• Information Systems Review
• /
• v.20 no.1
• /
• pp.159-177
• /
• 2018

With an extensive proliferation of information and communication technology, the volume and amount of digital information collected and utilized on the Internet have been increasing rapidly. Also on the rapid rise are side effects such as unintended breach of accumulated personal information and consequent invasion of personal privacy. Informational self-determination is rarely practiced, despite various states' legal efforts to redress data subjects' damage. Personal health information, in particular, is a subcategory of personal information where informational self-determination is hardly practiced enough. The observation is contrasted with the socio-economic inconvenience that may follow due to its sensitive nature containing individuals' physical and health conditions. This research, therefore, reviews factors of self-determination on personal health information while referring to the protection motivation theory (PMT), the long-time framework to understand personal information protection. Empirical analysis of 200 data surveyed reveals threat-appraisal (perceived vulnerability and perceived severity of threats) and coping-appraisal (perceived response effectiveness), in addition to individual levels of concern regarding provided personal health information, influence self-determination to protect personal health information. The research proposes theoretical findings and practical suggestions along with reference for future research topics.

• Journal of Digital Convergence
• /
• v.10 no.10
• /
• pp.325-332
• /
• 2012

Due to its communication vulnerability resulting in a range of problems, e.g. eavesdropping, information exposure, traffic analysis and spoofing, RFID system becomes the target of attackers. Accordingly, many investigators have proposed various protocols to the extent of theorem proving or verification as the implementation is challenging. This paper thus proposes a safe RFID security protocol using public keys, session keys, hashes, XORs, and random numbers. Timestamps and hashes are applied to the most vulnerable section between readers and tags to detect attacks in attack signals with time difference. Also, to prevent tag information from being exposed in the last session, hash operation is adopted before communication. Finally, in this paper, we designed a RFID security protocol using public and session keys applicable to real systems and verified the security of the proposed protocol with a differentiated formal verification technique.

• Journal of information and communication convergence engineering
• /
• v.8 no.1
• /
• pp.1-5
• /
• 2010

In this paper, we propose for improving QoS in wireless micro cellular network using Cellular-IP/PRC(Paging Route Cache) with Paging Cache and Route Cache in Cellular-IP and propose for performance of realtime and non-real time handoff service using Handoff state machine Paging Route Cache. Although the Cellular-IP/PRC technology is devised for mobile internet communication, it bas its vulnerability in frequent handoff environment. On the other hand, Cellular IP combines the capability of cellular networks to provide high performance handoff and efficient location management of active and idle mobile users with the inherent flexibility, robustness and scalability found in IP networks. Also Cellular-IP/PRC use semi-soft handoff. During semi-soft hand off a mobile host may be in contact with either of the old and new base stations and receive packets from them. Packets intended to the mobile node are sent to both base stations and buffered, so when the mobile host eventually moves to the new location it can continue to receive packets without interruption. It should be suitable for realtime service such as multimedia traffic. But, much waste of resource will occur in this method, especially for non-real time services such as FTP and E-mail. Therefore, a new algorithm that performs different handoff according to characteristic of each traffic by use of reserved field in IP packet is proposed in this thesis. This hand off state machine using differentiated handoff improves quality of services in Cellular-IP/PRC. Suggested algorithm shows better performance than existing technology in wireless mobile internet communication environment. Matlab simulation results are improving QoS, show call drop and call blocking provided to Paging Router Cache during handoff state machine in Cellular-IP/PRC.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.3
• /
• pp.131-137
• /
• 2010

UMSN (Ubiquitous Medical Sensor Network) is being used in u-Healthcare system of various medical facilities to identify objects and get information from sensors in real-time. RFID using radio frequency determines objects using Reader, which reads Tags attached to patients. However, there is a security vulnerability wherein Tag send its ID to illegal Reader because Tags always response to Readers request regarding of its Tag ID. In this paper, we propose Tag ID Classification Scheme to reduce Back-end Server traffic that caused by requests to authenticate between Readers and Tags that are attached to medical devices, patients, and sensors; To reduce security threats like eavesdropping and spoofing that sometimes occurred during authentication procedure. The proposed scheme specifies the patient category as a group based on patients Tag ID string. Only allowed Reader can perform authentication procedure with Back-end Server. As a result, we can reduce Back-end Server traffic and security threats.

• Journal of Digital Convergence
• /
• v.14 no.12
• /
• pp.183-191
• /
• 2016

Most recent trend reveals broader state of provision of NFC service as NFC technology was applied on smartphones which has become core communication tools by providing integrated services such as payment, medical, and personal authentication. Moreover, with integration of original service and NFC technology, new service providers now can handle personal information of original service or can handle other personal information with transition of previous service provider to NFC service provider. Considering current state of security industry along with NFC technology and service, we would like to analyze current stage of security threats and plan the counter strategies to create NFC service structure.

• Journal of Korea Multimedia Society
• /
• v.14 no.5
• /
• pp.703-709
• /
• 2011

State-based infrastructure on IT-based network are prone to numerous cyber attack including subsequent hacking and internet infringement. These acts of terrorism are increasing because of the expanding IT convergence technology. Recently, the trend on cyber security monitoring and control researches focus on combining the general idea of security monitoring and control along with IT field and other control systems. This convergence trend has been increasing in both the use and importance. This research analyzes the state-based infrastructure monitoring and control system, its vulnerability as well as its improvement by incorporating the cyber convergence systems to existing systems. The subject of this research is for extensive use of CCTV systems which is expanded for 'CCTV Monitoring and Control Field' as well as 'Traffic Monitoring and Control Field' operated by 'Intelligent Traffic Information System' and Disaster Management Area which is studied in various fields. Eventually, the objective of the paper is to solve these issues, to apply related systems and to suggest improvement on the convergence system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.73-81
• /
• 2021

When downloading files using an app or web-based application on the user's mobile phone, the path is set to be saved in the pre-defined default directory. Many applications requiring access to storage, including file managers, require a write or read permission of storage to provide numerous functions and services. This means that the application will have direct access to the download folder where the numerous files downloaded. In this paper, to prove our feasibility of attack using the security vulnerabilities mentioned above, we developed a file hacking function disguised as an encryption function in the file management application. The file that encrypted will be sent to hackers via E-mail simultaneously on the background. The developed application was evaluated from VirusTotal, a malicious analysis engine, was not detected as a malicious application in all 74 engines. Finally, in this paper, we propose a defense technique and an algorithm based on the Trusted Execution Environment (TEE) to supplement these storage vulnerabilities.

• The Journal of Korean Institute of Information Technology
• /
• v.17 no.12
• /
• pp.125-134
• /
• 2019

As the limitations of the passive recognition domain, which is not guaranteed transparency of the operation process, AI technology has a vulnerability that depends on the data. Human error is inherent because raw data for artificial intelligence learning must be processed and inspected manually to secure data quality for the advancement of AI learning. In this study, we examine the necessity of learning data management before machine learning by analyzing inaccurate cases of AI learning data and cyber security attack method through the approach from cyber security perspective. In order to verify the learning data integrity, this paper presents the direction of data-preserving artificial intelligence system, a blockchain-based learning data environment model. The proposed method is expected to prevent the threats such as cyber attack and data corruption in providing and using data in the open network for data processing and raw data collection.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.376-378
• /
• 2021

According to the 2020 Global Climate Report released by the World Meteorological Organization, the average temperature of the Earth in 2019 was measured 1.1℃ higher on average than the temperature measured between 1850 and 1900 before industrialization. The change in average temperature affects the distribution of plants, and according to the vulnerability analysis paper, it can be seen that there is a change in the distribution area of plants when the average temperature rises. In this paper, to cope with these environmental changes, we propose a method of fabricating intermittent flow hydroponic smart farms using Arduino and sensors and controlling them through PCs and applications. The manufactured hydroponic smart farm identifies the farm's temperature and humidity, positive pH concentration, illumination, and water quality to check the amount of pumping, supplement LED control, sensor condition, overall management and cultivation of the farm, and grows in an appropriate environment.

• The KIPS Transactions:PartC
• /
• v.13C no.4 s.107
• /
• pp.427-434
• /
• 2006

Broadband Convergence Network(BcN) is a critical infrastructure to provide wired-and-wireless high-quality multimedia services by converging communication and broadcasting systems, However, there exist possible danger to spread the damage of an intrusion incident within an individual network to the whole network due to the convergence and newly generated threats according to the advent of various services roaming vertically and horizontally. In order to cope with these new threats, we need to analyze the vulnerabilities of BcN in a system architecture aspect and classify them in a systematic way and to make the results to be utilized in preparing proper countermeasures, In this paper, we propose a new classification of vulnerabilities which has been extended from the ITU-T recommendation X.805, which defines the security related architectural elements. This new classification includes system elements to be protected for each service, possible attack strategies, resulting damage and its criticalness, and effective countermeasures. The new classification method is compared with the existing methods of CVE(Common Vulnerabilities and Exposures) and CERT/CC(Computer Emergency Response Team/Coordination Center), and the result of an application to one of typical services, VoIP(Voice over IP) and the development of vulnerability database and its management software tool are presented in the paper. The consequence of the research presented in the paper is expected to contribute to the integration of security knowledge and to the identification of newly required security techniques.