• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.107-113
• /
• 2019

Data security is the planning, implementation and implementation of security policies and procedures for the proper audit and authorization of access to and use of data and information assets. In addition, data serviced through internal / external networks, servers, applications, etc. are the core objects of information protection and can be said to focus on the protection of data stored in DB and DB in the category of information security of database and data. This study is a preliminary study to design a proper Data Security Management System (DSMS) model based on the data security certification system and the US Federal Security Management Act (FISMA). And we study the major security certification systems such as ISO27001 and NIST's Cybersecurity Framework, and also study the state of implementation in the data security manager solution that is currently implemented as a security platform for preventing personal data leakage and strengthening corporate security.

• Aerospace Engineering and Technology
• /
• v.7 no.1
• /
• pp.210-215
• /
• 2008

Most of technology information obtained from KSLV-I program have been managed by Program Life-Cycle Management System(PLMS). As involving technologies in the program require high level of confidentiality as those may be dealt with entities in international cooperation, the enforcement of strict security policy is inevitable. Therefore, a document security system has been developed to enhance protection in document management. This paper describes the overview and development status of the security system, integrated with PLMS, which aims at preventing illegal access and inadvertant leakage of the technology information.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.404-405
• /
• 2015

최근 IT기술과 인터넷의 발전으로 시간과 공간에 제한을 두지 않고 업무를 처리해야 하는 상황으로 업무환경이 급격히 변화되고 있다. 특히 기업에서는 외부 네트워크와 정보교환의 필요성이 증가되었고, 구성원들의 잦은 외근, 출장 등 사무실 밖에서 업무를 처리하는 비중이 높아져, 내부뿐만 아니라 외부와의 정보공유를 하는데 있어 안전한 네트워크 구조를 요구하고 있다. 외부에서 효율적이고 안전하게 내부시스템에 접속할 수 있게 사용되는 것이 VPN(가상사설망: Virtual Private Network)으로, 기관 및 기업에서 VPN을 지속적으로 도입하여 운영하고 있다. 하지만 VPN에 인증이 성공되면 다양한 업무시스템에 접근이 용이하기 때문에, 악의적인 사용자로부터 정보유출이 손쉽게 이루어질 수 있다. 따라서 본 연구에서는 사용되고 있는 VPN에 대해 관리가 잘 이루어지는지 확인하는 실태점검 리스트를 제시하고, VPN에 대한 정보유출방지 모니터링을 위해 VPN의 접속로그를 분석하여 정보유출 보안위협행위를 탐지할 수 있는 시나리오를 도출하고자 한다.

• Convergence Security Journal
• /
• v.11 no.5
• /
• pp.99-108
• /
• 2011

The purpose of this study is to profile actual conditions of personal information protection systems operated in overseas countries and examine major considerations of personal information that security service providers must know in the capacity of privacy information processor, so that it may contribute to preventing potential occurrence of any legal disputes in advance. Particularly, this study further seeks to describe fundamental idea and principle of said Personal Information Protection Act; enhancement of various safety measures (e.g. collection / use of privacy data, processing of sensitive information / personal ID information, and encryption of privacy information); restrictions on installation / operation of video data processing devices; and penal regulations as a means of countermeasure against leakage of personal information, while proposing possible solutions to cope with these matters. Using cases among foreign countries for this study. Possible solutions proposed by this study can be summed up as follows: By changing minds with sufficient legal reviews, it is required for security service providers to 1) clearly and further specify any purposes of collecting and using privacy information, if possible, 2) obtain any privacy information by legitimate means as it is necessary to collect such information, 3) stop providing any personal information for the 3rd parties or for any other purposes except fundamental purposes of using privacy information, and 4) have full knowledge about duty of safety measure in accordance with safe maintenance of privacy information and protect any personal information from unwanted or intentional leakage to others.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.199-213
• /
• 2018

Since 2008, large-scale personal information breach incidents have occurred frequently. Even though national education, policy, and laws have been enacted and implemented to resolve the issue, personal information breaches still occur. Currently, individuals cannot confirm detailed information about what personal information has been affected, and they cannot respond to the breaches. Therefore, it is desirable to develop various methods for preventing and responding to personal information infringement caused by breach and leakage incidents and move to privacy protection behaviors. The purpose of this study is to create understanding of personal information security and information breach, to present services that can prevent breaches of personal information, to investigate the necessity of and analyze the potential public demand for such services, and to provide direction for future privacy-related information services.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.77-85
• /
• 2019

As the Internet continues to evolve, cyber attacks are becoming more precise and covert. Anonymous communication, which is used to protect personal privacy, is also being used for cyber attacks. Not only it hides the attacker's IP address but also encrypts traffic, which allows users to bypass the information protection system that most organizations and institutions are using to defend cyber attacks. For this reason, anonymous communication can be used as a means of attacking malicious code or for downloading additional malware. Therefore, this study aims to suggest a method to detect and block encrypted anonymous communication as quickly as possible through artificial intelligence. Furthermore, it will be applied to the defense to detect malicious communication and contribute to preventing the leakage of important data and cyber attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.105-107
• /
• 2021

With the prolonged COVID-19 worldwide, it is essential to create a list of visitors when using various facilities to prevent the spread of COVID-19 and to investigate epidemiology in the event of confirmed cases. In the beginning, there were many problems due to the leakage of personal information and false preparation by making a list of visitors with a handwritten list. To compensate for the problems of handwritten lists, the KI-Pass system based on QR codes is mainly managed. However, KI-Pass systems have the disadvantages of issuing QR codes and abusing personal information. In this paper, we propose an access management system using beacon. Beacon is an close-range wireless communication device and visitors when they are near the facility and automatically registers their personal information on the cloud server for access management. It is expected that this will be effective in preventing and responding to the spread of new infectious diseases in the future.

• Journal of the Korea Safety Management & Science
• /
• v.17 no.2
• /
• pp.129-137
• /
• 2015

This study is in regard to the gas detection system and gas detection method utilizing smart phone. This study includes; 1) the sensor module attached to the smart phone to detect and measure flammable gas or toxic gas; and 2) gas detection APP which is installed inside the smart phone and recognizes the user information and location information automatically by reading RFID tag indicating the user or the location to detect gas through the contact area where RFID and blue tooth reader is installed inside of the above mentioned smart phone, and then measures the combustible gas or toxic gas by operating above mentioned sensor module and obtains the data thus measured, and above mentioned smart phone is characterized by its transmission of the above mentioned user information, location information and measured data which are obtained by above mentioned gas detecting APP to operation server via communication network. With this, reliability for the location detecting gas by the user, the result of the measurement, etc. can be secured. Furthermore, this provides the effect of preventing artificial manipulation at the time of input which is associated with the identification of the user to be measured by utilizing removable sensor module and application or the mistake resulted from wrong input by the user. In addition, by transmitting the measured data from the sensor module carrying out gas detection to operation server, this provides the effect of making it possible to process the data thus collected to a specialized data for combustible gas or toxic gas.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1059-1068
• /
• 2022

A Post-Quantum Cryptographic algorithm NTRU, which is designed by considering the computational power of quantum computers, satisfies the mathematically security level. However, it should consider the characteristics of side-channel attacks such as power analysis attacks in hardware implementation. In this paper, we verify that the private key can be recovered by analyzing the power signal generated during the decryption process of NTRU. To recover the private keys, the Simple Power Analysis (SPA), Correlation Power Analysis (CPA) and Differential Deep Learning Analysis (DDLA) were all applicable. There is a shuffling technique as a basic countermeasure to counter such a power side-channel attack. Neverthe less, we propose a more effective method. The proposed method can prevent CPA and DDLA attacks by preventing leakage of power information for multiplication operations by only performing addition after accumulating each coefficient, rather than performing accumulation after multiplication for each index.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.397-399
• /
• 2021

The increase in single-person households and the development of Home IoT technology make it important to improve the convenience of the residential environment. In addition, the increase in indoor activities caused by COVID-19 calls for the development of products to make life more convenient for single-person households. This trend of increased indoor activity has made it easier to interact with the current residential environment than before, and as a result, the need to develop technology for Home IoT is emerging. Therefore, the Home IoT system will be developed to monitor the information needed to maintain an ideal indoor environment such as temperature, humidity, and fine dust. The system will also interact with users, and propose a system that improves safety in indoor activities by equipping the home with IoT sensors for preventing safety accidents such as gas leakage and fire.