• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.1-16
• /
• 2011

A digital certificate mandated by the Electronic Signature Act has become familiar in our daily lives as 95% of the economically active population hold certificates. Due to upgrades to 256 bit level security that have become effective recently, the security and reliability of digital certificates are expected to increase. Digital certificates based on Public Key Infrastructure (PKI) have been known as "no big problem," but the possibility of password exposure in cases of leaked digital certificates still exists. To minimize this vulnerability, various existing studies have introduced alternative password methods, expansion of certificate storage media, and multiple certification methods. These methods perform enhanced functions but also have limitations including the fact that the secureness of passwords is not guaranteed. This study suggests an alternative method for enhancing the level of password secureness as a way to improve password security. This new method improves security management and enhances the convenience of using digital technologies. The results may be used for developing digital certificate related security technologies and research in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.111-125
• /
• 2010

There is a growing interest in "smart grid" technology, especially after the government recently announced "low-carbon green-growth industry" project. A smart grid uses "smart meters", which can be deployed in any power-consuming places like homes and factories. It has been shown that smart meters have several security weaknesses. There is, however, no protection profile available for smart meters, which means that safety with using them is not guaranteed at all. This paper analyzes vulnerabilities of smart meters and the relevant attack methods, thereby deriving the security functions and requirements for smart meters. Finally, we propose a protection profile based on Common Criterion v3.l for smart meters.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.73-81
• /
• 2021

When downloading files using an app or web-based application on the user's mobile phone, the path is set to be saved in the pre-defined default directory. Many applications requiring access to storage, including file managers, require a write or read permission of storage to provide numerous functions and services. This means that the application will have direct access to the download folder where the numerous files downloaded. In this paper, to prove our feasibility of attack using the security vulnerabilities mentioned above, we developed a file hacking function disguised as an encryption function in the file management application. The file that encrypted will be sent to hackers via E-mail simultaneously on the background. The developed application was evaluated from VirusTotal, a malicious analysis engine, was not detected as a malicious application in all 74 engines. Finally, in this paper, we propose a defense technique and an algorithm based on the Trusted Execution Environment (TEE) to supplement these storage vulnerabilities.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.103-112
• /
• 2020

Recently, the interest in hobby/leisure drones is increasing in the private sector, and the military also uses drones in various countries such as North Korea, the United States, and Iran for military purposes such as reconnaissance and destruction. A variety of drone related research is underway, such as establishing and operating drone units within the Korean military. Inparticular, recently, as the size of drone flight control source code increases and the number of functions increases, drone developers are getting accustomed to using open sources and using them without checking for separate security vulnerabilities. However, since these open sources are actually accessible to attackers, they are inevitably exposed to various vulnerabilities. In this paper, we propose an attack scenario for military drones using open sources in connection with these vulnerabilities using Telemetry Hijacking techniques.

• Journal of Information Technology Services
• /
• v.21 no.4
• /
• pp.63-74
• /
• 2022

Globally researchers at medical institutions are actively sharing COHORT data of patients to develop vaccines and treatments to overcome the COVID-19 crisis. OMOP-CDM, a common data model that efficiently shares medical data research independently operated by individual medical institutions has patient personal information (e.g. PII, PHI). Although PII and PHI are managed and shared indistinguishably through de-identification or anonymization in medical institutions they could not be guaranteed at 100% by complete de-identification and anonymization. For this reason the security of the OMOP-CDM database is important but there is no detailed and specific OMOP-CDM security inspection tool so risk mitigation measures are being taken with a general security inspection tool. This study intends to study and present a model for implementing a tool to check the security vulnerability of OMOP-CDM by analyzing the security guidelines for the US database and security controls of the personal information protection of the NIST. Additionally it intends to verify the implementation feasibility by real field demonstration in an actual 3 hospitals environment. As a result of checking the security status of the test server and the CDM database of the three hospitals in operation, most of the database audit and encryption functions were found to be insufficient. Based on these inspection results it was applied to the optimization study of the complex and time-consuming CDM CSF developed in the "Development of Security Framework Required for CDM-based Distributed Research" task of the Korea Health Industry Promotion Agency. According to several recent newspaper articles, Ramsomware attacks on financially large hospitals are intensifying. Organizations that are currently operating or will operate CDM databases need to install database audits(proofing) and encryption (data protection) that are not provided by the OMOP-CDM database template to prevent attackers from compromising.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.9-19
• /
• 2023

Smart cars, which incorporate information and communication technologies (ICT) to improve driving safety and convenience for drivers, have recently emerged. However, the increasing risk of automotive cybersecurity due to the vulnerability of electronic control units (ECUs) and automotive networks, which are essential for realizing the autonomous driving functions of smart cars, is a major obstacle to the widespread adoption of smart cars. Although there have been only a few real-world cases of smart car hacking, drivers' concerns about the security of smart cars can have a negative impact on their proliferation. Therefore, it is important to understand the risk factors perceived by drivers and the trust in smart cars formed through them in order to promote the future diffusion of smart cars. This study examines the risk factors that affect the formation of trust in smart cars, focusing on security and privacy, and analyzes how these factors affect safety perceptions and trust in smart cars.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.21-26
• /
• 2024

The security model in the previous network environment has a vulnerability in which resource access control for trusted users is not properly achieved using the Perimeter model based on trust. The Zero Trust is an absolute principle to assume that the users and devices accessing internal data have nothing to trust. Applying the Zero Trust principle is very successful in reducing the attack surface of an organization, and by using the Zero Trust, it is possible to minimize damage when an attack occurs by limiting the intrusion to one small area through segmentation. ZTNA is a major technology that enables organizations to implement Zero Trust security, and similar to Software Defined Boundary (SDP), ZTNA hides most of its infrastructure and services, establishing one-to-one encrypted connections between devices and the resources they need. In this study, we review the functions and requirements that become the principles of the ZTNA architecture, and also study the security requirements and additional considerations according to the construction and operation of the ZTNA solution.

• Journal of the Semiconductor & Display Technology
• /
• v.23 no.1
• /
• pp.12-18
• /
• 2024

The accelerated pace of climate crisis due to continuous industrialization and greenhouse gas emissions necessitates sustainable solutions that simultaneously address mitigation and adaptation to climate change. Naturebased Solutions (NbS) have gained prominence as viable approaches, with Green Infrastructure being a representative NbS. Green Infrastructure involves securing green spaces within urban areas, providing diverse climate adaptation functions such as removal of various air pollutants, carbon sequestration, and isolation. The proliferation of Green Infrastructure is influenced by the quantification of improvement effects related to various projects. To support decision-making by assessing the climate vulnerability of Green Infrastructure, the U.S. Department of Agriculture (USDA) has developed i-Tree Tools. This study proposes a comprehensive evaluation approach for climate change adaptation types by quantifying the climate adaptation performance of urban Green Infrastructure. Using i-Tree Canopy, the analysis focuses on five urban green spaces covering more than 30 hectares, considering the tree ratio relative to the total area. The evaluation encompasses aspects of thermal environment, aquatic environment, and atmospheric environment to assess the overall eco-friendliness in terms of climate change adaptation. The results indicate that an increase in the tree ratio correlates with improved eco-friendliness in terms of thermal, aquatic, and atmospheric environments. In particular, it is necessary to prioritize consideration of the water environment sector in order to realize climate change adaptive green infrastructure, such as increasing green space in urban areas, as it has been confirmed that four out of five target sites are specialized in improving the water environment.

• Journal of Korean Society of Disaster and Security
• /
• v.14 no.4
• /
• pp.69-80
• /
• 2021

This study tried to suggest improvement measures by discovering problems or matters requiring improvement among the annual regional safety evaluation systems. Briefly introducing the structure and contents of the study, which is the introduction, describes the regional safety evaluation method newly applied by the Ministry of Public Administration and Security in 2020. Utilization plans were also introduced according to the local safety level that was finally evaluated by the local government. In this paper, various views of previous researchers related to regional safety are summarized and described. In addition, problems were drawn in the composition of the index of local safety, the method of calculating the index, and the application of the current index. Next, the problems of specific regional safety evaluation indicators were analyzed and solutions were presented. First, "Number of semi-basement households" is replaced with "Number of households receiving basic livelihood" of 「Social Vulnerability Index」 in the field of disaster risk factors is replaced with "the number of households receiving basic livelihood". In addition, the "Vinyl House Area" is evaluated by replacing "the number of households living in a Vinyl House, the number of container households, and the number of households in Jjok-bang villages" with data. Second, in the management and evaluation of habitual drought disaster areas, local governments with a water supply rate of 95% or higher in Counties, Cities, and Districts are treated as "missing". This is because drought disasters rarely occur in the metropolitan area and local governments that have undergone urbanization. Third, the activities of safety sheriffs, safety monitor volunteers, and disaster safety silver monitoring groups along with the local autonomous prevention foundation are added to the evaluation of the evaluation index of 「Regional Autonomous Prevention Foundation Activation」 in the field of response to disaster prevention measures. However, since the name of the local autonomous disaster prevention organization may be different for each local government, if it is an autonomous disaster prevention organization organized and active for disaster prevention, it would be appropriate to evaluate the results by summing up all of its activities. Fourth, among the Scorecard evaluation items, which is a safe city evaluation tool used by the United Nations Office for Disaster Risk Reduction(UNDRR), the item "preservation of natural buffers to strengthen the protection functions provided by natural ecosystems" is borrowed, which is closely related to natural disasters. The Scorecard evaluation is an assessment index that focuses on improving the disaster resilience of local governments while carrying out the campaign "Creating cities resilient to climate crises and disasters" emphasized by UNDRR. Finally, the names of "regional safety level" and "local safety index" are similar, so the term of local safety level is changed to "natural disaster safety level" or "natural calamity safety level". This is because only the general public can distinguish the local safety level from the local safety index.

• The Journal of the Korea Contents Association
• /
• v.20 no.4
• /
• pp.244-253
• /
• 2020

This study aimed to assess the factors affecting the level of happiness and a sense of happiness among senior men and women, including sociodemographic characteristics, health behavior, subjective health level, and healthcare utilization, using the 2017 Community Health Survey (CHS). A total of 67,835 older adults were enrolled for the study, 27,979 males and 39,856 females. The results showed that education level and total household income affected the happiness in female elderly, while having a spouse increased happiness in male elderly. In addition, both male elderly and female felt a great of happiness when they had good health behaviors, perceived themselves to be in good health, and had no restrictions with healthcare utilization. Subjective health status and healthcare utilization seem to have a substantial impact on happiness because older adulthood is a period marked with increased physical vulnerability compared to other age groups due to diminished physiological functions. Based on these results, the government should expand subsidies for welfare for the aged to provide lifelong education opportunities and the existing elderly education and programs in health-related organizations should reflect the characteristics of the elderly. Furthermore, social service systems and programs related to the elderly should be re-evaluated so as to develop services and programs tailored to the elderly to promote their happiness more effectively.