• Journal of the Society of Disaster Information
• /
• v.9 no.1
• /
• pp.65-77
• /
• 2013

There are many institutes which manage the disaster protection resources in their system. The system of the institutes is not mutually compatible, because there is no standard framework of the classification and identification for the disaster management resources. NIMS of FEMA defines the classification and identification framework for the incident resources. All incidents management system of USA including IRIS and webEOC follows the standard resources framework. The aim of the classification and identification of the resources provides the resources list for the disaster and supports to find the resources information efficiently. In this study, we defined the classification and identification of the resources considering the compatibility with the international standard and the field requirements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.941-950
• /
• 2021

Single Sign-On (SSO) service manages user's account passwords from multiple websites so that security in a high level is required. Users who use the SSO service are authenticated through the Identity Provider (IdP) when logging into the website. We present the security requirements that IdP can take in order to minimize the user's risk whose IdP account is compromised. We describe the security threats that arise when the security requirements are not satisfied. Through evaluation, we prove that the attacker's session cannot be canceled even if the user recognizes the attack if the IdP does not satisfy the security requirements.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3826-3851
• /
• 2016

With traditional data storage solutions becoming too expensive and cumbersome to support Big Data processing, enterprises are now starting to outsource their data requirements to third parties, such as cloud service providers. However, this outsourced initiative introduces a number of security and privacy concerns. In this paper, homomorphic encryption is suggested as a mechanism to protect the confidentiality and privacy of outsourced data, while at the same time allowing third parties to perform computation on encrypted data. This paper also discusses the challenges of Big Data processing protection and highlights its differences from traditional data protection. Existing works on homomorphic encryption are technically reviewed and compared in terms of their encryption scheme, homomorphism classification, algorithm design, noise management, and security assumption. Finally, this paper discusses the current implementation, challenges, and future direction towards a practical homomorphic encryption scheme for securing outsourced Big Data computation.

• Journal of Radiation Protection and Research
• /
• v.40 no.3
• /
• pp.132-146
• /
• 2015

To develop tailored elementary, middle, and high school textbooks suitable for understanding the nuclear energy and radiation, quantitative and qualitative research was carried out in parallel, which included nine steps to ensure the validity of content and structure. The elementary, middle, and high school students wanted to acquire information used in their daily lives, including the definition of nuclear energy and radiation, principles and status of nuclear power generation, and information about irradiated food, medical radiation, and radiation in life. In the evaluation of the effects of textbook contents according to the educational requirements of each school level, high suitability frequencies (>80%) were shown for the human character, education goals, curriculum goals, evaluation method, and education time. At some levels, the high suitability frequencies (>70%) were shown for the education grade, education type, and textbook type.

• Food Science and Industry
• /
• v.51 no.3
• /
• pp.196-208
• /
• 2018

This paper described the contents of the WTO (world trade organization) SPS (world trade organization) Agreement and trends in the WTO SPS provisions such as equivalence, localization, transparency, and risk assessment. The purpose of the WTO SPS agreement is to promote international trade by preventing arbitrary and unreasonable use of SPS measures, which are the rights of a country for the protection of human health and animal and plant health, and by abolishing the non-tariff barriers. To this end, the requirements for implementing the SPS measures taken by the importing country are restricted to those that can scientifically prove to be inevitable for SPS protection. The major provisions in WTO SPS agreement were elaborated to promote international trades. When trade-restricted SPS measures such as prohibition of imports are made, a scientific basis should be provided. Therefore, it is essential to provide scientific evidence based on risk analysis to protect people's health from potentially harmful imported foods.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.301-304
• /
• 2016

Cyber world constitute the infrastructure of the country and its people and control. Cyber attacks and leakage of personal information are being threatened damage to the national economy and national security. December 2014 had been cyber hacking attacks on Korea Hydro & Nuclear Power Nuclear cooling system design drawings of a spill, and Cheong Wa Dae website hacked, KBS stations occurred in cyber hacking accidents. As a result, ICT-based Protection Act, Promotion of Information and Communications Network Utilization and Information Act on Protection, etc., privacy laws are being enforced, personal information in the form of requirements from leading high-tech eoryeowoona is to prevent the attacks of armed hackers Internet information society It proposes positive measures to keep your personal information officer and laws.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.383-393
• /
• 2015

Recently, the number of companies consigning their personal information management work has been increasing; they consign the work for various reasons and purposes, for example, in order to reduce costs related to personal information managers, improve efficiency through professional performance and to improve service quality. As such, since the cases where an consigning agency - not the personal information manager - handles personal information are increasing due to the increase of consigning of the personal information management work, we need to concerned with and pay attention to how much such agency makes efforts for personal information protection. In this regard, this study suggests a plan for efficient management of the agency during the course of consigning work as well as a list of requirements for personal information protection to be considered in each phase of the following; establishment of personal information protection framework for all consigning work processes, selection of consigning agency, execution of consigning contract, operation and management of consigning work, and termination of contract.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.8C
• /
• pp.1076-1085
• /
• 2004

Privacy enforcement has been one of the most important problems in IT area. Privacy protection can be achieved by enforcing privacy policies within an organization's data processing systems. Traditional security models are more or less inappropriate for enforcing basic privacy requirements, such as privacy binding. This paper proposes an extended role-based access control (RBAC) model for enforcing privacy policies within an organization. For providing privacy protection and context based access control, this model combines RBAC, Domain-Type Enforcement, and privacy policies Privacy policies are to assign privacy levels to user roles according to their tasks and to assign data privacy levels to data according to consented consumer privacy preferences recorded as data usage policies. For application of this model, small hospital model is considered.

• Journal of Advanced Navigation Technology
• /
• v.14 no.4
• /
• pp.504-511
• /
• 2010

The personal bio-information supplied from the PHD(Personal Health Device) for personal health management is very sensitive in relation to a personal living body in an aspect of privacy protection. On the assumption thai the information is about a patient, it is more serious problem if it is revealed to a third party. However. the established ISO (International Organizations for Standardization) standard protocol[1] in October 2009 has just considered a transmission part for mutual exchange of bio-information between individuals, but has never actually considered security elements. Accordingly, this paper is to show all sorts of security threats according to personal health management in the u-health environment and security requirements newly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.13-26
• /
• 2006

RFID technology is evaluated as one of core technologies for ubiquitous environment, because of its various characteristics which barcode systems don't have. However, RFID systems have consumer's privacy infringement problems, such like information leakage and location tracing. We need RFID privacy protection protocols, that satisfy three essential security requirements; confidentiality, indistinguishability and forward security, in order to protect consumer's privacy perfectly. The most secure protocol, that satisfies all of the three essential security requirements, among existing protocols, is the hash-chain based protocol that Ohkubo proposed. Unfortunately this protocol has a big disadvantage that it takes very long time to identify a tag in the back-end server. In this paper, we propose a scheme to keep security just as it is and to reduce computation time for identifying a tag in back-end server. The proposed scheme shows the results that the identification time in back-end server is reduced considerably compared to the original scheme of Ohkubo protocol.