• Title/Summary/Keyword: information security system

Search Result 6,599, Processing Time 0.037 seconds

Proposed measure for Smart Grid's Personal Information Security Issue (스마트 그리드 개인정보 보안이슈 방안 제시)

  • Choi, Heesik;Cho, Yanghyun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.4
    • /
    • pp.41-49
    • /
    • 2016
  • Smart Grid is a next generation of new power growth electrical grid which provide high quality of electrical service by using Information Technologies to increase intelligence and performance. By using Smart Grid system, it can support energy management such as increase quality of electrical power, decrease energy and decrease emissions. However, Smart Grid uses information of energy consumption and when Smart Grid collects information, it will create private information. In this thesis, it will address issues of security private information which caused by Smart Grid for administrative measure and efficiency of Smart Grid in domestic. Also, cryptographic module algorithm, latest security solutions and strong wireless security policy for network environment such as wireless communication Iinternet are require for Smart Grid perform successfully and protect national power network equipment from cyber-attack and can stop leakage of user's personal information. Finally, it is urgent to prepare protection measures of National industrial facilities and power grid which can prepare for a cyber terrorism and penetration attacks and build emergency countermeasure management team for Smart Grid are require for safe Smart Grid environment.

Design and Implementation of on XML Data Encryption System considering Validation (유효성을 고려한 XML 데이타 암호화 시스템의 설계 및 구현)

  • 남궁영환;박대하;허승호;백두권
    • Journal of KIISE:Databases
    • /
    • v.29 no.6
    • /
    • pp.417-428
    • /
    • 2002
  • XML(extensible Markup Language) is effective to information retrieval and sharing but has defects related to the data security. And, as a solution of this problem, the current XML security researches such as XML digital signature, XML data encryption, and XML access control exclude the validation property of XML document. The validation of XML should be considered for the secure information sharing in the XML-based environment. In this paper, we design and implement the system to support both security and validation to XML document. Our system performs data encryption and maintenance of valid status of XML document by referencing new XML schema namespace. In addition, it also provides the XML schema security function through the XML schema digital signature. During generating XML schema digital signature, DOMHash method which has the advantage of the faster speed than canonical XML method is applied to XML schema. In conclusion, our system shows the improved functions in flexibility, scalability, and reliability compared with the existing XML security researches.

A Validation of Effectiveness for Intrusion Detection Events Using TF-IDF (TF-IDF를 이용한 침입탐지이벤트 유효성 검증 기법)

  • Kim, Hyoseok;Kim, Yong-Min
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1489-1497
    • /
    • 2018
  • Web application services have diversified. At the same time, research on intrusion detection is continuing due to the surge of cyber threats. Also, As a single-defense system evolves into multi-level security, we are responding to specific intrusions by correlating security events that have become vast. However, it is difficult to check the OS, service, web application type and version of the target system in real time, and intrusion detection events occurring in network-based security devices can not confirm vulnerability of the target system and success of the attack A blind spot can occur for threats that are not analyzed for problems and associativity. In this paper, we propose the validation of effectiveness for intrusion detection events using TF-IDF. The proposed scheme extracts the response traffics by mapping the response of the target system corresponding to the attack. Then, Response traffics are divided into lines and weights each line with an TF-IDF weight. we checked the valid intrusion detection events by sequentially examining the lines with high weights.

For the financial institution computer system security, research (금융기관 전산시스템 보안 강화에 대한 연구)

  • Kim, Myung-Soo;Choi, Dae-Young;Seo, Won-Woo;Kim, Jong-Bae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2014.10a
    • /
    • pp.67-70
    • /
    • 2014
  • Last was the main issue of financial security in the future will be more emphasis on security. Such as March 20, 2013 Computational crisis, June 25 Cyber terrorism information to credit card companies and customers due to carrier spill in Financial computational security measures 'released in 2014 and the financial authorities' customer information leakage prevention measures "were published the efforts to protect customers' information assets and ensure the stability of the financial transactions carried out by financial institutions protected status check "the information annually authorities This study business operations for the protection of information technology services for IT systems security equipment, data security operating services, security management services operations, operational management of IT systems security requirements from the point to the need for information security, IT systems administrator it would be great help.

  • PDF

A Trusted Sharing Model for Patient Records based on Permissioned Blockchain

  • Kim, Kyoung-jin;Hong, Seng-phil
    • Journal of Internet Computing and Services
    • /
    • v.18 no.6
    • /
    • pp.75-84
    • /
    • 2017
  • As there has been growing interests in PHR-based personalized health management project, various institutions recently explore safe methods of recording personal medical and health information. In particular, innovative medical solution can be realized when medical researchers and medical service institutes can generally get access to patient data. As EMR data is extremely sensitive, there has been no progress in clinical information exchange. Moreover, patients cannot get access to their own health data and exchange it with researchers or service institutions. It can be operated in terms of technology, yet policy environment are affected by state laws as well as Privacy and Security Policy. Blockchain technology-independent, in transaction, and under test-is introduced in the medical industry in order to settle these problems. In other words, medical organizations can grant preliminary approval on patient information exchange by using the safely encrypted and distributed Blockchain ledger and can be managed independently and completely by individuals. More apparently, medical researchers can gain access to information, thereby contributing to the scientific advance in rare diseases or minor groups in the world. In this paper, we focused on how to manage personal medical information and its protective use and proposes medical treatment exchange system for patients based on a permissioned Blockchain network for the safe PHR operation. Trusted Model for Sharing Medical Data (TMSMD), that is proposed model, is based on exchanging information as patients rely on hospitals as well as among hospitals. And introduce medical treatment exchange system for patients based on a permissioned Blockchain network. This system is a model that encrypts and records patients' medical information by using this permissioned Blockchain and further enhances the security due to its restricted counterfeit. This provides service to share medical information uploaded on the permissioned Blockchain to approved users through role-based access control. In addition, this paper presents methods with smart contracts if medical institutions request patient information complying with domestic laws by using the distributed Blockchain ledger and eventually granting preliminary approval for sharing information. This service will provide an independent information transaction and the Blockchain technology under test will be adopted in the medical industry.

A Study of Effective Privacy Protection System on High Concurrent Transaction Database System (동시 트랜잭션이 많은 데이터베이스에서 효과적인 개인정보보호 시스템 연구)

  • Kang, Ji-Won
    • Convergence Security Journal
    • /
    • v.12 no.2
    • /
    • pp.107-113
    • /
    • 2012
  • Recently, according to the establishment of personal information protection Act, the public and private organizations are taking a step to protect personal information rights and interests by employing the technical methods such as the access control mechanism, cryptography, etc. The result of the personal information leakage causes a serious damage for the organization image and also has to face with the responsibility by law. However, applying access control and cryptographic approach on the personal information item for every connection to large database system causes significant performance degradation in a large database system. In this paper, we designed and implemented the light weight system using JVM (Java Virtual Machine) for the Oracle DBMS environment which the concurrent transaction occurs many, thereby the proposed system provides the minimum impact on the system performance and meets the need of personal information protection. The proposed system was validated on the personal information protection system which sits on a 'A' public organization's portal site and personnel information management system.

Response to Security Threats through Importance Analysis of NFT Service Provider Security Level Check Items (NFT 서비스 제공자 보안 수준 점검 항목 중요도 분석을 통한 보안 위협 대응)

  • Dong Sung Im
    • Journal of Platform Technology
    • /
    • v.11 no.5
    • /
    • pp.126-135
    • /
    • 2023
  • Demand for NFT is expanding along with Blockchain. And cyber security threats are also increasing. Therefore, this study derives security level inspection items by analyzing status related to NFT security such as NFT features, security threats, and compliance for the purpose of strengthening NFT security. Based on this, the relative importance was confirmed by applying it to the AHP model. As a result of the empirical analysis, the priority order of importance was found in the order of Security management system establishment and operation, encryption, and risk management, etc. The significance of this study is to reduce NFT security incidents and improve the NFT security management level of related companies by deriving NFT-related security level check items and demonstrating the research model. And If you perform considering relative importance of the NFT check items, the security level can be identified early.

  • PDF

The End-to-End Encryption for Enhancing Safety of Electronic Financial Transactions (전자금융거래의 안전성 강화를 위한 종단간 암호화)

  • Seung, Jae-Mo;Lee, Su-Mi;Ahn, Seung-Ho;Noh, Bong-Nam
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.10 no.8
    • /
    • pp.1920-1925
    • /
    • 2009
  • '05. June, the first Internet banking accident occurred by the malignant cord. It discontinued security programs for protecting important financial informations. A computer hacker had made a collation of password, OTP(One Time Password) values etc and illegally withdraw one´s savings from the bank using the financial information. The attackers are continuously attempted with the hacking tool under bypass security programs as the vaccine program or the personal fire-wall. Therefore, an electronic financial system should be composed with the goal which is to protect financial informations from user's terminal to a banking server. In this paper, we make an analysis of menaces in electronic financial transactions and explain considerable security issues to enhance safety in Internet banking, CD/ATM and mobile banking.

A rerouting-controlled ISL handover protocol for LEO satellite networks

  • Dong, Wei;Wang, Junfeng;Huang, Minhuan;Tang, Jian;Zhou, Hongxia
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.6 no.10
    • /
    • pp.2620-2631
    • /
    • 2012
  • In this paper, a rerouting-controlled ISL (Inter-Satellite link) handover protocol for LEO satellite networks (RCIHP) is proposed. Through topological dynamics and periodic characterization of LEO satellite constellation, the protocol firstly derives the ISL related information such as the moments of ISL handovers and the intervals during which ISLs are closed and cannot be used to forward packet. The information, combined with satellite link load status, is then been utilized during packet forwarding process. The protocol makes a forwarding decision on a per packet basis and only routes packets to living and non-congested satellite links. Thus RCIHP avoids periodic rerouting that occurs in traditional routing protocols and makes it totally unnecessary. Simulation studies show that RCIHP has a good performance in terms of packet dropped possibility and end-to-end delay.

A Study on Facility Information System using GIS and Semantic Web in Underground Space

  • Cui, Yulan;Hwang, Hyun-Suk;Kim, Chang-Soo
    • Journal of Korea Multimedia Society
    • /
    • v.13 no.12
    • /
    • pp.1843-1854
    • /
    • 2010
  • The utilization of underground space has recently increased with the complication of road, the rise of the land price, and the development of green technology. Underground space ranges from classical excavations to subway, underground cities, and shopping malls where there are crowds of people. At this time, government has spent a lot of money in installing various types of safety facilities for preparations of increasing potential disasters. Therefore, an effective facility management system is required. In this paper, we propose an information retrieval process to effectively extract the facilities' information based on the ontology and spatial analysis in underground space. The ontology-based searching supports hierarchical and associated results as well as knowledge sharing with hierarchy concepts. The spatial analysis based searching has "Buffer" and "Near" functions to operate on a map without understanding any property of the facility information.