• Journal of KIISE:Computer Systems and Theory
• /
• v.26 no.10
• /
• pp.1237-1247
• /
• 1999

이질적 분산 환경에서 전자 상거래는 신임장을 기반으로 상거래 참여자들에 대한 인증 서비스가 제공되어야 한다. 본 연구에서는 CORBA 보안 명세 1 를 기반으로 전자 상거래 참여자들에 대한 객체 단위 인증 및 권한 부여 기법을 제공하는 상호 인증 서비스 구조를 제안한다. 이 구조는 Kerberos 2 의 인증 기법 및 인증 키 교환 기법으로 전자 상거래 참여자간에 상대 주체의 신원 확인 뿐 아니라 거래 진행 중 취득한 정보의 근원을 파악할 수 있도록 하였다. 또한 Kerberos 기법을 CORBA 플랫폼 기반의 상호 인증 구조로서 분산 환경에 대해 확장하였으므로 키 관리 등 보안 정보 관리에 있어 효율적이다.Abstract Electronic commerce shall provide its subjects with a credential-based authentication service in the heterogeneous distributed computing environment. In this paper, based on CORBA security service specification 1 which OMG defined, we propose the mutual authentication service for subjects of electronic commerce, providing the authentication of object level and the authenticated key exchange. This proposed structure, by Kerberos 2 for the authentication and the authenticated key exchange, assures not only the identification of a partner but also the confidence of origin of business item for negotiations between subjects of electronic commerce. Since our deployed Kerberos is extended to the mutual authentication service based on CORBA platform, it is efficient for security administration to manage the information such as a key management in the heterogeneous distributed computing environment.

• Journal of the Korean Data and Information Science Society
• /
• v.23 no.1
• /
• pp.63-70
• /
• 2012

In spite of growing demand for the region specific statistics, due to the increase in the cost of making out statistics and other reasons, utilizing survey statistics has limitation on coping with it. Thus, administrative statistics could be a feasible option. In this study, we selected "representative statistics", which are frequently used in establishing regional policy and reflect regional characteristics, among the Jeollabuk-do's administrative statistics. And we suggested the way to enhance quality and credential of the administrative statistics by using systematic management. As a result, we selected 45 statistics for Jeollabuk-do's "representative statistics". The reason that we raise the issue on the necessity of selecting "representative statistics" and specify its selection process is to give guidance to systematic management and efficient utilization of the local government's administrative statistics.

• Journal of Digital Convergence
• /
• v.14 no.9
• /
• pp.287-299
• /
• 2016

The electronic transactions over the Internet are growing across the world recently. There have been a lot of identity theft incidents during these online transactions nowaday. Therefore, a high level of identity proofing shall be carried out when using online services to deal with these matter. To prevent this kind of incident, i-PIN was introduced in Korea, which is used as an Internet Personal Identification Number. The i-PIN is designated to provide an online identification of the Internet users. As such, the unique identification numbers are provided to the internet service providers. This paper is to analyze the capabilities that the i-PIN provides, to propose the assurance security model for i-PIN. Furthermore, the security analysis results are presented. The result of this paper can be applicable to improve the applicabilities of the i-PIN.

• Journal of Digital Convergence
• /
• v.12 no.4
• /
• pp.259-264
• /
• 2014

Body insertion due to the recent development of sensor technology, the device is attached patients to receive medical services from anywhere, anytime environment is changing. Body insertion devices for the hospital, the patient's vital information attached personnel (doctors, nurses, pharmacists, etc.) to pass, however, when a problem occurs, a patient's information to a third party that can be exploited easily exposed. In this paper, we proposed signature authentication protocols mandate based on the patient's power of attorney from the center of the u-Healthcare services, hospital officials FormHelper third party disguised as a patient, the hospital patient information easily obtained from the officials to prevent. The proposed protocol, the patient's sensitive information to a third party, do not expose the patient's sensitive information to the random number generated by the u-Healthcare service centers and patients hash signature key to encrypt sensitive information of patients. From third parties to maintain synchronization between the patients and the hospital personnel in order to prevent patient information from being exploited illegally by the patient's vital information leakage can be prevented.

• Journal of Positioning, Navigation, and Timing
• /
• v.12 no.4
• /
• pp.437-445
• /
• 2023

A space system refers to a network of sensors, ground systems, and space-craft operating in space. The security of space systems relies on information systems and networks that support the design, launch, and operation of space missions. Characteristics of space operations, including command and control (C2) between space-craft (including satellites) and ground communication, also depend on wireless frequency and communication channels. Attackers can potentially engage in malicious activities such as destruction, disruption, and degradation of systems, networks, communication channels, and space operations. These malicious cyber activities include sensor spoofing, system damage, denial of service attacks, jamming of unauthorized commands, and injection of malicious code. Such activities ultimately lead to a decrease in the lifespan and functionality of space systems, and may result in damage to space-craft and, lead to loss of control. The Cybersecurity Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix, proposed by Massachusetts Institute of Technology Research and Engineering (MITRE), consists of the following stages: Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command & Control, Exfiltration, and Impact. This paper identifies cybersecurity activities in space systems and satellite navigation systems through the National Institute of Standards and Technology (NIST)'s standard documents, former U.S. President Trump's executive orders, and presents risk management activities. This paper also explores cybersecurity's tactics attack techniques within the context of space systems (space-craft) by referencing the Sparta ATT&CK Matrix. In this paper, security threats in space systems analyzed, focusing on the cybersecurity attack tactics, techniques, and countermeasures of space-craft presented by Space Attack Research and Tactic Analysis (SPARTA). Through this study, cybersecurity attack tactics, techniques, and countermeasures existing in space-craft are identified, and an understanding of the direction of application in the design and implementation of safe small satellites is provided.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.17-22
• /
• 2023

Traditional authentication systems typically involve users entering their username and password into a centralized identity management system. To address the inconvenience of such authentication methods, a decentralized identity authentication system based on Distributed Identifiers(DID) is proposed, utilizing decentralized identity technology. The proposed system employs QR code scanning for login, enhancing security through the use of blockchain technology to ensure the uniqueness and safety of user identities during the login process. This system utilizes DIDs and integrates the InterPlanetary File System(IPFS) to securely manage organizational members' identity information while keeping it private. Using the distributed identity authentication system proposed in this study, it is possible to effectively manage the security and personal identity of organization members. To improve the usability of the system proposed in this study, research is needed to expand it into a solution.

• Journal of KIISE:Information Networking
• /
• v.36 no.4
• /
• pp.297-308
• /
• 2009

In 2008, ETRI developed a new mobile digital ID wallet, in which anyone can store personal information and PKI credential. When the wallet is used, privacy protection is one of the most important problems and personal information should be protected under various usage scenarios such as exchanging sensitive information in on/off-line environments, joining as a new member in the web site, etc. In this paper, we propose a triangular trust management scheme that can effectively manage trustness and also protect sensitive personal information. This scheme relies on three techniques: PKI, reputation and condition (situation context). We implemented prototype of our scheme, and tested it under various scenarios, which showed that the proposed scheme can effectively be used for diverse cases.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.9
• /
• pp.2545-2550
• /
• 2009

The purpose of this study was to examine the oral health care and oral health awareness of some laborers. Out of them, 220 workers were selected from K motor company in Hwaseong, and the other 180 workers were selected from D automobile company in Bupyeong. The findings of the study were as follows: As for daily toothbrushing frequency, the largest number of the laborers investigated(44.0%) brushed their teeth three times a day. Smoking made a significant difference to that($x^2$=19.00, p<.01). Concerning the use of oral hygiene supplies, 41.3 percent put oral hygiene supplies to use. There was a significant difference in that aspect according to gender($x^2$=9.20, p<.01). Regarding scaling experience, the largest group(37.3%) had their teeth scaled twice or more, and their scaling experience significantly varied with gender($x^2$=8.60, p<.05), age($x^2$=20.07, p<.01), academic credential($x^2$=11.88, p<.01) and the presence or absence of systemic diseases($x^2$=8.19, p<.05). In relation to oral diseases, the greatest group(27.8%) had dental caries. By gender, the female workers had more dental caries or the more swollen gums than the males, and the gap between the two was significant($x^2$=13.65, p<.05).

• Korean Security Journal
• /
• no.18
• /
• pp.143-167
• /
• 2009

As of entering the 21st century, a trend in the field of a private security industry among the advanced countries have been increased a qualification system and train session to meet the needs of professionalism. Intensifying the professionalism in Korea, education and train system has been initiated to change but the oligopoly market already formulated due to impractical selection standard and management of education system. Issuing certification and offering basic training through a designated institution for the purpose of improving quality of the private security industry worker, its practical effectiveness were lower than expectation. Rather certification-holder or security agency, institution or truster's rent-seeking behavior have been increased by occupational licensing system. The founded results, which were associated to problems in selecting and educating to the private security guard, in this study were that any verification has been initiated towards dual-system in official approval and structural problems in education system, and non-existence of verification for professionalism and management capability to security agency owner and its upper managerial level. Current a dual system in an officially authorized verification system and completion of security guard credential requested change to an unified official qualification verification system to solve those problems. Ranges of an applicant to the unified official qualification verification system should be extend to the whole population in the private security industry. Moreover, minimization of the dead-weigh loss, which is caused by oligopoly phenomenon while using its market-dominant status, increasement number of designated institution, which allows self-regulating competition, and endowment of autonomy, which is in selecting education and agency, were requested to solve the problems in selecting and educating to the private security guard. In order to minimize stated problems while maintaining objectiveness, a new manage and supervise institution, which is called a 'private security industry committee', should be establish. The private security industry committee is a formation of governance network which are participated from professional group to civil organization.

• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.13-19
• /
• 2019

This paper analyzed the SCMS and pilot policy, which is pursued by the U.S. government in connected vehicles. SCMS ensures authentication, integrity, privacy and interoperability. The SCMS Support Committee of U.S. government has established the National Unit SCMS and is responsible for system-wide control. Of course, it introduces security policy, procedures and training programs making. In this paper, the need for SCMS to be applied to C-ITS was discussed. The structure of the SCMS was analyzed and the U.S. government's filot policy for connected vehicles was discussed. The discussion of the need for SCMS highlighted the importance of the role and responsibilities of SCMS between vehicles and vehicles. The security certificate management system looked at the structure and analyzed the type of certificate used in the vehicle or road side unit (RSU). The functions and characteristics of the certificates were reviewed. In addition, the functions of basic safety messages were analyzed with consideration of the detection and warning functions of abnormal behavior in SCMS. Finally, the status of the pilot project for connected vehicles currently being pursued by the U.S. government was analyzed. In addition to the environment used for the test, the relevant messages were also discussed. We also looked at some of the issues that arise in the course of the pilot project.