• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.037 seconds

Applying PKI for Internet Voting System

  • Kim, Jinho;Kim, Kwangjo;Lee, Byoungcheon
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2001.11a
    • /
    • pp.318-321
    • /
    • 2001
  • We have designed an Internet voting system applicable for worldwide voting which is based on Ohkubo et. al,'s scheme[9] combined with Public Key Infrastructure (PKI). To the best of our knowledge, this is the first trial to serve secure Internet voting system to the world. In our system, voter's privacy is guaranteed by using blind signature and mix-net, and robustness is provided through the threshold encryption scheme. By employing Java technology, we propose a way of typical implementation for internet voting system. Furthermore, PKI permits worldwide key distribution and achieve “one certificate/one vote” policy. Therefore, anyone can participate in the voting if he gets a certificate from Certificate Authority (CA). By the joint work between Korean and Japanese teams, the implementation aims to select MVPs in 2002 FIFA World Cup Korea-Japan$\^$TM/ in easy and friendly manner for any Internet user to participate and enjoy Internet voting.

  • PDF

A Study on the Intrustion Tolerance System Applied To the Security System

  • Shin Seung-jung;Kim Jung-tae;Ryu Dae-hyun;Na Jong-Whoa
    • Journal of information and communication convergence engineering
    • /
    • v.3 no.1
    • /
    • pp.38-42
    • /
    • 2005
  • The cyber attacks on the computer system in nowadays are focused on works that do not operate specific application. The main key point that we protect information security system has an access control to keep an application. Most of system has a main function to protect an infrastructure such as hardware, network and operating system. In this paper, we have presented an intrusion tolerance system that can service an application in spite of cyber attacks. The proposed system is based on the middle ware integrating security mechanism and separate function of application and intrusion tolerance. The main factor we use security system in nowadays is service to keep a persistency. The proposed intrusion tolerance system is applicable to such as medical, national defense and banking system.

A Design Information Security Attributes of for Meta-Information System (메타정보체계를 위한 정보보호 속성의 설계)

  • 전문석
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.9 no.3
    • /
    • pp.53-62
    • /
    • 1999
  • The rapid growth of Internet supports a base that share useful information. It needs for mass of information that requires a fast processing capability. It needs a meta0information system. Meta-information system supports fast search service but occurs a problem in case of information security. In this paper we propose a information security attribute that are user access control for meta-information system to solve the problem.

A Cause-Effect Model for Human Resource Management (정보시스템의 효율적인 인적자원 관리를 위한 Cause-Effect, Model의 활용)

  • Lee, Nam-Hoon;In, Hoh;Lee, Do-Hoon
    • Convergence Security Journal
    • /
    • v.6 no.4
    • /
    • pp.161-169
    • /
    • 2006
  • According to the development of information system, many information system and application soft-ware are develop. However, cyber attack and incident have more increased to the development of them. To defend from cyber attack and incident, many organizations has run information security systems, such as Intrusion Detection System, Firewall, VPN etc, and employed information Security person till now But they have many difficulty in operating these information security component because of the lack of organizational management and analysis of each role. In this paper, We propose the formal Cause-Effect Model related with the information security system and administrative mission per each security. In this model, we regard information system and information system operator as one information component. It is possible to compose the most suitable information component, such as information system, human resource etc., according to the analysis of Cause-Effect Model in this paper. These analysis and approaching methodology can make effective operation of each limited resource in organization and effective defense mechanism against many malicious cyber attack and incident.

  • PDF

Security Analysis on the Home Trading System Service and Proposal of the Evaluation Criteria (홈트레이딩 시스템 서비스의 보안 취약점 분석 및 평가기준 제안)

  • Lee, Yun-Young;Choi, Hae-Lahng;Han, Jeong-Hoon;Hong, Su-Min;Lee, Sung-Jin;Shin, Dong-Hwi;Won, Dong-Ho;Kim, Seung-Joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.1
    • /
    • pp.115-137
    • /
    • 2008
  • As stock market gets bigger, use of HTS(Home Trading System) is getting increased in stock exchange. HTS provides lots of functions such as inquiry about stock quotations, investment counsel and so on. Thus, despite the fact that the functions fur convenience and usefulness are developed and used, security functions for privacy and trade safety are insufficient. In this paper, we analyze the security system of HTS service through the key-logging and sniffing and suggest that many private information is unintentionally exposed. We also find out a vulnerable point of the system, and show the advisable criteria of secure HTS.

A Multi-level Perception Security Model Using Virtualization

  • Lou, Rui;Jiang, Liehui;Chang, Rui;Wang, Yisen
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.11
    • /
    • pp.5588-5613
    • /
    • 2018
  • Virtualization technology has been widely applied in the area of computer security research that provides a new method for system protection. It has been a hotspot in system security research at present. Virtualization technology brings new risk as well as progress to computer operating system (OS). A multi-level perception security model using virtualization is proposed to deal with the problems of over-simplification of risk models, unreliable assumption of secure virtual machine monitor (VMM) and insufficient integration with virtualization technology in security design. Adopting the enhanced isolation mechanism of address space, the security perception units can be protected from risk environment. Based on parallel perceiving by the secure domain possessing with the same privilege level as VMM, a mechanism is established to ensure the security of VMM. In addition, a special pathway is set up to strengthen the ability of information interaction in the light of making reverse use of the method of covert channel. The evaluation results show that the proposed model is able to obtain the valuable risk information of system while ensuring the integrity of security perception units, and it can effectively identify the abnormal state of target system without significantly increasing the extra overhead.

A Study on Conversion Security Control System for Industrial Security (산업보안을 위한 융합보안관제시스템에 관한 연구)

  • Ha, Ok-Hyun
    • Convergence Security Journal
    • /
    • v.9 no.4
    • /
    • pp.1-6
    • /
    • 2009
  • Current paradigm of industrial security is changing into the effective operation and management from simple establishment of security equipments. If the physical security system(entry control system, video security system, etc.) and the IT integrated security control system are conversed, it makes us possible to prevent, disrupt and track afterwards the insider's information leakage through the risk and security management of enterprise. That is, Without the additional expansion of the existing physical security and IT security manpower, the establishment of systematic conversion security management process in a short time is possible and can be expected the effective operation of professional organization system at all times. Now it is needed to build up integrated security management system as an individual technique including the security event collection and integrated management, the post connected tracking management in the case of security accident, the pattern definition and real time observation of information leakage and security violation, the rapid judgement and response/measure to the attempt of information leakage and security violation, the establishment of security policy by stages and systematically and conversion security.

  • PDF

A Study on Defense Information Security Management Structure for Digital Information Warfare (디지털 정보전에 대비한 국방정보보호업무 관리구조에 관한 연구)

  • Kwon, Moon-Taek
    • Convergence Security Journal
    • /
    • v.8 no.4
    • /
    • pp.57-63
    • /
    • 2008
  • The purpose of the research is to intended to help Korean military officers establish information system security structure. Information security is a critical issue for digital information warfare. Advanced countries such as U.S. and Japan have developed a new military security strategy for future information warfare. The readiness of Korean Army, however, is far behind those countries. This paper provides a systematic information security structure for Korean Army, which is a result of the research through a group decision making process.

  • PDF

Implementation of Voice Awareness Security Sytems (음성인식 보안 시스템의 구현)

  • Lee, Moon-Goo
    • Proceedings of the IEEK Conference
    • /
    • 2006.06a
    • /
    • pp.799-800
    • /
    • 2006
  • This thesis implemented security systems of voice awareness which is higher accessible than existing security system using biological authentication system and is inexpensive in module of security device, and has an advantage in usability. Proposed the security systems of voice awareness implemented algorithm for characteristic extraction of inputted speaker's voice signal verification, and also implemented database of access control that is founded on extractible output. And a security system of voice awareness has a function of an authority of access control to system.

  • PDF

Study on Plans to Improve Small and Medium Corporations' Technological Protections Using Information Security Management System (ISMS) (정보보호관리체계(ISMS)를 이용한 중소기업 기술보호 개선방안 연구)

  • Kim, Jungeun;Kim, Seongjun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.3
    • /
    • pp.33-54
    • /
    • 2016
  • In the modern society based on information and communication, which is exposed to the risks of a lot of information security breaches, corporate information assets may be an economical scale in a country. Most of damages derived from corporate technological information leak often occur in small and medium corporations. Although many information security managers in corporations have focused on certification systems such as information security management system, small and medium corporations are poorly aware of the information security, and their environments surrounding it should be also improved. In addition, it is difficult to expect spontaneous participations in it, since the sustainable information security management systems are often not forced to be certified. Thus, the purpose of this study is to examine plans to improve small and medium corporations' technological protections by using some component of the information security management system. On the basis of this examination, it also attempts to discuss some methods for effective and efficient information security in the small and medium corporations' technological protections.