• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.49-58
• /
• 2018

As the demand for Internet of Things(IoT) increases, the need for the security of IoT devices is increasing steadily. It is difficult to apply the conventional security theory to IoT devices because IoT devices are subject to be constrained by some factors such as hardware, processor, and energy. Nowadays we have several security guidelines and related documents on IoT device. Most of them, however, do not consider the characteristics of specific IoT devices. Since they describes the security issues comprehensively, it is not easy to explain the specific security level reflecting each characteristics of IoT devices. In addition, most existing guidelines and related documents are described in view of developers and service proposers, and thus ordinary users are not able to assess whether a specific IoT device can protect their information securely or not. We propose an security evaluation model, based on the existing guidelines and related documents, for more specific IoT devices and prove that this approach is more convenient to ordinary users by creating checklists for the smart watch.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.147-162
• /
• 2017

With the advent of various services and devices in the change of IT environment, increasing the complexity of the data, and increasing scale of IT, Many organizations are experiencing the difficulty of analyzing and processing with a large amounts of data for security situations awareness. Therefore, propose the enhancement of security situational awareness through visualization in order to solve the problems of slow response and security situational awareness in organizational risk management. In this paper, we selected the evaluation factors and alternatives for effective visualization by considering user type, situational awareness step, and information visualization attributes through various studies on visualization. And established AHP layer model. Based on this, by using the AHP method for solving the problem of multi-criteria decision making, by calculating the factors for effectively visualizing and the importance of alternative by factor, try to propose a visualization method that can improve the effectiveness of the security situational awareness according to the purpose of visualization and the type of user.

• KIPS Transactions on Software and Data Engineering
• /
• v.2 no.11
• /
• pp.747-756
• /
• 2013

It is important to reduce unnecessary overhead in sensor network using battery. In addition encryption is important because of necessity of security. Since unavoidable overhead occurs in case of encryption, security and overhead are in trade-off condition. In this paper, we use a concept called trust to reduce the encryption overhead. We reduce overhead by controlling encryption key sizes while maintaining the security level where high and low trust nodes are mixed. We simulated and compared normal encryption and trust value based encryption. As a result, the latter has lower execution time and overhead. If we define a standard of trust levels considering purpose and circumstances of real network, we can use constrained resources efficiently in sensor network.

• The Journal of the Korea Contents Association
• /
• v.10 no.5
• /
• pp.52-61
• /
• 2010

In recent, the interests of multi-user systems have been increased. Multi-user systems allow a number of users to access the system simultaneously. Security is one of the key issues to be addressed in a multi-user environment. We propose a solution based on the NTFS file system that provides the personal data security and considers the convenience of users. The system increases the convenience of users by simplifying the complexity of the security setting on NTFS. We also propose a variety of policies that prevent from the conflicts incurring when different users set up the personal folders simultaneously and do not set up the important folders such as the window system folders as personal folders. In addition, our system supports the function of setting up the prohibition folder lists so that no one can not set the folder to their personal folders.

• Journal of Navigation and Port Research
• /
• v.33 no.10
• /
• pp.735-742
• /
• 2009

Information security is an essential factor that enables terminal to be operated. However, despite of this importance of information security, there has hardly been any research related to this topic. And moreover, current level of information security performance in container terminals has not been analyzed so far. The objective of this study is to evaluate current level of information security in container terminals. Through survey from the four leading container terminal operators in Korea, The results firstly showed that average of information security level of major container terminals was 71.7%. And from the results of data analysis, it revealed that the weak point of information security in Korean container terminals was security management, and in detail, lack of expertise of support group.

• Journal of Internet Computing and Services
• /
• v.14 no.3
• /
• pp.15-21
• /
• 2013

Due to the widespread propagation of mobile platforms such as smartphones and tablets, financial and e-commercial transactions based on these mobile platforms are growing rapidly. Unlike PCs, almost all mobile platforms do not provide physical keyboards or mice but provide virtual keypads using touchscreens. For this reason, an attacker attempts to obtain the coordinates of touches on the virtual keypad in order to get actual key values. To tackle this vulnerability, financial applications for mobile platforms use secure keypads, which change position of each key displayed on the virtual keypad. However, these secure keypads cannot protect users' private information more securely than the virtual keypads because each key has only 2 or 3 positions and moreover its probability distribution is not uniform. In this paper, we analyze secure keypads used by the most financial mobile applications, point out the limitation of the previous research, and then propose a more general and accurate attack method on the secure keypads.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.331-337
• /
• 2014

Paradigm shift to cloud computing has increased the importance of security. Even though public cloud computing providers such as Amazon, already provides security related service like firewall and identity management services, it is not suitable to protect data in cloud environments. Because in public cloud computing environments do not allow to use client's own security solution nor equipments. In this environments, user are supposed to do something to enhance security by their hands, so the needs of visualized security management arises. To implement visualized security management, developing near realtime data handling & packet classification mechanisms are crucial. The key technical challenges in packet classification is how to classify packet in the manner of unsupervised way without human interactions. To achieve the goal, this paper presents automated packet classification mechanism based on naive-bayesian and packet Chunking techniques, which can identify signature and does machine learning by itself without human intervention.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.6
• /
• pp.1-8
• /
• 2019

Medical information is an important personal information for patients, and it must be protected. In particular, when medical personnel approach electronic medical records, authentication for enhanced security is essential. However, the existing public certificate-based certification model did not reflect the security characteristics of the electronic medical record(EMR) due to problems such as personal key management and authority delegation. In this study, we propose a fingerprint recognition-based authentication model with enhanced security to solve problems in the approach of the existing electronic medical record system. The proposed authentication model is an EMR system based on fingerprint recognition using PEMS (Private-key Escrow Management Server), which is applied with the private key commission protocol and the private key withdrawal protocol, enabling the problem of personal key management and authority delegation to be resolved at source. The performance experiment of the proposed certification model confirmed that the performance time was improved compared to the existing public certificate-based authentication, and the user's convenience was increased by recognizing fingerprints by replacing the electronic signature password.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.159-166
• /
• 2022

The purpose of this study conducted to conduct a survey to understand the effect of security major college students' major selection motives on major satisfaction and career decisions. The questionnaire was written as "First, motivation for choice, second, major satisfaction, third, career decision". In this study, Chronbach's Alpha coefficient was calculated to analyze the reliability and importance of variables and to identify exploratory factors. And the Berimax method was performed. Both the AVE and CR values of the measured items were calculated to be above the reference value of 0.7, and thus, the convergent validity of each item was investigated as favorable. In the hypothesis test results, the standardization coefficient of 'selection motive ⇨ major satisfaction' was 0.653 and 'major satisfaction ⇨ career decision' was 0.403, so both research hypotheses were adopted. However, 'selection motive ⇨ career decision' was rejected with 0.392. In the future, universities and related professors seem to need more efforts to simultaneously increase the selection motive and major satisfaction in order to improve the career decisions of college security students.

• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.51-57
• /
• 2024

Cryptocurrency service providers and virtual asset operators, built on blockchain technology, face transaction risks such as cyber threats, wallet theft by internal personnel, theft of customers' private keys, and fraudulent cryptocurrency transfer signatures. To ensure secure operations against these threats, their security is validated through the ISMS-P certification. This study to analyze the risks presented in ISO TR 23576, which is specialized for cryptocurrency service providers and operators, in addition to the ISMS-P certification they obtain. The study will focus on the detailed inspection items of ISMS-P and ISO TR 23576 for cryptocurrency service providers and assess their importance. Based on this analysis, the study proposes an internal security control process for cryptocurrency service providers to address the top-priority risks, enabling practitioners to perform security control tasks more efficiently.