• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.1
• /
• pp.23-28
• /
• 2018

In this work, we developed a platform that can monitor status and manage events of factory workplaces by providing events and data collected from various types of multi-touch technology based sensors installed in the workplace. By using the image recognition technology, faces of the people in the factory workplace are recognized and the customized contents for each worker are provided, and security of contents is enhanced by the authenticating an individual worker through face recognition. Contents control function through gesture recognition is constructed, so that workers can easily search documents. Also, it is possible to provide contents for workers by implementing face recognition function in mobile devices. The result of this work can be used to improve workplace safety, convenience of workers, contents security and can be utilized as a base technology for future smart factory construction.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.5
• /
• pp.21-30
• /
• 2005

Recently, a mobile IPv6 binding update protocol using Address Based Keys (BU-ABK) was proposed. This protocol applies Address Based Keys (ABK), generated through identity-based cryptosystem, to enable strong authentication and secure key exchange without any global security infrastructure. However, because it cannot detect that public cryptographic parameters for ABKs are altered or forged, it is vulnerable to man-in-the-middle attacks and denial of service attacks. Furthermore, it has heavy burden of managing the public cryptographic parameters. In this paper, we show the weaknesses of BU-ABK and then propose an enhanced BU-ABK (EBU-ABK). Furthermore, we provide an optimization for mobile devices with constraint computational power. The comparison of EBU-ABK with BU-ABK shows that the enhanced protocol achieves strong security while not resulting in heavy computation overhead on a mobile node.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.3
• /
• pp.605-614
• /
• 2012

Nowadays u-healthcare which is very sensitive to the character of user's information among other ubiquitous computing field is popular in medical field. u-healthcare deals extremely personal information including personal health/medical information so it is exposed to various weaknees and threats in the part of security and privacy. In this paper, RFID based patient's information protecting protocol that prevents to damage the information using his or her mobile unit illegally by others is proposed. The protocol separates the authority of hospital(doctor, nurse, pharmacy) to access to patient's information by level of access authority of hospital which is registered to management server and makes the hospital do the minimum task. Specially, the management server which plays the role of gateway makes access permission key periodically not to be accessed by others about unauthorized information except authorized information and improves patient's certification and management.

• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.187-193
• /
• 2017

Objects Internet-based healthcare services provide healthcare and healthcare services, including measurement of user's vital signs, diagnosis and prevention of diseases, through a variety of object internet devices. However, there is a problem that new security vulnerability can occur when inter-working with the security weakness of each element technology because the internet service based on the object Internet provides a service by integrating various element technologies. In this paper, we propose a user privacy protection model that can securely process user's healthcare information from a third party when delivering healthcare information of users using wearable equipment based on IoT in a mobile environment to a server. The proposed model provides attribute values for each healthcare sensor information so that the user can safely handle, store, and store the healthcare information, thereby managing the privacy of the user in a hierarchical manner. As a result of the performance evaluation, the throughput of IoT device is improved by 10.5% on average and the server overhead is 9.9% lower than that of the existing model.

• Convergence Security Journal
• /
• v.7 no.2
• /
• pp.81-89
• /
• 2007

Mobile computing environment that support so that can offer employees inside information that enterprise has always improves business productivity and fetches efficiency enlargement. In this paper, limit model that can process ERP information by real-time as easy and convenient always utilizing radio network and PDA, Mobile camera based on Mobile vision concept. Calculable information between seller and customer is supplied supplying real-time brand image and information by practical use of Enterprise Resource Planning doing based on Mobile. Technical development and commercialization that utilize mobility, enforcement stronghold, portability etc. that is advantage of Mobile communication are required. In this paper, mobility of precious metals.jewel field that use portable terminal equipment taking advantage of a Mobile technology is secured. Constructed Mobile vision system that satisfy photography and bar-code scan at the same time from Mobile camera.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.45-52
• /
• 2017

The Cybersecurity Information Sharing Act(CISA) of 2015, enacted in December 2015, is one of the greatest achievements of cybersecurity legislation in the United States. The promotion of cybersecurity information sharing is one of the tasks to improve cybersecurity governance in Korea. So it is an important issue to be addressed in cybersecurity legislation in Korea in the near future. CISA has many implications for cybersecurity legislation in Korea. Nevertheless, it is difficult to find preceding research that explain the content of CISA and study its normative meaning in Korea. Therefore, in this paper, the contents of the CISA is identified and its normative meaning and implication is found in five categories: definition of terms, establishment of information sharing procedures and conditions, promotion of voluntary information sharing by the private sector, checks on the executive branch and report to the Congress, and other matters. CISA facilitates information sharing based on willingness, while eliminating the side effects that may arise in the information sharing process. It is necessary to appropriately apply the good points of CISA to the cybersecurity legal system in Korea.

• Journal of Digital Convergence
• /
• v.18 no.9
• /
• pp.57-62
• /
• 2020

Smart home based on Internet of things (IoT) is rapidly emerging as an exciting research and industry field. However, security and privacy have been critical issues due to the open feature of wireless communication channel. As a step towards this direction, Shuai et al. proposed an anonymous authentication scheme for smart home environment using Elliptic curve cryptosystem. They provided formal proof and heuristic analysis and argued that their scheme is secure against various attacks including de-synchronization attack, mobile device loss attack and so on, and provides user anonymity and untraceability. However, this paper shows that Shuai et al.'s scheme does not provide user anonymity nor untraceability, which are very important features for the contemporary IoT network environment.

• Convergence Security Journal
• /
• v.16 no.3_2
• /
• pp.33-42
• /
• 2016

While evolving information-oriented society provides a lot of benefits to the human life, new types of threats have been increasing. Particularly, cyber terrorism, happen on the network that is composed of a computer system and information communication network, and the mean and scale of damage has reached a serious level. In other words, it is hard to locate cyber terror since it occurs in the virtual space, not in the real world, so identifying "Who is attacking?" (Non-visibility, non-formulas), or "Where the attack takes place?" (trans-nation) are hard. Hackers, individuals or even a small group of people, who carried out the cyber terror are posing new threats that could intimidate national security and the pace and magnitude of threats keep evolving. Scale and capability of North Korea's cyber terrorism are assessed as world-class level. Recently, North Korea is focusing on strengthen their cyber terrorism force. So improving a response system for cyber terror is a key necessity as North Korea's has emerged as a direct threat to South Korean security. Therefore, Korea has to redeem both legal and institutional systems immediately to perform as a unified control tower for preemptive response to cyber terrors arise from North Korea and neighboring countries.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.725-734
• /
• 2016

SCADA(Supervisory Control and Data Acquisition) system is widely used for remote monitoring and control throughout the domestic industry. Due to a recent breach of security on SCADA systems, such as Stuxnet, the need of correctly established secure certification of a control system is growing. Currently, EDSA-CRT (Embedded Device Security Assurance-Communication Robustness Test), which tests the ability to provide core services properly in a normal/abnormal network protocol, is only focused on the testing of IP-based protocols such as IP, ARP, TCP, etc. Thus, in this paper, we propose test requirements for DNP3 protocol based on EDSA-CRT. Our analysis show that the specific test cases provide plentiful evidences that DNP3 should follow based on its functional requirements. As a result, we propose 33 specific test case for DNP3 protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.2C
• /
• pp.208-218
• /
• 2008

We are sure that RFID system should be a widely used automatic identification system because of its various advantages and applications. However, many people know that invasions of privacy in RFID system is still critical problem that makes it difficult to be used. Many works for solving this problem have focused on light-weight cryptographic functioning in the RFID tag. An agent scheme is another approach that an agent device controls communications between the tag and the reader for protecting privacy. Generally an agent device has strong security modules and enough capability to process high-level cryptographic protocols and can guarantees consumer privacy. In this paper, we present an enhanced mobile agent for RFID privacy protection. In enhanced MARP, we modified some phases of the original MARP to reduce the probability of successful eavesdropping and to reduce the number of tag's protocol participation. And back-end server can authenticate mobile agents more easily using public key cryptography in this scheme. It guarantees not only privacy protection but also preventing forgery.