• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.11 no.4
• /
• pp.229-237
• /
• 2011

As smart phones have become widely adopted, they have brought about changes in individual lifestyles, as well as significant changes in the industry. As the mobile technology of smart phones has become associated with all areas of industry, it is not only accelerating innovation in other industries such as shopping, healthcare service, education, and finance, but is also creating new markets and business opportunities. The preparation of thorough security measures for smart phones is increasing in demand. While offering excellent mobility and convenience, smart phones can be exposed to a range of violation threats. In particular, it is necessary to make efforts to develop a security system that can preemptively cope with potential security threats in the banking service area, which requires a high level of reliability. This paper suggests a security reference model that is considered for the smart phone-based joint mobile banking development project being undertaken by the Bank of Korea in 2010. The purpose of this study is to make a security reference model for a reliable smart phone-based mobile financial service, by recognizing the specific security threats directed toward smart phones, and providing countermeasures to these security threats. The proposed mobile banking security reference model is useful in improving system security by systematically analyzing information security threats to the mobile financial service, and by presenting the guideline for the preparation of countermeasures.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.17 no.4
• /
• pp.95-102
• /
• 2021

As social interest in the metaverse increases, various metaverse platforms and services are appearing, and various security issues are emerging accordingly. In particular, since all activities are performed in a variety of virtual spaces, and the metaverse utilizes sensing data using various hardware devices, more information is accumulated than other Internet services, and more damage can occur if information security is not guaranteed. Therefore, in this paper, we propose a metaverse security model that considers the major issues mentioned in previous papers and the necessary evaluation factors for the security functions required in the metaverse platform. As a result of performing the performance evaluation of the proposed model and the existing attribute information collection model, the proposed model can provide security functions such as anonymity and source authentication, which were not provided by the existing models.

• Journal of Navigation and Port Research
• /
• v.36 no.1
• /
• pp.9-14
• /
• 2012

Maritime security incidents by pirates and by terrorists increase, but maritime incidents investigation models are limited to figure out the maritime security incidents. This paper provides the analysis model for maritime security incidents. To develop this analysis model, this categorizes five threat factors, the ship, the cargo type, port system, human factor, information flow system, makes the risk assessment matrix to quantify the risk related to threat factors and classifies four priority categories of risk assessment matrix. Also, this model makes from the frameworks which include a variety of security initiatives implementing in stakeholder levels like international organizations, individual governments, shipping companies, and the ship. Therefore, this paper develops the Analysis for Maritime Security Management model based on various security initiatives responding to the stakeholder levels of maritime security management and top-bottom/bottom-up decision trees, and shows the validity through verifying the real maritime security incident of M/V Petro Ranger.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1585-1594
• /
• 2018

In recent years The importance of information security management for securing information collection and analysis, production and distribution is increasing. Companies are assured of confidence in information security through authentication of information Security Management System. However, level assessment and use of domains that make up the management system is limited. On the other hand, the security maturity model is able to diagnose the level of information protection of the enterprise step by step. It is also possible to judge the area to be improved urgently. It is a tool to support goal setting according to the characteristics and level of company. In this paper, C2M2, which is an example of security maturity model, is compared and analyzed with Korea Information Security Management System certification. Benchmark the model to check the level of information security management and derive the priority among the items that constitute the detailed area of information security measures of ISMS certification. It also look at ways to check the level of information security management step by step.

• Journal of the Korea Society for Simulation
• /
• v.17 no.3
• /
• pp.53-62
• /
• 2008

This paper proposes a new implementational model based on the security model of Oracle for Web ontology. Recently, several access control models using relational database security model for access control to Web ontology have been developing, and one of the most representative access control model is the RAC model. However, the RAC model is based on the standard security model, and thus it does not provide a implementational model for practical relational database management systems. In this paper, we propose an implementational model based on Oracle which is widely used and providing various security policies. This paper shows the implementation and experimental evaluation. Especially, the proposed model uses the VPD security model of Oracle and support high application and usability.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.3
• /
• pp.607-625
• /
• 2011

Two-party key exchange protocol is a mechanism in which two parties communicate with each other over an insecure channel and output the same session key. A key exchange protocol that is secure against an active adversary who can control and modify the exchanged messages is called authenticated key exchange (AKE) protocol. LaMacchia, Lauter and Mityagin presented a strong security definition for public key infrastructure (PKI) based two-pass protocol, which we call the extended Canetti-Krawczyk (eCK) security model, and some researchers have provided eCK-secure AKE protocols in recent years. However, almost all protocols are provably secure in the random oracle model or rely on a special implementation technique so-called the NAXOS trick. In this paper, we present a PKI-based two-pass AKE protocol that is secure in the eCK security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and does not rely on implementation techniques such as the NAXOS trick.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.39-46
• /
• 2020

In order to protect the business information of the enterprise, the company is engaged in various information security activities, such as establishing an information security management system, establishing and operating an information security system, checking vulnerabilities and security controls. It is an enterprise information security governance that organizes various information security activities for enterprise business, and it needs to be systematized to operate them effectively. In this study, to systematize the enterprise information security governance, we would like to explore the existing Enterprise Information Portal(EIP) model and propose an Enterprise Information Security Portal(EISP) model based on it. The Enterprise Information Security Portal(EISP) model provides an integrated environment for supporting the activities of the information security departments by systemizing the enterprise information security governance, which is a variety of information security activities of the enterprises, so that the information security activities of the enterprises can participate directly from CEO to executives and employees, not just from the information security departments.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.1
• /
• pp.122-127
• /
• 2009

In this paper, it is reviewed security architecture and proposed security model about secure aeronautical system, which is considering in the cynical research topics out of aeronautical traffic system. The reviewed contents is treated about security model fur domestic aeronautical system with international security technology trends in the basis of security technology related aeronautical services. In the security framework of aeronautical communication network, it is analyzed data link security technology between air and ground communication, and security architecture in according to aeronautical system, and presented security architecture of U information HUB model. The security architecture of U-information HUB includes the internetworking scope of airline, airport network, airplane network, and related government agency, etc.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.634-644
• /
• 2009

A diversity of wireless networks, with rapidly evolving wireless technology, are currently in service. Due to their innate physical layer vulnerability, wireless networks require enhanced security components. WLAN, WiBro, and UMTS have defined proper security components that meet standard security requirements. Extensive research has been conducted to enhance the security of individual wireless platforms, and we now have meaningful results at hand. However, with the advent of ubiquitous service, new horizontal platform service models with vertical crosslayer security are expected to be proposed. Research on synchronized security service and interoperability in a heterogeneous environment must be conducted. In heterogeneous environments, to design the balanced security components, quantitative evaluation model of security policy in wireless networks is required. To design appropriate evaluation method of security policies in heterogeneous wireless networks, we formalize the security properties in wireless networks. As the benefit of security protocols is indicated by the quality of protection (QoP), we improve the QoP model and evaluate hybrid security policy in heterogeneous wireless networks by applying to the QoP model. Deriving relative indicators from the positive impact of security points, and using these indicators to quantify a total reward function, this paper will help to assure the appropriate benchmark for combined security components in wireless networks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39C no.4
• /
• pp.326-333
• /
• 2014

Internet Services have security issues. To prepare proper security measures for these security issues, security level setting is positively necessary. Until now, we use a security level with CIA (Confidentiality, Integrity, and Availability) Security Levels. However, CIA Security Levels has problems with ambiguous measures for the middle level of security setting. Moreover, security level overlap occurs, in some cases, when user authentications are not done. Additionally, there exist some levels among CIA Security Levels which cannot be applied to Internet services. In this paper, new security level model, CIAA Security Levels with deletion of ambiguous middle level of security setting and addition of authentication to one of security level setting factors, is proposed. The CIAA Security Levels model can be applied to more concrete security measures than CIA Security Levels. The proposed Security Levels model is applicable to almost any on-line services and it can be applied to new online services.