• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1585-1594
• /
• 2018

In recent years The importance of information security management for securing information collection and analysis, production and distribution is increasing. Companies are assured of confidence in information security through authentication of information Security Management System. However, level assessment and use of domains that make up the management system is limited. On the other hand, the security maturity model is able to diagnose the level of information protection of the enterprise step by step. It is also possible to judge the area to be improved urgently. It is a tool to support goal setting according to the characteristics and level of company. In this paper, C2M2, which is an example of security maturity model, is compared and analyzed with Korea Information Security Management System certification. Benchmark the model to check the level of information security management and derive the priority among the items that constitute the detailed area of information security measures of ISMS certification. It also look at ways to check the level of information security management step by step.

• The Journal of the Korea Contents Association
• /
• v.19 no.1
• /
• pp.385-395
• /
• 2019

The purpose of this study was to compare the perception of medical institution certification evaluation, job stress, turnover intention, safety management cognition of a general hospital nurse before and after the medical institution certification system. Data were collected from June 1, 2016 to July 17, 2016. The collected data were analyzed by mean, standard deviation, and paired t-test using SPSS 21.0. The results of this study showed that there was no significant difference between before and after certification of medical institution recognition, turnover intention, and safety management awareness, but mean score was high and job stress showed significant difference before and after certification.(t = 2.825, p = <. 005). That is, the job stress was higher than that after the authentication. Therefore, in order to reduce job stress of nurses preparing for certification, active and diverse human and physical support of medical institutions that can reduce work burden is needed.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.69-76
• /
• 2018

One of the most remarkable technologies in the era of the 4th industrial revolution is the interest in the field of smart cars. In the near future, it will not only be possible to move to a place where you want to ride a smart car, but smart cars, including artificial intelligence elements, can avoid sudden car accidents. However, as the field of smart automobiles develops, the risks are expected to increase. Therefore, based on the understanding of security vulnerabilities that may occur in smart car networks, we can apply safe information security technology using FIDO and attribute-based authorization delegation technique to provide smart car control technology that is safe and secure. I want to. In this paper, we show that the proposed method can solve security vulnerabilities by using secure smart car control technology. We will further study various proposals to solve security vulnerabilities in the field of smart car networks through future research.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.11
• /
• pp.1451-1461
• /
• 2019

DNS spoofing is an attack in which an attacker intervenes in the communication between client and DNS server to deceive DNS server by responding to a fake IP address rather than actual IP address. It is possible to implement a pharming site that hacks user ID and password by duplicating web server's index page and simple web programming. In this paper we have studied web spoofing attack that combines DNS spoofing and pharming site implementation which leads to farming site. We have studied DNS spoofing attack method, procedure and farming site implementation method for portal server of this university. In the case of Kyungsung Portal, bypassing attack and hacking were possible even though the web server was SSL encrypted and secure authentication. Many web servers do not have security measures, and even web servers secured by SSL can be disabled. So it is necessary that these serious risks are to be informed and countermeasures are to be researched.

• International Journal of Advanced Culture Technology
• /
• v.9 no.1
• /
• pp.224-241
• /
• 2021

According to data from the National Police Agency, 75.5 percent of dead traffic accidents in Korea are truck accidents. About 1,000 people die in cargo truck accidents in Korea every year, and two to three people die in cargo truck accidents every day. In the survey, Korean cargo workers answer poor working conditions as an important cause of constant truck accidents. COVID 19 is increasing demand for non-face-to-face logistics. The inefficiency of the Korean transportation system is leading to excessive work burden for small logistics The inefficiency of the Korean transportation system is causing excessive work burden for small individual carriers. The inefficiency of the Korean transportation system is also evidenced by the number of deaths from logistics industry disasters that have risen sharply since 2020. Small and medium-sized Korean Enterprises located in CIPs (Connected Industrial Parks) often do not have smart access certification systems. And as a result, a lot of transportation time is wasted at the final destination stage. In the logistics industry, time is the cost and time is the revenue. The logistics industry is the representative industry in which time becomes money. The smart access authentication system architecture proposed in this paper allows small logistics private carriers to improve legal stability, and SMEs (Small and Medium-sized Enterprises) in CIPs to reduce logistics transit time. The CIPs smart access system proposed in this paper utilizes the currently active Mobile OTP (One Time Password), which can significantly reduce system design costs, significantly reduce the data capacity burden on individual cell phone terminals, and improve the response speed of individual cell phone terminals. It is also compatible with the OTP system, which was previously used in various ways, and the system reliability through the long period of use of the OTP system is also high. User customers can understand OTP access systems more easily than other smart access systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.39-48
• /
• 2003

AAA(Authentication, Authorization, Accounting) protocol is a framework that propose functions of AAA on multiple networks and platforms. AAA protocol is extending from previous RADIUS protocol to Diameter protocol. There are some Diameter applications for variety purpose. Diameter CMS Application makes Diameter messages more secure by using PKI. Diameter CMS Application establish DSA(Diameter Security Association) for end to end security. However the Application has some problems to establish DSA(Diameter Security Association), which can make Diameter system unstable. If one system lose DSA information for some system error - for example, reboot -, the secure communication between two nodes may not be possible. At the application such as MIP, even user registration can't be done. In this paper, we propose a mechannism for DSA re-establishment, and also show the result of the implementation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.33-38
• /
• 2008

Biometric based authentication can provide strong security guarantee about the identity of users. However, security of biometric data is particularly important as compromise of the data will be permanent. Cancelable biometrics stores a non - invertible transformed version of the biometric data. Thus, even if the storage is compromised, the biometric data remains safe. Cancelable biometrics also provide a higher level of privacy by allowing many templates for the same biometric data and hence non-linkability of user's data stored in different databases. In this paper, we proposed the fast polynomial reconstruction algorithm for fuzzy fingerprint vault. The proposed method needs (k+1) real points to reconstruct the polynomial of degree (k-1). It enhances the speed, however, by $300{\sim}1500$ times according to the degree of polynomial compared with the exhaust search.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.167-174
• /
• 2008

As both a digital camera and a digital camcorder are popularized in recent years, UCC created by general users is also popularized. Unfortunately, according to that, the lack of privacy is also increasing more and more. The UCC is saved on the recordable media(Media) like DVD and deposited personally as well as distributed through Internet portal service. If you use Internet portal service to put up your contents, you can partially prevent the violation of privacy using security technologies such as authentication and illegal copy protection offered by internet portal service providers. Media also has technologies to control illegal copy. However, it is difficult to protect your privacy if your Media having personal contents is stolen or lost. Therefore, it is necessary to develope an additional security mechanism to guarantee privacy protection when you use Media. In this paper, we describe AACS framework for Media Security and propose improved AACS framework to control the access to personal contents saved on Media.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.3-10
• /
• 2009

In this paper, we introduce improved differential and linear attacks on the SMS4 block cipher which is used in the Chinese national standard WAPI (WLAN Authentication and Privacy Infrastructure, WLAN - Wireless Local Area Network): First, we introduce how to extend previously known differential attacks on SMS4 from 20 or 21 to 22 out of the full 32 rounds. Second, we improve a previously known linear attack on 22-round reduced SMS4 from $2^{119}$ known plaintexts, $2^{109}$ memory bytes, $2^{117}$ encryptions to $2^{117}$ known plaintexts, $2^{l09}$ memory bytes, $2^{112.24}$ encryptions, by using a new linear approximation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.5 no.1
• /
• pp.37-50
• /
• 1995

The smart card with the cryptography and VLSI technologies makes it possible to implement the electronic cash easily. A number of electronic each schemes have been proposed by many cryptographic researchers. In this paper, we propose a practical electronic cash system, using blind digital signature scheme. Schnorr's authentication scheme based on the discrete logarithm problem, and the hierarchical cash tree based on two one-way hash functions for dividable payment. Thisf electronic cash scheme has such properties as privacy of the payment, off-line payment, non-reuseability of cash, transferability of cash to another customer, and dividable payment of cash. This electronic cash protocol is well suited for implementing in smart card.