• Title/Summary/Keyword: information security system

Search Result 6,599, Processing Time 0.033 seconds

A Blockchain Application for Personal health information: Focusing on Private Block Scheme (개인 의료정보 보호를 위한 블록체인 적용 방안: 프라이빗 블록 스킴을 중심으로)

  • Kwon, HyukJun;Kim, Hyeob;Choi, Jaewon
    • Knowledge Management Research
    • /
    • v.19 no.4
    • /
    • pp.119-131
    • /
    • 2018
  • In this paper, I research the issue of information security for medical information system of each parties. The outflow of the Personal medical information can lead to problems of medical systems and disadvantage to an individual. In this paper, we research the information security based on a blockchain. In addition, I have analyzed blockchain. I suggest a medical information system framework that can help to keep the privacy of patients by using a blockchain network. Also, In this paper try to explain using private blockchain for medical system. Blockchain can keep the integrity and transparency of the medical records. This research, shows how can build the private blockchain for medical records and how to get the integrity of Data from Private Blockchain and Distuributed Ledger Technology.

Implementation of the web based environment monitoring system supporting the NMS protocol (NMS를 지원하는 웹기반 환경 감시 시스템의 구현)

  • Bae, Kwang-Jin;Yim, Kang-Bin
    • Proceedings of the IEEK Conference
    • /
    • 2006.06a
    • /
    • pp.831-832
    • /
    • 2006
  • In this paper, we introduce a canonical framework of the large-scaled web-based sensor gateway and practically implement it as the environment monitoring system. The system consists of a central management server, up to 250 local embedded subsystems and up to 250 sensor or actuator nodes for each subsystem. The node information is gathered periodically through a well-defined protocol on the sensor network and converted to the web contents and the SNMP MIB objects according to its data type. The MIB objects are well-defined and include system, network, sensor, actuator and alarm specific data classes. Because there is an increasing trend that a large number of sites are willing to adapt unmanned sensing and control, the developed system will play a key role to efficiently manage a large scale sensor networked system such as environment monitoring systems or countermeasure systems against disaster and calamities.

  • PDF

Assessment Method of Step-by-Step Cyber Security in the Software Development Life Cycle (소프트웨어 생명주기 단계별 사이버보안 평가 방법론 제안)

  • Seo, Dal-Mi;Cha, Ki-Jong;Shin, Yo-Soon;Jeong, Choong-Heui;Kim, Young-Mi
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.2
    • /
    • pp.363-374
    • /
    • 2015
  • Instrumentation and control(I&C) system has been mainly designed and operated based on analog technologies in existing Nuclear Power Plants(NPPs). However, As the development of Information Technology(IT), digital technologies are gradually being adopted in newly built NPPs. I&C System based on digital technologies has many advantages but it is vulnerable to cyber threat. For this reason, cyber threat adversely affects on safety and reliability of I&C system as well as the entire NPPs. Therefore, the software equipped to NPPs should be developed with cyber security attributes from the initiation phase of software development life cycle. Moreover through cyber security assessment, the degree of confidence concerning cyber security should be measured and if managerial, technical and operational work measures are implemented as intended should be reviewed in order to protect the I&C systems and information. Currently the overall cyber security program, including cyber security assessment, is not established on I&C systems. In this paper, we propose cyber security assessment methods in the Software Development Life Cycle by drawing cyber security activities and assessment items based on regulatory guides and standard technologies concerned with NPPs.

Next Generation Convergence Security Framework for Advanced Persistent Threat (지능형 지속 위협에 대한 차세대 융합 보안 프레임워크)

  • Lee, Moongoo;Bae, Chunsock
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.50 no.9
    • /
    • pp.92-99
    • /
    • 2013
  • As a recent cyber attack has a characteristic that is intellectual, advanced, and complicated attack against precise purpose and specified object, it becomes extremely hard to recognize or respond when accidents happen. Since a scale of damage is very large, a corresponding system about this situation is urgent in national aspect. Existing data center or integration security framework of computer lab is evaluated to be a behind system when it corresponds to cyber attack. Therefore, this study suggests a better sophisticated next generation convergence security framework in order to prevent from attacks based on advanced persistent threat. Suggested next generation convergence security framework is designed to have preemptive responses possibly against APT attack consisting of five hierarchical steps in domain security layer, domain connection layer, action visibility layer, action control layer and convergence correspondence layer. In domain connection layer suggests security instruction and direction in domain of administration, physical and technical security. Domain security layer have consistency of status information among security domain. A visibility layer of Intellectual attack action consists of data gathering, comparison, decision, lifespan cycle. Action visibility layer is a layer to control visibility action. Lastly, convergence correspond layer suggests a corresponding system of before and after APT attack. An introduction of suggested next generation convergence security framework will execute a better improved security control about continuous, intellectual security threat.

Development of a Secure Electronic Payment System based on the Analysis of Current Korean Electronic Payment Systems (우리나라 전자지불시스템 현황 분석을 통한 안전한 전자지불시스템의 연구)

  • 송용욱;이재규;황재훈
    • Journal of Information Technology Applications and Management
    • /
    • v.10 no.3
    • /
    • pp.93-108
    • /
    • 2003
  • As Electronic Commerce is popularized, crimes related to Electronic Commerce are also increasing, Electronic shopping malls and payment gateways focus their attention on network security of payment information or the sizes of encryption keys, In real world, however, the payment-related crimes in electronic shopping malls are not based on the security hole of encryption mechanism of the payment systems, but on the customers carelessness or the insecurity of server systems of merchants or financial institutes. So, this research analyzes the structure of current electronic payment systems, investigates the payment-related crimes, addresses the structural problems of the Korean electronic payment systems, and suggests an alternative general architecture for secure payment systems by incorporating the concept of separation of order information and payment information.

  • PDF

The TOR Data Communication System

  • Haraty, Ramzi A.;Zantout, Bassam
    • Journal of Communications and Networks
    • /
    • v.16 no.4
    • /
    • pp.415-420
    • /
    • 2014
  • Since the day the Internet became a common and reliable mechanism for communication and data transfer, security officers and enthusiasts rallied to enforce security standards on data transported over the globe. Whenever a user tries communicating with another recipient on the Internet, vital information is sent over different networks until the information is dropped, intercepted, or normally reaches the recipient. Critical information traversing networks is usually encrypted. In order to conceal the sender's identity, different implementations have proven successful - one of which is the invention of anonymous networks. This paper thoroughly investigates one of the most common and existing techniques used during data communication for avoiding traffic analysis as well as assuring data integrity - the onion router (TOR). The paper also scrupulously presents the benefits and drawbacks of TOR.

Security Consideration for Implementation in Ubiquitous Healthcare System (유비쿼터스 환경하에서의 헬스케어 구현 시의 고려 사항)

  • Kim, Jung-Tae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2010.05a
    • /
    • pp.639-641
    • /
    • 2010
  • Healthcare applications involve complex structures of interacting processes and professionals that need to exchange information to provide the care services. In this kind of systems many different professional competencies, ethical and sensibility requirements as well as legal frameworks coexist and because of that the information managed inside the system should not be freely accessed, on the contrary. it must be subject to very complex privacy restrictions. This is particularly critical in distributed systems, where additionally, security in remote transmissions must be ensured. In this paper, we address the fundamental security issues that must be considered in design of a distributed healthcare application.

  • PDF

A Genetic Algorithm-Based Intrusion Detection System

  • Lee, Han H.;Lee, Duk;Kim, Hee S.;Park, Jong U.
    • Proceedings of the Korea Inteligent Information System Society Conference
    • /
    • 2000.04a
    • /
    • pp.343-346
    • /
    • 2000
  • In this paper, a novel approach to intruder detection is introduced. The approach, based on the genetic algorithms, improved detection rate of the host systems which has traditionally relied on known intruder patterns and host addresses. Rather than making judgments on whether the access is instrusion or not, the systems can continuously monitor systems with categorized security level. With the categorization, when the intruder attempts repeatedly to access the systems, the security level is incrementally escalated. In the simulation of a simple intrusion, it was shown that the current approach improves robustness of the security systems by enhancing detection and flexibility. The evolutionary approach to intruder detection enhances adaptability of the system.

  • PDF

Ensuring Securityllable Real-Time Systems by Static Program Analysis (원격 실시간 제어 시스템을 위한 정적 프로그램 분석에 의한 보안 기법)

  • Lim Sung-Soo;Lee Kihwal
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.3 s.35
    • /
    • pp.75-88
    • /
    • 2005
  • This paper proposes a method to ensure security attacks caused by insertion of malicious codes in a real-time control system that can be accessed through networks. The proposed technique is for dynamically upgradable real-time software through networks and based on a static program analysis technique to detect the malicious uses of memory access statements. Validation results are shown using a remotely upgradable real-time control system equipped with a modified compiler where the proposed security technique is applied.

  • PDF

A Study on the Defense Cyber Warfare Exercise (국방사이버전 연습체계 개선 방안 연구)

  • Kwon, Moon-Taek
    • Convergence Security Journal
    • /
    • v.9 no.4
    • /
    • pp.43-53
    • /
    • 2009
  • In the information society, information security is a critical issue for defense cyber network system. This paper provides a result of a study on the defense cyber exercise system for cyber warfare. So far, defense cyber exercise system has been uneffective and is not systematic even if several exercises has been implemented. In order to overcome these problems, a systematic and integrated cyber exercise process is suggested. Under the suggested system, we expect that cyber exercise for cyber warfare will be implemented with more effective manner.

  • PDF