• Journal of Fisheries and Marine Sciences Education
• /
• v.28 no.3
• /
• pp.790-798
• /
• 2016

Currently, web-based online games is becoming popular in supporting learning process due to their effective and efficient tool. However, online games have lack of security aspect, in particular due to increase in the number of personal information leakage. Since the data are transmitted over insecure channel, it will be vulnerable of being intercepted by attackers who want to exploit user's identity. This paper aims to propose an online web-based educational game, Vidyanusa which allows the students to register their personal information using a unique code, a user name and a password. It manages the users according to their schools, subject teachers and class levels. In addition, by adopting a unique code, the confidentiality of the user identity can be kept away from attackers. Moreover, in order to provide a secure data communication between client and server, Secure Socket Layer (SSL) protocol is adopted. The performance of the system after implementing SSL protocol is examined by loading a number of requests for various users. From the experiment result, it can be concluded that the SSL protocol can be applied to web-based educational system in order to offer security services and reliable connection.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.189-194
• /
• 2020

Most cyber breaches are caused by APT attacks using malware. Hackers use the email system as a medium to penetrate the target. It uses e-mail as a method to access internally, destroys databases using long-term collected vulnerabilities, and illegally acquires personal information through system operation and ransomware. As such, the e-mail system is the most friendly and convenient, but at the same time operates in a blind spot of security. As a result, personal information leakage accidents can cause great damage to the company and society as a whole. This study intends to suggest an effective methodology to securely manage the APT attack by strengthening the security configuration of the e-mail system operating in the enterprise.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.637-644
• /
• 2012

In our current information focused society, information is regarded as a core asset and the leakage of customers' information has emerged as a critical issue, especially in financial companies. It is very likely that the technology that safeguards which is currently in commercial use is not focused at an enterprise level but is fragmented by function or by only guards portions of a customer's personal information. Therefore, It is necessary to study the systems which monitor the indicators of access at an enterprise level in order to preemptively prevent the compromise of such data. This study takes an enterprise perspective on such systems for a financial company. I will focus on examination of the methods of implementation of the monitoring system, the application of pattern analysis and examination of Security Risk Indicators (SRI). A trial of the monitoring system provided security managers and related departments with proper screening capabilities of information. Therefore, it is possible to establish a systemic counter-plans based on detectable patterns.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.6
• /
• pp.1374-1379
• /
• 2015

Malicious network attacks such as DDoS has no clear measures, the damage is also enormous. In particular, in addition to a network failure, such as leakage of personal information and damage of the communication charge in the case of zombie smartphone is infected, is expected damages of various users. In this study, we extract the zombie smartphone's phenomena and features that appear while the zombie service is running and introduce a corresponding technique to prevent zombie smartphone.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.222-223
• /
• 2015

Malicious network attacks such as DDoS is no clear preparedness, the damage is also a bar. In particular, when a smartphone is infected to the zombies, the damage such as communication fee billing and leakage of personal information with numerous network failures are expected. In this study, with reference of the features that appear in a zombie PC we extract the zombie smartphone's phenomena and features that appear while the zombie service is running.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.503-506
• /
• 2014

기존의 모바일 대면거래 시스템은 결제자가 결제를 하기 위해 결제정보를 상점에 제공하게 된다. 결제정보는 거래정보와 함께 중간 통신단계를 거치면서 각 단계에 수집 보관된다. 이 정보는 거래정보와 결제정보가 함께 전달되기 때문에 정보가 노출되면 조합을 통해 대상을 특정할 수 있으며 생활패턴 등 개인의 사생활까지 노출된다. 하지만 수집 보관된 정보에 대한 법적인 관리 지침이 미흡하기 때문에 개인정보를 수집 보관하는 업체가 많아질수록 개인정보의 유출 가능성은 더욱 커지게 된다. 따라서 본 논문에서는 개인정보의 수집을 최소화하고 결제정보와 거래정보를 나누어 보냄으로써 정보에 해당하는 대상을 특정할 수 없게 하는 방법을 새롭게 제안한다.

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.178-188
• /
• 2015

The proliferation of devices such as tablets and smart phones, which are now used by many people in their daily lives, has led to a number of companies allowing employees to bring their own devices to work due to perceived productivity gains and cost savings. However, despite many advantage, security breaches (e.g., information leakage) can happen for various reasons (e.g., loss or theft of devices, and malicious code) and privacy breaches can happen by using personal devices for business. We should carefully scrutinize security threats in this area. We present the security threats analysis and the technical approach in this area, and discuss privacy threats and countermeasures.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.12
• /
• pp.59-65
• /
• 2019

Hospital Information System includes a wide range of information in the medical profession, from the overall administrative work of the hospital to the medical work of doctors. In this paper, we proposed a Vision-based Authentication and Registration of Facial Identity in Hospital Information System using OpenCV. By using the proposed security module program a Vision-based Authentication and Registration of Facial Identity, the hospital information system was designed to enhance the security through registration of the face in the hospital personnel and to process the receipt, treatment, and prescription process without any secondary leakage of personal information. The implemented security module program eliminates the need for printing, exposing and recognizing the existing sticker paper tags and wristband type personal information that can be checked by the nurse in the hospital information system. In contrast to the original, the security module program is inputted with ID and password instead to improve privacy and recognition rate.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.279-284
• /
• 2014

Recently, m-health care is be a problem that the patient's information is easily exposed to third parties in case of emergency situation. This paper propose an attribute-based access control protocol to minimize the exposure to patient privacy using patient information in the emergency environment. Proposed protocol, the patient's sensitive information to a third party do not expose sensitive information to the patient's personal health information, including hospital staff and patients on a random number to generate cryptographic keys to sign hash. In addition, patient information from a third party that is in order to prevent the illegal exploitation of the patient and the hospital staff to maintain synchronization between to prevent the leakage of personal health information.

• Journal of Industrial Convergence
• /
• v.17 no.1
• /
• pp.1-6
• /
• 2019

Various cryptographic technologies have been proposed from ancient times and are developing in various ways to ensure the confidentiality of information. Due to exponentially increasing computer power, the encryption key is gradually increasing for security. Technology are being developed; however, security is guaranteed only in a short period of time. With the advent of the 4th Industrial Revolution, encryption technology is required in various fields. Recently, encryption technology using homomorphic encryption has attracted attention. Security threats arise due to the exposure of keys and plain texts used in the decryption processing for the operation of encrypted information. The homomorphic encryption can compute the data of the cipher text and secure process the information without exposing the plain text. When using the homomorphic encryption in processing big data like stored personal information in various services, security threats can be avoided because there is no exposure to key usage and decrypted information.