• Korean Security Journal
• /
• no.53
• /
• pp.211-228
• /
• 2017

In May 2012, the police was empowered to electronically obtain location information of mobile devices from the telecommunication service provides for the purpose of rescue by the Act on the Protection, Use, ETC. of Location Information, after years of pressure with repeated serious violent crime outbreaks and controversy concerning the risk of breaching privacy. This study examines the environmental, legal, and technological challenges related to location tracking at the time of five years after the amendment of the law. The bottom line of police's locating power is to secure the lives of people in deadly emergent circumstance. Therefore, location tracking using given information should be swiftly proceeded after consideration and judgment of justification in timely manner to electronically request information to mobile carriers, and it is necessary to have somewhat flexibility of interpretation to be applied to diverse situation. In addition, location tracking technology should be continuously updated through cooperation with the stake-holders. Recognizing substantial problems in practice, we identified and explored the issues including obtaining prior consent for tracking the user's location in case of emergency, confirmation of emergency situation requiring police presence, qualification of legitimate requester, and limited applicability in various circumstances, which are required to reconsidered in conjunction with the personal information protection laws. Additional practical issues may include the expenses for information provision and other incentives to promote active cooperation by the telecom companies.

• Journal of Digital Convergence
• /
• v.11 no.1
• /
• pp.99-106
• /
• 2013

Personal information protection has become one of the most impending business issues because leakage of personal information can cause tremendous financial losses and image degradation. Consequently, personal information protection initiatives have been recognized widely in business. To invigorate personal information protection investments, performance measurement method such as cost benefits analysis or qualitative analyses are needed, which have not been studied enough in the previous studies. This study proposes a performance measurement model which can include quantitative and qualitative analyses in the context of personal information protection investments. A comparative analysis has been performed on security investment and IT investment performance measurements, which leads to choose the WiBe method (developed by the German Interior Ministry), considering the privacy characteristics and the method's applicability. In particular, the quantitative effect measured how proactive threat assessment based on the way according to the nature of the businesses and organizations of privacy and possible investment decisions. This study proposes the 16 performance indicators, which turn out to be meaningful in terms of their materiality and feasibility by conducting focus group interviews of 25 experts on personal information protection.

• Journal of Internet Computing and Services
• /
• v.13 no.2
• /
• pp.59-71
• /
• 2012

PKI-based public key scheme is outstanding in terms of authenticity and privacy. Nevertheless its application brings big burden due to the certificate/key management. It is difficult to apply it to limited computing devices in WSN because of its high encryption complexity. The Bilinear Pairing emerged from the original IBE to eliminate the certificate, is a future significant cryptosystem as based on the DDH(Decisional DH) algorithm which is significant in terms of computation and secure enough for authentication, as well as secure and faster. The practical EC Weil Pairing presents that its encryption algorithm is simple and it satisfies IND/NM security constraints against CCA. The Random Oracle Model based IBE PKG is appropriate to the structure of our target system with one secret file server in the operational perspective. Our work proposes modification of the Weil Pairing as proper to the closed network for secret file distribution[2]. First we proposed the improved one computing both encryption and message/user authentication as fast as O(DES) level, in which our scheme satisfies privacy, authenticity and integrity. Secondly as using the public key ID as effective as PKI, our improved IBE variant reduces the key exposure risk.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.3
• /
• pp.147-153
• /
• 2017

The main subject of year 2016 Davos forum was "The 4th Industrial Revolution." Recently, interests and investment in drone market, so called industrial revolution in the sky is growing in many countries around the world. Before, drone was used for military purpose such as reconnaissance or attacking but today, it is used in various private sectors such as unmanned delivery service, agriculture, leisure activities, etc. Presently, many major countries in the world are already involved in the 'war without gunfire' to be dominant in this drone industry. Korean government also has announced an extreme relaxation of regulations for growing drone industry by opening a conference with Ministers related to economics. During the conference, business scope of drone which was limited to agriculture, photographing, and observation was expanded to all the fields except for cases hindering national safety and security. In terms of shooting purpose drone its process of receiving approval for flight and shooting is simplified to online registration. What is more, drone delivery service will be allowed in island areas such as Goheung, Yeongwol, etc from first term of year 2017. Finding the way to apply drone in criminal investigation is also speeding up. Recently, Public Safety Policy Research Center in Korean National Police University has inquired for research service and its result will be out around November. Likewise, although more and stronger foundation for supporting drone industry is made but there are still, some opinions saying that we should take a careful approach in consideration to the side effect such as abuse in crime. One may also try terror by placing a dangerous substance. If drone falls, it may hurt any civilians. Moreover, if shopping purpose drone is hacked, it may result in violation of privacy. Compared to America, Europe, and China, we are at the very beginning stage of drone industry and it is necessary to reorganize legal issues to grow this industry. This can be thought from two perspectives; first, the growth of drone industry is blocked by difficult regulations on Aviation Law and Radio Regulation Law. The second issue is the safety and privacy that are required for operating drone. For the advanced technologies to make human life more profitable, more active and proactive actions are required by criminal law side. In preparation to the second mechanical era where man and machines should go together, I hope that responsible preparation is required in all fields including the criminal law.

• Informatization Policy
• /
• v.19 no.4
• /
• pp.63-82
• /
• 2012

The world's best level of ICT(Information, Communication and Technology) infrastructure has experienced the world's worst level of ICT accident in Korea. The number of major accidents of privacy invasion has been three times larger than the total number of Internet user of Korea. The cause of the severe accident was due to big data environment. As a result, big data environment has become an important policy agenda. This paper has conducted analyzing the accident case of data spill to study policy issues for ICT security from a social science perspective focusing on risk. The results from case analysis are as follows. First, ICT risk can be categorized 'severe, strong, intensive and individual'from the level of both probability and impact. Second, strategy of risk management can be designated 'avoid, transfer, mitigate, accept' by understanding their own culture type of relative group such as 'hierarchy, egalitarianism, fatalism and individualism'. Third, personal data has contained characteristics of big data such like 'volume, velocity, variety' for each risk situation. Therefore, government needs to establish a standing organization responsible for ICT risk policy and management in a new big data era. And the policy for ICT risk management needs to balance in considering 'technology, norms, laws, and market'in big data era.

• Journal of Digital Convergence
• /
• v.10 no.4
• /
• pp.279-286
• /
• 2012

The purpose of this study was identified the influence of introducing Electronic Medical Records (EMR) on reception attitude, based on literature investigation, the study converted utility and serviceability from Davis TAM Model into awareness of effects in computerized database except attitude variable. The electronic survey for doctors, nurses, medical technicians of a general hospital located in Gangwon-do was performed for 4 weeks from Nov, 11th, 2009 to Dec, 2nd and the collected data was computerized through SPSS 12.0. The factors influencing reception attitude were divided into 4 categories; basic characteristics of the individual, awareness of privacy protection, awareness of effects in computerized database, technological preparation and measured detailed specific variables. As the result of this, the factors influencing reception intention were different depending on recognizing the effectiveness caused by computerization of medical information. Especially, in terms of the difference between basic characteristics of the individual and awareness of privacy protection, there were significant distinctions among 3 sectors; general, transactional, online information management. The significant effects were identified from information management related to business or online information management depending on experiencing security education.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.10
• /
• pp.2105-2112
• /
• 2009

Recently RFID system has been adopted in various fields rapidly. However, we ought to solve the problem of privacy invasion that can be occurred by obtaining information of RFID Tag without any permission for popularization of RFID system To solve the problems, it is Ohkubo et al.'s Hash-Chain Scheme which is the safest method. However, this method has a problem that requesting lots of computing process because of increasing numbers of Tag. Therefore, We suggest the way (process) satisfied with all necessary security of Privacy Protection Shreme and decreased in Tag Identification Time in this paper. First, We'll suggest the SP-Division Algorithm seperating SPs using the Performance Measurement consequence of each node after framing the program to create Hash-Chain Calculated table to get optimized performance because of character of the grid environment comprised of heterogeneous system. If we compare consequence fixed the number of nodes to 4 with a single node, equal partition, and SP partition, when the total number of SPs is 1000, 40%, 49%, when the total number of SPs is 2000, 42%, 51%, when the total number of SPs is 3000, 39%, 49%, and when the total number of SPs is 4000, 46%, 56% is improved.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.3-8
• /
• 2014

Recently, A utilization request of the U-Healthcare services are increasing rapidly. This is because the increase in smartphone users and ubiquitous computing technology was developed. Furthermore, the demand for access to and use of medical information systems is growing rapidly with a smartphone. This system have the advantage such as they can access from anywhere and anytime in the healthcare information system using their smartphone quickly and easily. But this system have various problems that are a privacy issue, the location disclosure issue, and the potential infringement of personal information. this problems are arise very explosive. Therefore, we propose a secure information security system that can solve the security problems in healthcare information systems for healthcare workers using smartphone. Our proposed system, doctors record, store, modify and manage patient medical information and this system would be safer than the existing healthcare information systems. The proposed system allows the doctor to perform further authentication by transmitting using SMS to GOTP message when they accessing medical information systems. So our proposed system can support to more secure system that can protect user individual information stealing and modify attack by two-factor authentication scheme. And this system can support confidentiality, integrity, location information blocking, personal information steal prevent using cryptography algorithm that is easy and fast.

• The Journal of the Korea Contents Association
• /
• v.8 no.2
• /
• pp.195-204
• /
• 2008

With the growth of airline management, as well as computer and IT security, the international trade in this modern society has been rapidly increasing, Along with the advancing, airplanes have become a universal means of communication. However, the complications associated with airplane safety have also been brought up as a result, the most concerning of which is terrorism. One of the main counterplans for preventing terrorism is Ground security activities the core of Ground security activities is absolute safety for passengers in both passenger terminal and freight terminal. Subastral security refers to physical protection, proximity control and 100% security search and freight guarding of the passengers' possessions, and the personnel's duties to perform such jobs are be! coming more crucial. On the other hand, Airport security check has bee n gradually developing since the 1960's, when hijacking began to take place. Although the airports have been providing more safe and comfortable services to their customers, terrorism is still happening today. When Ground security activities is minute, the users feel displeasure and discomfort, yet considering solely their convenience can brings problems in achieving safety. Since the 9.11 terror in 2001, the idea of improving and strengthening airport security was reinforced and a considerable amount of estate is being spent today for invention and application of new technology. Various nations, including the United States, have been improving their systems of security through public services; public police department is actively carrying out their duties in airports as well. In San Francisco International Airport, private police department is in charge of collection of data, national events, VIP protection, law enforcement, cooperation within facilities, daily-based patrol and traffic control. Under guidance and supervision of national organizations, such as TSA, general police department interprets X-Rays, operates metal detectors, checks passports or IDs and observes reactions to explosives. Under these circumstances, studies about advancement of cooperation and duties of general police department and private police department necessitated: especially about private police department and their training for searching equipments, decrease in number of turn over rate, invention of technology and prior settlement in estate for security. The privacy of the public, who make up the major population of airport passengers, must also be minimized. In the following research, the activities of police departments in San Francisco International Airport will be analyzed in order to understand recent actions of the United States on airport security.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.143-150
• /
• 2011

The adoption of VoIP is continuously increasing in public institutions, private enterprises and households due to cheaper cost and various supplementary services. Also, it is expected to spread widely the use of VoIP in mobile environment through the increasing use of smartphone. With the growing concern over the incidents of VoIP service while the VoIP service has become increasingly. Especially eavesdropping, it is possible to invade user privacy and drain the secret of company. So, it is important to adopt the protocols for VoIP secure communication. VoIP security protocols are already adopted in public institutions, but it is not adopted in private enterprises and households. In addition, it is necessary to verify whether the VoIP security protocol could be adopted or not in mobile VoIP due to its limited computing power. This paper compared the VoIP security protocol under fixed network and mobile network through performance evaluation. Finally, we found that it is possible to adopt the VoIP security protocols in mobile network.