• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1692-1706
• /
• 2004

Recently, there are rapid development of information and communication and rapid growth of e-business users. Therefore we try to solve security problem on the internet environment which charges from wire internet to wireless internet or wire/wireless internet. Since the wireless mobile environment is limited, researches such as small size, end-to-end and privacy security are performed by many people. Wireless e-business adopts credit card WPP protocol and AIP protocol proposed by ASPeCT. WAP, one of the protocol used by WPP has weakness of leaking out information from WG which conned wire and wireless communication. certification chain based AIP protocol requires a lot of computation time and user IDs are known to others. We propose a Micro-Payment protocol based on credit card. Our protocol use the encryption techniques of the public key with ID to ensure the secret of transaction in the step of session key generation. IDs are generated using ECC based Weil Paring. We also use the certification with hidden electronic sign to transmit the payment result. The proposed protocol solves the privacy protection and Non-repudiation p개blem. We solve not only the safety and efficiency problem but also independent of specific wireless platform. The protocol requires the certification organization attent the certification process of payment. Therefore, other domain provide also receive an efficient and safe service.

• Journal of Digital Convergence
• /
• v.14 no.5
• /
• pp.341-348
• /
• 2016

Because VPN(Virtual Private Network) uses internet network, the security technique should support it and evaluation technique based on standard should support it. Therefore the method should be organized that can evaluate the security of VPN based on the related standard. In this study, we intended to construct the security evaluation model through combining CC(Common Criteria) which is a evaluation standard and a part of security(Confidentiality, Integrity, Non-repudiation, Accountability, Authenticity) evaluation of ISO which is the standard of software quality evaluation. For this, we analyzed the quality requirements about intra-technology and security of VPN and constructed the evaluation model related to the quality characteristics of two international standard. Through this, we are able to construct a convergence model for security evaluation of VPN. Through accumulating the evaluation practices for VPN in the future, the suitability and validity of the evaluation model must be improved.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.11
• /
• pp.5872-5878
• /
• 2013

This study provides two channel structure and two factor authentication. First, a purchasing request by Internet and then user certification and a settlement approval process by mobile communication. Second, it support that proposal protocol utilize a partial factor value of stored in users smartcard, smart phone and password of certificate. Third, storage stability is improved because certificate store in smartcard. Finally, proposal protocol satisfy confidentiality, integrity, authentication, and non- repudiation on required E-commerce guideline. In comparative analysis, Efficiency of the proposal protocol with the existing system was not significantly different. But, In terms of safety for a variety of threats to prove more secure than the existing system was confirmed.

• Convergence Security Journal
• /
• v.15 no.6_1
• /
• pp.69-78
• /
• 2015

Methods that industrial spies use to smuggle core technology out are becoming more intelligent, technological, and complex, thus resulting in more serious damages. In particular, defense industries in which involve national core technology as well as institutions including labor force are industries that are in a greater need of the convergence security. Defense Industry develops, experiments, and produces defense security supplies for national security protection. Defense industry involves a number of security elements such as military secret, industrial secret, core technology labor force, defense industry supply, critical national facility, and information communication system. Defense industry security is a complex of military security and industrial security which is convergence security that integrates all security elements of defense industry. Therefore, defense industry security is a typical ideal model for convergence security. Research on defense industry security is relatively insufficient compared to research of security in other industrial fields. In order to prevent core technology of denfese industry from leaking and to protect technical professionals and institutions, research and action on defense industry security from convergence security perspective are therefore essential at this point of time.

• Journal of Digital Convergence
• /
• v.12 no.5
• /
• pp.263-269
• /
• 2014

Mobile Cloud Service will provide cloud services through mobile devices. Because storage space constraints and computing process performance limitations of mobile devices, this service will process in the cloud environment after moving works and data that have to process in mobile terminal. The obstacles of mobile cloud service activity will have concerned high about the reliability service, data security, and the confidentiality security. In particular, in convergence of mobile services and cloud services, each threats are expected to be generated complicatedly. In this paper, we define the type of mobile cloud services as well as security threats that can occur in mobile cloud. Also we suggest security countermeasures in mobile app. and enterprises countermeasures. We suggest verification of mobile applications for user information protection about security countermeasures in mobile app. Also we describe the cloud providers responsibility and user responsibility about enterprises countermeasures.

• Journal of Industrial Convergence
• /
• v.20 no.7
• /
• pp.65-71
• /
• 2022

With the development of ICT, as the era of the 4th industrial revolution arrives, the amount of data is enormous, and as big data technologies emerge, technologies for processing, storing, and processing data are becoming important. In this paper, we propose a system that detects events through monitoring and judges them using hash values because the damage to important files in case of leakage in industries and public places is serious nationally and property. As a research method, an optional event method is used to compare the hash value registered in advance after performing the encryption operation in the event of a file leakage, and then determine whether it is an important file. Monitoring of specific events minimizes system load, analyzes the signature, and determines it to improve accuracy. Confidentiality is improved by comparing and determining hash values pre-registered in the database. For future research, research on security solutions to prevent file leakage through networks and various paths is needed.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.647-654
• /
• 2023

Deep Learning is a useful method for classifying and recognizing complex data such as images and text, and the accuracy of the deep learning method is the basis for making artificial intelligence-based services on the Internet useful. However, the vast amount of user da vita used for training in deep learning has led to privacy violation problems, and it is worried that companies that have collected personal and sensitive data of users, such as photographs and voices, own the data indefinitely. Users cannot delete their data and cannot limit the purpose of use. For example, data owners such as medical institutions that want to apply deep learning technology to patients' medical records cannot share patient data because of privacy and confidentiality issues, making it difficult to benefit from deep learning technology. In this paper, we have designed a privacy preservation technique-applied deep learning technique that allows multiple workers to use a neural network model jointly, without sharing input datasets, in multi-party system. We proposed a method that can selectively share small subsets using an optimization algorithm based on modified stochastic gradient descent, confirming that it could facilitate training with increased learning accuracy while protecting private information.

• Journal of Korean Society of Archives and Records Management
• /
• v.3 no.1
• /
• pp.129-140
• /
• 2003

The ultimate goal of preserving and maintaining the records is to use them practically. The effective use of records should be supported by the reasonable recordskeeping systems and access standards. In this report, I examined the Korean laws and administrative systems related to the public records access issues. After I pointed out major problems of the access laws, the Government Information Opening Act (GOIA), and the problems in practices, I suggested some alternatives for the betterment of the access system. The GIOA established "eight standards of exemption to access" not to open some information to protect national interests and privacy. The Public Records Management Act (PRMA) applies to the archives transferred to "professional archives." The two laws show fundamental differences in the ways to open the public records to public. First, the GIOA deals with the whole information (the records) that public institutions keep and maintain, while the PRMA deals with the records that were transferred to the Government Archives. Second, the GIOA provides with a legal procedure to open public records and the standards to open or not to open them, while the PRMA allows the Government Archives to decide whether the transferred records should be opened or not. Third, the GIOA applies to record producing agencies, while the PRMA applies to public archival institutions. One of the most critical inadequacies of the PRMA is that there are no standards to judge to open the archives through reclassification procedure. The GIOA also suggests only the type of information that is not accessible. It does not specify how long the records can be closed. The GARS does not include the records less than 30 years old as its objects of the reclassification. To facilitate the opening of the archives, we need to revise the GIOA and the PRMA. It is necessary to clearly divide the realms between the GIOA and the PRMA on the access of the archives. The PRMA should clarify the principles of the reclassification as well as reclassifying method and exceptions. The exemption standards of the GIOA should be revised to restrict the abuse of the exemption clauses, and they should not be applied to the archives in the GARS indiscreetly and unconditionally.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.1-13
• /
• 2008

Trusted Computing is a hardware-based technology that aims to guarantee security for machines beyond their users' control by providing security on computing hardware and software. TPM(Trusted Platform Module), the trusted platform specified by the Trusted Computing Group, acts as the roots for the trusted data storage and the trusted reporting of platform configuration. Data sealing encrypts secret data with a key and the platform's configuration at the time of encryption. In contrast to the traditional data sealing based on binary hash values of the platform configuration, a new approach called property-based data sealing was recently suggested. In this paper, we propose and analyze a new property-based data sealing protocol using the weakest precondition concept by Dijkstra. The proposed protocol resolves the problem of system updates by allowing sealed data to be unsealed at any configuration providing the required property. It assumes practically implementable trusted third parties only and protects platform's privacy when communicating. We demonstrate the proposed protocol's operability with any TPM chip by implementing and running the protocol on a software TPM emulator by Strasser. The proposed scheme can be deployed in PDAs and smart phones over wireless mobile networks as well as desktop PCs.

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.41-48
• /
• 2005

Objective of this study is to design and implement security system based on intrusion tolerance technology for the improvement of dependability in defense system. In order to do so, I identify and extract core technologies through the research and analysis into characteristics, structures, main functions, and technologies of intrusion tolerance architecture. And I accomplish a design of security system through the redundant system based on these core technologies. To implement and verify intrusion tolerance system, I chose 'wargame system' as a subjected system, and accomplished 'Wargame Intrusion Tolerance System' and verified security required functions through a performance test. By applying showed security system into the development of application software based on intrusion tolerance, systematic and efficient system could be developed. Also applying 'WITDS' can solve the current security problems, and this will be basic model for design of security architecture in the federation system after.