• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.57-63
• /
• 2016

In recent years, there is growing interest in 'Fin-tech' in the domestic and international financial sector. And a variety of services in such a situation has emerged. To ensure the safety of from hacking attacks, many new technologies have been developed. These leading technology is the Bio-authentication method that you consider applying to the financial sector. Bio authentication is using biometric information. Also it is known that can cope the threat of fabrication and modifying attacks with shared and stored. However, Recently, When you look at hacking incidents of biometric data(560 million cases) in the United States Office of Personnel Management and advent of the fingerprints counterfeit technology, We can be known that should be reconsidered about the safety of bio-certification. Especially, it should be provided with a response measures for the problem of embezzlement that biometric information already been leaked. Thereby In this paper, by investigating biometric technologies and practices applied and of the vulnerability factor in many industries, it expected to be utilized in the prepared threats countermeasures in accordance with the application of the biometric authentication technology in a future.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.47 no.1
• /
• pp.159-168
• /
• 2010

In the recent years, power analysis attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate results in the algorithm computations(encryption, decryption, and key-schedule) are well-known. The type conversion of masking is unavoidable since Boolean operation and Arithmetic operation are performed together in block cipher. Messerges proposed a masking type conversion algorithm resistant general power analysis attack and then it's vulnerability was reported. We present that some of exiting attacks have some practical problems and propose a new power analysis attack on Messerges's algorithm. After we propose the strengthen DPA and CPA attack on the masking type conversion algorithm, we show that our proposed attack is a practical threat as the simulation results.

• Journal of Convergence Society for SMB
• /
• v.2 no.2
• /
• pp.35-41
• /
• 2012

The rapid development of cloud computing and mobile internet service changes to an mobile cloud service environment that can serve and pay computing source that users want anywhere and anytime. But when user misses mobile device, the respond to any threat like user's personal information exposal is insufficient. This paper proposes cloud service access control model to provide secure service for mobile cloud users to other level users. The proposed role-based model performs access authority when performs user certification to adapt various access security policy. Also, the proposed model uses user's attribute information and processes before user certification therefore it lowers communication overhead and service delay. As a result, packet certification delay time is increased 3.7% and throughput of certification server is increased 10.5%.

• Journal of Information Processing Systems
• /
• v.5 no.1
• /
• pp.33-40
• /
• 2009

Ever since the network-based malicious code commonly known as a 'worm' surfaced in the early part of the 1980's, its prevalence has grown more and more. The RCS (Random Constant Spreading) worm has become a dominant, malicious virus in recent computer networking circles. The worm retards the availability of an overall network by exhausting resources such as CPU capacity, network peripherals and transfer bandwidth, causing damage to an uninfected system as well as an infected system. The generation and spreading cycle of these worms progress rapidly. The existing studies to counter malicious code have studied the Microscopic Model for detecting worm generation based on some specific pattern or sign of attack, thus preventing its spread by countering the worm directly on detection. However, due to zero-day threat actualization, rapid spreading of the RCS worm and reduction of survival time, securing a security model to ensure the survivability of the network became an urgent problem that the existing solution-oriented security measures did not address. This paper analyzes the recently studied efficient dynamic network. Essentially, this paper suggests a model that dynamically controls the RCS worm using the characteristics of Power-Law and depth distribution of the delivery node, which is commonly seen in preferential growth networks. Moreover, we suggest a model that dynamically controls the spread of the worm using information about the depth distribution of delivery. We also verified via simulation that the load for each node was minimized at an optimal depth to effectively restrain the spread of the worm.

• Korean Security Journal
• /
• no.2
• /
• pp.227-258
• /
• 1999

In a broad sense, ‘After-care SYSTEM’ for discharged prisoners mean legal actions of prisoners who have been released from lawful detention In its narrow sense, mean preventive protection and observation activities under regular guidance and supervision against those released from penal facilities after a certain period of detention Therefore, they should not be viewed as objects of mere concern or social work programs but preventive protection should he provided to them as part of national criminal policy After-care system is in the following two ways, The one is based on individual prisoner's request and consent, which is called 'Voluntary After-care system', The other is the one which is not based in personal request or consent but is based on obligation, which is named 'Compulsory After-care system In Korea, however no Compulsory After-care system is in practice Voluntary After-care system is to be carried out 6 method in the following by existing Probation, Parole Law. (1) offer of board and lodging (2) allowance of Traveling expense (3) allowance of occupation instrument or lending rehabilitation fund (4) training of occupation and vocational guidance (5) self-reliance support for After-care probationer (6) guidance of good deed And then to establish the society without offenders is the ideal of human beings, but criminal acts don't fade away, so in the field of the science of criminology, the importance of correctional system has become greater. The correctional idea has moved from severe punishment to educational rehabilitation for the goal of protecting both offender and security from the threat of crime in to day Some it is required that Compulsory After-care system is most important system in effective measures, and that existing Probation, Parole Law in Korea is renewed into Compulsory After-care system in the future.

• Journal of Internet Computing and Services
• /
• v.9 no.2
• /
• pp.51-59
• /
• 2008

As the innovative IT are being developed and applied in the e-business environment, firms are recognizing the fact that amount of customer information is providing care competitive edge. However, sensitive privacy information are abused and misused, and it is affecting the firms to require appropriate measures to protect privacy information and implement security techniques to safeguard carparate resources. This research analyzes the threat of privacy information exposure in the e-business environment, suggest the IPM-Trusted Privacy Policy Model in order to resolve the related problem, and examines 4 key mechanisms (CAM, SPM, RBAC Controller, OCM) focused on privacy protection. The model is analyzed and designed to enable access management and control by assigning user access rights based on privacy information policy and procedures in the e-business environment. Further, this research suggests practical use areas by applying TPM to CRM in e-business environment.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.2
• /
• pp.199-206
• /
• 2010

Society of digital information becomes gradually advancement, and it is a situation offered various service, but it is exposed to a serious security threat by a fast development of communication such as the internet and a network. There is required a research of technical encryption to protect more safely important information. And we require research for application of security technology in environment or a field to be based on a characteristics of market of an information security. The symmetric key cipher algorithm has same encryption key and decryption key. It is categorized to Block and Stream cipher algorithm according to conversion ways. This study inspects safety and reliability of proposed SEED, Stream cipher algorithm. And it confirms possibility of application on the communication environments. This can contribute to transact information safely by application of suitable cipher algorithm along various communication environmental conditions.

• Journal of KIISE
• /
• v.43 no.4
• /
• pp.497-508
• /
• 2016

With a cloud storage service, data owners can easily access their outsourced data in cloud storage on different devices and at different locations, and can share their data with others. However, as the users no longer physically have possession of their outsourced data and the cloud still facing the existence of internal/external threats, the task of checking the data integrity is formidable. Over recent years, numerous schemes have been proposed to ensure data integrity in an untrusted cloud. However, the existing public auditing schemes use a third-party auditor(TPA) to execute high computation to check data integrity and may still face many security threats. In this paper, we first demonstrate that the scheme proposed by Zhang et al. is not secure against our two threat models, and then we propose a self-certified public auditing scheme to eliminate the security threats and guarantee a constant communication cost. Moreover, we prove the securities of our public auditing scheme under three security models.

• Journal of National Security and Military Science
• /
• s.2
• /
• pp.121-163
• /
• 2004

Science technique development expanded into, not only land, sea, and air operations but also those of airspace, and cyber battle spaces. It is generally accepted at this time that space centric operations currently cannot be effectively divided from air operations. However, science and technology advancements make it possible to integrate Army, Navy, Airforce, and Marine forces into effective operations as never before. The Republic of Korea Armed Forces needs to establish a more effective joint concept. The US military, considered by many experts as the most effective in the world, understands the necessity of joint operations and accordingly has highly developed its own concept of joint operations. The US joint operational concepts demonstrated their effectiveness during the Iraqi War by dominating the battlefield through effective use of all combat and non-combat power. Following the US Iraqi War experience, the US Department of Defense continued to enhance Joint Capability through the acceleration of US Military Transformation involving all components. The future national security of the Republic of Korea, faced with the peculiarity of communist threat in the form of North Korea, and the conflicting interest of four strong powers; the United States, China, Japan, and Russia, depends on small but strong armed forces employing all available combat power through effective National and Military Strategy, and considering domestic and international constraints. In order to succeed in future wars, military operations following joint operational concepts must effectively employ all available combat power in a timely manner. The Republic of Korea Armed Forces must establish a joint forces concept in order to integrate all available combat power during employment. Therefore we must establish military operations that develop the military structure and organization, doctrine, weapon systems, training and education of our armed forces based on the key concept of joint operations.

• Journal of Digital Convergence
• /
• v.14 no.12
• /
• pp.183-191
• /
• 2016

Most recent trend reveals broader state of provision of NFC service as NFC technology was applied on smartphones which has become core communication tools by providing integrated services such as payment, medical, and personal authentication. Moreover, with integration of original service and NFC technology, new service providers now can handle personal information of original service or can handle other personal information with transition of previous service provider to NFC service provider. Considering current state of security industry along with NFC technology and service, we would like to analyze current stage of security threats and plan the counter strategies to create NFC service structure.