• Journal of Navigation and Port Research
• /
• v.36 no.1
• /
• pp.1-7
• /
• 2012

A concept of the "e-Navigation" was introduced in 2005 and implementation strategies are under way by IMO/IALA in the maritime safety area. Specially VTS is an important maritime traffic monitoring and aids to navigation system which is aims to improve safety, navigation efficiency and protect the marine environment. The demand of the inter-VTS networking has been increased and standardization is underway for realization of shore side collaboration for maritime safety in IALA. But there may be security problems in the inter-VTS networks if they have not proper security mechanism. The hacking of realtime ship position and sensitive maritime surveillance information caused a critical accident of vessel, human life and environment by terrorist. This paper aims to design of a secure inter-VTS network structure and related security protocol for secure sharing of sensitive maritime data.

• Journal of KIISE:Computing Practices and Letters
• /
• v.13 no.2
• /
• pp.86-99
• /
• 2007

Packet filtering is to filter out potentially malicious network packets. In order to test a packet filtering function we should verify whether security policies are performed correctly as intended. However there are few existing tools to test the function. Besides, they need user participation when generating test cases or deciding test results. Many security administrators have a burden to test systematically new security policies when they establish new policies or modify the existing ones. To mitigate the burdens we suggest a new test method with minimal user articipation. Our tool automates generation steps of the test cases and the test oracles, respectively. By using the test oracles generated automatically, deciding test results is possible without user intervention. Our method realizes an automatic testing in three phases; test preparation phase, test execution, and test evaluation. As a result it may enhance confidence of test activities more highly. This paper describes the design and implementation of our test method and tool.

• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.187-193
• /
• 2017

Objects Internet-based healthcare services provide healthcare and healthcare services, including measurement of user's vital signs, diagnosis and prevention of diseases, through a variety of object internet devices. However, there is a problem that new security vulnerability can occur when inter-working with the security weakness of each element technology because the internet service based on the object Internet provides a service by integrating various element technologies. In this paper, we propose a user privacy protection model that can securely process user's healthcare information from a third party when delivering healthcare information of users using wearable equipment based on IoT in a mobile environment to a server. The proposed model provides attribute values for each healthcare sensor information so that the user can safely handle, store, and store the healthcare information, thereby managing the privacy of the user in a hierarchical manner. As a result of the performance evaluation, the throughput of IoT device is improved by 10.5% on average and the server overhead is 9.9% lower than that of the existing model.

• Review of KIISC
• /
• v.16 no.3
• /
• pp.7-17
• /
• 2006

TCG(Trusted Computing Group)는 더욱 안전한 컴퓨팅 환경의 구현을 목적으로 설립된 업계 컨소시엄으로, 데이터의 신뢰성을 제공하기 위하여 TPM(Trusted Platform Module)으로 불리는 신뢰의 기본을 제공하는 핵심 하드웨어의 사용을 제안하고 있다. 최근 모바일 디바이스의 성능 향상에 따라 다양한 응용들의 지원이 가능해지고, 네트워크를 통한 소프트웨어의 업데이트 및 응용프로그램의 다운로드 등이 가능한 개방형 플랫폼으로의 변화에 따른 디지털 컨버젼스는 TMP(Trusted Mobile Platform)라는 새로운 모바일 플랫폼용 규격의 사용을 필요로 하고 있다. 본 고에서는 기존 컴퓨팅 환경과 모바일 플랫폼에 핵심 보안 모듈인 TPM 기술의 국내 외 기술의 동향과 핵심 요소들에 대한 기술적 개념들을 살펴본다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.469-470
• /
• 2024

본 논문에서는 DigComp를 분석하여 데이터 리터러시 수준을 분석하고자 하였다. 이를 위해 DigComp의 구성요소인 데이터 리터러시, 소통 및 협업, 디지털 콘텐츠 제작, 보안, 문제해결 중 데이터 리러터시 영역의 세부 요소를 살펴보았다. 데이터 리터러시는 탐색·검색·필터링, 평가, 관리 3가지로 세분되어 있었고, 각각은 수준에 따라 기초, 중급, 고급, 전문가의 4단계로 구분되어 있었다. 그리고 3가지 영역의 수준을 분석하여 각 수준을 대표하는 핵심 단어를 추출하였다. 향후 이를 바탕으로 한 구체적 적용방안에 관한 연구가 이뤄지길 기대한다.

• Journal of Internet Computing and Services
• /
• v.16 no.5
• /
• pp.1-9
• /
• 2015

As attacks in cyber space become advanced and complex, monotonous defense approach of one-one matching manner between attack and defense may be limited to defend them. More efficient defense method is required. This paper proposes multi layers security scheme that can support to defend assets against diverse cyber attacks in systematical and adaptive. We model multi layers security scheme based on Defense Zone including several defense layers and also discuss essential technical elements necessary to realize multi layers security scheme such as cyber threats analysis and automated assignment of defense techniques. Also effects of multi layers security scheme and its applicability are explained. In future, for embodiment of multi layers security scheme, researches about detailed architecture design for Defense Zone, automated method to select the best defense technique against attack and modeling normal state of asset for attack detection are needed.

• The Transactions of the Korea Information Processing Society
• /
• v.3 no.1
• /
• pp.87-94
• /
• 1996

In order to design an extended relational database management system supporting multilevel security, the standard relational data model is extended and new relational integrity constrains are proposed for the model. The extended relational model and proposed multilevel integrity constraniants maintain database in consistent state and produce a basis that can eliminat eambiguity of entity and relation ship representations bypoly instantiation. The proposed up dates emantics canincreases the efficiency of up date operations by supporting multilevel entry and up dates. The semantics also provides a basis for the implementation of decomposition of extended relations.

• Journal of Korean Society of Archives and Records Management
• /
• v.24 no.2
• /
• pp.89-112
• /
• 2024

Metadata is a crucial component of record management, playing a vital role in properly managing and understanding the record. In cases where automatic metadata assignment is not feasible, manual input by records professionals becomes necessary. This study aims to alleviate the challenges associated with manual entry by proposing a method that harnesses ChatGPT technology for extracting records management metadata elements. To employ ChatGPT technology, a Python program utilizing the LangChain library was developed. This program was designed to analyze PDF documents and extract metadata from records through questions, both with a locally installed instance of ChatGPT and the ChatGPT online service. Multiple PDF documents were subjected to this process to test the effectiveness of metadata extraction. The results revealed that while using LangChain with ChatGPT-3.5 turbo provided a secure environment, it exhibited some limitations in accurately retrieving metadata elements. Conversely, the ChatGPT-4 online service yielded relatively accurate results despite being unable to handle sensitive documents for security reasons. This exploration underscores the potential of utilizing ChatGPT technology to extract metadata in records management. With advancements in ChatGPT-related technologies, safer and more accurate results are expected to be achieved. Leveraging these advantages can significantly enhance the efficiency and productivity of tasks associated with managing records and metadata in archives.

• Proceedings of the Korea Database Society Conference
• /
• 2002.10a
• /
• pp.197-211
• /
• 2002

본 연구에서는 정보기술 표준의 활용과 그에 따른 정보시스템의 상호운용성 수준과의 관계를 알아봄으로써 정보기술 아키텍처(ITA)에서 강조하고 있는 정보기술 표준의 활용 수준이 높으면 정보시스템의 상호운용성 수준도 높을 것인지를 실증적으로 알아보고자 하였다. 또한 정보기술 표준의 활용에 대한 측정을 위해 정보기술 아키텍처의 3가지 요소(EA, TRM, S/P) 중 하나인 기술참조모델(한국전산원의 TRM)의 표준서비스 분류를 선택하였고, 정보시스템의 상호운용성 수준을 측정하기 위해서는 정보시스템 상호운용성 수준(LISI : Levels of Information System Interoperability) 모델에 따름으로써 정보기술 아키텍처적 관점에서 접근하였다. 설문지를 통한 실증연구 결과, 다양한 표준서비스 중에서 보안서비스, 플랫폼서비스 및 데이터교환서비스 표준만이 실제 정보시스템 상호운용성에 영향을 미치는 것으로 나타났다.

• Smart Media Journal
• /
• v.10 no.3
• /
• pp.48-53
• /
• 2021

The authentication process is a key step that should be used to verify that a user is legitimate, and it should be used to verify that a user is a legitimate user and grant access only to that user. Recently, two-factor authentication and OTP schemes are used by most applications to add a layer of security to the login process and to address the vulnerability of using only one factor for authentication, but this method also allows access to user accounts without permission. This is a known security vulnerability. In this paper, we propose a Zero Knowledge Proofs (ZKP) personal information authentication scheme based on a Smart Contract of a block chain that authenticates users with minimal personal information exposure conditions. This has the advantage of providing many security technologies to the authentication process based on blockchain technology, and that personal information authentication can be performed more safely than the existing authentication method.