• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.135-144
• /
• 2010

Privacy protection can only be achieved by enforcing privacy policies within an enterprise's on and offline data processing systems. There are P-RBAC model and purpose based model and obligations model among privacy policy models. But only these models each can not dynamically deal with the rapidly changing business environment. Even though users are in the same role, on occasion, secure system has to opt for a figure among them who is smart, capable and supremely confident and to give him/her a special mission during a given period and to strengthen privacy protection by permitting to present fluently access control conditions. For this, we propose Integrated Privacy Protection Model based on RBAC. Our model includes purpose model and P-RBAC and obligation model. And lastly, we define high level policy language model based XML to be independent of platforms and applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.387-400
• /
• 2021

The increase in number of streaming platforms and contents thereof, owing to an advancement of cloud environment, has triggered the rapid proliferation of illegally replicated contents as well as legal contents. This necessitates the development of technology capable of discriminating the copyright infringement of various contents. The Korea Copyright Protection Agency operates a video content demonstration system using AI, but it has limitations on distortions such as resolution changes. In this paper, we propose the powerful mechanism using skeleton, which is resistant against distorted video contents and capable of discriminating copyright infringement of platforms streaming illegal video contents. The proposed mechanism exploits the calculation of Hamming distance to the original video by converting collected data into binary ones for the efficient calculation. As a result of the experiment, the proposed mechanism have demonstrated the discrimination of illegally replicated video contents with an accuracy of 94.79% and average magnitude of 215KB.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.411-422
• /
• 2021

The autonomous driving system mounted on the unmanned vehicle recognizes the external environment through several sensors and derives the optimum control value through it. Recently, studies on physical level attacks that maliciously manipulate sensor data by performing signal-injection attacks have been published. signal-injection attacks are performed at the physical level and are difficult to detect at the software level because the sensor measures erroneous data by applying physical manipulations to the surrounding environment. In order to detect a signal-injection attack, it is necessary to verify the dependability of the data measured by the sensor. As so far, various methods have been proposed to attempt physical level attacks against sensors mounted on autonomous driving systems. However, it is still insufficient that methods for defending and detecting the physical level attacks. In this paper, we demonstrate signal-injection attacks targeting MEMS sensors that are widely used in unmanned vehicles, and propose a method to detect the attack. We present a signal-injection detection model to analyze the accuracy of the proposed method, and verify its effectiveness in a laboratory environment.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.332-346
• /
• 2022

Digital transformation represents one of the main obstacles facing several government, private, and non-profit sectors that help stabilize digital transformation in the Arabic region. One of the helpful ways to improve the level of freedom, productivity, and flexibility among employees to accept the BYOD approach is using their own devices to perform their work both in and outside the workplace. This study focuses to present the differences between the main three economic sectors, which represent the most important pillars of the economy in Saudi Arabia within the Kingdom's Vision 2030. BYOD also has great importance to the stakeholders for raising their awareness by expressing the implications, if the concept of BYOD is widely and correctly adopted. The study uses the diffusion of innovation (DOI) framework and quantitative analysis data to determine the main dimensions and important factors that help increase the awareness of the target audience. The number of participants in this study was 830, and the participants are mixing between the government, private, and non-profit sectors. The main findings showed a significant impact of several factors such as the importance of knowledge, ease of use, employee satisfaction, risk awareness, and attention to increase the level of acceptance in three main sectors study for using the BYOD approach widespread and professional use.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1157-1169
• /
• 2021

The disaster recovery refers to policies and procedures to ensure continuity of services and minimize loss of resources and finances in case of emergency situations such as natural disasters. In particular, the disaster recovery method by the cloud service provider has advantages such as management flexibility, high availability, and cost effectiveness. However, this method has a dependency on a service provider and has a structural limitation in which a user cannot be involved in personal data. In this paper, we propose a protocol using proxy re-encryption for data confidentiality by removing dependency on service providers by backing up user data using blockchain and distributed storage. The proposed method is implemented in Ethereum and IPFS environments, and presents the performance and cost required for backup and recovery operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.25-38
• /
• 2022

With the diversification of payment methods and games, related financial accidents are causing serious problems for users and game companies. Recently, game companies have introduced an Fraud Detection System (FDS) for game payment systems to prevent financial incident. However, FDS is ineffective and cannot provide major evidence based on judgment results, as it requires constant change of detection patterns. In this paper, we analyze abnormal transactions among payment log data of real game companies to generate related features. One of the unsupervised learning models, Autoencoder, was used to build a model to detect abnormal transactions, which resulted in over 85% accuracy. Using X-FDS (Explainable FDS) with XAI-SHAP, we could understand that the variables with the highest explanation for anomaly detection were the amount of transaction, transaction medium, and the age of users. Based on X-FDS, we derive an improved detection model with an accuracy of 94% was finally derived by fine-tuning the importance of features that adversely affect the proposed model.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.169-174
• /
• 2022

The purpose of the study is to research the legal nature and essence of corrupt behavior, as well as the international and national legal aspects of the fight against corruption. The article discloses the relation between the factual results of the operation of anti-corruption normative and legal acts and the goals and objectives for which they were adopted. The effectiveness of the regulatory effect and quality of anti-corruption legislation is determined by the example of the Russian Federation. The article provides an analysis of theoretical aspects of the theory and history of the formation and development of anti-corruption legislation (on the example of Russia and some other countries, as well as international legal norms) giving several practical examples from foreign legislation demonstrating the structure of the system of government bodies battling against corrupt behavior (including its latent forms). The authors suggest that there is a need for a unified conception of information and propaganda support of state anti-corruption activities. This will make it possible to inform the population that the state is actively working to prevent corruption threats and to bring perpetrators to justice, as well as contribute to citizens' trust in the state policy in this area. At the same time, it is necessary to regularly inform the citizens about the provisions of the anti-corruption legislation, explaining the importance of their observance.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.5
• /
• pp.656-661
• /
• 2022

Password with a combination of 4-digit numbers has been widely adopted for various authentication systems (such as credit card authentication, digital door lock systems and so on). However, this system could not be safe because the 4-digit password can easily be stolen by predicting it from the fingermarks on the keypad or display screen. Furthermore, due to the prolonged COVID-19 pandemic, contactless method has been preferred over contact method in authentication. This paper suggests a new password input method based on eyeblink pattern analysis in video sequence. In the proposed method, when someone stands in front of a camera, the sequence of eyeblink motions is captured (according to counting signal from 0 to 9 or 9 to 0), analyzed and encoded, producing the desired 4-digit decimal numbers. One does not need to touch something like keypad or perform an exaggerated action, which can become a very important clue for intruders to predict the password.

• International Journal of Computer Science & Network Security
• /
• v.22 no.8
• /
• pp.385-391
• /
• 2022

The relevance of the published study lies in the fact that since the introduction of the first Global Distribution System, new information and communication technologies have constantly been changing the tourism industry. In the context of a current digital environment, travel agencies can't avoid participating in digital transformation processes aimed at rethinking operational models, skills, and organisational structures in the regions. This publication aims to present and provide a critical overview of digitalisation processes in tourism development in the regions of the Russian Federation, as well as to reflect on the challenges to the widespread digitalisation processes in the regional tourism sector. The subject of research is digitalisation processes, as they radically transform the modern tourism industry, in the regions as well. The pragmatic research paradigm was considered the most appropriate for the study of tourism digitalisation processes in the regions, as it does not require the selection of a specific theoretical basis for data collection. The pragmatic approach forms an alternative to classical theoretical approaches and serves as a particular type of grounded theory, combining both inductive and deductive methods. No software was used for the inductive part of the analysis. The deductive part was conducted using the qualitative data analysis software Nvivo 11. Given the wide diversity of interested parties in the regional tourism digital area, a stratified purposive sampling method was preferred due to its ability to adequately represent the full picture of the phenomenon under study. The selection and stratum criteria were chosen to maximise the representation of different perspectives in the regional tourism digital area. The novelty of the study is due to the digitalisation processes, with an implication of new needs, while opening up promising opportunities for more productive tourism business in the regions of the Russian Federation. Currently, e-tourism in the Russian Federation has become a subject of lively debate among scholars and practitioners. However, the involvement of advanced digitalisation technologies in the field of information processes in the regions of the Russian Federation is of a very sporadic character.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.6
• /
• pp.266-283
• /
• 2022

With the rapid development of autonomous vehicle technology, unexpected accidents are occurring. Therefore, it is necessary to minimize user accident damage through the development of autonomous traffic safety education. Since edge cases, accident type, and risk factor analysis are important for realistic education, overseas case studies and demonstrations were carried out, and based on this, two curriculum for service providers and general users were developed. The service provider curriculum consisted of OEDR, sudden stop, cut-in, take-over, defensive driving, system malfunction, policy and information security education, and the general user curriculum consisted of attention duty, take-over, operating design domain, accidents type, laws, functions, information security education.