• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.10
• /
• pp.2199-2206
• /
• 2012

Identity authentication sharing technology which allows many service providers to share the result of identity authentication of an identity provider provides several important advantages including high usability achieved by avoiding repeated registration of identity information to service providers and single sign-on, cost effectiveness of service providers achieved by outsourcing identity authentication services from identity providers, and privacy protection achieved by exposing identity information only to a limited number of controlled identity providers. However, in order for the identity authentication sharing technologies to be widely deployed in global Internet scale, the trustworthiness issue among the participating identity providers, service providers, and users should be resolved in advance. This paper firstly analyzes existing trust frameworks for identity authentication sharing. And then, based on the result of analysis, this paper proposes a dynamic and open trust framework for identity authentication sharing.

• Journal of Convergence for Information Technology
• /
• v.10 no.5
• /
• pp.16-22
• /
• 2020

In this paper, the technology and capabilities required for the job of developing security software recommended by the Cybersecurity Human Resources Development Framework of the National Initiative for Cybersecurity Education (NICE) were studied. In this paper, we describe what security skills are needed for the task of developing security software and what security capabilities should be held. The focus of this paper is to analyze the consistency between security technologies (core and specialized technologies) required for security software development tasks and the curriculum of information protection-related departments located in Seoul, Korea. The reason for this analysis is to see how the curriculum at five universities in Seoul is suitable for performing security software development tasks. In conclusion, if the five relevant departments studied are to intensively train developers of development tasks for security software, they are commonly required to train security testing and software debugging, how secure software is developed, risk management, privacy and information assurance.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.190-195
• /
• 2018

Recently, Due to the ongoing increase in cyber attacks and the improved awareness of privacy protection, most Internet services encrypt the traffic by using security protocols. Existing security protocols usually have additional layer between transport layer and application layer, and they incur additional costs because of encrypting all the traffic transmitted. This results in unnecessary performance degradation because it also encrypts data that does not require confidentiality. In this paper, we propose TCP OENC(Optional Encryption) which enables users of the application layer to optionally encrypt only confidential data. TCP OENC operates by TCP option to allow the application layer to encrypt the TCP stream transmitted only on demand. And it ensures transparency between the TCP layer and the application layer. To verify this, we verified that TCP OENC optionally encrypts the stream of TCP session on the embedded board. And then analyzed the performance of the encrypted stream by measuring the elapsed time.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.581-583
• /
• 2017

Elliptic curve cyptography is relatively a current cryptography based on point arithmetic on elliptic curves and the Elliptic Curve Discrete Logarithm Problem (ECDLP). This discrete logarithm problems enables perfect forward secrecy which helps to easily generate key and almost impossible to revert the generation which is a great feature for privacy and protection. In this paper, we provide a lightweight Elliptic Curve Diffie-Hellman (ECDH) Key exchange generator that creates a 163 bit long shared key that can be used in an Elliptic Curve Integrated Encryption Scheme (ECIES) as well as for key agreement. The algorithm uses a fast multiplication algorithm that is small in size and also implements the extended euclidean algorithm. This proposed architecture was designed using verilog HDL, synthesized with the vivado ISE 2016.3 and was implemented on the virtex-7 FPGA board.

• Journal of Platform Technology
• /
• v.8 no.3
• /
• pp.3-9
• /
• 2020

As the need for sharing for research purposes in the medical field increases, the use of a Common Data Model (CDM) is increasing. However, when sharing CDM data, there are some problems in that access control and personal information in the data are not protected. In this paper, in order to solve this problem, access to CDM data is controlled by using an encryption method in a blockchain network, and information of CDM data is recorded to enable tracking. In addition, IPFS was used to share a large amount of CDM data, and Celery was used to automate the sharing process. In other words, we propose a multi-channel automation system in which the information required for CDM data sharing is shared by a trust-based technology, a distributed file system, and a message queue for automation. This aims to solve the problem of access control and personal information protection in the data that occur in the process of sharing CDM data.

• Journal of The Korean Association of Information Education
• /
• v.24 no.1
• /
• pp.99-106
• /
• 2020

In this paper, we analyzed the units related to robot education in the Practical Arts textbooks according to the 2015 revised curriculum. As a result, all textbooks had a common system of introduction, development, and organization, and all of them showed a similar flow. Learning objectives were presented in all textbooks, but no affective goals were presented except cognitive and functional goals. The contents of robot learning suggest the meaning and type of robots, the structure and sensors of robots, and the activities of making robots, but the contents of robot ethics, the production and activities of various robot works, and the use of robots in the problem solving process are not presented. The assembly robot and the infrared sensor are used in common, and it consists of presenting robot production and control training materials in experience activities and arranging units through evaluation, and the A, C, and F textbooks also provide the unit auxiliary data. In the future, it will be necessary to include the contents of robot ethics education centered on the design/manufacturer and user-oriented robot ethics such as the recognition of the limits of robots, the principles of using robots correctly, safety education, personal information and privacy protection.

• Journal of Korean Library and Information Science Society
• /
• v.33 no.3
• /
• pp.1-40
• /
• 2002

All libraries are forums for information and ideas. Therefore, libraries must have systematic devices through which library users can make use of library materials freely. The systematic devices usually have the form of Library Bill of Rights. The aim of this study is to offer basic data in case our country adopt Library Bill of Rights in the near future. In this thesis, the significance of Library Bill of Rights was investigated and the common components were drawn from the analysis of the changing processes and contents of Library Bill of Rights in the USA and Japan. In the USA and Japan, the Library Association an official institution adopted Library Bill of Rights and established permanent departments to keep and develop Library Bill of Right as well as to solve the problems such as infringement of freedom of library. The common components of Library Bill of Rights are as follows: freedom to collect materials, freedom to provide materials, right to refuse censorship, cooperation with the persons ind groups concerned, a person's rights to use a library, fair use of the library facilities, and protection users' privacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.479-490
• /
• 2013

Recently, the number of attacks by malicious application has significantly increased, targeting Android-platform mobile terminal such as Samsung Galaxy Note and Galaxy Tab 10.1. The malicious application can be distributed to currently used mobile devices through open market masquerading as an normal application. An attacker inserts malicious code into an application, which might threaten privacy by rooting attack. Once the rooting attack is successful, malicious code can collect and steal private data stored in mobile terminal, for example, SMS messages, contacts list, and public key certificate for banking. To protect the private information from the malicious attack, malicious code detection, rooting attack detection and countermeasure method are required. To meet this end, this paper investigates rooting attack mechanism for Android-platform mobile terminal. Based on that, this paper proposes countermeasure system that enables to extract and collect events related to attacks occurring from mobile terminal, which contributes to active protection from malicious attacks.

• The Korean Journal of Applied Statistics
• /
• v.23 no.3
• /
• pp.533-543
• /
• 2010

Asking sensitive questions by a direct survey method causes non-response bias and response bias. Non-response bias arises from interviewees refusal to respond and response bias arises from giving incorrect responses. To rectify these biases, Warner (1965) introduced a randomized response model which is an alternative survey method for socially undesirable or incriminating behavior questions. The randomized response model is a procedure for collecting the information on sensitive characteristics without exposing the identity of the respondent. Many survey researchers have proposed diverse variants of the Warner randomized response model and applied their model to collect the information of sensitive questions. Using an optimal allocation, we proposed three-stage stratified randomized response technique which is an extension of the Kim and Elam (2005) two-stage stratified randomized response technique. In this study, we showed that the estimator based on the proposed response model is more efficient than Kim and Elam (2005). But by adding one more survey step to the Kim and Elam (2005), our proposed model may have relatively less privacy protection compared to the Kim and Elam (2005) model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.253-261
• /
• 2020

This study examines the technologies and application processes related to the use of pseudonym data of companies after the passage of the Data 3 Act to activate the data economy in earnest, and what companies should prepare to use pseudonym data and what will happen in the process It was intended to contribute to the elimination of uncertainty. In the future, companies will need to extend the information security management system from the perspective of the existing IT system to manage and control data privacy protection and management from a third party provisioning perspective. In addition, proper pseudonym data use control should be implemented even in the data use environment utilized by internal users. The economic effect of market change and heterogeneous data combination due to the use of pseudonymized data will be very large, and standards for appropriate non-identification measures and risk assessment criteria for data utilization and transaction activation should be prepared in a short time.