• Title/Summary/Keyword: Select of private security

Search Result 22, Processing Time 0.03 seconds

Apply Blockchain to Overcome Wi-Fi Vulnerabilities

  • Kim, Seong-Kyu (Steve)
    • Journal of Multimedia Information System
    • /
    • v.6 no.3
    • /
    • pp.139-146
    • /
    • 2019
  • This paper, wireless internet such as Wi-Fi has a vulnerability to security. Blockchain also means a 'Ledger' in which transaction information that occurs on a public or private network is encrypted and shared among the network participants. Blockchain maintains information integrity by making it impossible for a particular node to tamper with information arbitrarily, a feature that would result in changes in the overall blockchain hash value if any one transaction information that constitutes a block was changed. The complete sharing of information through a peer-to-peer network will also cripple hacking attempts from outside, targeting specialized nodes, and prepare for the "single point of failure" risk of the entire system being shut down. Due to the value of these Blockchain, various types of Blockchain are emerging, and related technology development efforts are also actively underway. Various business models such as public block chains such as Bitcoin, as well as private block chains that allow only certain authorized nodes to participate, or consortium block chains operated by a select few licensed groups, are being utilized. In terms of technological evolution, Blockchain also shows the potential to grow beyond cryptocurrency into an online platform that allows all kinds of transactions with the advent of 'Smart Contract'. By using Blockchain technology, the company makes suggestions to overcome the vulnerability of wireless Internet.

Crime-Prevention in the Community and the Security Activity (환경설계를 통한 범죄예방과 민간경비의 역할)

  • Jang, Ye-Jin
    • Korean Security Journal
    • /
    • no.17
    • /
    • pp.301-316
    • /
    • 2008
  • The occurrence of complicating, multilateral social condition demands the strategy for facing many social state and consolidating public security against criminal loss. The lacking ability of local police for preventing crime can't satisfy the demand of security and can't get rid of fear of crime. At last, it brings a distrust of public confidence and became a factor of serious social crisis. We have problems - not only making an alternative plan for preventing crime, but also introducing CPTED(Crime Prevention Through Environmental Design) by environmental design, to expect crime prevention and to select systemic crime prevention system and the most suitable model. And we have a goal - to recognize the importance of guard activity for local crime, analyse public safety activity in community & focusing guard activity as a strategy for them, apply CPTED in police and private security company as a local crime prevention & setting effective model, and, make it as an index for preventing & dealing with intellectual, brutal crime. The rapid growth in the guarding-activity field lighten the burden of police for crime-prevention. But the misjudgement of some people blocks it to be settled institutionally. It needs to reconsider what is the effective crime-prevention method, at this point of time when the all parts of a nation changing into unlimited competitive, private self-control system.

  • PDF

Interface of EDI System and VPN with IPSec and L2TP for Speed efficiency and Security Level (전송효율과 보안수준을 고려한 EDI 시스템과 VPN의 IPSec와 L2TP의 연동)

  • Choi Byung-Hun;Lee Gun-Ho
    • The KIPS Transactions:PartC
    • /
    • v.12C no.1 s.97
    • /
    • pp.1-10
    • /
    • 2005
  • Electronic Data Interchange(EDI) between a number of companies goes on increasing on the internet. Although a conventional EDI system reduces business process efforts, time, resources, etc., important information is easily and frequently exposed by well trained hackers and crackers, which inflict a severe loss on the company and even put the company under a crisis. This study integrates the conventional EDI system and Virtual Private Tet(VPN) to maximize an overall efficiency of speed and security in data transferring by the level of importance. The EDI system interfaced to IPSec and L2TP of VPN allows us to select two modes : the one focuses on a high speed with a low or a medium level security or the other does on a high level security with a low or a medium level speed. Both the company and the end users get a lot of tangible and intangible advantages by integrating the EDI system and VPN.

Development of Mobile Alarm System using Message Tree for Personal Information Management (개인정보관리를 위한 메시지 트리 기반의 모바일 알람 시스템 구축)

  • Jang, Eun-Young;Kim, Hyung-Jong;Hwang, Jun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.3
    • /
    • pp.153-162
    • /
    • 2009
  • When a private information security incident occurs, the people who own the information are not acknowledged about their information leakage until those affairs appear in public media. This research aims at developing a mobile alarm system for acknowledging suspicious events to the information owners. The mobile alarm system was designed considering the limited user interface of mobile terminal and concept of "personal information leakage message tree" is deployed. The message tree contains every possible situation about personal information leakage and the leaves of the tree has several choices that the information owner can select. This message tree concept enables each information owner to manager his or her information leakage situation by just pushing a few buttons of mobile device. The contribution of this paper is in design of a comprehensive alarm message tree and development of mobile alarm system containing the message tree concept.

Two Attribute-based Broadcast Encryption Algorithms based on the Binary Tree (이진트리 기반의 속성기반 암호전송 알고리즘)

  • Lee, Moon Sik;Kim, HongTae;Hong, Jeoung Dae
    • Journal of the Korea Institute of Military Science and Technology
    • /
    • v.17 no.3
    • /
    • pp.358-363
    • /
    • 2014
  • In this paper, we present two constructions of the attribute-based broadcast encryption(ABBE) algorithm. Attribute-based encryption(ABE) algorithm enables an access control mechanism over encrypted data by specifying access policies among private keys and ciphertexts. ABBE algorithm can be used to construct ABE algorithm with revocation mechanism. Revocation has a useful property that revocation can be done without affecting any non-revoked uers. The main difference between our algorithm and the classical ones derived from the complete subtree paradigm which is apt for military hierarchy. Our algorithm improve the efficiency from the previously best ABBE algorithm, in particular, our algorithm allows one to select or revoke users by sending ciphertext of constant size with respect to the number of attributes and by storing logarithm secret key size of the number of users. Therefore, our algorithm can be an option to applications where computation cost is a top priority and can be applied to military technologies in the near future.

Hidden Indicator Based PIN-Entry Method Using Audio Signals

  • Seo, Hwajeong;Kim, Howon
    • Journal of information and communication convergence engineering
    • /
    • v.15 no.2
    • /
    • pp.91-96
    • /
    • 2017
  • PIN-entry interfaces have high risks to leak secret values if the malicious attackers perform shoulder-surfing attacks with advanced monitoring and observation devices. To make the PIN-entry secure, many studies have considered invisible radio channels as a secure medium to deliver private information. However, the methods are also vulnerable if the malicious adversaries find a hint of secret values from user's $na{\ddot{i}}ve$ gestures. In this paper, we revisit the state-of-art radio channel based bimodal PIN-entry method and analyze the information leakage from the previous method by exploiting the sight tracking attacks. The proposed sight tracking attack technique significantly reduces the original password complexities by 93.8% after post-processing. To keep the security level strong, we introduce the advanced bimodal PIN-entry technique. The new technique delivers the secret indicator information through a secure radio channel and the smartphone screen only displays the multiple indicator options without corresponding numbers. Afterwards, the users select the target value by following the circular layout. The method completely hides the password and is secure against the advanced shoulder-surfing attacks.

A Study on the NCS based Curriculum for Educating Information Security Manpower (정보보호 산업분야 신규 인력 양성을 위한 NCS 기반 교육과정 설계에 관한 연구)

  • Song, Jeong-Ho;Kim, Hwang-Rae
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.17 no.11
    • /
    • pp.537-544
    • /
    • 2016
  • National Competency Standards (NCS) need to be introduced to train newly hired staff and to gradually improve employees' work performance in the information security industry. In particular, the introduction of a new NCS curriculum for new hires is important in order to retain and efficiently manage professionals in the information security field. However, the legacy NCS is not clearly designed for the information security field. So a formal curriculum has been suggested for institutions training the information security workforce. Therefore, this study establishes a competency unit based on the types of personnel, their duties, and required knowledge. To select the competency unit, this study reviewed prior research to understand the required skills and work knowledge, and reviewed recruitment-based NCS that public agencies and public and private companies have carried out, including them in the study. The selected competency unit was classified into a required competency unit and an elective competency unit based on the importance of the duties and the demands of training. Through a verification process for the new, licensed career path model in the NCS information and communications field, this study suggests updated NCS competency units and required courses to provide an appropriate NCS curriculum for newly hired employees in the information security industry.

FAIR-Based Loss Measurement Caused by Personal Information Breach of a Company (FAIR를 통한 개인정보 유출에 따른 기업의 손해금액 산출에 대한 연구)

  • Kim, Jeong-Gyu;Lee, Kyung-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.1
    • /
    • pp.129-145
    • /
    • 2017
  • This study proposes a methodology to estimate the financial damages by personal information breach of a company and to analyse risk systematically through a case study of a company which experiences private information breach. Using FAIR(Factor Analysis of Information Risk) model, estimate the loss amount and to analyse risk objectively of a company by personal information breach. This study estimates adequacy and importance of corresponding factors applying AHP(Analytic Hierarchy Process) on each factors for assessing loss amount. By adopting proposed methodology in this study, the person in charge of actual work can assess and prove the loss amount though the latest risk estimation methodology. In addition, the person in charge can select the proper parameters for the corresponding company and can obtain the objective quantitative estimation. Hence it can be reported to the management by accurately assessing loss amount caused by personal information breach.

A Study on User Authentication Model Using Device Fingerprint Based on Web Standard (표준 웹 환경 디바이스 핑거프린트를 활용한 이용자 인증모델 연구)

  • Park, Sohee;Jang, Jinhyeok;Choi, Daeseon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.631-646
    • /
    • 2020
  • The government is pursuing a policy to remove plug-ins for public and private websites to create a convenient Internet environment for users. In general, financial institution websites that provide financial services, such as banks and credit card companies, operate fraud detection system(FDS) to enhance the stability of electronic financial transactions. At this time, the installation software is used to collect and analyze the user's information. Therefore, there is a need for an alternative technology and policy that can collect user's information without installing software according to the no-plug-in policy. This paper introduces the device fingerprinting that can be used in the standard web environment and suggests a guideline to select from various techniques. We also propose a user authentication model using device fingerprints based on machine learning. In addition, we actually collected device fingerprints from Chrome and Explorer users to create a machine learning algorithm based Multi-class authentication model. As a result, the Chrome-based Authentication model showed about 85%~89% perfotmance, the Explorer-based Authentication model showed about 93%~97% performance.

Finding Industries for Big Data Usage on the Basis of AHP (AHP 기반의 빅데이터 활용을 위한 산업 탐색)

  • Lee, Sang-Won;Kim, Sung-Hyun
    • Journal of Digital Convergence
    • /
    • v.14 no.7
    • /
    • pp.21-27
    • /
    • 2016
  • Big Data is gathering all the attention from every business community. Pervasive use of machine-to-machine (M2M) applications and mobile devices bring an explosion of data. By analyzing this data, the private and public sectors can benefit in the areas of cost reduction and productivity. The Korean government is actively pursuing Big Data initiatives to promote its usage. This paper aims to select industries which fit for the development of Big Data with a verification of the experts. The analytic hierarchy process (AHP) is applied to systematically derive the opinion of more than 50 professionals. Medical / welfare, transportation / warehousing, information and communications / information security, energy, the financial sector have been identified as promising industries. The results can be utilized in developing Big Data best practices thus contributing industrial development.