• Title/Summary/Keyword: information security system

Search Result 6,599, Processing Time 0.037 seconds

Privacy Protection and Non-repudiation Mechanisms for Parcel Service (프라이버시 보호 및 부인방지를 제공하는 택배 시스템 제안)

  • Choi, Min Seok;Cho, Kwantae;Lee, Dong Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.6
    • /
    • pp.1283-1292
    • /
    • 2012
  • As delivery services market has grown the damage cases are also continuously increased. When using delivery services, Customers would not be compensated in any way. Perhaps worse, losing a cargo would create a great deal of trouble. Because the lack of evidence, they takes a lot of time to clarify who is responsible. To prevent these things, we must create, collect, maintain and confirm. In this paper, we introduce new delivery system with a trusted third party for non-repudiation services. Moreover, in damage case, we show that the proposed system is efficient and provide non-repudiation. Using sending and receiving codes, the proposed system identifies a responsible subject with quickness and clearness.

Enhancing the Session Security of Zen Cart based on HMAC-SHA256

  • Lin, Lihui;Chen, Kaizhi;Zhong, Shangping
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.1
    • /
    • pp.466-483
    • /
    • 2017
  • Zen Cart is an open-source online store management system. It is used all over the world because of its stability and safety. Today, Zen Cart's session security mechanism is mainly used to verify user agents and check IP addresses. However, the security in verifying the user agent is lower and checking the IP address can affect the user's experience. This paper, which is based on the idea of session protection as proposed by Ben Adida, takes advantage of the HTML5's sessionStorage property to store the shared keys that are used in HMAC-SHA256 encryption. Moreover, the request path, current timestamp, and parameter are encrypted by using HMAC-SHA256 in the client. The client then submits the result to the web server as per request. Finally, the web server recalculates the HMAC-SHA256 value to validate the request by comparing it with the submitted value. In this way, the Zen Cart's open-source system is reinforced. Owing to the security and integrity of the HMAC-SHA256 algorithm, it can effectively protect the session security. Analysis and experimental results show that this mechanism can effectively protect the session security of Zen Cart without affecting the original performance.

Type Drive Analysis of Urban Water Security Factors

  • Gong, Li;Wang, Hong;Jin, Chunling;Lu, Lili;Ma, Menghan
    • Journal of Information Processing Systems
    • /
    • v.16 no.4
    • /
    • pp.784-794
    • /
    • 2020
  • In order to effectively evaluate the urban water security, the study investigates a novel system to assess factors that impact urban water security and builds an urban water poverty evaluation index system. Based on the contribution rates of Resource, Access, Capacity, Use, and Environment, the study adopts the Water Poverty Index (WPI) model to evaluate the water poverty levels of 14 cities in Gansu during 2011-2018 and uses the least variance method to evaluate water poverty space drive types. The case study results show that the water poverty space drive types of 14 cites fall into four categories. The first category is the dual factor dominant type driven by environment and resources, which includes Lanzhou, Qingyang, Jiuquan, and Jiayuguan. The second category is the three-factor dominant type driven by Access, Use, and Capability, which includes Longnan, Linxia, and Gannan. The third category is the four-factor dominant type driven by Resource, Access, Capability, and Environment, which includes Jinchang, Pingliang, Wuwei, Baiyin, and Zhangye. The fourth category is the five-factor dominant type, which includes Tianshui and Dingxi. The driven types impacting the urban water security factors reflected by the WPI and its model are clear and accurate. The divisions of the urban water security level supply a reliable theoretical and numerical basis for an urban water security early warning mechanism.

Security Framework for Intelligent Predictive Surveillance Systems (지능형 예측감시 시스템을 위한 보안 프레임워크)

  • Park, Jeonghun;Park, Namje
    • Journal of the Korea Convergence Society
    • /
    • v.11 no.3
    • /
    • pp.77-83
    • /
    • 2020
  • Recently, intelligent predictive surveillance system has emerged. It is a system that can probabilistically predict the future situation and event based on the existing data beyond the scope of the current object or object motion and situation recognition. Since such intelligent predictive monitoring system has a high possibility of handling personal information, security consideration is essential for protecting personal information. The existing video surveillance framework has limitations in terms of privacy. In this paper, we proposed a security framework for intelligent predictive surveillance system. In the proposed method, detailed components for each unit are specified by dividing them into terminals, transmission, monitoring, and monitoring layers. In particular, it supports active personal information protection in the video surveillance process by supporting detailed access control and de-identification.

Implementation of VPN Accelerator Board Used 10 Giga Security Processor (10Giga 급 보안 프로세서를 이용한 VPN 가속보드 구현)

  • Kim, Ki-Hyun;Yoo, Jang-Hee;Chung, Kyo-Il
    • Proceedings of the IEEK Conference
    • /
    • 2005.11a
    • /
    • pp.233-236
    • /
    • 2005
  • Our country compares with advanced nations by supply of super high speed network and information communication infra construction has gone well very. Many people by extension of on-line transaction and various internet services can exchange, or get information easily in this environment. But, virus or poisonous information used to Cyber terror such as hacking was included within such a lot of information and such poisonous information are threatening national security as well as individual's private life. There were always security and speed among a lot of items to consider networks equipment from these circumstance to now when develop and install in trade-off relation. In this paper, we present a high speed VPN Acceleration Board(VPN-AB) that balances both speed and security requirements of high speed network environment. Our VPN-AB supports two VPN protocols, IPsec and SSL. The protocols have a many cryptographic algorithms, DES, 3DES, AES, MD5, and SHA-1, etc.. The acceleration board process data packets into the system with In-line mode. So it is possible that VPN-AB processes inbound and outbound packets by 10Gbps. We use Nitrox-II CN2560 security processor VPN-AB is designed using that supports many hardware security modules and two SPI-4.2 interfaces to design VPN-AB.

  • PDF

A research for partition recovery method in a forensic perspective (포렌식 관점의 파티션 복구 기법에 관한 연구)

  • Namgung, Jaeung;Hong, Ilyoung;Park, Jungheum;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.4
    • /
    • pp.655-666
    • /
    • 2013
  • As the capacity of storage devices becomes larger, most users divide them into several logical partitions for convenience of storing and controlling data. Therefore, recovering partitions stably which are artificially hidden or damaged is the most important issue in the perspective of digital forensic. This research suggests partition recovery algorithm that makes stable and effective analysis using characteristics of each file system. This algorithm is available when partition is not distinguishable due to concealment of partition or damage in partition area.

Development of CC Based Security Risk Analysis Tool (CC(Common Criteria) 기반 보안위험분석 도구 개발)

  • Kim In-Jung;Chung Yoon-Jung;Koh Jae-Young;Won Dong-Ho
    • Journal of Internet Computing and Services
    • /
    • v.7 no.1
    • /
    • pp.31-38
    • /
    • 2006
  • The importance of the Security Risk Analysis has emerged as security breaches and information leaks has occurred in the companies and organization: threats toward information system and its vulnerabilities has grown up as the dependence on the information-communication systems goes higher as a result of technological advances in IT industry, A Risk Analysis Tool helps to mitigate overall risk of an organization by analysing and evaluating critical information systems and providing security measures against threats to systems and its vulnerabilities as a means to identify the inherent dangers and prevent security intrusion incident, This paper defines risk analysis process by introducing Common Criteria Scheme and suggest a risk analysis tool that can be easily implemented by an information security manager.

  • PDF

Development of LMS Evaluation Index for Non-Face-to-Face Information Security Education (비대면 정보보호 교육을 위한 LMS 평가지표 개발)

  • Lee, Ji-Eun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.5
    • /
    • pp.1055-1062
    • /
    • 2021
  • As face-to-face education becomes difficult due to the spread of COVID-19, the use of e-learning content and virtual training is increasing. In the case of information security education, practice to learn response techniques is important, so simulation hacking and vulnerability analysis activities have been supported as virtual training for a long time. In order to increase the educational effect, contents should be designed similar to real situation, and learning activities to achieve the learning goals should be designed. In addition, excellent functions and scalability of the system supporting learning activities are required. The researcher developed an LMS evaluation index that supports non-face-to-face education by considering the key elements of non-face-to-face education and training. The developed evaluation index was applied to the information security education platform to verify its practical utility.

Smart Device Security Technology for Cyber Defense (사이버 국방을 위한 스마트 단말 보안기술)

  • Son, Iek-Jae;Kim, Il-Ho;Yang, Jong-Hyu;Lee, Nam-Young
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37C no.10
    • /
    • pp.986-992
    • /
    • 2012
  • As the utilization of smart mobile devices such as smartphones increases, the desire to utilize such devices to control and monitor combat situations also arises. As smart mobile devices with various ICT get integrated with various weaponry system, a new phase of future warfare can be introduced. Moreover, smartphone-based real-time information technology for joint battle command system will be converged with surveillance control to become a leading example of convergence of cyber defense and information technology. Furthermore, mobile device security technology ideal for mobile wireless network environments can be applied to military robots. The following paper will give an overview of smart mobile device usage used for military purposes in battle command system, various security threats and the mobile device security technology to correspond to such security threats.

Influence of Personal Information Security Vulnerabilities and Perceived Usefulness on Bank Customers' Willingness to Stay (개인정보 보안취약성과 지각된 유용성이 지속적인 은행이용의도에 미치는 영향)

  • Seo, Dong-Jin;Kim, Tae-Sung
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.40 no.8
    • /
    • pp.1577-1587
    • /
    • 2015
  • Privacy of financial customers is becoming important due to frequent leakage of personal information. Financial customers, who experience the leakage of personal information, feel threatened by their privacy and this changes customer's awareness about financial institutions or behavioral intentions. By examining the influence relation of personal information security vulnerability of the bank information system with usefulness, trust and attractiveness perceived by bank customers, this study aims to analyze the effect of each variable on bank customers' willingness to stay.