• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.11 no.3
• /
• pp.277-282
• /
• 2018

The goal of the secret message communication on the internet is to maintain invisibility and confidentiality. Digital steganography is a technique in which a secret message is inserted in a cover medium and transmitted to a destination so that a third party can not perceive the existence of the message itself. Steganography is an efficient method for ensuring confidentiality and integrity together with encryption techniques. In order to insert a secret (Hangul) message, I propose a image steganography method that the secret character is separated and converted into binary code with reference to the encryption table, the cover image is divided into two areas, and the secret message and the right l-LSB information of the second area are encrypted and crossed, concealing the k-LSB of the first region. The experimental results of the proposed method show that the PSNR value is 52.62 and the acceptable image quality level.

• Journal of KIISE:Information Networking
• /
• v.29 no.5
• /
• pp.482-494
• /
• 2002

In E-mail based accounting system, the remitter does not have need to find collector's account number. To transfer money to a collector's account, what remitter need is just a collector's E-mail address. But the current E-mail based accounting systems are built on SSL technology. Basically SSL provides some security services - confidentiality, user authentication and data integrity, but does not provide non-repudiation. So, in the current E-mail based accounting system, it is possible to deny transaction. And there is no receipt of transaction. In this paper, we design and implementation of a S/MIME applied Secure Payment Mechanism. In our system, every account information - account number, receiver name, amount of money, etc. - is included in a 'check' message. And this message is protected under the Secure Web-mail using S/MIME. In a view point of the convenience, users using our system do not have need to find collector's account number. And in a view point of the security, our system provides confidentiality, user authentication, data integrity and non-repudiation. Moreover our system provides a receipt.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.4
• /
• pp.563-570
• /
• 2018

Existing online voting is not being used for public elections due to uncertainty about security threats, and offline voting costs a lot of money. As an alternative, blockchain is emerging. Applying blockchain technology to online voting will ensure transparency and confidentiality, because voter information and aggregate information are distributed and managed. Since a blockchain distributes the voting information, it will be more secure than existing central server - based online voting systems. If blockchain technology is applied to public elections, and the transparency and confidentiality of the voting information is guaranteed, the cost of voting will be greatly reduced. This paper tries to apply to an online voting system the Ethereum platform from among the blockchain technologies. Ethereum is a highly scalable blockchain technology that provides a smart contract based on the Solidity language to develop an online voting contract and to distribute the contract to each voter. Each voter votes on the contract that has been distributed, and the votes are distributed to other voters. The experiment verifies the consistency of the stored voting information.

• Journal of Convergence for Information Technology
• /
• v.10 no.10
• /
• pp.15-23
• /
• 2020

It is a reality that users do not know well what kind of information protection policy the cloud service provider presents to consumers. The purpose of this study is to find a way to improve the effectiveness of information protection by analyzing the content and linguistic characteristics of information protection policies provided by cloud service providers. In order to achieve the purpose of this study, we investigate the contents of information protection policies of 47 companies that provide cloud services and analyze the influence of linguistic characteristics to come up with a plan to increase the efficiency of cloud services. The research results showed that low readability due to comprehensive expression of technical processing methods, etc., could lead to legal disputes and to hinder the spread of cloud services. The research results can increase the effectiveness of information protection by suggesting items to be provided to users.ing, Privacy, confidentiality, linguistic characteristics, Accounting Information.

• KSCI Review
• /
• v.14 no.2
• /
• pp.205-214
• /
• 2006

Is need Remote Access through internet for business of Ubiquitous Computing age, and apply OTP for confidentiality about inputed ID and Password, network security of integrity. Current OTP must be possessing hardware or Token, and there is limitation in security. Install a Snooping tool to OTP network in this treatise, and because using Cain, enforce ARP Cache Poisoning attack and confirm limitation by Snooping about user password. Wish to propose new system that can apply Tokenless OTP by new security way, and secure confidentiality and integrity. Do test for access control inflecting Tokenless OTP at Remote Access from outside. and could worm and do interface control with certification system in hundred. Even if encounter hacking at certification process, thing that connection is impossible without pin number that only user knows confirmed. Because becoming defense about outward flow and misuse and hacking of password when apply this result Tokenless OTP, solidify security, and evaluated by security system that heighten safety.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2276-2291
• /
• 2017

Data protection of removable storage devices is an important issue in information security. Unfortunately, most existing data protection mechanisms are aimed at protecting computer platform which is not suitable for ultra-low-power devices. To protect the flash disk appropriately and efficiently, we propose a trust based USB flash disk, named UTrustDisk. The data protection technologies in UTrustDisk include data authentication protocol, data confidentiality protection and data leakage prevention. Usually, the data integrity protection scheme is the bottleneck in the whole system and we accelerate it by WH universal hash function and speculative caching. The speculative caching will cache the potential hot chunks for reducing the memory bandwidth pollution. We adopt the symmetric encryption algorithm to protect data confidentiality. Before mounting the UTrustDisk, we will run a trusted virtual domain based lightweight virtual machine for preventing information leakage. Besides, we prove formally that UTrustDisk can prevent sensitive data from leaking out. Experimental results show that our scheme's average writing throughput is 44.8% higher than that of NH scheme, and 316% higher than that of SHA-1 scheme. And the success rate of speculative caching mechanism is up to 94.5% since the access pattern is usually sequential.

• Journal of Physiology & Pathology in Korean Medicine
• /
• v.26 no.3
• /
• pp.392-398
• /
• 2012

This research aims to analyze the ethical requirements and to find the problems for the publication guidelines of oriental medicine journals. A total of 13 domestic journals, related to oriental medicine and registered in 'National Research Foundation of Korea' list, were selected for the analysis of ethical requirements. We inquired the revised year of the publication guideline and the status of ethics committee of selected journals. The ethical requirements of publication guidelines were evaluated by categorizing them into Institutional Review Board(IRB), Helsinki Declaration, Informed Consent, confidentiality and anonymity of subjects, and conflict of interest. In the case of revised year of the publication guidelines, the year of the most recently revised journal was 2011. However, the revised year of publication guidelines were not announced for three journals and a few journals haven't revised the publication guidelines since 2002. In the case of ethics committee status, four journals out of 13 journals maintained the ethics committee. In the result of ethical requirement analysis, nine journals included the information for confidentiality and anonymity of subjects, and four journals included the information for Helsinki Declaration and Informed Consent. However, only one journal included the information for IRB and conflict of interest. Recently, the importance of clinical researches has been increased to prove the effect of oriental medicine scientifically and objectively. The clinical researches should be considered in scientific side and ethical side as well, because they have potential risks to human subjects. In this sense, announcing the ethical requirements in the publication guidelines can be one way to secure the morality of researches. Thus, it is required to prepare correct publication guidelines and ethical requirements in oriental medicine journals.

• Journal of Korea Multimedia Society
• /
• v.8 no.2
• /
• pp.233-248
• /
• 2005

An intrusion tolerant technology has been introduced as a solution to prevent intrusion accident for unknown fragility or attack. However, a systematic modeling technique is not applied into a system design and development based on intrusion tolerant technology. Especially, elements such as availability, integrity, reliability, confidentiality, and so on are important requirements in intrusion tolerant system. Nevertheless, current most of UML-based modeling techniques pass over or don't provide design techniques reflecting those requirements. Therefore, we know these weaknesses and propose both profile and design technique reflecting and applying intrusion tolerant requirements systematically in the development of application software based on intrusion tolerance. We expect that proposed technique can extend not only current UML's limitations but also can improve the quality of application software based on intrusion tolerance.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.31 no.10
• /
• pp.89-96
• /
• 2003

In this paper, a CCSDS(Consultative Committee for Space Data Systems) telecommand(TC) decryptor for the security of geostationary communications satellite was implemented. For the confidentiality of CCSDS TC datalink security, Option-A which implements the security services below the transfer sublayer was selected. Also CFB(Cipher Feedback) operation mode of DES(Data Encryption Standard) was used for the encryption of 56-bit data bits in 64-bit codeblock. To verify Decryptor function, the DES CFB logic implemented on A54SX32 FPGA(Field Programmable Gate Array) was integrated with interface and control logics in a PCB(Printed Circuit Board). Using a function test PC, the encrypted codeblocks were generated, transferred into the decryptor, decrypted, and the decrypted codeblocks were transmitted to the function test PC, and then compared with the source codeblocks. Through LED(Light Emitting Diode) ON operation by driving the relay related to Op-code decoded and the comparison between the codeblock output waveforms measured and those simulated, the telecommand decryptor function was verified.

• Journal of Internet Computing and Services
• /
• v.17 no.3
• /
• pp.55-66
• /
• 2016

A local storage of HTML5 is a Web Storage, which is stored permanently on a local computer in the form of files. The contents of the storage can be easily accessed and modified because it is stored as plaintext. Moreover, because the internet browser classifies the local storages of each domain using file names, the malicious attacker can abuse victim's local storage files by changing file names. In the paper, we propose a scheme to maintain the integrity and the confidentiality of the local storage's source domain and source device. The key idea is that the client encrypts the data stored in the local storage with cipher key, which is managed by the web server. On the step of requesting the cipher key, the web server authenticates whether the client is legal source of local storage or not. Finally, we showed that our method can detect an abnormal access to the local storage through experiments according to the proposed method.