• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1167-1187
• /
• 2020

We are facing the situation where cyber threats such as hacking, malware, data leakage, and theft, become an important issue in the perspective of personal daily life, business, and national security. Although various efforts are being made to response to the cyber threats in the national and industrial sectors, the problems such as the industry-academia skill-gap, shortage of cybersecurity professionals are still serious. Thus, in order to overcome the skill-gap and shortage problems, we propose a Cybersecurity technical response Job Competency(CtrJC) framework by adopting the concept of cybersecurity personnel's job competency. As a sample use-case study, we implement the CtrJC against to personals who are charged in realtime cybersecurity response, which is an important job at the national and organization level, and verify the our framework's effects. We implement a sample model, which is a CtrJC against to realtime cyber threats (We call it as CtrJC-R), and study the verification and validation of the implemented model.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.125-137
• /
• 2023

Companies that handle sensitive information, led by public institutions, establish separate networks for work and the Internet and protect important data through strong access control measures to prevent cyber attacks. Therefore, systems that involve the junction where the Intranet(internal LAN for work purposes only) and the Internet network are connected require the establishment of a safe security environment through both administrative and technical measures. Mobile Device Management(MDM) solutions to control mobile devices used by institutions are one such example. As this system operates by handling sensitive information such as mobile device information and user information on the Internet network, stringent security measures are required during operation. In this study, a model was proposed to manage sensitive information data processing in systems that must operate on the Internet network by managing it on the internal work network, and the function design and implementation were centered on an MDM solution based on a network interconnection solution.

• Convergence Security Journal
• /
• v.23 no.2
• /
• pp.55-66
• /
• 2023

Recently, there is an increasing movement to increase the value of AI learning data and to secure high-quality data based on previous research on AI learning data in all areas of society. Therefore, quality management is very important in construction projects to secure high-quality data. In this paper, quality management to secure high-quality data when building AI learning data and improvement plans for each construction process are presented. In particular, more than 80% of the data quality of unstructured data built for AI learning is determined during the construction process. In this paper, we performed quality inspection of image/video data. In addition, we identified inspection procedures and problem elements that occurred in the construction phases of acquisition, data cleaning, labeling, and models, and suggested ways to secure high-quality data by solving them. Through this, it is expected that it will be an alternative to overcome the quality deviation of data for research groups and operators participating in the construction of AI learning data.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.71-78
• /
• 2024

As the rapid development of quantum computing compromises current public key encryption methods, the National Institute of Standards and Technology (NIST) in the United States has initiated the Post-Quantum Cryptography(PQC) project to develop new encryption standards that can withstand quantum computer attacks. This project involves reviewing and evaluating various cryptographic algorithms proposed by researchers worldwide. The initially selected quantum-resistant cryptographic algorithms were developed based on lattices and hash functions. Currently, algorithms offering diverse technical approaches, such as BIKE, Classic McEliece, and HQC, are under review in the fourth round. CRYSTALS-KYBER, CRYSTALS-Dilithium, FALCON, and SPHINCS+ were selected for standardization in the third round. In 2024, a final decision will be made regarding the algorithms selected in the fourth round and those currently under evaluation. Strengthening the security of public key cryptosystems in preparation for the quantum computing era is a crucial step expected to have a significant impact on protecting future digital communication systems from threats. This paper analyzes the security and efficiency of quantum-resistant cryptographic algorithms, presenting trends in this field.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.41-52
• /
• 2024

Security audits of IPsec VPNs are crucial for identifying vulnerabilities caused by implementation flaws or misconfigurations, as well as investigating incidents. Nevertheless, auditing IPsec VPN presents noteworthy challenge due to the encryptiong of network contents which ensere confidentiality, integrity, authentications and more. Some researchers have suggested using man-in-the-middle(MITM) techniques to overcome this challenge. MITM techniques require direct participation in the network and prior knowledge of the pre-shared key for authentication. This causes temporary network disconnection for security audits, and it is impossible to analyse data collected before the audit. In this paper, we present an analysis technique aimed at ensuring network continuity without relying on a specific IPsec VPN topologies or authentication method. Therefore, it is anticipated that this approach will be effective, practical and adaptable for conducting IPsec VPN security

• Informatization Policy
• /
• v.29 no.1
• /
• pp.24-37
• /
• 2022

Amid rapid changes in the ICT environment attributed to the 4th Industrial Revolution, the development of information & communication technology, and COVID-19, the existing internet developed without considering security, mobility, manageability, QoS, etc. As a result, the structure of the internet has become complicated, and problems such as security, stability, and reliability vulnerabilities continue to occur. In addition, there is a demand for a new concept of the internet that can provide stability and reliability resulting from digital transformation-geared advanced technologies such as artificial intelligence and IoT. Therefore, in order to suggest a way of implementing the Korean future internet that can strengthen cybersecurity, this study suggests the direction and strategy for promoting the future internet that is suitable for the Korean cyber environment through analyzing important key factors in the implementation of the future internet and evaluating the trend and suitability of domestic & foreign research related to future internet. The importance of key factors in the implementation of the future internet proceeds in the order of security, integrity, availability, stability, and confidentiality. Currently, future internet projects are being studied in various ways around the world. Among numerous projects, Bright Internet most adequately satisfies the key elements of future internet implementation and was evaluated as the most suitable technology for Korea's cyber environment. Technical issues as well as strategic and legal issues must be considered in order to promote the Bright Internet as the frontrunner Korean future internet. As for technical issues, it is necessary to adopt SAVA IPv6-NID in selecting the Bright Internet as the standard of Korean future internet and integrated data management at the data center level, and then establish a cooperative system between different countries. As for strategic issues, a secure management system and establishment of institution are needed. Lastly, in the case of legal issues, the requirement of GDPR, which includes compliance with domestic laws such as Korea's revised Data 3 Act, must be fulfilled.

• Information Systems Review
• /
• v.25 no.3
• /
• pp.139-162
• /
• 2023

With the emergence of new digital technologies into a supply chain, it is essential for companies to incorporate these technologies in managing their supply chains. However, various challenges have been identified in digital supply chain management, especially when it comes to its assessment. There are no universally agreed measurements for the performance of digital supply chain management within the research community so far. This paper explores an option of using user experience as one of possible measurements. Therefore, three different focus-group discussions were held and later analyzed with a qualitative content analysis. The subscription-based video on demand service, Netflix was used as an example in those discussions. Due to the fact that Netflix provides a digital product as a streamline service, user experience is critical for the company. Especially, user experience with a recommender system and related privacy issues have become significant for a company to retain existing customers and attract new customers in many fields. Since the recommender system and related privacy issues are parts of a digital supply chain, user experience can be one of appropriate measurements for digital supply chain management. This study opens a new perspective for research on performance measurements of digital supply chain management.

• The Journal of the Korea Contents Association
• /
• v.21 no.5
• /
• pp.234-246
• /
• 2021

The purpose of this study is to develop the main subjects of the job-based curriculum by deriving the job analysis results of general security job workers in the physical protection field responsible for responding to threats to nuclear materials and nuclear facilities. In the job analysis stage, FGI was conducted on 7 content experts to derive 8 duties and 55 tasks. In addition, knowledge and skills were drawn for each task. In the analysis of educational needs, surveys were conducted for workers in general security jobs to derive the top 25 educational priorities through t-test and Borich needs assess model. At the stage of selecting core tasks and organizing required/optional contents, 42 tasks, both above average or at least one of them, were derived as core tasks based on the result of evaluation of importance and difficulty ratings of 55 tasks through a questionaire. In addition, tasks applied to the top 25 rankings derived from Borich needs assess model were applied as the required contents when designing courses, and tasks which applied only one of them were selected as optional contents. At the stage of required/optional modules and educational contents, four required modules and five optional modules were derived by drifting similar tasks between the required and optional contents. Based on the above results, the study suggested academic and practical implications and future suggestions.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.7
• /
• pp.1453-1458
• /
• 2009

Sensor network for the human approach in a difficult area and a wide range of surveillance and the boundaries for the purpose and mission is the utilization significantly. In this paper we searched important nodes from the surveillance reconnaissance sensor network based on the virtual data. we generated data within the sensor's measurement range in the data transmitted from sensor nodes, and used PCA(Principle Component Analysis) for searching key node. If the important sensor node searched, and we can have easy management and establishing security measures when security problems is happened about nodes. This is for the sensor network in terms of effectiveness and cost-effectively and is directly connected with life span.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.7
• /
• pp.177-180
• /
• 2019

A typical vulnerability scoring system is Common Vulnerability Scoring System(CVSS). However, since CVSS does not differentiate among the individual vulnerability impact of the asset and give higher priority for the more important assets, it is impossible to respond effectively and quickly to high-risk vulnerabilities on large systems. We propose a Layered weight based Vulnerability impact assessment Scoring System which can hierarchically group the importance of assets and weight the number of layers and the number of assets to effectively manage the impact of vulnerabilities on a per asset basis.