• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.393-395
• /
• 2012

다양한 스마트 기기의 출현과 함께 정보보호를 위한 보다 강건한 사용자 인증 시스템에 대한 요구도 증대되고 있다. 하지만 스마트 기기별로 호환성을 유지하면서도 사용자 인증을 수행하기 위해서는 각 기기에서 공통적으로 제공되는 센서의 활용이 필요하며, 영상 기반 다중 생체 인식에 기반을 둔 사용자 인증 시스템은 이에 대한 대안이 될 수 있다. 본 논문에서는 전통적으로 사용자 인증에 사용되고 있는 얼굴 인식과 더불어 영상 기반의 제스처 인식을 함께 사용함으로서 호환성을 유지하면서도 강건한 사용자 인증 시스템을 제안하였다. 그리고 제스처 인식 데이터베이스의 하나인 ChaLearn 데이터에 적용하여 인식 성능을 평가하였다. 그 결과 기존의 스마트 기기에서 가속도계, 자이로스코프 또는 터치 패널에 의한 제스처 인식이 아니라 영상 기반의 제스처 인식을 사용하여 호환성의 확보뿐만 아니라 사용자 인증 성능 또한 개선할 수 있음을 확인하였다.

• Proceedings of the Korean Society of Disaster Information Conference
• /
• 2023.11a
• /
• pp.41-42
• /
• 2023

항공편과 승객의 흐름을 효율적으로 처리하기 위한 디지털 시스템에 대한 의존도 증가와 승객용 기내 와이파이 서비스 등으로 인해 민간항공의 사이버 보안 취약성은 매년 증가하고 있는데 비해 공항에 대한 무장 공격, 항공기에 폭발물 설치 및 납치와 같은 전통적인 테러에 맞춰 마련된 항공보안 관련 국제협약은 사이버 위협에 직접적으로 적용하기 어렵다는 문제를 갖고 있다. 본 연구는 민간항공에 대한 사이버 공격의 예방 및 기소와 관련된 국제협약의 적정성을 검토한 후, 사이버 위협 대응을 위한 기존 국제협약 체계, 잠재적 차이 해석 등을 중점적으로 분석하여 민간항공의 안전을 위협하는 불법방해행위로부터 중요정보 및 시스템을 보호하는 항공 사이버 보안 국제표준 마련 및 이행 촉진을 강조하고자 한다.

• Proceedings of the KAIS Fall Conference
• /
• 2006.05a
• /
• pp.123-127
• /
• 2006

This paper identifies some components should be evaluated and certified to assure that IT systems are secure. Security objective of IT systems will be obtained by protecting all areas of IT systems, so not only visible parts but also non-visible parts must be protected. And for verifying all the parts of IT systems are protected, we should check the scope of evaluation and certification covers all necessary parts.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1001-1020
• /
• 2023

As massive increase in remote work since COVID-19, the boundaries between the inside and outside of corporate networks have become blurred. As a result, traditional perimeter security has stagnated business productivity and made it difficult to manage risks such as information leakage. The zero trust architecture model has emerged, but it is difficult to apply to IT environments composed of various companies. Therefore, using the remote work system configuration as an example, we presented a configuration and methodology that can apply zero trust models even in various network environments such as on-premise, cloud, and network separation. Through this, we aim to contribute to the creation of a safe and convenient cyber environment by providing guidance to companies that want to apply zero trust architecture, an intelligent system that actively responds to cyber threats.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.8C
• /
• pp.1076-1085
• /
• 2004

Privacy enforcement has been one of the most important problems in IT area. Privacy protection can be achieved by enforcing privacy policies within an organization's data processing systems. Traditional security models are more or less inappropriate for enforcing basic privacy requirements, such as privacy binding. This paper proposes an extended role-based access control (RBAC) model for enforcing privacy policies within an organization. For providing privacy protection and context based access control, this model combines RBAC, Domain-Type Enforcement, and privacy policies Privacy policies are to assign privacy levels to user roles according to their tasks and to assign data privacy levels to data according to consented consumer privacy preferences recorded as data usage policies. For application of this model, small hospital model is considered.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.563-577
• /
• 2017

Due to the Internet and computing capability, new and variant malware are discovered around 1 Million per day. Companies use dynamic analysis such as behavior analysis on virtual machines for unknown malware detection because attackers use unknown malware which is not detected by signature based AV effectively. But growing number of malware types are not only PE(Portable Executable) but also non-PE such as MS word or PDF therefore dynamic analysis must need more resources and computing powers to improve detection effectiveness. This study elicits the pre-filtering system evaluation factor to improve effective dynamic malware analysis system and presents and verifies the decision making model and the formula for solution selection using AHP(Analytics Hierarchy Process)

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.17-22
• /
• 2023

Traditional authentication systems typically involve users entering their username and password into a centralized identity management system. To address the inconvenience of such authentication methods, a decentralized identity authentication system based on Distributed Identifiers(DID) is proposed, utilizing decentralized identity technology. The proposed system employs QR code scanning for login, enhancing security through the use of blockchain technology to ensure the uniqueness and safety of user identities during the login process. This system utilizes DIDs and integrates the InterPlanetary File System(IPFS) to securely manage organizational members' identity information while keeping it private. Using the distributed identity authentication system proposed in this study, it is possible to effectively manage the security and personal identity of organization members. To improve the usability of the system proposed in this study, research is needed to expand it into a solution.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.412-414
• /
• 2015

최근 금융과 IT가 결합한 핀테크 산업이 빠르게 성장하고 있다. 전통적 금융 서비스에서 벗어나 소비자 접근성이 높은 인터넷, 모바일 기반 디바이스의 장점을 활용하여 송금, 결제, 자산관리 등 다양한 분야의 금융서비스를 제공한다. 하지만 핀테크 기술 발전으로 네트워크, 클라이언트, 시스템 등 각각의 부문에서 새로운 보안 위협 요소가 증가 할 것이다. 본 논문에서는 핀테크 보안의 고려사항과 연구동향에 대해 살펴보고 현재 핀테크 분야에서 보안이 적용된 시스템에 대해 분석하고 취급되는 정보보호의 중요성에 대해 고찰한다.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.3
• /
• pp.19-26
• /
• 2007

In recent rears. web portal system has received much attention as a user interface for the grid environment. Grid system uses symmetric key for authenticating user identity while the traditional portal system does a password-based authentication. Regarding this, many researches are progressing to integrate portal accounts with symmetric key. Specially. researches such as GAMA and PURSE are active and those focus on easy usability for users who familiar with password-based authentication. However the protection of data and resources is a critical issue in Grid environment, because those are shared through a wide-area network. In this paper, we suggest a new authentication mechanism which unify authentication mechanisms between portal system and grid service by using symmetric key. It will improve a security level in UI layer as much as in grid service.

• Korean Journal of Heritage: History & Science
• /
• v.47 no.3
• /
• pp.160-171
• /
• 2014

The provision of support for the art of making these items needs to be considered with the focus on the following factors: the local situation of the areas where such traditional handicrafts are still made, the craftspeople involved in their production, and their communities. So far, discussion about how to reinvigorate traditional handicrafts, including those mentioned above, has been concentrated on the measures taken to promote them as part of the handicrafts industry and the allocation of the government's budget for important intangible cultural heritages. The government runs a traditional handicrafts management system and provides financial support for the craftspeople and spaces for exhibiting their work. This form of support has led to systematic management of traditional handicrafts and heightened public interest in cultural heritage, as well as publicizing the country's traditional crafts, but has made little progress in the following areas: the fostering of young people willing to learn traditional skills, diversification of the types of skills to be maintained, or establishment of the networks of collaboration among the craftspeople. The most important aspect among the efforts mentioned above is to maintain cultural traditions that are unique to each region by encouraging local craftspeople to engage in their work with a solid sense of pride backed up by financial support. This study was carried out in connection with the need to reinvigorate the art of making tanggeon (horsehair crown), manggeon (horsehair headband), and gat (black horsehair hat), which few people wear as they are used only for ornamental purposes nowadays. This study examined the circumstances surrounding the artisans engaged in the production of horsehair handicrafts prior to their designation as a cultural heritage, and the changes that occurred in the local communities associated with their production after the designation, in order to assess the status of inheritance of this tradition.