

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.3
• /
• pp.159-177
• /
• 2015

As smart phones become more common nowadays, mobile instant messengers such as kakao talk and line are used as essential communication tools exchanging information between individuals. Also, the mobile instant messengers extend their use to business area beyond communication between individuals. This study is on how factors of mobile instant messenger such as perceived security, perceived privacy, perceived enjoyment and perceived interactivity affect business continual usage intention through perceived usefulness. The proposed model is based on Expectation-Confirmation Theory of Oliver and Technology Acceptance Mode of Bhattacherjee. For an analysis, 159 survey responses were collected from the office workers in Seoul and nearby cities, having experiences of mobile instant messengers. To validate the proposed research model, PLS analysis is performed with the valid 154 questionnaires. The path analysis results are as follows. First, perceived security has a positive effect on expectation-confirmation. Second, perceived enjoyment has a positive effect on perceived usefulness. Third, perceived interactivity has a positive effect on both perceived usefulness and expectation-confirmation. Fourth, perceived usefulness has a positive usefulness on satisfaction and continual usage intention of mobile instant messenger. Last, expectation-confirmation has a positive effect on perceived usefulness, and satisfaction has a positive effect on continual usage intention of mobile instant messenger. Since the mobile instant messenger may bring a pressure of work and a violation of privacy, it is necessary that the company provide a guideline for use of the mobile instant messenger and establish the in-house mobile instant messenger system.

• The KIPS Transactions:PartC
• /
• v.11C no.2
• /
• pp.183-192
• /
• 2004

As the use of the Internet has explosively increased, it is likely for the Internet to be exposed to various attacks. Modeling the Internet attacks is essential to simulate the attacks. However, the existing studies on attack modeling have mainly focused on classifying and categorizing the attacks and consequently they are not suitable to representing attack scenarios in the Internet security simulation. In this paper, we introduce the existing methods of attack modeling, and propose an adapted attack modeling to properly express the properties for the Internet security simulator. The adapted attack modeling suggests a solution to the problems of the existing attack tree modelings, such as difficulty of composing complex scenarios ambiguity of attack sequence, lack of system state information. And it can represent simultaneous, precise time-dependent attack, and attack period, which are nearly impossible to be represented in many other existing methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.115-125
• /
• 2001

Authentication and access control are essential requirements for the information security of distributed environment. Delegation is process whereby an initiator principal in a distributed environment authorizes another principal to carry out some functions on behalf of the former. Delegation of access rights also increases the availability of services offer safety in distributed environments. A delegation easily provides principal to grant privileges in the single domain with Role-Based Access Control(RBAC). But in the multi-domain, initiators who request delegation may require to limit the access right of their delegates with restrictions that are called delegate restriction to protect the abuse of privilege. In this paper, we propose the delegation view as function of delegation restrictions. Proposed delegation view model not only prevent over-exposure of documents from granting multiple step delegation to document sharing in multi-domain with RBAC infrastructure but also reduce overload of security administrator and communication.

• Journal of Korea Society of Industrial Information Systems
• /
• v.28 no.5
• /
• pp.41-54
• /
• 2023

Smart grid that supports efficient energy production and management is used in various fields and industries. However, because of the environment in which services are provided through open networks, it is essential to resolve trust issues regarding security vulnerabilities and privacy preservation. In particular, the identification information of smart meter is managed by a centralized server, which makes it vulnerable to security attacks such as device stolen, data forgery, alteration, and deletion. To solve these problems, this paper proposes a blockchain based authentication protocol for a smart meter. The proposed scheme issues an unique decentralized identifiers (DIDs) for individual smart meter through blockchain and utilizes a random values based on physical unclonable function (PUF) to strengthen the integrity and reliability of data. In addition, we analyze the security of the proposed scheme using informal security analysis and AVISPA simulation, and show the efficiency of the proposed scheme by comparing with related work.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.123-132
• /
• 2024

In the era of the Internet of Things, 7 billion diverse devices have been interconnected worldwide. Ensuring information security across these varied devices is crucial in this hyper-connected age. To achieve essential security functions such as confidentiality, integrity, and authentication, it is imperative to implement true random number generators (TRNGs). Therefore, this study proposes a method to rapidly characterize the randomness of TRNGs. While there are international standards for formally characterizing the randomness of TRNGs, adhering to these standards often requires significant time and resources. This study aims to help TRNG developers enhance efficiency in both time and cost by characterizing rough randomness and unpredictability. Firstly, we propose applying auto-correlation and cross-correlation metrics for analog signals. Secondly, we suggest adopting joint entropy and mutual information metrics for digital signals.