• Journal of the Society of Disaster Information
• /
• v.17 no.4
• /
• pp.897-903
• /
• 2021

Purpose: Recently, ransomware damage that encrypts victim's data through hacking and demands money in exchange for releasing it is increasing domestically and internationally. Accordingly, research and development on various response technologies and solutions are in progress. Method: A secure storage area and a general storage area were created in the same virtual environment, and the sample data was saved by registering the access process. In order to check whether the stored sample data is infringed, the ransomware sample was executed and the hash function of the sample data was checked to see if it was infringed. The access control performance checked whether the sample data was accessed through the same name and storage location as the registered access process. Result: As a result of the experiment, the sample data in the secure storage area maintained data integrity from ransomware and unauthorized processes. Conclusion: Through this study, the creation of a secure storage area and the whitelist-based access control method are evaluated as suitable as a method to protect important data, and it is possible to provide a more secure computing environment through future technology scalability and convergence with existing solutions.

• Journal of Digital Convergence
• /
• v.20 no.4
• /
• pp.377-388
• /
• 2022

Metaverse, realistic virtual space technology has become a hot topic. However, due to the lack of an institutional system to the metaverse environment, concerns are rising over the leakage of industrial confidentiality, including digital assets produced, stored, processed, and transferred within the metaverse. Digital forensics, a technology to defend against hacking attacks in cyberspace, cannot be used in metaverse space, and there is no basis for calculating the extent of damage and tracking responsibility, making it difficult to respond to human resources leakage and cyberhacking effectively. In this paper, we define the scope of industrial confidentiality information and leakage scenario and propose policy and institutional measures based on problems in each metaverse scenario. As a result of the study, it was necessary to prepare a standardized law on Extra-territorial search and seizure issues and a system for collecting cryptocurrency evidence to respond to industrial confidentiality leaks in the metaverse. The study expects to contribute to industrial technology development by preparing in advance for problems that may arise in metaverse technology.

• The Journal of the Korea Contents Association
• /
• v.22 no.7
• /
• pp.63-72
• /
• 2022

With the advent of cryptocurrencies such as Bitcoin in 2009, the paradigm of money, a means of payment, has been changing significantly. And it has a great impact on our daily lives. Thus central banks have attempted various analyzes on the issuance and impact of digital currencies including electronic payments but a study on which issuance method is suitable is insufficient. In this study, the issuance of digital currency was analyzed compared to the electronic payments which are currently used. As a result, the account-based model did not show any significant differences from the current RTGS(real-time gross settlement systems) and retail payment systems. But the token-based model is expected that it can improve the efficiency of finance and induce technological innovation in the financial field. However, it was analyzed that this model would weaken the intermediary function of financial institutions such as loans due to the characteristics of digital signature technology. In addition, in order to protect consumers against security attacks such as hacking and phishing of CBDCs, legal and institutional supports similar to the current electronic payment method are required, and continuous technology development efforts are also required for the CBDC issuance model to maintain convenience and anonymity equivalent to cash.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.2
• /
• pp.15-26
• /
• 2021

Recently, as the introduction of cloud, mobile, and IoT has become active, there is a growing need for technology development that can supplement the limitations of traditional security solutions based on fixed perimeters such as firewalls and Network Access Control (NAC). In response to this, SDP (Software Defined Perimeter) has recently emerged as a new base technology. Unlike existing security technologies, SDP can sets security boundaries (install Gateway S/W) regardless of the location of the protected resources (servers, IoT gateways, etc.) and neutralize most of the network-based hacking attacks that are becoming increasingly sofiscated. In particular, SDP is regarded as a security technology suitable for the cloud and IoT fields. In this study, a new access control system was proposed by combining SDP and hash tree-based large-scale data high-speed signature technology. Through the process authentication function using large-scale data high-speed signature technology, it prevents the threat of unknown malware intruding into the endpoint in advance, and implements a kernel-level security technology that makes it impossible for user-level attacks during the backup and recovery of major data. As a result, endpoint security, which is a weak part of SDP, has been strengthened. The proposed system was developed as a prototype, and the performance test was completed through a test of an authorized testing agency (TTA V&V Test). The SDP-based access control solution is a technology with high potential that can be used in smart car security.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.8
• /
• pp.253-262
• /
• 2023

E-voting is a concept that includes actions such as kiosk voting at a designated place and internet voting at an unspecified place, and has emerged to alleviate the problem of consuming a lot of resources and costs when conducting offline voting. Using E-voting has many advantages over existing voting systems, such as increased efficiency in voting and ballot counting, reduced costs, increased voting rate, and reduced errors. However, centralized E-voting has not received attention in public elections and voting on corporate agendas because the results of voting cannot be trusted due to concerns about data forgery and modulation and hacking by others. In order to solve this problem, recently, by designing an E-voting system using blockchain, research has been actively conducted to supplement concepts lacking in existing E-voting, such as increasing the reliability of voting information and securing transparency. In this paper, we proposed an electronic voting system that introduced hybrid blockchain that uses public and private blockchains in convergence. A hybrid blockchain can solve the problem of slow transaction processing speed, expensive fee by using a private blockchain, and can supplement for the lack of transparency and data integrity of transactions through a public blockchain. In addition, the proposed system is implemented as BaaS to ensure the ease of type conversion and scalability of blockchain and to provide powerful computing power. BaaS is an abbreviation of Blockchain as a Service, which is one of the cloud computing technologies and means a service that provides a blockchain platform ans software through the internet. In this paper, in order to evaluate the feasibility, the proposed system and domestic and foreign electronic voting-related studies are compared and analyzed in terms of blockchain type, anonymity, verification process, smart contract, performance, and scalability.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.3
• /
• pp.465-474
• /
• 2023

As the effective use and strong protection of an organization's information resources are recognized as a condition for the growth of an organization, they are increasing technological and policy investments in IS(information security). However, information exposure can occur from external invasions such as hacking and incidents related to misuse and abuse by insiders. This study proposes a mechanism that considers the organizational environment and individual characteristics from the viewpoint of promoting employees' IS participation activities. In other words, the study presents the complex effects of organizational environmental factors (ethical leadership, IS collaborative communication) and personal factors (person-organization fit) on organization trust and IS voice behavior. We surveyed office workers who asked for IS-related business activities and tested hypotheses using 422 samples. As a result, ethical leadership influenced organization trust through collaborative communication, and organization trust strengthened IS voice behavior by having an interaction effect with person-organization fit. This study suggests direction for establishing an organizational environment for promoting IS-related activities by office workers, so it provides practical implications for organizations with goals related to internal information exposure control.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.6 no.7
• /
• pp.17-26
• /
• 2016

Information spill was occurred several times in the country due to the negligence of the large internet service providers including SK Communications, Auction, KT. In order to judge the Internet Service Provider(ISP)'s liability in individual data spill caused by hacking, the violation of existing legislation or general principle of law's good faith principle has to be examined. However, based on current ISP's good faith principle, there is no objective standard for judging liability. Such uncertain range of protection action duty based on good faith principle generates complaint toward companies, therefore presentation of objective judgement range index on how to determine this range is needed. However due to the legal characteristic of above-mentioned law, it is not possible to fix the range of protection action duty and regulate it on law. In order to resolve this, rather than concerning simply on legal system level, fusion approach method is needed. Thus, this research will discuss the measure for objective standard for predicting ISP's range of protection action duty through fusion view dividing in technical, legal and administrative aspects.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.6
• /
• pp.835-844
• /
• 2018

Recently, as the number of smartphone users has been increasing worldwide, various services such as electronic payment, internet use, and financial settlement are being used as a smartphone. In addition, researches for home appliance control and automobile control using smartphone are conducted. As such, smartphone users can enjoy a more convenient life, but by hacking smartphones, tapping texts and conversations on smartphones, tracking location through spy apps, DDoS attacks using smartphones, and malicious apps When a message is received at a specific telephone number when using a micropayment, the corresponding text message is transmitted to a remote server, thereby increasing the risk of leakage of personal information and the like. Therefore, in this paper, we define the risk factors of the smartphone that are caused by the internal and external environmental, physical, contents (apps) of the smartphone through the smartphone that we use in real life, We propose a method to check vulnerability of smartphone security solution such as CC evaluation and the most effective response technique for each risk of smartphone by defining the technique.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.161-168
• /
• 2022

After the corona virus, as non-face-to-face services are activated, domain services that guarantee integrity by embedding sensing information of the Internet of Things (IoT) with block chain technology are expanding. For example, in areas such as safety and security using CCTV, a process is required to safely update firmware in real time and to confirm that there is no malicious intrusion. In the existing safe security processing procedures, in many cases, the person in charge performing official duties carried a USB device and directly updated the firmware. However, when private blockchain technology such as Hyperledger is used, the convenience and work efficiency of the Internet of Things environment can be expected to increase. This article describes scenarios in how to prevent vulnerabilities in the operating environment of various customers such as firmware updates and device changes in a non-face-to-face environment. In particular, we introduced the optimal blockchain technique for the Internet of Things (IoT), which is easily exposed to malicious security risks such as hacking and information leakage. In this article, we tried to present the necessity and implications of security management that guarantees integrity through operation applying block chain technology in the increasingly expanding Internet of Things environment. If this is used, it is expected to gain insight into how to apply the blockchain technique to guidelines for strengthening the security of the IoT environment in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.335-345
• /
• 2024

In the digital era, data security has become an increasingly critical issue, drawing significant attention. Particularly, anti-tampering technology has emerged as a key defense mechanism against indiscriminate hacking and unauthorized access. This paper explores case studies that exemplify the trends in the development and application of TPM (Trusted Platform Module) and software anti-tampering technology in today's digital ecosystem. By analyzing various existing security guides and guidelines, this paper identifies ambiguous areas within them and investigates recent trends in domestic and international research on software anti-tampering. Consequently, while guidelines exist for applying anti-tampering techniques, it was found that there is a lack of methods for evaluating them. Therefore, this paper aims to propose a comprehensive and systematic evaluation framework for assessing both existing and future software anti-tampering techniques. To achieve this, it using various verification methods employed in recent research. The proposed evaluation framework synthesizes these methods, categorizing them into three aspects (functionality, implementation, performance), thereby providing a comprehensive and systematic evaluation approach for assessing software anti-tampering technology in detail.