• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.2
• /
• pp.580-599
• /
• 2021

Software-Defined Networking (SDN) has three key features: separation of control and forwarding, centralized control, and network programmability. While improving network management flexibility, SDN has many security issues. This paper systemizes the security threats of SDN using spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE) model to understand the current security status of SDN. First, we introduce the network architecture and data flow of SDN. Second, we analyze security threats of the six types given in the STRIDE model, aiming to reveal the vulnerability mechanisms and assess the attack surface. Then, we briefly describe the corresponding defense technologies. Finally, we summarize the work of this paper and discuss the trends of SDN security research.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.33-54
• /
• 2016

In the modern society based on information and communication, which is exposed to the risks of a lot of information security breaches, corporate information assets may be an economical scale in a country. Most of damages derived from corporate technological information leak often occur in small and medium corporations. Although many information security managers in corporations have focused on certification systems such as information security management system, small and medium corporations are poorly aware of the information security, and their environments surrounding it should be also improved. In addition, it is difficult to expect spontaneous participations in it, since the sustainable information security management systems are often not forced to be certified. Thus, the purpose of this study is to examine plans to improve small and medium corporations' technological protections by using some component of the information security management system. On the basis of this examination, it also attempts to discuss some methods for effective and efficient information security in the small and medium corporations' technological protections.

• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.67-76
• /
• 2024

The Internet of Things (IoT) has revolutionized communication and device operation, but it has also brought significant security challenges. IoT networks are structured into four levels: devices, networks, applications, and services, each with specific security considerations. Personal Area Networks (PANs), Local Area Networks (LANs), and Wide Area Networks (WANs) are the three types of IoT networks, each with unique security requirements. Communication protocols such as Wi-Fi and Bluetooth, commonly used in IoT networks, are susceptible to vulnerabilities and require additional security measures. Apart from physical security, authentication, encryption, software vulnerabilities, DoS attacks, data privacy, and supply chain security pose significant challenges. Ensuring the security of IoT devices and the data they exchange is crucial. This paper utilizes the Random Forest Algorithm from machine learning to detect anomalous data in IoT devices. The dataset consists of environmental data (temperature and humidity) collected from IoT sensors in Oman. The Random Forest Algorithm is implemented and trained using Python, and the accuracy and results of the model are discussed, demonstrating the effectiveness of Random Forest for detecting IoT device data anomalies.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.769-772
• /
• 2012

Personal Information Article2 defines personal authentication information, secret information, bio information for personal information and it is stipulated under article29 that the one who have duties must take adequate technological, administrative, physical measures to prevent from illegal reading and sneaking. Also it is stipulated under information communication network law28(1), enforcement regulation9, Korea Communications Commitee notice. To satisfy this, the one who have to take security actions of personal information are required to take technological measures and establish positive measures to continuously manage it.The insurance of technological security is possible by encryption of personal information, secure management and operation of encryption key,taking personal information security level of providin access control of personal information reading and audit.In this paper, we will analyze various technologies of personal information encryption which are essencial component in technological security measuresof personal information. This paper will help choose which technological measures you should take in personal information security.

• Journal of Information Technology Applications and Management
• /
• v.28 no.6
• /
• pp.23-43
• /
• 2021

This research is a study on smart homes products, which interest and research are being conducted, because of the recent development of the Internet of Things. Consumer's Purchase intention was set as a dependent variable, and technological trust was used as a mediating variable. We used Technology Acceptance Model as background theory. Perceived ease of use, Perceived usefulness, Security, and Brand were set as independent variables. The results of this study are as follows. First, it was found that perceived ease of use, perceived usefulness, and security significantly affected technological trust that consumers feel. Second, technological trust also had a significant effect on purchase intention, and it was found that perceived ease of use, perceived usefulness, and product security, excluding brands, had an indirect mediating effect on consumers' purchase intention through technological trust. This study is meaningful in that by conducting user-centered research, and results that are partially contrasted with existing studies are derived from increasing the interest of factors we used.

• ETRI Journal
• /
• v.36 no.1
• /
• pp.183-186
• /
• 2014

In this letter, we consider a cooperation system with multiple untrusted relays (URs). To keep the transmitted information confidential, we obtain joint channel characteristics (JCCs) through combining the channels from the source to the destination. Then, in the null space of the JCCs, jammers construct artificial noise to confuse URs when the source node broadcasts its data. Through a distributed implementation algorithm, the weight of each node can be obtained from its own channel state information. Simulation results show that high-level security of the system can be achieved when internal and external eavesdroppers coexist.

• Proceedings of the KAIS Fall Conference
• /
• 2003.11a
• /
• pp.211-215
• /
• 2003

Network security should be first considered in a distributed computing environment with frequent information interchange through internet. Clear classification is needed for information users should protect and for information open outside. Basically proper encrypted database system should be constructed for information security, and security policy should be planned for each site. This paper describes access control, user authentication, and User Security and Encryption technology for the construction of database security system from network users. We propose model of network encrypted database security system for combining these elements through the analysis of operational and technological elements. Systematic combination of operational and technological elements with proposed model can construct encrypted database security system secured from unauthorized users in distributed computing environment.

• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.97-105
• /
• 2015

Technology Security, especially in knowledge-intensive society, is becoming the most important organizational activity for the long-term success of a firm. However, there is not sufficient empirical research of activities of technology securities and business performance. This is one of the reason why Korean firms are reluctant to invest their resources to the technology security. We have tried to empirically analyze the relationship between a market and technological characteristics, which is one of the important business environmental characteristics and the activities of technology securities of Korean business firm by taking three hypotheses related to this research and investigating 209 Korean firms. According to the statistical research, results of the analyses suggest that the market and technological characteristics have positive impact on the activities of technology securities. Also the activities of technology securities have positive impact on the performance of technology security. More specifically, the results suggest that the relationship between the competitiveness of market and technological excellency and the activities of technology securities is supported statistically. But, the reverse relationship between the easiness of market entrance and the activities of technology securities is supported statistically. Also, there is no moderating effect of firm size between the relationship between a market and technological characteristics and the activities of technology securities. Finally, the relationship between the activities of technology securities and the risk of technology leakage is supported statistically.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.109-114
• /
• 2020

Currently, in the 4th industrial revolution era(4IR), the convergent infrastructure has been established by actively utilizing data based on the existing digital technological innovation in the 3rd industrial revolution. Thus, the technological innovation based on the knowledge-information society needs to put innovative efforts for creating new business models in various areas. Thus, this study aims to present an Electronic Security Framework by suggesting the Cyber-Physical Security System(CPSS) that could more accurately predict and efficiently utilize it based on structured data obtained by collecting, analyzing, and processing an enormous amount of unstructured data which is a core technology distinguished from the 3rd industrial revolution.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.37-51
• /
• 2012

The purpose of this study is to approach information security from a more comprehensive perspective. Particularly, information countermeasures includes a technological tool for end users, thereby increasing the end users' technological stresses. Based on the technostress framework, we investigate a effect of security awareness training on technostress, and also examine a effect of technostress on the persistent security compliance. Results showed that security awareness training influenced on techno-overload and techno-uncertainty. We also found that techno-overload and techno-uncertainty have a significant effect on the persistent security compliance. Conclusion and implications are discussed.