• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.2
• /
• pp.107-122
• /
• 1997

Most of the currently used electronic mail system has the threat of security such as illegal leak of message, forgery, uncertain identity, denial of sending and receiving, and so forth. The security for this system is not satisfied yet, thus we explore these problems. In this thesis, we implement the security services for internet mail system which cover the weakness for traditional mail system. This system provides not only security services which PEM and PGP provides (i.e message confidentiality, message integrity, originator authentication, non-repudiation of origin), but also message replay prevention. and non-denial of recipient using certification of contents. In addition, this system increases security of the digital signature by signing with signature block formatting on the creation of it. And it increases security of the digital enveloping by encrypting with encryption block formatting of message encryption key.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.12
• /
• pp.873-879
• /
• 2020

The importance of data as a core resource of the 4th industrial revolution is emerging, and companies illegally collect and use personal data. In the financial sector, active research is conducted to safely manage personal data and provide better services using blockchain, big data, and AI technology. In this paper, we propose a system that can safely manage personal data by using blockchain technology, which can be used without changing the existing system. The composition of this system consists of a blockchain, blockchain linkages, a service provider, and a user (i.e., an app). Blockchain can be used regardless of its type and form, and services are provided by classifying blockchains and services in the blockchain linkages. Service providers can access personal data only after requesting and receiving delegated permission from users. Existent MyData services store all data in a user's mobile phone, so information may get leaked due to jailbreaks or rooting. But in the proposed system, personal data are stored in blockchain so information leakage can be prevented. In the future, we will study ways to provide customized services using personal data stored in blockchain.

• Journal of Science Education
• /
• v.46 no.3
• /
• pp.266-277
• /
• 2022

We analyzed the responses of 152 science-gifted high school students by surveying the status and recognition of writing and keeping laboratory notebooks to develop guidelines and education plans. Science-gifted students did not write laboratory notes diligently, despite recognizing that it is crucial to do so. Mentors also tended not to provide faithful guidance and inspection. There was an insufficient practice in using research evidence in laboratory notebooks, such as including names and dates for authentication. In addition, while a high ratio of students owned their own laboratory notebooks, there was not a high level of recognition regarding the retention period, ownership, and responsibility. Based on these results, we propose suggestions for improving educational institutions for gifted students in science. First, it is necessary to strengthen the guidance for science-gifted students to faithfully write laboratory notebooks. Second, education on writing laboratory notebooks should be provided. Third, science-gifted high schools should prepare regulations for the management of lab notes and conduct education based on them.

• Information Systems Review
• /
• v.22 no.4
• /
• pp.135-161
• /
• 2020

With the growth of blockchain and cryptocurrency-related markets, cryptocurrency exchanges are growing as a new industry. However, as the legal and regulatory definitions of cryptocurrencies are still in progress, unlike existing industrial groups, they are not under the supervision of regulatory agencies. As a result, users (i.e., cryptocurrency investors) have suffered two types of damage that could occur from hacking and other accidents on the exchanges. One type of the damage is the loss of assets caused by the extortion of personal information or account and the other is the damage from users who might be involved in external frauds. Both are analyzed in comparison with existing operators whose functions are like the exchanges. The results of this study show that membership (KYC: Know Your Client), log-in, and additional authentication in transactions are on the similar level to those of the operators while the fraud detection system (FDS) and anti-money laundering (AML) of fiat currencies and cryptocurrencies need rapid improvement.

• Asia pacific journal of information systems
• /
• v.29 no.2
• /
• pp.308-327
• /
• 2019

The concept of sharing economy has received rich attention in recent years. As a typical type of business model in the sharing economy, online short rent has been paid attention by both industry and academia. In this study, we find trust to be a critical determinant to the success of online short rent platforms. Based on three dimensions of trust theory, i.e., ability, benevolence and integrity, we investigate the factors influencing tenant' willingness to participate in online short rent. We further examine the extent to which trust can influence the number of sales and comments of rooms listed at online short-term rent platforms, which can represent tenant' willingness to participate in the sharing economy. The results show that the trust dimensions represented by a landlord's personal characteristics have significant positive correlations with the number of sales and comments. For example, the real name authentication and the sesame score can represent the trust integrity; online replay ratio and the average confirmation time representing the trust sincerity, and the order acceptance ratio representing the trust ability. On this basis, we proposed some recommendations for both platforms and landlords. For example, the landlords can improve the tenants' trust by authenticating his/her real name, replying actively and timely. For platforms, when they make housing list ranking rules, they can take the landlord's personal attributes that may affect trust into consideration. Moreover, platforms can also allow landlords to supply value-added services to improve service quality and ultimately promote the virtuous circle of the platform ecosphere. Through conducting the empirical research on a particular application of the sharing economy, we aim to fill the research gap of this field in China and provide theoretical and practical contributions to the future development of online short rent.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.127-136
• /
• 2013

The study of the compatibility of EPUB DRM, granted by the Korea Copyright Commission, as a CT R & D project (Project Title: The Development of the standard reference software technology for International Standard EPUB-based eBook DRM) developed standards such as profile standards for encryption digital signature and authentication certificates and standards for technical terms of rights information. In 2012, these four standards have been established as the Korean Industrial Standards under the names of 'Encryption specification for EPUB DRM,' 'the Digital signature specification for EPUB DRM,' 'the Certificate specification for EPUB DRM,' and 'Definitions of Right Terms for EPUB DRM' through the ODPF(Open Digital Standardization Forum) and the TTA(Telecommunications Technology Association). The research project also proposed standards of ebook DRM license protocols in order for the four standards to practically apply to ebook DRM compatibility. It is necessary for technology standards to require a compatibility standard test process for testing whether implementations which were developed on the basis of the standard specification, comply with standards. This study suggests an automated compatible standard test method and a test model under the ebook DRM standard technical specification.

• The Journal of Information Systems
• /
• v.27 no.1
• /
• pp.193-224
• /
• 2018

Purpose Targeting Korean companies listed on Korean securities markets (i.e., KOSPI and KOSDAQ markets), this study aims to shed lights the effects of personal information security breaches on stock prices of information security companies. Interestingly, this study is, to the best of our knowledge, the first to examine the information transfer effect on personal information security breaches of companies. Design / Methodology /Approach To examine the information transfer effect of personal information security breaches, our study employs the event study commonly used in financial studies. To this end, we investigate a variety of events of personal information security breaches of companies listed on the KOPSI stock market and the KOSDAQ market. We collect the total samples of one hundred and twelve with forty seven of events of personal information security breaches by thirty companies and sixty five of information security companies. Findings The principal findings from the empirical study are as follows. First, for companies of personal information security breaches, our event study presents the significantly negative AAR (averaged abnormal return) value on the event day at the 5 % level and the highly significant negative CAAR(cumulative averaged abnormal return) value on the event day and the day after the event day at the 1 % level. The results suggest that personal information breaches significantly contribute to an decrease in value of the information breached companies. The cross sectional regressions in this study estimate the significantly negative coefficient for the ME/BE variable, the proxy for a growth opportunity at the 5 % level. This suggests a reverse relation between the growth opportunity of companies and their value. As for the various samples of the information security companies categorized by physical security, network and system security, security application software, code authentication, system integration, we find the significantly positive AAR on the day after the event day at the 5% level, only for the network and system security-companies. This addresses that the information transfer effect followed by personal information breaches is uniquely observable for companies categorized into network and system companies. The regressions for the network and system companies estimate the significantly positive coefficient for the NS dummy variable (i.e., the dummy of the network and system security companies) at the standard level. This allows us to identify appropriate times needed to make the information transfer effect realized from personal information breached companies to information security companies.

• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.169-185
• /
• 2017

Juliano Rizzo and Thai Duong, the authors of the BEAST attack [11, 12] on SSL, have proposed a new attack named CRIME [13] which is Compression Ratio Info-leak Made Easy. The CRIME exploits how data compression and encryption interact to discover secret information about the underlying encrypted data. Repeating this method allows an attacker to eventually decrypt the data and recover HTTP session cookies. This security weakness targets in SPDY and SSL/TLS compression. The attack becomes effective because the attacker is enable to choose different input data and observe the length of the encrypted data that comes out. Since Transport Layer Security (TLS) ensures integrity of data transmitted between two parties (server and client) and provides strong authentication for both parties, in the last few years, it has a wide range of attacks on SSL/TLS which have exploited various features in the TLS mechanism. In this paper, we will discuss about the CRIME and other versions of SSL/TLS attacks along with countermeasures, implementations. We also present direction for SSL/TLS attacks resistance in practice.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.48 no.11
• /
• pp.35-43
• /
• 2011

In this paper, we propose a novel architecture for seamless mobility management to provide users with seamless Internet connection when users roam between diverse wireless local area networks (WLANS) controlled by different management entities. There have been many researches in IETF, i.e., MIPv6, HMIPv6, and PMIPv6, to provide the mobility management. However, practically since wireless access points or access routers, which are managed by an individual manager or ISP managers, have different authentication scheme and the supported mobility management, the previous mobility management protocol developed by IETF can not guarantee the quality of service of application services as the mobile node performs the handover. To solve this drawback, we propose the mobility management scheme to provide QoS-guaranteed Internet services during the handover by configurating the wireless networks which is defined by users. More specifically, we present a model, the architecture and an algorithm for user-defined network (UDN) to provide the seamless Internet service. Finally, the performance of the proposed algorithm is evaluated by the network simulation tool.

• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.211-217
• /
• 2008

Recently, there are many efforts to support seamless mobility in 802.11 WLANs using IP Layer mobility protocols. The IP layer mobility protocols are the most efficient mechanism to guarantee the service session continuity when IP subnet is changed during handover. Even if the IP layer mobility protocols are quite efficient, the feature of the protocols that had been designed to consider only L3 layer makes it difficult to improve the performance of hand over more and more. Nowadays, to overcome this limitation of IP mobility protocols, many researchers have worked on the mobility protocols integration of different layers (e.g., L2 layer). In this paper, we propose the enhanced Proxy MIPv4 to minimize the latency of handover using MIH protocol in 802.11 WLANs. The proposed mechanism minimizes the latency of authentication by exchanging security keys between Access Routers during handover. Moreover, it also minimizes packet losses by Inter-AP Tunneling and data forwarding.