• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.33-40
• /
• 2018

ICT technology has been applied to various educational fields, but applying to educational test field is limited. Computer-based test (CBT) can overcome temporal and spatial constraints of conventional paper-based test, but is vulnerable to fraud by test parties. In this paper, we propose real-time monitoring and process management methods to enhance the security of CBT. In the proposed methods, the test screens of students are periodically captured and transferred to the professor screen to enable real-time monitoring, and the possible processes used for cheating can be blocked before testing. In order to monitor the screen of many students in real time, effective compression of the captured original image is important. We applied three-step compression methods: initial image compression, resolution reduction, and re-compression. Through this, the original image of about 6MB was converted into the storage image of about 3.8KB. We use the process extraction and management functions of Windows API to block the processes that may be used for cheating. The CBT system of this paper with the new security enhancement methods shows the superiority through comparison of the security related functions with the existing CBT systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.135-145
• /
• 2002

Active networks represent a new approach to network architecture. Nodes(routers, switches, etc.) can perform computations on user data, while packets can carry programs to be executed on nodes and potentially change the state of them. While active networks provide a flexible network iufrastructure, they are more complex than traditional networks and raise considerable security problems. Nodes are Public resources and are essential to the proper and contract running of many important systems. Therefore, security requirements placed upon the computational environment where the code of packets will be executed must be very strict. Trends of research for active network security are divided into two categories: securing active nodes and securing active packets. For example, packet authentication or monitoring/control methods are for securing active node, but some cryptographic techniques are for the latter. This paper is for transferring active packets securely between active nodes. We propose a new method that can transfer active packets to neighboring active nodes securely, and execute executable code included in those packets in each active node. We use both public key cryptosystem and symmetric key cryptosystem in our scheme

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.7
• /
• pp.1047-1059
• /
• 2022

With the development of cloud computing technology, container technology that provides services based on a virtual environment is also developing. Container orchestration technology is a key element for cloud services, and it has become an important core technology for building, deploying, and testing large-scale containers with automation. Originally designed by Google and now managed by the Linux Foundation, Kubernetes is one of the container orchestrations and has become the de facto standard. However, despite the increasing use of Kubernetes in container orchestration, the number of incidents due to security vulnerabilities is also increasing. Therefore, in this paper, we study the vulnerabilities of Kubernetes and propose a security policy that can consider security from the initial development or design stage through threat analysis. In particular, we intend to present a specific security guide by classifying security threats by applying STRIDE threat modeling.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.7 no.2
• /
• pp.175-188
• /
• 2017

Radio-frequency identification (RFID) is being used in various fields as a technology for identifying objects (people, things etc.) using radio frequencies. In the past, there was an attempt to apply RFID into national defense, but failed to spread RFID in the defense field because of some limitations of RFID in a specific situation (e.g., low recognition rate). Therefore, in this paper, we propose how to overcome the limitation of RFID by adopting the Internet of Things (IoT) technology which is considered as an important technology of the future. Furthermore, we propose four scenarios (i.e., healcare band and RFID, identification and anormal state detection, access control, and confidential document management) that can be used for enhancing national defense security. In addition, we analyze the basic characteristics and security requirements of RFID and IoT in order to effectively apply each technology and improve security level.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.189-200
• /
• 2024

In recent years, the development of defense technology has become digital with the introduction of advanced assets such as drones equipped with artificial intelligence. These assets are integrated with modern information technologies such as industrial IoT, artificial intelligence, and cloud computing to promote innovation in the defense domain. However, the convergence of the technology is increasing the possibility of transfer of cyber threats, which is emerging as a problem of increasing the vulnerability of defense assets. While the current cybersecurity methodologies focus on the vulnerability of a single asset, interworking of various military assets is necessary to perform the mission. Therefore, this paper recognizes these problems and presents a mission-based asset management and evaluation methodology. It aims to strengthen cyber security in the defense sector by identifying assets that are important for mission execution and analyzing vulnerabilities in terms of cyber security. In this paper, we propose a method of classifying mission dependencies through linkage analysis between functions and assets to perform a mission, and identifying and classifying assets that affect the mission. In addition, a case study of identifying key assets was conducted through an attack scenario.

• Asia-Pacific Journal of Business Venturing and Entrepreneurship
• /
• v.8 no.2
• /
• pp.107-117
• /
• 2013

The main objective of this study lies at examining economic features of IT security investment and comparing alternative mechanisms to achieve optimal provision of IT security resources within a firm. There exists a paucity of economic analysis that provide useful guidelines for making critical decisions regarding the optimal level of provision of IT security and how to share the costs among different users within a firm. As a preliminary study, this study first argues that IT security resources share some unique characteristics of pure public goods, namely nonrivalry of consumption and nonexcludability of benefit. IT security provision problem also suffers from information asymmetry problem with regard to the valuation of an individual user for IT security goods. Then, through an analytical framework, it is shown that the efficient provision condition at the overall firm level is not necessarily satisfied by individual utility maximizing behavior. That is, an individual provision results in a suboptimal solution, especially an underprovision of the IT security good. This problem is mainly due to the nonexcludability property of pure public goods, and is also known as a free-riding problem. The fundamental problem of collective decision-making is to design mechanisms that both induce the revelation of the true information and choose an 'optimal' level of the IT security good within this framework of information asymmetry. This study examines and compares three alternative demand-revealing mechanisms within the IT security resource provision context, namely the Clarke-Groves mechanism, the expected utility maximizing mechanism and the Groves-Ledyard mechanism. The main features of each mechanism are discussed along with its strengths, weaknesses, and different applicability in practice. Finally, the limitations of the study and future research are discussed.

• The Journal of Society for e-Business Studies
• /
• v.11 no.1
• /
• pp.25-52
• /
• 2006

This study focuses on customer perception of security control under Internet banking environment Internet banking customers' understanding of security control is insufficient. They are not fully aware of security technologies for Internet banking. Moreover, they cannot know which control is implemented and maintained on an Internet banking site when visiting the site. This study, therefore, attempts to find the impact of customer perception of security control on Internet banking acceptance. The research model is based on the TAM (Technology Acceptance Model), and introduces trust as an additional belief. Trust has been investigated in the marketing area, and begins to be focused in e-business area. A Web survey of Internet banking users collected 845 cases. Statistical analyses, using SEM (Structural Equation Modeling), partially supported the hypotheses that perceived strength of security control has an impact on three beliefs: trust, perceived usefulness, and perceived ease of use. We also verified the impact of these beliefs on attitude toward using, on behavioral intention to use, and on actual use. It is, therefore, verified that perceived strength of security control is a determinant of Internet banking acceptance.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.12
• /
• pp.944-953
• /
• 2013

Recently, a storage media is becoming smaller and storage capacity is also becoming larger than before. However, important data was leaked through a small storage media. To solve these serious problem, many security companies manufacture secure USBs with secure function, such as data encryption, user authentication, not copying data, and management system for secure USB, etc. But various attacks, such as extracting flash memory from USBs, password hacking or memory dump, and bypassing fingerprint authentication, have appeared. Therefore, security techniques related to secure USBs have to concern many threats for them. The basic components for a secure USB are secure authentication and data encryption techniques. Though existing secure USBs applied password based user authentication, it is necessary to develop more secure authentication because many threats have appeared. And encryption chipsets are used for data encryption however we also concern key managements. Therefore, this paper suggests mutual device authentication based on PUF (Physical Unclonable Function) between USBs and the authentication server and key management without storing the secret key. Moreover, secure USB is systematically managed with metadata and authentication information stored in authentication server.

• Korean Security Journal
• /
• no.29
• /
• pp.279-300
• /
• 2011

Countries recognize seriousness and concern about aviation terrorism, try to stamp out of it but aviation terrorism has been increasing in the world. Airport security is completely up to the result of security screening for passengers, check-in baggages and cargo at the check point. To complete effectively human and physical screening at the airport, it is essential to secure modernized screening equipment and specialized security screener, and airport security supervisor to supervising them. In this study, A survey conducted to find out the effect on screening equipment operating factors of airport security supervisor's individual attitude. The results of the study are as follow First, the duty view of airport security supervisor meaningfully affect expertise of screening equipment operating factors, satisfaction, reliability, and education and training, national point of view meaningfullly doesn't affect screening equipment operating factors. Second, the working condition effects on the education and training, if the working condition is getting better, intent to change occupation is getting lower. Third, duty stress meaningfully effects on the intent to change occupation, now airport security supervisor works in poor condition. Therefore, airport security supervisor needs to be prude of protecting the airport from the terrorism and various attacks and various kinds of aviation security regulations and procedures and comply with operating standards and keep the life of the country and its people, and needs to change awareness. And It is nessasary for government or airport authority or airline to prepare countermeasure for the improvement of their labor conditions.

• 프린팅코리아
• /
• v.11 no.11
• /
• pp.99-99
• /
• 2012

한국하이델베르그(주)(대표이사 김범식)는 모든 인쇄 재료 제품을 인터넷을 통해 주문할 수 있는 온라인숍 (www.shop.heidelberg.com)을 개설했다. 이 온라인숍은 하이델베르그 본사 및 세계 각 나라의 현지 법인에서 지난 10년에 걸쳐 이미 이용하고 있는 플랫폼을 한국 고객에 맞춰 보완한 것으로 보안 등 중요 기능면에서 이미 입증된 안전하고 편리한 주문 시스템이다.