• International Journal of Computer Science & Network Security
• /
• v.21 no.2
• /
• pp.103-109
• /
• 2021

The study aimed to analyze the current situation of the electronic portal of the Northern Border University, in terms of content and components, the extent of quality of use, service assurance and integrity, linguistic coverage of objective content, in addition to assessing the efficiency of the Blackboard e-learning platform and measuring the degree of safety of the portal, in addition to measuring the extent of satisfaction, through a sample that included 135 faculty members, as the researcher was keen to apply the case study methodology with the use of the questionnaire as the main tool for measurement, and the study found that there is an average trend among faculty members in the degree of content for the components of the portal and electronic security While it rose to good use, and very good at using the Blackboard platform.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.26 no.3
• /
• pp.281-301
• /
• 2023

The shipboard combat system is a key system for naval combat that supports a command and control process cycle consisting of Detect - Control - Engage in real time to ensure ship viability and conduct combat missions. Modern combat systems were developed on the basis of Open Architecture(OA) to maximize acceptance of latest technology and interoperability between systems, and actively introduced the COTS(Commercial-of-the-shelf). However, as a result of that, vulnerabilities inherent in COTS SW and HW also occurred in the combat system. The importance of combat system cybersecurity is being emphasized but cybersecurity research reflecting the characteristics of the combat system is still lacking in Korea. Therefore, in this paper, we systematically identify combat system threats by applying Data Flow Diagram, Microsoft STRIDE threat modelling methodology. The threats were analyzed using the Attack Tree & Misuse case. Finally we derived the applicable security requirements which can be used at stages of planning and designing combat system and verified security requirements through NIST 800-53 security control items.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.37-42
• /
• 2011

In this paper, the design methodology of information security is analyzed to implement the ubiquitous city (u-City). The definition, concept, and main u-services of u-City are presented. The main components, functio ns and offering services of u-City management center are presented, and the laws and network security requirements related to protect the personal information in collecting, processing, and exchanging are also analyzed. Three step security levels of Router/Switch, Firewall/VPN, and IPS are applied where main functions of in terception of abnormal packets($1^{st}$ level), access control for each service($2^{nd}$ level), and real-time network monitoring($3^{rd}$ level) are performed. Finally, application cases are presented to validate the security of personal information in providing the u-City services.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.11-16
• /
• 2021

The article proposes that empathy differs in severity and types among students of different specialties. And to test this hypothesis, an experimental study of students from 4 different faculties was carried out. As a result of the study, it was found that empathy is more pronounced among students of "humanitarian" specialties, and students of "exact" specialties have the least pronounced empathic abilities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.2
• /
• pp.101-111
• /
• 2004

Risk analysis process, which identifies vulnerabilities and threat causes of network assets and evaluates expected loss when some of network assets are damaged, is essential for diagnosing ISP network security levels and response planning. However, most existing risk analysis systems provide only methodological analysis procedures, and they can not reflect continually changing vulnerabilities and threats information of individual network system on real time. For this reason, this paper suggests new system design methodology which shows a scheme to collects and analyzes data from network intrusion detection system and vulnerability analysis system and estimate quantitative risk levels. Additionally, experimental performance of proposed system is shown.

• Journal of the Korea Computer Industry Society
• /
• v.7 no.3
• /
• pp.199-204
• /
• 2006

M-commerce protocols have usually been developed using informal design and verification techniques. However, many security protocols thought to be secure was found to be vulnerable later. With the rise of smart card's usage, mobile e-commerce services with CEPS which is one of e-commerce transaction standards has been increased. In this paper, we describe a methodology to analyze the security of e-commece protocols and identify the security vulnerability of the CEPS based good purchase and e-money load protocols using formal verification technique. Finally, we discuss a countermeasure against the vulnerability in the purchase transaction protocol.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.479-482
• /
• 2014

최근 모바일 컴퓨팅 환경이 발전함에 따라 모바일 디바이스 이용자들에게 다양한 서비스를 제공하기 위한 방법으로 클라우드 스토리지 서비스가 주목받고 있으며, 여러 장치의 데이터 동기화를 지원해준다. 이러한 편리성을 제공하고 있지만, 개인과 기업의 핵심 자료 유출에 따른 보안 이슈가 중요한 문제로 대두되고 있기 때문에, 클라우드 스토리지 보안 검증의 중요성도 증대되었다. 이처럼 클라우드 스토리지 서비스는 보안 검증 과정을 거친다. 본 논문에서는 기존의 클라우드 스토리지 보안 평가 가이드라인의 문제점을 분석하여 다형성, 종속성, 병렬성, 중복성 등을 고려해 효율적인 클라우드 스토리지 보안 평가를 위한 새로운 방법론을 제시 하였다. 제시한 방법론을 이용해 클라우드 스토리지 보안검증 프로세스를 설계하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.51-59
• /
• 2007

Software testing is the process of analyzing a software item to detect the differences between existing and required conditions and to evaluate the features of the software item. A traditional testing focuses on proper functionality, not security testing. Fuzzing is a one of many software testing techniques and security testing. Fuzzing methodology has advantage that low-cost, efficiency and so on. But fuzzing has defects such as intervening experts. Also, if there is no specification, fuzzing is impossible. ROAD Tool is automated testing tool for RPC(Remote Procedure Call) based protocol and software without specification. Existing tools are semi-automated. Therefore we must modify these tools. In this paper, we design and implement ROAD tool. Also we verify utility in testing results.

• The Journal of Information Systems
• /
• v.27 no.2
• /
• pp.197-219
• /
• 2018

Purpose The purpose of this study is to examine what motivates users to adopt one of the emerging applications for collaborative consumption of sharing economy. Using the self-determination theory, motivation theory and TAM(Technology Acceptance Model) as the theoretical framework, this study illustrates important factors that influence adoption of collaborative consumption service. We develops the ICTs(Information and Communications Technologies) initiatives and motivation model to collaborative consumption. Design/methodology/approach This paper makes use of a quantitative methodology using survey questionnaire that allows for the measurement of the eight constructs(System Availability, Contents Quality, Design & Personalization, Security & Privacy, Emotional & Social Value, Economic Value, Attitude, Adoption & Consumption) contained in the hypothesized theoretical model on the basis of the prior literatures. Data collected from a sample of 227 respondents who have used the collaborative consumption services and provided the foundation for the examination of the proposed relationships in the model. Findings This study has the following implications for the users and providers of CC platforms and services. The ICTs initiatives (System Availability, Contents Quality, Design & Personalization, Security & Privacy) are the influential factors that motivate the emotional and social value to CC. On the other hand, The ICTs initiatives (System Availability, Contents Quality) are not very significant factors of economic value to CC. The empirical analysis result indicate that there are significant causal effect among emotional & social value, economic value, and adoption to CC. This study provides important theoretical implications for innovation adoption research through an empirical examination of the relationship between ICTs initiatives, motivation factors to collaborative consumption in the sharing economy.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.57 no.4
• /
• pp.706-714
• /
• 2008

In this paper, we suggest a practical and flexible system architecture for JTAG(Joint Test Action Group) protection of application processors. From the view point of security, the debugging function through JTAG port can be abused by malicious users, so the internal structures and important information of application processors, and the sensitive information of devices connected to an application processor can be leak. This paper suggests a system architecture that disables computing power of computers used to attack processors to reveal important information. For this, a user authentication method is used to improve security strength by checking the integrity of boot code that is stored at boot memory, on booting time. Moreover for user authorization, we share hard wired secret key cryptography modules designed for functional operation instead of hardwired public key cryptography modules designed for only JTAG protection; this methodology allows developers to design application processors in a cost and power effective way. Our experiment shows that the security strength can be improved up to $2^{160}{\times}0.6$second when using 160-bit secure hash algorithm.