• Journal of Digital Convergence
• /
• v.17 no.2
• /
• pp.127-134
• /
• 2019

The purpose of this study was to investigate the factors affecting the behavior intention of smartphone mobile banking service among tourists. Currently, due to the development of mobile Internet technology and the spread of smartphone all over the world, interest and spread of smart phone based mobile banking is popularized. Thus, we analyzed the relationship among performance expectancy, social influence, facilitating conditions, perceived financial cost, perceived habit, perceived security level, and user's behavioral intention as a dependent variable. In this study, 203 respondents were interviewed about Chinese tourists at Jeju International Airport, and the influence of independent variables was determined by Smartpls 3.0. The results showed that the perceived security level and habit had a positive effect on the behavior intention. Especially, perceived security is a major issue of smartphone-based mobile banking in recent years. This study is meaningful in that it is an analysis of behavior factors of smartphone-based mobile banking service for tourists.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.29-38
• /
• 2019

For that reason, trend research has been actively conducted to identify and analyze the key topics in large amounts of data and information. Also personal information protection field is increasing activities in order to identify prospects and trends in advance for preemptive response. However, only research based on technology such as trends in information security field and personal information protection solution is broadly taking place. In this study, threat-based trends in personal information protection field is analyzed through text mining method. This will be the key to deduct undiscovered issues and provide visibility of current and future trends. Policy formulation is possible for companies handling personal information and for that reason, it is expected to be used for searching direction of strategy establishment for effective response.

• Convergence Security Journal
• /
• v.18 no.5_2
• /
• pp.21-27
• /
• 2018

Most of the Internet users in Korea are issued certificates and use them for various tasks. For this reason, it is recommended that accredited certification authorities and security related companies and use public certificates on USB memory and portable storage devices rather than on the user's desktop. Despite these efforts, the hacking of the certificate has been continuously occurring and the financial damage has been continuing. Also, for security reasons, our military has disabled USB to general military users. Therefore, this study proposes a two-factor method using the unique information of the USB memory and the PC which is owned by the user, and suggests a method of managing the private key file secure to the general user. Furthermore, it will be applied to national defense to contribute to the prevention of important data and prevention of access by unauthorized persons.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.31-45
• /
• 2004

Public Key Infrastructure(PKI) provides a strong authentication. Privilege Management Infrastructure(PMI) as a new technology can provide user's attribute information. The main function of PMI is to give more specified authority and role to user. To authenticate net and role, we have used digital signature. Role Based Access Control(RBAC) is implemented by digital signature. RBAC provides some flexibility for security management. NEIS(National Education Information System) can not always provide satisfied quality of security management. The main idea of the proposed RNEIS(Roll Based NEIS) is that user's role is stored in AC, access control decisions are driven by authentication policy and role. Security manager enables user to refer to the role stored in user's AC, admits access control and suggests DB encryption by digital signature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.131-136
• /
• 2007

Ad hoc networks enable efficient resource aggregation in decentralized manner, and are inherently scalable and fault-tolerant since they do not depend on any centralized authority. However, lack of a centralized authority prompts many security-related challenges. Moreover, the dynamic topology change in which network nodes frequently join and leave adds a further complication in designing effective and efficient security mechanism. Security services for ad hoc networks need to be provided in a scalable and fault-tolerant manner while allowing for membership change of network nodes. In this paper, we investigate distributed certification mechanisms using a threshold cryptography in a way that the functions of a CA(Certification Authority) are distributed into the network nodes themselves and certain number of nodes jointly issue public key certificates to future joining nodes. In the process, we summarize one interesting report [5] in which the recently proposed RSA-based ad hoc signature scheme, called URSA, contains unfortunate yet serious security flaws. We then propose new scheme by fixing their security flaws.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.161-170
• /
• 2008

Despite the recent growth in size and frequency of damages caused by illegal information breaches, current business counter-measures and precautionary systems are greatly limited. Some major companies have developed Information Security Management Systems (ISMS) to safeguard their vital information; however, such measures are largely based on the ISO27001 and lacks in many aspects to grasp the holistic corporate security level and reinforce precautionary measures. The information protection level evaluation model introduced in this paper is a pragmatic evaluative tool that can be utilized to devise effective corporate information security precautionary measures and countermeasures, based on the BSC (Balanced ScoreCard) method for an actual and realistic corporate information security level evaluation possible.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.5
• /
• pp.3-16
• /
• 2001

With the development of Internet, it is widely spreaded to a Intranet based on Internet technology. Intranet is a private, unique network to share the information of organization such as incorporate, research institute and university. With the increase of Intranet using, Intranet environment is developing into Extranet environment which is connected many Intranet. Currently such Intranet and Extranet environments, above all, it is important to solve security problems which can appear through use of information between domains. Thus, in this paper, we propose SSO(Single Sign-on System) model with authorization management and single sign-on operation, and we extend it to enable mutual authentication through inter-working based on PKI(Public Key Infrastructure) in Extranet environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.15-24
• /
• 2006

Recently, the importance of the area efficient implementation of cryptographic algorithm for the portable device is increasing. Previous ARIA(Academy, Research Institute, Agency) implementation styles that usually concentrate upon speed, we not suitable for mobile devices in area and power aspects. Thus in this paper, we present an area efficient AR processor which use 32-bit architecture. Using new implementation technique of diffusion layer, the proposed processor has 11301 gates chip area. For 128-bit master key, the ARIA processor needs 87 clock cycles to generate initial round keys, n8 clock cycles to encrypt, and 256 clock cycles to decrypt a 128-bit block of data. Also the processor supports 192-bit and 256-bit master keys. These performances are 7% in area and 13% in speed improved results from previous cases.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.125-136
• /
• 2011

The vulnerabilities existed in Korean electricity control systems is unexposed because it is being operated in a closed network with superior security. The threat will become greater once the closed network develops into a smart grid environment with superior intelligence. Security will have a greater impact once each household will be connected to the power plant via the smart meter. This research focuses on stable data transfer in harsh external environment and whole-nation coverage network, and suggested standardized and optimized Virtual Private Network (VPN) Gateway architecture to support Power Line Communication (PLC). The functionality and stability of the prototype has been verified with field tests. For implementation of outdoor type VPN device for smart grid, we adopted PLC low voltage remote-meter-net for data communication. Also, IPSec type tunneling and ARIA algorithm based encryption of data collected by PLC low voltage remote meter is transmitted.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.31-40
• /
• 2010

The evolution of internet have opened the world of IPTV. With internet protocol, IPTV broadcasts contents stream. The IP protocol doesn't provide secure service due to IP characteristics. So, it is important to provide both connect and secure service. Conditional Access System and/or Digital Right Management are being used to protect IPTV contents. However, there exist restrictions in the view of security. In this paper, we analyse existing security technologies for IPTV and propose a novel method to enforce security efficiently. In the proposed method, OTP is used for encryption/decryption contents and CAS controls key for encryption/decryption and the right of user. With this scheme, it reduces the load of the system and provides more security.