• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.038 seconds

Design of Improvement Challenge-Response Authentication Protocol for RFID System (RFID 시스템에서 개선된 Challenge-Response 인증프로토콜 설계)

  • Yang Sung-Hoon;Lee Kyung-Hyo;Kim Min-Su;Jung Seok-Won;Oh Byeong-Kyun
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2006.06a
    • /
    • pp.515-518
    • /
    • 2006
  • RFID(Radio Frequency Identification) 시스템이란 무선 라디오 주파수를 이용하여 사물을 식별 및 추적할 수 있는 기술로서 산업 전반에 걸쳐 그 적용성이 확대되고 있으나 불안전한통신상에서 데이터 송 수신 및 태그의 제한적인 계산능력과 한정된 저장 공간의 자원으로 인한 위치 추적, 스푸핑 공격, 재전송공격, 사용자 프라이버시 침해 등의 취약점이 존재한다. 본 논문에서는 기존의 RFID 시스템에 대한 인증 프로토콜들을 분석하고, Challenge Response(C-R) 인증 프로토콜에서 연산량을 줄임으로서 위치 추적과 스푸핑 공격, 재전송 공격에 효율적으로 개선된 C-R 인증 프로토콜을 제안한다.

  • PDF

Full-digital portable radiation detection system (디지털 휴대용 방사능 검출 시스템)

  • Lee, Seok Jae;Kim, Young Kil
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2015.05a
    • /
    • pp.315-318
    • /
    • 2015
  • in recently the world trend of security system for shipping transport is much more important and stronger, so following the world trend, there is development to security system of shipping transport for national security logistics system construction. it is still ongoing. For the world trend of security system, there is attempt of portable radiation detection, which is possible to get detection of nuclide in south Korea. in this Paper, it will shows about Full-digital system to portable radiation detection platform.

  • PDF

A Study on the New Management System Considering Shadow IT (Shadow IT를 고려한 새로운 관리체계 도입에 관한 연구)

  • Yoo, Jiyeon;Jeong, Nayoung
    • Journal of Information Technology Services
    • /
    • v.15 no.3
    • /
    • pp.33-50
    • /
    • 2016
  • In a dynamic IT environment, employees often utilize external IT resources to work more efficiently and flexibly. However, the use of external IT resources beyond its control may cause difficulties in the company. This is known as "Shadow IT." In spite of efficiency gains or cost savings, Shadow IT presents problems for companies such as the outflow of enterprise data. To address these problems, appropriate measures are required to maintain a balance between flexibility and control. Therefore, in this study, we developed a new information security management system called AIIMS (Advanced IT service & Information security Management System) and the Shadow IT Evaluation Model. The proposed model reflects a Shadow IT's attributes such as innovativeness, effectiveness, and ripple effect. AIIMS consists of five fields: current analysis; Shadow IT management plans; management process; education and training; and internal audit. There are additional management items and sub-items within these five fields. Using AIIMS, we expect to not only mitigate the potential risks of Shadow IT but also create successful business outcomes. Now is the time to draw to the Light in the Shadow IT.

Information Security and Its Aapplications on the Portal of the Deanship of Library Affairs at Northern Border University

  • Al Eawy, Yaser Mohammad Mohammad
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.12
    • /
    • pp.183-188
    • /
    • 2021
  • The study aimed to assess the state of electronic security for the website of the Deanship of Library Affairs at Northern Border University, as one of the university's electronic portals, which provides distinguished knowledge services to faculty members, through the Saudi Digital Library, and the integrated automated system for libraries (Symphony) with the definition of cyber security of the university, and the most important threats The study sought to analyze the opinions of a wide sample of faculty members, towards evaluating the state of electronic security for the Deanship of Library Affairs portal, through the use of both the analytical method, as well as the survey, using the questionnaire tool, and the study sample consisted of 95 A faculty member of all academic categories and degrees, and university faculties, and the study concluded that it is necessary to work to overcome the relative slowness of the university's Internet, with the faculty members notifying the information security services through e-mail and SMS service, with the continuous updating of operating systems, Apply and use the latest anti-spyware, hacking, and antivirus software at the university, while conducting extensive research studies towards information security services, and contracting It aims to introduce information security risks, and ways to combat and overcome them, and spread the culture of information security among faculty members.

A Study on ICT Security Change and CPS Security System in the 4th Industry Age (4차 산업 시대의 ICT 보안 변화와 CPS 보안 시스템에 관한 연구)

  • Joo, Heon-Sik
    • Journal of Digital Contents Society
    • /
    • v.19 no.2
    • /
    • pp.293-300
    • /
    • 2018
  • This study explored the security of Industry 4.0 such as security trends and security threats in Industry 4.0, and security system in Industry 4.0. The threat elements in Industry 4.0 are changing from ICT to IoT and to CPS security, so security paradigm and security System should change accordingly. In particular, environmental and administrative security are more important to solve CPS security. The fourth industry-age security should change to customized security for individual systems, suggesting that the security technology that combines hardware and software in product production design should change from the beginning of development. The security system of the fourth industry proposes design and implementation as a CPS security system as a security system that can accommodate various devices and platforms from a security system in a single system such as a network to an individual system.

A Building Method of Security Architecture Framework on the Medical Information Network Environment (의료정보시스템상에서의 네트워크 보안기능 프레임워크와 보안 아키텍쳐 설계방법)

  • Lee, Dae-Sung;Noh, Si-Choon
    • Convergence Security Journal
    • /
    • v.11 no.4
    • /
    • pp.3-9
    • /
    • 2011
  • On health information network architecture, traffic along the path of traffic and security, blocking malicious code penetration is performed. The medical information system network security infrastructure study, which was whether to be designed based on the structure and methodology is designed to develop the security features. Health informati on system's functionality and capabilities framework for infrastructure is the backbone and structure. The design fea tures a framework for the overall network structure formation of the skeleton and forms the basic structure of the security methodology. Infrastructure capabilities to build the framework and the application functionality is being implemented. Differentiated in accordance with security zones to perform security functions and security mechanisms that operate through this study is to present. u-Healthcare future advent of cloud computing and a new health information environment, the medical information on the preparation of this study is expected to be utilized for security.

Access Control for Secure Access Path (안전한 접근 경로를 보장하기 위한 접근 제어)

  • Kim, Hyun-Bae
    • Journal of The Korean Association of Information Education
    • /
    • v.1 no.2
    • /
    • pp.57-66
    • /
    • 1997
  • The primary purpose of security mechanisms in a computer systems is to control the access to information. There are two types of access control mechanisms to be used typically. One is discretionary access control(DAC) and another is mandatory access control(MAC). In this study an access control mechanism is introduced for secure access path in security system. The security policy of this access control is that no disclosure of information and no unauthorized modification of information. To make this access control correspond to security policy, we introduce three properties; read, write and create.

  • PDF

Guess and Determine Attack on Bivium

  • Rohani, Neda;Noferesti, Zainab;Mohajeri, Javad;Aref, Mohammad Reza
    • Journal of Information Processing Systems
    • /
    • v.7 no.1
    • /
    • pp.151-158
    • /
    • 2011
  • Bivium is a simplified version of Trivium, a hardware profile finalist of the eSTREAM project. Bivium has an internal state size of 177 bits and a key length of 80 bits. In this paper, a guess and determine attack on this cipher is introduced. In the proposed method, the best linear approximations for the updating functions are first defined. Then by using these calculated approximations, a system of linear equations is built. By guessing 30 bits of internal state, the system is solved and all the other 147 remaining bits are determined. The complexity of the attack is O ($2^{30}$), which is an improvement to the previous guess and determine attack with a complexity of order O($2^{52.3}$).

Development of an Information Security Standard for Protecting Health Information in u-Health Environment (u-Health 환경에서의 정보보호 수준제고를 위한 보안 표준 개발)

  • Kim, Dong-Soo;Kim, Min-Soo
    • IE interfaces
    • /
    • v.20 no.2
    • /
    • pp.177-185
    • /
    • 2007
  • e-Business in healthcare sector has been called e-Health, which is evolving into u-Health with advances of ubiquitous technologies. Seamless information sharing among health organizations is being discussed in many nations including USA, UK, Australia and Korea. Efforts for establishing the electronic health record (EHR) system and a nation-wide information sharing environment are called NHII (National Health Information Infrastructure) initiatives. With the advent of u-Health and progress of health information systems, information security issues in healthcare sector have become a very significant problem. In this paper, we analyze several issues on health information security occurring in u-Health environment and develop an information security standard for protecting health information. It is expected that the standard proposed in this work could be established as a national standard after sufficient reviews by information security experts, stakeholders in healthcare sector, and health professionals. Health organizations can establish comprehensive information security systems and protect health information more effectively using the standard. The result of this paper also contributes to relieving worries about privacy and security of individually identifiable health information brought by NHII implementation and u-Health systems.

Certificate Issuing using Proxy Signature and Threshold Signature in Self-initialized Ad Hoc Network (자기 초기화하는 Ad Hoc 네트워크에서의 대리 서명과 임계 서명 기법을 이용한 인증서 발급 기법)

  • Kang, Jeon-Il;Choi, Young-Geun;Kim, Koon-Soon;Nyang, Dae-Hun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.3
    • /
    • pp.55-67
    • /
    • 2007
  • In ad hoc network, especially in the environment which the system authority only exists at the beginning of the network, it is very important problem how to issue the certificates in self-initialized public key scheme that a node generates its certificate with public and private key pair and is signed that by the system authority. In order to solve this problem, early works present some suggestions; remove the system authority itself and use certificate chain, or make nodes as system authorities for other nodes' certificates. In this paper, we suggest another solution, which can solve many problem still in those suggestions, using proxy signature and threshold signature, and prove its performance using simulation and analyse its security strength in many aspects.