• The Journal of the Convergence on Culture Technology
• /
• v.10 no.3
• /
• pp.279-288
• /
• 2024

With the development of ICT, the use of software has become essential for organizations to exchange information or manage operations. However, security and software management issues that have increased with the development of ICT are issues that need to be continuously addressed. In 2021, the U.S. government has standardized and established SBOM as one of the countermeasures for software security. This research was initiated as a study to lay the groundwork for the introduction of SBOM in Korea. Based on the effects of SBOM characteristics on adoption intention, we tested management support and institutional support as moderating variables. As a result, security management was found to be a significant moderating variable for management support, and transparency was found to be a significant moderating variable for government institutional support. This study verified that SBOM adoption requires both corporate and government efforts, and the variables that are important from each perspective are different. We hope that this study will contribute to the development and adoption of SBOM.

• Advanced Industrial SCIence
• /
• v.3 no.3
• /
• pp.8-13
• /
• 2024

Zero Knowledge Proof (ZKP) is an innovative decentralized technology designed to enhance the privacy and security of virtual currency transactions. By ensuring that only the necessary information is disclosed by the transaction provider, ZKP protects the confidentiality of all parties involved. This ensures that both the identity of the transacting parties and the transaction value remain confidential.ZKP not only provides a robust privacy function by concealing the identities and values involved in blockchain transactions but also facilitates the exchange of money between parties without the need to verify each other's identity. This anonymity feature is crucial in promoting trust and security in financial transactions, making ZKP a pivotal technology in the realm of virtual currencies. In the context of the Fourth Industrial Revolution, the application of ZKP contributes significantly to the comprehensive and stable development of financial services. It fosters a trustworthy user environment by ensuring that transaction privacy is maintained, thereby encouraging broader adoption of virtual currencies. By integrating ZKP, financial services can achieve a higher level of security and trust, essential for the continued growth and innovation within the sector.

• Convergence Security Journal
• /
• v.21 no.4
• /
• pp.59-68
• /
• 2021

The Future Battlefield includes the main areas of modern warfare, including the ground, sea, and air, as well as cyberspace and space. Cyberspace consists of computers, wired and wireless networks, and spans the ground, sea, air, and space domains. Cyber warfare takes place in cyberspace, so it is not easy for people without expertise in cyber to recognize the cyber situation. Therefore, training personnel with professional knowledge and skills in cyber is paramount in preparation for cyber warfare. In particular, the results of cyber warfare will vary greatly depending on the ability of cyber combatants to carry it out, the performance of cyber systems, and the proficiency of cyber warfare procedures. The South Korean military has power to respond to cyber warfare at various levels, centering on the Cyber Operations Command, but there is a limit to defending all the rapidly expanding cyberspace. In this paper, to overcome these limitations, we looked at the changes in Germany's cyber warfare response policy. Based on them, the organization structure, weapon system, and education and training system of future Korean military cyber forces are presented separately.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.385-395
• /
• 2018

With the development of Internet, cyber attack has become a major threat. To detect cyber attacks, intrusion detection system(IDS) has been widely deployed. But IDS has a critical weakness which is that it generates a large number of false alarms. One of the promising techniques that reduce the false alarms in real time is machine learning. However, there are problems that must be solved to use machine learning. So, many machine learning approaches have been applied to this field. But so far, researchers have not focused on features. Despite the features of IDS alerts are important for performance of model, the approach to feature is ignored. In this paper, we propose new feature set which can improve the performance of model and can be extracted from a single alarm. New features are motivated from security analyst's know-how. We trained and tested the proposed model applied new feature set with real IDS alerts. Experimental results indicate the proposed model can achieve better accuracy and false positive rate than SVM model with ordinary features.

• The KIPS Transactions:PartC
• /
• v.17C no.6
• /
• pp.441-450
• /
• 2010

Recently, a lot of interest is increased in sensor network which gathers various data through many sensor nodes deployed in wired and wireless network environment. However, because of the limitation in memory, computation, and energy of the sensor nodes, security problem is very important issue. In sensor network, not only the security problem, but also computing power should be seriously considered. In this paper, considering these characteristics, we make the sensor network consist of normal sensor nodes and clusterheaders with enough space and computing power, and propose a group key rekeying scheme adopting PCGR(Predistribution and local Collaborationbased Group Rekeying) for secure group communication. In our proposal, we enhance the security by minimizing the risk to safety of the entire network through verifying the new key value from clusterheader by sensor nodes. That is, to update the group keys, clusterheaders confirm sensor nodes through verifying the information from sensor nodes and send the new group keys back to authentic member nodes. The group keys sent back by the clusterheaders are verified again by sensor nodes. Through this mutual authentication, we can check if clusterheaders are compromised or not. Qualnet simulation result shows that our scheme not only guarantees secure group key rekeying but also decreasesstorage and communication overhead.

• The KIPS Transactions:PartC
• /
• v.15C no.3
• /
• pp.157-166
• /
• 2008

The ubiquitous service environment is poor in reliability of connection and also has a high probability that the intrusion against a system and the failure of the services may happen. Therefore, It is very important to guarantee that the legitimate users make use of trustable services from the viewpoint of security without discontinuance or obstacle of the services. In this paper, we point out the problems in the standard Jini service environment and analyze the Jgroup/ARM framework that has been developed in order to help fault tolerance of Jini services. In addition, we propose a secure Jini service architecture to satisfy the security, availability and quality of services on the basis of the analysis. The secure Jini service architecture we propose in this paper is able to protect a Jini system not only from faults such as network partition or server crash, but also from attacks exploiting flaws. It provides security mechanism for dynamic trust establishment among the service entities. Moreover, our secure Jini service architecture does not incur high computation costs to merge the user service states because of allocation of the replica based on each session of a user. Through the experiment on a test-bed, we have confirmed that proposed secure Jini service architecture is able to guarantee the persistence of the user service states at the level that the degradation of services quality is ignorable.

• Journal of KIISE:Databases
• /
• v.29 no.3
• /
• pp.230-245
• /
• 2002

Database systems for real-time applications must satisfy timing constraints associated with transactions. Typically, a timing constraint is expressed in the form of a deadline and is represented as a priority to be used by schedulers. Recently, security has become another important issue in many real-time applications. In many systems, sensitive information is shared by multiple users with different levees of security clearance. As more advanced database systems are being used in applications that need to support timeliness while managing sensitive information, there is an urgent need to develop concurrency control protocols in transaction management that satisfy both timing and security requirements. In this paper, we propose two concurrence control protocols that ensure both security and real-time requirements. The proposed protocols are primarily based on multiversion locking. However, in order to satisfy timing constraint and security requirements, a new method, called the FREEZE, is proposed. In addition, we show that our protocols work correctly and they provide a higher degree of concurrency than existing multiversion protocols. We Present several examples to illustrate the behavior of our protocols, along with performance comparisons with other protocols. The simulation results show that the proposed protocols can achieve significant performance improvement.

• Korean Security Journal
• /
• no.54
• /
• pp.37-56
• /
• 2018

Safety is considered as a very important factor when tourists select tourist spots, which means that the desire for safety in the tourism industry is very high. Therefore, a specialized field for the safety of the tourism industry is necessary. Already, there are staff members who are responsible for safety in various tourism sectors, but they have been led through knowledge based on work experience without professional education. In order to train specialists who are responsible for the safety of the tourism industry, research in related fields is indispensable, and universities in charge of research and education systematically construct surveys of related fields, and through experts I have to train. In the field meaning tourism security, there is Hospitality Security. Hospitality means 'to hospitality', 'to be entertaining', Hospitality Industry is used to cover the tourism industry in its exhaustive sense. Security is a term that refers to safety and security. Therefore, Hospitality Security which the two meanings together, that is, korean word hospitality security, tourism security can be said. Already in the US experts in the field of Hospitality Security explained the importance through related books. Currently in Korea, well-known tourism related universities operate subjects in the Hospitality field, and the security field also manages subjects at several universities. So, We collected the subjects managed at each university, analyzed them, and selected subjects of Hospitality Security. If the results of research through continuous research accumulate, the value as academic will be further increased, and it will be possible to have a role responsible for the safety of the tourism industry by producing experts accordingly.

• Journal of the Korea Society for Simulation
• /
• v.26 no.1
• /
• pp.21-38
• /
• 2017

Information Centric Networking is changing the way how content is being transmitted. The shift from IP and host based networking towards content based networking scenario is growing day by day. Many researches have been done about different frameworks of ICN. Caching is an important part of ICN and many researchers have also proposed different ways for caching the data. With caching of data in intermediate devices like the network devices as well the user devices in some cases, the issue of content security as well as the role of the content producer becomes a major concern. A modified ICN architecture based on the current Content Centric Networking (CCN) model is presented in the paper. The architecture mainly focuses on involving the content producer in content delivery in the real time. The proposed architecture provides better security aspects for the CCN architecture. Apart from security the paper will also consider the issue of applicability of CCN architecture to replace the TCP/IP based architecture. The efficiency of the proposed architecture is compared with the previous CCN architecture based on the response time for a content delivery which shows very comparable level of efficiency. The paper than analyzes different beneficial aspects of the proposed architecture over the current architecture.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.117-128
• /
• 2018

The purpose of this paper is to analyze the behavior of North Korea's cyber attack against South Korea since 2009 based on major international security theories and suggest South Korea's policy option. For this purpose, this paper applied the behavioral domain and characteristics of 'cyber power' and 'coercion dynamics' model, which are attracting attention in international security studies. The types of cyber attacks from North Korea are classified into the following categories: power-based incarceration, leadership attacks and intrusions, military operations interference, and social anxiety and confusion. In terms of types and means of cyber power, North Korean GPS disturbance, the Ministry of Defense server hacking and EMP are hard power with high retaliation and threat and cyber money cashing and ransomware are analyzed by force in the act of persuasion and incentive in the point of robbing or asking for a large amount of money with software pawns. North Korea 's cyber attack has the character of escape from realistic sanctions based on the second nuclear test. It is important for South Korea to clearly recognize that the aggressive cyberpower of North Korea is changing in its methods and capabilities, and to ensure that North Korea's actions result in far greater losses than can be achieved. To do this, it is necessary to strengthen the cyber security and competence to simultaneously attack and defend through institutional supplement and new establishment such as cyber psychological warfare, EMP attack preparation, and enhancement of security expertise against hacking.