• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.93-98
• /
• 2022

Information service technology continues to develop, and information service continues to expand based on the IT convergence trend. The premeter-based security model chosen by many organizations can increase the effectiveness of security technologies. However, in the premeter-based security model, it is very difficult to deny security threats that occur from within. To solve this problem, a zero trust model has been proposed. The zero trust model requires authentication for user and terminal environments, device security environment verification, and real-time monitoring and control functions. The operating environment of the information service may vary. Information security management should be able to response effectively when security threats occur in various systems at the same time. In this study, we proposed a security policy distribution system in the object reference method that can effectively distribute security policies to many systems. It was confirmed that the object reference type security policy distribution system proposed in this study can support all of the operating environments of the system constituting the information service. Since the policy distribution performance was confirmed to be similar to that of other security systems, it was verified that it was sufficiently effective. However, since this study assumed that the security threat target was predefined, additional research is needed on the identification method of the breach target for each security threat.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.10
• /
• pp.309-318
• /
• 2023

Recently, each country has been moving to introduce an LCA (Life Cycle Assessment) to regulate greenhouse gas emissions. The LCA is a mean of measuring and evaluating greenhouse gas emissions generated over the entire life cycle of a vehicle. Reliable data for each electric vehicle component is needed to increase the reliability of the LCA results. To this end, studies on life cycle evaluation models using blockchain technology have been conducted. However, in the existing model, key product information is exposed to other participants. And each time parts data information is updated, it must be recorded in the blockchain ledger in the form of a transaction, which is inefficient. In this paper, we proposed a DID(Decentralized Identity)-based data collection model for LCA to collect vehicle component data and verify its validity effectively. The proposed model increases the reliability of the LCA by ensuring the validity and integrity of the collected data and verifying the source of the data. The proposed model guarantees the validity and integrity of collected data. As only user authentication information is shared on the blockchain ledger, the model prevents indiscriminate exposure of data and efficiently verifies and updates the source of data.

• Information Systems Review
• /
• v.14 no.3
• /
• pp.75-97
• /
• 2012

Fostering trusting belief in financial transactions is a challenging task in Internet banking services. Authenticated Certificate had been regarded as an effective method to guarantee the trusting belief for online transactions. However, previous research claimed that this method has some loopholes for such abusers as hackers, who intend to attack the financial accounts of innocent transactors in Internet. Two types of methods have been suggested as alternatives for securing user identification and activity in online financial services. Control transparency uses information over the transaction process to verify and to control the transactions. Outcome feedback, which refers to the specific information about exchange outcomes, provides information over final transaction results. By using these two methods, financial service providers can send signals to involved parties about the robustness of their security mechanisms. These two methods-control transparency and outcome feedback-have been widely used in the IS field to enhance the quality of IS services. In this research, we intend to verify that these two methods can also be used to reduce risks and to increase the security protections in online banking services. The purpose of this paper is to empirically test the effects of the control transparency and the outcome feedback on the risk perceptions in Internet banking services. Our assumption is that these two methods-control transparency and outcome feedback-can reduce perceived risks involved with online financial transactions, while increasing perceived trust over financial service providers. These changes in user attitudes can increase the level of user satisfactions, which may lead to the increased user loyalty as well as users' willingness to pay for the financial transactions. Previous research in IS suggested that the increased level of transparency on the process and the result of transactions can enhance the information quality and decision quality of IS users. Transparency helps IS users to acquire the information needed to control the transaction counterpart and thus to complete transaction successfully. It is also argued that transparency can reduce the perceived transaction risks in IS usage. Many IS researchers also argued that the trust can be generated by the institutional mechanisms. Trusting belief refers to the truster's belief for the trustee to have attributes for being beneficial to the truster. Institution-based trust plays an important role to enhance the probability of achieving a successful outcome. When a transactor regards the conditions crucial for the transaction success, he or she considers the condition providers as trustful, and thus eventually trust the others involved with such condition providers. In this process, transparency helps the transactor complete the transaction successfully. Through the investigation of these studies, we expect that the control transparency and outcome feedback can reduce the risk perception on transaction and enhance the trust with the service provider. Based on a theoretical framework of transparency and institution-based trust, we propose and test a research model by evaluating research hypotheses. We have conducted a laboratory experiment in order to validate our research model. Since the transparency artifact(control transparency and outcome feedback) is not yet adopted in online banking services, the general survey method could not be employed to verify our research model. We collected data from 138 experiment subjects who had experiences with online banking services. PLS is used to analyze the experiment data. The measurement model confirms that our data set has appropriate convergent and discriminant validity. The results of testing the structural model indicate that control transparency significantly enhances the trust and significantly reduces the risk perception of online banking users. The result also suggested that the outcome feedback significantly enhances the trust of users. We have found that the reduced risk and the increased trust level significantly improve the level of service satisfaction. The increased satisfaction finally leads to the increased loyalty and willingness to pay for the financial services.

• Korean Security Journal
• /
• no.21
• /
• pp.155-175
• /
• 2009

RFID that provide automatic identification by reading a tag attached to material through radio frequency without direct touch has some specification, such as rapid identification, long distance identification and penetration, so it is being used for distribution, transportation and safety by using the frequency of 125KHz, 134KHz, 13.56MHz, 433.92MHz, 900MHz, and 2.45GHz. Also it is one of main part of Ubiquitous that means connecting to net-work any time and any place they want. RFID is expected to be new growth industry worldwide, so Korean government think it as prospective field and promote research project and exhibition business program to linked with industry effectively. RFID could be used for access control of person and vehicle according to section and for personal certify with password. RFID can provide more confident security than magnetic card, so it could be used to prevent forgery of register card, passport and the others. Active RFID could be used for protecting operation service using it's long distance date transmission by application with positioning system. And RFID's identification and tracking function can provide effective visitor management through visitor's register, personal identification, position check and can control visitor's movement in the secure area without their approval. Also RFID can make possible of the efficient management and prevention of loss of carrying equipments and others. RFID could be applied to copying machine to manager and control it's user, copying quantity and It could provide some function such as observation of copy content, access control of user. RFID tag adhered to small storage device prevent carrying out of item using the position tracking function and control carrying-in and carrying-out of material efficiently. magnetic card and smart card have been doing good job in identification and control of person, but RFID can do above functions. RFID is very useful device but we should consider the prevention of privacy during its application.

• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.163-178
• /
• 2014

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

• Journal of Korea Water Resources Association
• /
• v.54 no.spc1
• /
• pp.1107-1118
• /
• 2021

Climate change brought on by global warming increased the frequency of flood and drought on the Korean Peninsula, along with the casualties and physical damage resulting therefrom. Preparation and response to these water disasters requires national-level planning for water resource management. In addition, watershed-level management of water resources requires flow duration curves (FDC) derived from continuous data based on long-term observations. Traditionally, in water resource studies, physical rainfall-runoff models are widely used to generate duration curves. However, a number of recent studies explored the use of data-based deep learning techniques for runoff prediction. Physical models produce hydraulically and hydrologically reliable results. However, these models require a high level of understanding and may also take longer to operate. On the other hand, data-based deep-learning techniques offer the benefit if less input data requirement and shorter operation time. However, the relationship between input and output data is processed in a black box, making it impossible to consider hydraulic and hydrological characteristics. This study chose one from each category. For the physical model, this study calculated long-term data without missing data using parameter calibration of the Soil Water Assessment Tool (SWAT), a physical model tested for its applicability in Korea and other countries. The data was used as training data for the Long Short-Term Memory (LSTM) data-based deep learning technique. An anlysis of the time-series data fond that, during the calibration period (2017-18), the Nash-Sutcliffe Efficiency (NSE) and the determinanation coefficient for fit comparison were high at 0.04 and 0.03, respectively, indicating that the SWAT results are superior to the LSTM results. In addition, the annual time-series data from the models were sorted in the descending order, and the resulting flow duration curves were compared with the duration curves based on the observed flow, and the NSE for the SWAT and the LSTM models were 0.95 and 0.91, respectively, and the determination coefficients were 0.96 and 0.92, respectively. The findings indicate that both models yield good performance. Even though the LSTM requires improved simulation accuracy in the low flow sections, the LSTM appears to be widely applicable to calculating flow duration curves for large basins that require longer time for model development and operation due to vast data input, and non-measured basins with insufficient input data.