• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.031 seconds

A Practical Undeniable Digital Signature Scheme (실용적인 부인방지 전자 서명 기법)

  • 곽남영;박성준;류재철
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 1994.11a
    • /
    • pp.35-44
    • /
    • 1994
  • We propose an undeniable digital signature scheme which is practical since it has less computation and communication overhead than Chaum's one. We expect that this protocol be useful to develop secure systems such as electronic contract system, electronic mail system and electronic cash system.

  • PDF

An Anonymous Authentication in the Hierarchy for VANET (VANET 환경을 위한 계층적 구조의 익명 인증 기술)

  • Bae, Kyungjin;Lee, Youngkyung;Kim, Jonghyun;Lee, Dong Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.3
    • /
    • pp.563-577
    • /
    • 2018
  • In order to support secure communication in VANET(Vehicular Ad hoc Network), messages exchanged between vehicles or between vehicle and infrastructure must be authenticated. In this paper, we propose a hierarchical anonymous authentication system for VANET. The proposed system model reduces the overhead of PKG, which is a problem of previous system, by generating private keys hierarchically, thereby enhancing practicality. We also propose a two-level hierarchical identity-based signature(TLHIBS) scheme without pairings so that improve efficiency. The proposed scheme protects the privacy of the vehicle by satisfying conditional privacy and supports batch verification so that efficiently verifies multiple signatures. Finally, The security of the proposed scheme is proved in the random oracle model by reducing the discrete logarithm problem(DLP) whereas the security proof of the previous ID-based signatures for VANET was incomplete.

VR Threat Analysis for Information Assurance of VR Device and Game System (VR 기기와 게임 시스템의 정보보증을 위한 VR 위협 분석)

  • Kang, Tae Un;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.2
    • /
    • pp.437-447
    • /
    • 2018
  • Virtual Reality (VR) is becoming a new standard in the game industry. PokeMon GO is a representative example of VR technology. The day after the launch of PokeMon Go in the U.S, It has achieved the highest number of iOS App Store downloads. This is an example of the power of VR. VR comprises gyroscopes, acceleration, tactile sensors, and so on. This allow users could be immersed in the game. As new technologies emerge, new and different threats are created. So we need to research the security of VR technology and game system. In this paper, we conduct a threat analysis for information assurance of VR device (Oculus Rift) and game system (Quake). We systematically analyze the threats (STRIDE, attack library, and attack tree). We propose security measures through DREAD. In addition, we use Visual Code Grepper (VCG) tool to find out logic errors and vulnerable functions in source code, and propose a method to solve them.

Case Study Plan for Information Security SLA Performance System in Public Sector (공공부문 정보보안 SLA 성과체계 사례연구)

  • Jeong, Jae Ho;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.4
    • /
    • pp.763-777
    • /
    • 2021
  • Information security started as an IT operation process and is now recognized as an important issue of information technology, and each international organization is newly defining the concept. Information security itself is a new combination of IT technologies, a set of technologies and a technology area. As IT outsourcing becomes common in many public sectors, SLAs are introduced to evaluate the level of IT services. In the area of information security, many studies have been conducted on the derivation and selection of SLA performance indicators, but it is difficult to find a way to apply the performance indicators to service level evaluation and performance systems. This thesis conducted a study on the application of a service evaluation system for information security performance indicators based on the public sector and a performance system including compensation regulations. It presents standards and rewards(incentive and penalty) that define expectation and targets of performance indicators that take into account the environment and characteristics of a specific public sector, and defines appropriate SLA costs. It proposes a change plan for the organizational structure for practical SLA application and service level improvement.

A Study on Event Log Correlation Analysis for Control System Threat Analysis (제어시스템 위협분석을 위한 Event Log 상관분석에 관한 연구)

  • Kim, Jongmin;Kim, Minsu;Lee, DongHwi
    • Convergence Security Journal
    • /
    • v.17 no.5
    • /
    • pp.35-40
    • /
    • 2017
  • The control system can have such threats as information leakage and falsification through various routes due to communications network fusion with public network. As the issues about security and the infringe cases by new attack methods are diversified recently, with the security system that makes information data database by simply blocking and checking it is difficult to cope with new types of threats. It is also difficult to respond security threats by insiders who have security access authority with the existing security equipment. To respond the threats by insiders, it is necessary to collect and analyze Event Log occurring in the internal system realtime. Therefore, this study could find out whether there is correlation of the elements among Event Logs through correlation analysis based on Event Logs that occur real time in the control system, and based on the analysis result, the study is expected to contribute to studies in this field.

Problems and countermeasures of the private security industry according to the current situation

  • Park, Su-Hyeon;Choi, Dong-Jae
    • Journal of the Korea Society of Computer and Information
    • /
    • v.25 no.12
    • /
    • pp.315-320
    • /
    • 2020
  • The purpose of this study is to analyze and interpret the current situation of private security companies·guards for the past three years, security companies by size, general·special (new education), and qualification system provided by the Police Agency, Security Association, etc. It provides a theoretical foundation for private security and provides a new perspective for interpreting private security. As a result, through the current situation, this private security has a concentration of metropolitan area and facility security, an abnormal personal protection company contrast, the number of personal protection institutes, there is a special security shift to regular jobs, and the current continuous education On the other hand, the education of special security guards has been shown to be limited. In the qualification system, the utilization of security instructor qualifications and the utilization and public relations of personal probation officer qualifications will appear. The current state of typical private security is as follows. The first is the balanced development of private security and the clarity of business divisions. Second, the quality of private security education and educational institutions must be high. Third is the recognition of the qualification system and active public relations.

A Polyinstantiation Method for Spatial Objects with Several Aspatial Information and Different Security Levels (비공간 정보와 보안 등급을 갖는 공간 객체를 위한 다중인스턴스 기법)

  • 오영환;전영섭;조숙경;배해영
    • Journal of KIISE:Databases
    • /
    • v.30 no.6
    • /
    • pp.585-592
    • /
    • 2003
  • In the spatial database systems, it is necessary to manage spatial objects that have two or more aspatial information with different security levels on the same layer. If we adapt the polyinstantiation concept of relational database system for these spatial objects, it is difficult to process the representation problem of spatial objects and to solve the security problem that is service denial and information flow by access of subject that has a different security level. To address these problems, we propose a polyinstantiation method for security management of spatial objects in this paper. The proposed method manages secure spatial database system efficiently by creating spatial objects according to user's security level through security-level-conversion-step and polyinstantiation-generation-step with multi-level security policy. Also, in case of user who has a different security level requires secure operations, we create polyinstance for spatial object to solve problems of service denial and information flow.

Analysis on Development Methodology of Modern Secure boot: Focusing on Platform Environment (현대의 보안부팅 개발 방식 분석: 플랫폼 환경을 중심으로)

  • Kim, Jin-Woo;Lee, Sang-Gil;Lee, Jeong-Guk;Lee, Sang-Han;Shin, Dong-Woo;Lee, Cheol-Hoon
    • The Journal of the Korea Contents Association
    • /
    • v.20 no.2
    • /
    • pp.15-26
    • /
    • 2020
  • Secure boot is security technology that verifies the integrity of the computer system in boot stage and controls the boot process accordingly. The computer system can establish a secure execution environment from the threat of various malwares by security boot and also supports the recovery when system in emergency case. Recently, Secure boot has been adopted by various modern computer manufacturers to protect users' information from hacker attacks and to prevent abuse of their products by malicious users. In this paper, we classify security boot developed by various companies and organizations by platform, and analyze the design and development purpose of each security boot and investigate the limitation of design. It can be used as a reference for system security designers in various information of security boot development method and security design of system.

A Study on Control System Cyber Security Education & Training Method (제어시스템 사이버 보안 교육훈련 방안 연구)

  • Kim, Kyeong-Ho;Maeng, YounJae;Jang, MoonSu;Ryou, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.3
    • /
    • pp.645-656
    • /
    • 2019
  • As the number of cyber threats to control systems increases, the need for control system cyber security is also increasing. Currently, various cyber security related education and control system education are being conducted. However, it does not fully reflect the characteristics of the control system and the characteristics of the participants. In this paper, we propose a training system and technique to enhance the control system cyber security capability. To this end, we analyze the limitations of existing security education. Based on the results, we develop a control system training environment model based on the IEC62443 Standard and develop an ARCH based training method.