• Convergence Security Journal
• /
• v.13 no.5
• /
• pp.197-205
• /
• 2013

Security Service is the study for social safety and maintenance of order. Compared with the industrial circle, it has only been 18 years, though, many-sided scholars have been interested in this field and tried. The present Security Service, however, has several problems, so it is difficult to gain recognition as the value of learning. To achieve this, several kinds of prior tasks should get solved. First, Preparation for agreement between Industry and University about the academic concept and establishment of range. Second, Set up the School Register System for the academic establishment of identity. Third, Preparation of the plan for the organization of education system. Fourth, Study Direction different from the industrial world. (Unconcern) Therefore, the alternatives centered on some prior tasks will be suggested to enhance the identity and value of Security Service as the study.

• Journal of Internet Computing and Services
• /
• v.17 no.4
• /
• pp.79-86
• /
• 2016

Under the influence of software security-enhanced development guidelines announced in 2012, secure coding practices become widely applicable in developing information systems aiming to enhance security capabilities. Although continuous enhancement activities for code security is important, management issues for code security have been less addressed in the guidelines. This paper analyses limitation of secure coding practices from the viewpoint of quality management. In particular this paper suggests structures and the use of software metrics from coding to maintenance phases so that it can be of help in the future by extending the use of security metrics.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.344-365
• /
• 2020

Providing security has been always on priority in all areas of computing and communication, and for the systems that are low on computing power, implementing appropriate and efficient security mechanism has been a continuous challenge for the researchers. Radio Frequency Identification (RFID) system is such an environment, which requires the design and implementation of efficient security mechanism. Earlier, the security protocols for RFID based on hash functions and symmetric key cryptography have been proposed. But, due to high strength and requirement of less key size in elliptic curve cryptography, the focus of researchers has been on designing efficient security protocol for RFID based on elliptic curves. In this paper, an efficient elliptic curve signcryption based security protocol for RFID has been proposed, which provides mutual authentication, confidentiality, non-repudiation, integrity, availability, forward security, anonymity, and scalability. Moreover, the proposed protocol successfully provides resistance from replay attack, impersonation attack, location tracking attack, de-synchronization attack, denial of service attack, man-in-the-middle attack, cloning attack, and key-compromise attack. Results have revealed that the proposed protocol is efficient than the other related protocols as it takes less computational time and storage cost, especially for the tag, making it ideal to be used for RFID systems.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.58
• /
• pp.287-311
• /
• 2013

In this study, the scope of previous logistics security were focused only on port and ship. Because of it now extends to the overall (export and import) supply chain areas and in regards with supply security programs in the international level, it reviewed supply chain security programs categorized them into 'ships and port security system', 'container screening system', 'logistics chain authorization system' which are expanded to be adopted in the international level. The major features of those programs are summarized as in building risk management system, providing information ahead, selectivity test and benefits to AEO authorized companies in the customs administration level. The government and companies which are to ensure supply chain security and trade facilitation in order to cope actively with international customs administrative atmosphere need to do the followings : First, they need to build an intra-government integrated supply chain security and make efforts to conclude AEO MRA in order to increase trade competitiveness among major trading countries. Second, they need to build supply chain risk management system in order to enhance management performance through overseas market and company level strategy to obtain and maintain AEO authorization in the company level.

• The Journal of Information Systems
• /
• v.22 no.4
• /
• pp.49-69
• /
• 2013

Recently, enterprises have reinforced security control in order to prevent infringement of personal information and abuse of customer information by insiders. However, the reinforcement of security control by enterprises makes it difficult for internal users to perform business by using a business information system. There is, therefore, a need for research on various fields, which makes it possible to establish an appropriate security control policy while minimizing an impact on business. The present research verifies and analyzes an impact on difficulty in business of internal users using customer information, which is caused by security control performed by display restriction on customer information identifiers. The present research is intended to academically develop a technique for statistically analyzing an impact degree and a causal relationship between security control and an impact on business, which is a dichotomous variable, and to practically contribute to the establishment of an efficient security policy in consideration of an impact on business when an enterprise applies security control. A research target was internal business information systems of domestic securities enterprises, data was collected by questionnaire, and verification/analysis was performed by logistic regression analysis.

• Journal of Institute of Control, Robotics and Systems
• /
• v.13 no.8
• /
• pp.810-816
• /
• 2007

A security robot system named EGIS-SR is a mobile security robot through one of the new growth engine project in robotic industries. It allows home surveillance through an autonomous mobile platform using onboard cameras and wireless security sensors. EGIS-SR has many sensors to allow autonomous navigation, hierarchical control architecture to handle lots of situations in monitoring home surveillance and mighty networks to achieve unmanned security services. EGIS-SR is tightly coupled with a networked security environment, where the information of the robot is remotely connected with the remote cockpit and patrol man. It achieved an intelligent unmanned security service. The robot is a two-wheeled mobile robot and has casters and suspension to overcome a doorsill. The dynamic motion is verified through $ADAMS^{TM}$ simulation. For the main controller, PXA270 based hardware platform based on linux kernel 2.6 is developed. In the linux platform, data handling for various sensors and the localization algorithm are performed. Also, a local path planning algorithm for object avoidance with ultrasonic sensors and localization using $StarGazer^{TM}$ is developed. Finally, for the automatic charging, a docking algorithm with infrared ray system is implemented.

• International Commerce and Information Review
• /
• v.10 no.1
• /
• pp.217-236
• /
• 2008

The purpose of this paper is to discuss the impact of the New Container Security Initiatives of U.S., CSI(Container Security Initiative) and C-TPAT(Customs-Trade Partnership against Terrorism). The CSI which aims to pre-screen high-risk containers in ports of loading. It is a unilateral effort that seeks to develop bi-lateral agreements between the United States and foreign countries with significant container trade volumes into the U.S. C-TPAT is a voluntary initiative to develop cooperative security relationships between the U.S. government and U.S. firms in the global supply chain. Government and Industry have already responded with proposals to create more confidence in supply chain security. These proposals call for heightened inspection and scrutiny of the goods flowing through a supply chain, increased information exchange among participants of supply chain. While government and the private sector are working together to launch new initiative to create more secure and reliable supply chains, industry is rapidly exploring the potential of new technologies such as RFID. The security recommendations will eventually become the requirements to be complied with by importers and their supplier extending to the carriers. It is needed that Korean shippers involved in US importer's supply chain should pay attention to the requirements and start implementing the security measures.

• The KIPS Transactions:PartC
• /
• v.12C no.2 s.98
• /
• pp.207-216
• /
• 2005

It is difficult to decide which security functions(class, family, component) in the Common Criteria(CC) are important, since there is no research result about the frequency of use of security functions in real security product or Protection Profiles(PPs). Thus, we survey security functions in CC and 33 PPs that can be classified by 10 product types, and create a set of 'frequency of use of security functions' in CC and each types of security product. Our research results are useful for development of a new classification schema, as well as, estimation of development and evaluation efforts of security products.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.439-449
• /
• 2019

The development of information technology represented by ICBMA (IoT, Cloud, Big Data, Mobile, AI), is leading to a surge in data and a numerical and quantitative increase in data centers to accommodate it. As the data center is recognized as a social infrastructure, It is very important to identify physical security threats in advance in order to secure safety, such as responding to a terrorist attack. In this paper, we develop physical security threat breakdown structure (PS-TBS) for easy identification and classification of threats, and verify the feasibility and effectiveness of the PS-TBS through expert questionnaires. In addition, we intend to contribute to the improvement of physical security level by practical use in detailed definition on items of PS-TBS.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.11
• /
• pp.5588-5613
• /
• 2018

Virtualization technology has been widely applied in the area of computer security research that provides a new method for system protection. It has been a hotspot in system security research at present. Virtualization technology brings new risk as well as progress to computer operating system (OS). A multi-level perception security model using virtualization is proposed to deal with the problems of over-simplification of risk models, unreliable assumption of secure virtual machine monitor (VMM) and insufficient integration with virtualization technology in security design. Adopting the enhanced isolation mechanism of address space, the security perception units can be protected from risk environment. Based on parallel perceiving by the secure domain possessing with the same privilege level as VMM, a mechanism is established to ensure the security of VMM. In addition, a special pathway is set up to strengthen the ability of information interaction in the light of making reverse use of the method of covert channel. The evaluation results show that the proposed model is able to obtain the valuable risk information of system while ensuring the integrity of security perception units, and it can effectively identify the abnormal state of target system without significantly increasing the extra overhead.