• Journal of Digital Convergence
• /
• v.17 no.3
• /
• pp.215-220
• /
• 2019

The block chain technology is a technique that prevents manipulation of data and ensures integrity and reliability. Ethereum is building a smart contract environment as a type of encryptionenabled system based on block chains. Smart contracts can be implemented when conditions are met, thus increasing confidence in digital data. However, smart contracts that are being tried in various ways are not covered by information security and personal information protection. The structure in which the network participant can view the open transaction ledger is exposed to data or personal information listed in the block chain. In this study, it is possible to manage the data of personal information recorded in the block chain directly. This study is protected personal information by preventing the exposure of personal information and by executing time code, it is possible to erase recorded information after a certain period of time has elapsed. Based on the proposed system in the future, it is necessary to study the additional management techniques of unknown code defects or personal information protection.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.1
• /
• pp.107-115
• /
• 2009

The cryptological key which is used in WiMAX environment is used at regular intervals by mobile nodes (laptop computer, PDA, cell-phone) which is in the range of base station coverage. But it is very weak at local attack like man-in-the-middle when the mobile node is off the range of base station or enters into the range to communicate with base station because the communication section is activated wirelessly. This paper proposes a distribution key building protocol which can reuse security key used by nodes to reduce cryptological security attack danger and communication overhead which occurs when mobile node tries to communicate with base station. The proposed distribution key establishing protocol can reduce overhead which occurs between base station and mobile node through key reusing which occurs during the communication process and also, makes security better than IEEE 802.16 standard by creating shared key which is required for inter-certification through the random number which node itself creates.

• Convergence Security Journal
• /
• v.6 no.1
• /
• pp.1-11
• /
• 2006

The exponential increase of malicious and criminal activities in cyber space is posing serious threat which could destabilize the foundation of modem information society. In particular, unexpected network paralysis or break-down created by the spread of malicious traffic could cause confusion and disorder in a nationwide scale, and unless effective countermeasures against such unexpected attacks are formulated in time, this could develop into a catastrophic condition. As a result, there has been vigorous effort and search to develop a functional state-level cyber-threat early-warning system however, the efforts have not yielded satisfying results or created plausible alternatives to date, due to the insufficiency of the existing system and technical difficulties. The existing cyber-threat forecasting and early-warning depend on the individual experience and ability of security manager whose decision is based on the limited security data collected from ESM (Enterprise Security Management) and TMS (Threat Management System). Consequently, this could result in a disastrous warning failure against a variety of unknown and unpredictable attacks. It is, therefore, the aim of this research to offer a conceptual design for "Knowledge-based Real-Time Cyber-Threat Early-Warning System" in order to counter increasinf threat of malicious and criminal activities in cyber suace, and promote further academic researches into developing a comprehensive real-time cyber-threat early-warning system to counter a variety of potential present and future cyber-attacks.

• Journal of Korea Multimedia Society
• /
• v.14 no.2
• /
• pp.228-237
• /
• 2011

The risk of leakage or theft of critical data which is stored in database is increasing in accordance with evolution of information security paradigm. At the same time, needs for database security have been on the rapid increase due to endless leakage of massive personal information. The existing technology for prevention of internal information leakage possesses the technical limitation to achieve security goal completely, because the passive control method including a certain security policy, which allows the only authorized person to access to DBMS, may have a limitation. Hence in this study, we propose Query Signature System which signatures the queries accessing to the critical information by interrupting and passing them. Furthermore this system can apply a constant security policy to organization and protect database system aggressively by restricting critical query of database.

• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.17-22
• /
• 2015

As financial deregulation policies implemented by the government, electronic financial service is improved but security concerns are increasing and ultimately weaken trust in the financial service. Electronic financial service becomes more and more dependant on the IT platform and the initiatives of access device is also gradually shift to that platform. As biometric sensor is mounted on the smartphone, structural change in the access device is coming. It must be a positive signs in terms of fintech development, in the other side, it can cause many problems such as weakness of regulation and ambiguity of principals of responsibility. So in this paper, by analysing this problem-the shift of service initiative-on the access device I'll propose the best way to the the legal amendments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1079-1090
• /
• 2012

As the number of information asset and their vulnerabilities are increasing, it becomes more difficult for network security administrators to assess security vulnerability of their system and network. There are several researches for vulnerability analysis based on quantitative approach. However, most of them are based on experts' subjective evaluation or they require a lot of manual input for deriving quantitative assessment results. In this paper, we propose HRMS(Hacking and Response Measurement System) for enumerating attack path using automated vulnerability measurement automatically. HRMS can estimate exploitability of systems or applications based on their known vulnerability assessment metric, and enumerate attack path even though system, network and application's information are not fully given for vulnerability assessment. With this proposed method, system administrators can do proactive security vulnerability assessment.

• The Journal of Engineering Geology
• /
• v.22 no.4
• /
• pp.417-425
• /
• 2012

CCTV cameras are used for surveillance and purposes of security, and can also be applied for monitoring infrastructure and equipment. In the Cut Slope Management System managed by KICT (Korea Institute of Construction Technology), cut slopes are continuously monitored using a real-time system, with CCTV cameras installed at 119 sites to detect slope activity. Here we compare CCTV images with displacement at three sites and perform a quantitative analysis. Methods for improving CCTV camera management and systems are also discussed with regard to communication, obstacles, and nighttime management.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.5
• /
• pp.110-119
• /
• 2007

In an extended enterprise, there is a shift to shared services, cosourcing and outsourcing, and extending out to partners, suppliers, and customers to accomplish business objectives more effectively. Along with this critical need, executives should be aware of the need to focus on optimizing the value of their information technology and reducing the related risks. So IT governance is critical, and many companies including spin-off venture are providing IT governance solution, but very little is known about brand management and marketing strategy of IT governance solution provider. The purpose of this study is to investigate brand positioning of IT governance solution company focusing on spin-off venture. The results of this study are summarized as follows. First, brand management is needed in the spin-off venture. second, IT governance solution companies including spin-off venture must provide something more than functional value. That is, they actively seek to emotional or symbolic value for their customers.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.5
• /
• pp.1165-1171
• /
• 2012

Latest, it is dealt with seriously problems that an intruder kidnapping students in elementary school. Especially young students is more vulnerable in these risks. Elementary School has many limitations in controlling the intrusion of trespassers. A problem occurs that requires a lot of manpower through the deployment and management of security systems such as CCTV and control systems. In this paper, we is designed and implemented the outsider access management system using a sensor network and PZT camera called the USN's core technology to monitoring the access control for controlling the mobility of the trespassers.

• Information Systems Review
• /
• v.20 no.4
• /
• pp.43-57
• /
• 2018

We propose network effects upon the investment decision of cloud-based ERP. Using the survey data collected from 82 companies in 2015, we examine whether IT managers have an intention to adopt real options in order to manage the risk of cloud-based ERP investments and how the network effects influence upon the intention to adopt real options. Based on prior literature, we propose a research model with 4 hypotheses. We find partial support of the hypotheses from the empirical analysis: technological risks has a positive impact upon the adoption of real options such as defer, contract, and abandon. In contrast, we find no significant impact of security risks upon real options. We validate positive network effects upon the adoption of real options such as defer, contract, and abandon. This work empirically find that IT managers in Korean middle and small sized firms have an intention to adopt real options when the managers realize economic, technological, and relationship risks and when they expect network effects.