• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.169-185
• /
• 2017

Juliano Rizzo and Thai Duong, the authors of the BEAST attack [11, 12] on SSL, have proposed a new attack named CRIME [13] which is Compression Ratio Info-leak Made Easy. The CRIME exploits how data compression and encryption interact to discover secret information about the underlying encrypted data. Repeating this method allows an attacker to eventually decrypt the data and recover HTTP session cookies. This security weakness targets in SPDY and SSL/TLS compression. The attack becomes effective because the attacker is enable to choose different input data and observe the length of the encrypted data that comes out. Since Transport Layer Security (TLS) ensures integrity of data transmitted between two parties (server and client) and provides strong authentication for both parties, in the last few years, it has a wide range of attacks on SSL/TLS which have exploited various features in the TLS mechanism. In this paper, we will discuss about the CRIME and other versions of SSL/TLS attacks along with countermeasures, implementations. We also present direction for SSL/TLS attacks resistance in practice.

• Asia pacific journal of information systems
• /
• v.24 no.1
• /
• pp.93-112
• /
• 2014

As personal data breach reared up as a problem domestically and globally, organizations appointing chief privacy officers (CPOs) are increasing. Related Korean laws, 'Personal Data Protection Act' and 'the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.' require personal data processing organizations to appoint CPOs. Research on the characteristics and role of CPO is called for because of the importance of CPO being emphasized. There are many researches on top management's role and their impact on organizational performance using the Upper Echelon theory. This study investigates what influence the characteristics of CPO gives on the organizational privacy performance. CPO's definition varies depending on industry, organization size, required responsibility and power. This study defines CPO as 'a person who takes responsibility for all the duties on handling the organization's privacy,' This research assumes that CPO characteristics such as role, personality and background knowledge have an influence on the organizational privacy performance. This study applies the part relevant to the upper echelon's characteristics and performance of the executives (CEOs, CIOs etc.) for CPO. First, following Mintzberg and other managerial role classification, information, strategic, and diplomacy roles are defined as the role of CPO. Second, the "Big Five" taxonomy on individual's personality was suggested in 1990. Among these five personalities, extraversion and conscientiousness are drawn as the personality characteristics of CPO. Third, advance study suggests complex knowledge of technology, law and business is necessary for CPO. Technical, legal, and business background knowledge are drawn as the background knowledge of CPO. To test this model empirically, 120 samples of data collected from CPOs of domestic organizations are used. Factor analysis is carried out and convergent validity and discriminant validity were verified using SPSS and Smart PLS, and the causal relationships between the CPO's role, personality, background knowledge and the organizational privacy performance are analyzed as well. The result of the analysis shows that CPO's diplomacy role and strategic role have significant impacts on organizational privacy performance. This reveals that CPO's active communication with other organizations is needed. Differentiated privacy policy or strategy of organizations is also important. Legal background knowledge and technical background knowledge were also found to be significant determinants to organizational privacy performance. In addition, CPOs conscientiousness has a positive impact on organizational privacy performance. The practical implication of this study is as follows: First, the research can be a yardstick for judgment when companies select CPOs and vest authority in them. Second, not only companies but also CPOs can judge what ability they should concentrate on for development of their career relevant to their job through results of this research. Cultural social value, citizen's consensus on the right to privacy, expected CPO's role will change in process of time. In future study, long-term time-series analysis based research can reveal these changes and can also offer practical implications for government and private organization's policy making on information privacy.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.77-102
• /
• 2015

FinTech service industry has been growing rapidly around the world. It has driven innovation in financial and payment service industry with different channels such as mobile based on Information and Communications Technology (ICT). However, FinTech service is vulnerable to different security threats due to use the valuable data such as personal information and financial information. It is undeniable that collection and use of those information may increase the possibility of identity theft or privacy breach. In this paper will develop a self-checklist for the Simple Payment service users (Privacy Pragmatists) who want to make a rational decision to protect their personal information. The checklist is going to let the users assess the personal information protection by performing the assessment themself when they use the service. The body of this paper is going to analyze the items of the checklist and through the analysis, will suggest a security policy for personal information protection of FinTech service.

• Journal of Korean Neurosurgical Society
• /
• v.50 no.4
• /
• pp.341-347
• /
• 2011

Objective : The purpose of this retrospective study was to evaluate the efficacy and safety of atlantoaxial stabilization using a new entry point for C2 pedicle screw fixation. Methods : Data were collected from 44 patients undergoing posterior C1 lateral mass screw and C2 screw fixation. The 20 cases were approached by the Harms entry point, 21 by the inferolateral point, and three by pars screw. The new inferolateral entry point of the C2 pedicle was located about 3-5 mm medial to the lateral border of the C2 lateral mass and 5-7 mm superior to the inferior border of the C2-3 facet joint. The screw was inserted at an angle $30^{\circ}$ to $45^{\circ}$ toward the midline in the transverse plane and $40^{\circ}$ to $50^{\circ}$ cephalad in the sagittal plane. Patients received followed-up with clinical examinations, radiographs and/or CT scans. Results : There were 28 males and 16 females. No neurological deterioration or vertebral artery injuries were observed. Five cases showed malpositioned screws (2.84%), with four of the screws showing cortical breaches of the transverse foramen. There were no clinical consequences for these five patients. One screw in the C1 lateral mass had a medial cortical breach. None of the screws were malpositioned in patients treated using the new entry point. There was a significant relationship between two group (p=0.036). Conclusion : Posterior C1-2 screw fixation can be performed safely using the new inferolateral entry point for C2 pedicle screw fixation for the treatment of high cervical lesions.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.16 no.4
• /
• pp.1-15
• /
• 2013

Great loss of life and property has been occurred by the severe flood globally. In Korea, a flood inundation map is used as one of the non-structural measures for reducing flood damage, and various inundation models have been studied for flood inundation analysis. This study applies LiDAR data and LISFLOOD model for flood inundation analysis and discusses the the modeling results from levee breaching scenarios for evaluating the applicability of the model to stream inundation modeling. In the results of LISFLOOD modeling, maximum inundation area was similar to the inundation map by HEC-RAS model just less than 4%. The inundation area by each levee breaching scenario showed the difference from 0.2% to 6.5%. Inundation processes were different each other according to the position of levee breach point, and maximum inundation area and depth were changed by the flow direction of stream and flood plain. This study shows that LISFLOOD model can be applied properly to stream inundation analysis using various inundation scenarios.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.725-734
• /
• 2016

SCADA(Supervisory Control and Data Acquisition) system is widely used for remote monitoring and control throughout the domestic industry. Due to a recent breach of security on SCADA systems, such as Stuxnet, the need of correctly established secure certification of a control system is growing. Currently, EDSA-CRT (Embedded Device Security Assurance-Communication Robustness Test), which tests the ability to provide core services properly in a normal/abnormal network protocol, is only focused on the testing of IP-based protocols such as IP, ARP, TCP, etc. Thus, in this paper, we propose test requirements for DNP3 protocol based on EDSA-CRT. Our analysis show that the specific test cases provide plentiful evidences that DNP3 should follow based on its functional requirements. As a result, we propose 33 specific test case for DNP3 protocol.

• Journal of the Korean Society of Hazard Mitigation
• /
• v.11 no.3
• /
• pp.191-200
• /
• 2011

Levee failure cause the huge amount of damage to human and property. Overflow and erosion of levee are primary cause of a break in a levee but the analysis of breach pattern and impact is partially inadequate. The flow characteristics of meandering rivers are very important in field of river hydraulics that should be studied in practical viewpoints relating to river levee. In meandering the secondary flow that rotary direction is changed reciprocally occurs in three dimension is known. In this study flow characteristics of local river are considered and of meandering channels are analyzed using CCHE2D and FLOW3D. The stability and accuracy of models are examined comparing the measuring and analyzed data for the experimental channel and natural river(Namgang). Consequently, the flow characteristics in a meandering river are suggested precisely and it is essential that river levees having meandering river should be analyzed.

• Journal of Korea Water Resources Association
• /
• v.47 no.7
• /
• pp.599-614
• /
• 2014

In this study, two dimensional finite volume model was parallelized to improve computing time, which has been developed to be able to apply for the mixed meshes of triangle and quadrilateral. MPI scheme which is free from limitation of the number of cores was applied, and non-blocking point-to-point communication was used for fluxes and time steps calculation domain. The developed model is applied to analyze dam break in a L-shaped experimental channel with $90^{\circ}$ bend and Malpasset dam breach event to calibrate the consistency between parallelized model and existing model and examine the speed-up and efficiency of computing time. Computational speed-up about the size of the input data was considered by simulating 4 cases classified by the number of meshes, Consequently, the simulation results reached a satisfactory accuracy compared to measured data and the results from existing model, and achieved more than 3 times benefit of computational speed-up against computing time of existing model. Simulation results of 3 cases classified by the size of input data lead us to the conclusion that it is important to use proper size of input data and the number of process in order to minimize the communication overhead.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.2
• /
• pp.492-497
• /
• 2019

This study analysed the legal concept of personal information(PI), which was not differentiated from behavioral information, and established it clearly for invigorating online targeted advertising(OTA), which draw attention in big data era; by selecting Guidelines of Assessment of Data Breach Incident Factors and Guidelines of Measures for No-Identifying Personal Information based on Personal Information Protection Act(PIPA) and Enforcement Decree of the PIPA. As a result, PI was defined as any kind of information relating to (1)a living individual(not group, corporate body or things etc.); (2)makes possibly identify the individual by his or her identifiers such as name, resident registration number, image, etc. (not included if not identify the individual); and (3)including information like attribute values which makes possibly identify any specific individual, if not by itself, but combined with other information which can be actually collected and combined). Specifically, PI includes basic, proper distinguishable, sensitive and other PI. It is suggested that PI concept should be researched continually with digital technology development; the effectiveness of the Guidelines of PI Protection in OTA, the legal principles of PI protection from not only users' but business operators' perspectives and the differentiation between PI and behavioral information in OTA should be researched.

• Journal of Digital Convergence
• /
• v.18 no.7
• /
• pp.157-166
• /
• 2020

This study examines the status of major corruption in the public and private sectors in Korea. This study adopts the secondary data analysis method, and uses 'The Status of Corruption in Korean Society' released by Ipsos in March 2019. The annual difference analysis is conducted to examine the trend of major corruption, and the results are as follows. First, in the public sector, the number of conspicuous crimes, such as bribery, has decreased, but intelligent crimes that are not easily detected, such as abuse of authority, are increasing. In the private sector, embezzlement was on the decline, but breach of trust remained at a certain level. Second, from 2003 to 2017, the average annual change rate of major corruption in the public sector was 8.0%, while the private sector was 1.8%. Third, the public sector has seen a slight increase in corruption except in 2015, but the private sector has been declining since 2014. This study is different as it makes academic contributions by offering three anti-corruption measures; changing the culture of high power distance, changing the culture of low corruption perception, and abolishing the culture of impunity. Empirical studies using primary data that separate the two groups are required.