• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.961-964
• /
• 2012

NFC(Near Field Communication)는 10cm 이내의 거리에서 무선기기 간의 통신을 가능케 해주는 기술로 13.56 Mhz RF(Radio Frequency) 주파수 대역을 이용한 비접촉식 근거리 무선통신의 한 종류이다. 올해 출시되는 대부분의 스마트 폰에서 NFC 기능을 탑재하며, NFC기반의 모바일 결제 서비스가 가장 유망한 결제 방식으로 주목 받고 있다. 소비자는 NFC 모바일 단말기를 가지고 판매자의 POS(Point of Sale) 단말기와 근접 통신을 통해 결제를 진행하는 방식으로 다른 무선 통신 방식 (RFID, Bluetooth 등)보다 보안 취약성이 높지 않지만, 기존의 RFID 환경에서 일어날 수 있는 기술적 취약점과 비슷한 유형의 위협이 충분히 발생할 수 있으므로 유효한 보안 기술이 필요하다. 본 논문은 안전한 NFC 모바일 결제 환경을 구축하기 위한 공개키 알고리즘인 타원곡선 암호ECC(Elliptic Curve Cryptosystem)를 적용한 Bilinear Pairing을 활용해서 효율적이고 보안성도 강력한 인증 메커니즘을 제안한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.269-273
• /
• 2010

7.7 DDoS incident due to recent events and the emerging importance of privacy and Privacy laws are being discussed in the National Assembly. In this study, Legislative Assembly Secretariat support organization focused on using the system, such as the Internet network and the administrative, technical and physical security elements on the status of confidentiality, availability, integrity and security criteria to identify and follow and We are analyzing. In addition, the Internet, including network and use the system primarily for use, Legislative support agency, The National Assembly Secretariat staff awareness about information security and privacy on the survey for compliance with codes of conduct and We are analyzing. Through this analysis of legislative support agencies' security status, and social responsibility as an institution will wish to encourage the role.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.85-90
• /
• 2004

In this paper, we analysed the technical features and characteristics for Ship Security Alert Systems(SSAS). Due to the steady increase in incidents, and partly triggered by the events of 9/11, the International Maritime Organization (IMO) initiated an intense programme of activity, resulting in a conference on maritime security measures during December 2002. IMO SOLAS Regulation XI-2/6 applies to the following types of vessels on international voyages which include passenger ships, including high-speed passenger craft, cargo ships, including high-speed craft, of 500 gross tons and upwards and mobile offshore units. The paper has discussed on international technical trends and its characteristics and provided how to regulate for activating and harmonizing internationally domestic ships.

• 한국IT서비스학회:학술대회논문집
• /
• 2007.11a
• /
• pp.382-385
• /
• 2007

최근 들어 TCP/IP(인터넷 프로토콜)기반 역추적의 기술적 한계를 이용해 각종 명의(계정)도용 사건을 비롯해 금융피싱 사고들이 부쩍 늘고 있다. 이 때문에 천문학적인 경제 및 사회적 손실이 초래되고 있음은 물론, 사이버상의 각종 행위에 대한 제약과 발전을 가로막고 있다. 이와 같은 난제를 해결하고 기업 혹은 기관의 보안시스템을 참화하기 위해 실시간 역추적 기술이 등장했다. 과거 정보보호시스템의 가치는 비용 절감, 강력한 보안기술 도입 차원의 맹목적 시도, 구축에 따른 구축 난이도에 초점이 맞추어져 있었다. 하지만 최근에는 정보보호 투자성과 평가에 대해 더욱 설득력 있고 과학적인 결과를 원하고 있으며, 단순한 재무적 시스템 효과보다는 종합적인 비즈니스 효과에 대한 ROI 평가를 중요시하고 있다. 이 논문에서는 역추적 기술의 필요성과 배경에 대하여 살펴보고, 흔히 많이 사용하는 방식인 재무 관점의 비용 효과(Cost-Benefit) 기법을 통해 역추적 기술 개발의 투자수익률(ROI)을 분석할 수 있는 기준을 도출해 본다.

• The Journal of the Korea Contents Association
• /
• v.22 no.9
• /
• pp.104-112
• /
• 2022

The pandemic caused by the COVID-19 virus, which has lasted for the past three years, has changed society and the way people live in many ways. These changes also affect cyberspace, so the pre-pandemic information security model and standards have limitations when applied to the current situation. In this paper, a new method to improve the information security model of public institutions was proposed in consideration of various situations in the new normal era. In other words, through the proposed information security model, the possibility of external intrusion is blocked in advance through the policy and technical supplementation of remote work, which is a weakness of the existing information security operation of public institutions. Also, how to prevent abnormal authentication attempts by building a secure VPN environment, how to prevent social engineering cyber attacks targeting fear and uncertainty caused by COVID-19, and how to use a smooth network and create a remote work environment. For this purpose, methods for securing service availability were additionally presented.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.27-33
• /
• 2015

In this paper, the development level of information security technology for internet of things(Iot), big data and clo ud services is analyzed, and the detail policy is proposed to be leader in area of patents and ICT standard. The conc ept of ICT convergence is defined frist, market and current state of technology for three convergence services is the n analyzed, and finally main function and security target for each technology are presented. The evaluation criteria a nd IPR are analyzed to diagnose the level of patent and standard for the technology. From the results, even though the domestic competence is inferior compared to other advanced country, the efficient policy should be presented by using our capability for the big data and cloud. Furthermore, the technology development for the IoT and cloud is ne eded in advance considering the market-technology influence effects. In addition to, M2M security framework in IoT, data security in big data and reliable networking in cloud should be developed in advance.

• Convergence Security Journal
• /
• v.2 no.1
• /
• pp.87-97
• /
• 2002

Many firms are utilizing the Internet and various information technologies to effectively manage their business operations with a goal of gaining a competitive advantage in the rapidly changing business environments. Today, the business is characterized as digital economy where information freely flows and business processes are improved with the use of information technologies. Internet technology is playing a key role in transforming the organization and creating new business models. It has become the infrastructure of choice for electronic commerce because it provides process efficiency, cost reduction, and open standards that can easily be adopted by different organizations. Here, the vast amount of data and information slow among the related parties and security issues are very critical matter of research interests by academicians and practitioners. In this research, we address the importance of security framework in managing the data shared among the related parties in the e-business and suggest the security architecture for effectively supporting the needs of e-business in an organization. This research provides valuable contributions both in academics and industry in terms of how security framework and architecture should be set in order to provide the necessary e-business.

• Proceedings of KOSOMES biannual meeting
• /
• 2005.11a
• /
• pp.53-58
• /
• 2005

An international study on Class B AIS for Non-SOLAS vessels is in progress through IMO and IEC. The IEC issued CDV(Committee Draft for Vote) on March 3, 2005, as IEC 62287, which includes operational and performance requirements, methods of test and required test results about Class B AIS. In this paper, we proposed the method of making Class B AIS properly onboard. This research deals with the problems of introducing Class B AIS which is properly applicable on small fishing vessels as well as domestic Non-SOLAS vessels. Moreover, several technical considerations were suggested to develop a national technical standards for Class B AIS.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.11a
• /
• pp.599-603
• /
• 2006

Korea Information Security Agency has executed the certification system for the information security management since 2002 and examines the conformance of the IDCs'total management system including the technical and the physical protection measure. However, this certification system has the standard only for the IDC in the wire/wireless segregated and the evaluation method for the wire/wireless integrated has not been suggested yet. This paper is on the basis of "Accumulation Information Communication Facility Secure Principle", guidelines of Wireless LAN security operation, the existing principles and recommendations of the information security and the data on IDC environment. And the paper suggests the IDC network model in the wire/wireless integrated and the IDC evaluation method.

• Journal of Internet Computing and Services
• /
• v.14 no.3
• /
• pp.23-33
• /
• 2013

Recently in the field of IT, cloud computing technology has been deployed rapidly in the current society because of its flexibility, efficiency and cost savings features. However, cloud computing system has a big problem of vulnerability in security. In order to solve the vulnerability of cloud computing systems security in this study, impact types of virtual machine about the vulnerability were determined and the priorities were determined according to the risk evaluation of virtual machine's vulnerability. For analyzing the vulnerability, risk measurement standards about the vulnerability were defined based on CVSS2.0, which is an open frame work; and the risk measurement was systematized by scoring for relevant vulnerabilities. Vulnerability risk standards are considered to suggest fundamental characteristics of vulnerability and to provide the degree of risks and consequently to be applicable to technical guides to minimize the vulnerability. Additionally, suggested risk standard of vulnerability is meaningful as the study content itself and could be used in technology policy project which is to be conducted in the future.