• Title/Summary/Keyword: 정보보호시장

Search Result 518, Processing Time 0.029 seconds

The Evaluation for Web Mining and Analytics Service from the View of Personal Information Protection and Privacy (개인정보보호 관점에서의 웹 트래픽 수집 및 분석 서비스에 대한 타당성 연구)

  • Kang, Daniel;Shim, Mi-Na;Bang, Je-Wan;Lee, Sang-Jin;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.6
    • /
    • pp.121-134
    • /
    • 2009
  • Consumer-centric marketing business is surely one of the most successful emerging business but it poses a threat to personal privacy. Between the service provider and the user there are many contrary issues to each other. The enterprise asserts that to abuse the privacy data which is anonymous there is not a problem. The individual only will not be able to willingly submit the problem which is latent. Web traffic analysis technology itself doesn't create issues, but this technology when used on data of personal nature might cause concerns. The most criticized ethical issue involving web traffic analysis is the invasion of privacy. So we need to inspect how many and what kind of personal informations being used and if there is any illegal treatment of personal information. In this paper, we inspect the operation of consumer-centric marketing tools such as web log analysis solutions and data gathering services with web browser toolbar. Also we inspect Microsoft explorer-based toolbar application which records and analyzes personal web browsing pattern through reverse engineering technology. Finally, this identified and explored security and privacy requirement issues to develop more reliable solutions. This study is very important for the balanced development with personal privacy protection and web traffic analysis industry.

An Application Obfuscation Method Using Security Token for Encryption in Android (안드로이드 환경에서 보안 토큰을 이용한 앱 난독화 기법)

  • Shin, JinSeop;Ahn, Jaehwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.6
    • /
    • pp.1457-1465
    • /
    • 2017
  • With the growing of smart devices market, malicious behavior has gradually expanded its scope. Accordingly, many studies have been conducted to analyze malicious apps and automated analysis tools have been released. However these tools cause the side effects that the application protection tools such as ProGuard, DexGuard become vulnerable to analyzers or attackers. This paper suggests the protection mechanism to apply to the Android apps using security token, rather than general-purpose protection solutions that can be applied in malicious apps. The main features of this technique are that Android app is not properly loaded in the memory when the security token is abnormal or is not inserted and protected parts using the technique are not exposed.

Authentication Scheme based on NTRU for the Protection of Payment Information in NFC Mobile Environment (NFC 모바일 환경에서 결제정보보호를 위한 NTRU 기반 인증 기법)

  • Park, Sung Wook;Lee, Im Yeong
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.2 no.3
    • /
    • pp.133-142
    • /
    • 2013
  • Recently, smart devices for various services have been developed using converged telecommunications, and the markets for near field communication (NFC) mobile services is expected to grow rapidly. In particular, the realization of mobile NFC payment services is expected to go commercial, and it is widely attracting attention both on a domestic and global level. However, this realization would increase privacy infringement, as personal information is extensively used in the NFC technology. One example of such privacy infringement would be the case of the Google wallet service. In this paper, we propose an mutual authentication scheme based on NTRU for secure channel in OTA and an zero-knowledge proof scheme NTRU based on for protecting user information in NFC mobile payment systems without directly using private financial information of the user.

Vulnerability Analysis of DHCP Exhaustion Attack in Drone Environment: Based on Open Source Tools Improvement Results (드론 환경에서의 DHCP 고갈 공격 취약점 분석: 도구 개선 결과를 기반으로)

  • Lee, Junkwon;Jeong, Jiin;Jung, Wontae;Lee, Kyungroul
    • Annual Conference of KIPS
    • /
    • 2022.11a
    • /
    • pp.204-206
    • /
    • 2022
  • 드론과 관련된 기술의 발전으로 인하여, 다양한 민간 및 공공 산업에서 활용되는 실정이며, 이에 따라 드론 시장 역시 확대되면서 일반인들도 드론을 접하거나 활용하는 기회가 많아지고 있다. 특히, 일반인들이 접근하기 용이하고 사용하기 쉬운 WiFi 기반의 상용 드론이 생산되면서 수요 역시 증가하는 추세이다. 이와 같이, 드론이 많이 발전하는 긍정적인 측면과는 반대로, 드론에서 발생하는 다양한 취약점으로 인하여 보안 위협이 발생한다. 최근에는 WiFi 기반의 드론들을 대상으로 공개된 도구를 사용하여 DHCP 고갈 공격의 취약점을 분석하는 연구가 진행되었으며, 공격 결과로 실제 드론이 DHCP 고갈 공격으로 인하여 IP 주소를 할당받지 못하는 보안위협이 도출되었다. 하지만, 이 연구는 대표적인 DHCP 공격 도구인 DHCPig와 Yersinia를 활용하였으며, 이 도구들은 무선이 아닌 유선 네트워크를 기반으로 제작되었기 때문에, 드론 환경에 그대로 적용하기에는 한계점이 존재하며, 실제로 발생 가능한 취약점을 검증하지 못하는 한계점도 존재한다. 따라서 본 논문에서는 WiFi 기반 상용 드론을 대상으로 DHCP 고갈 공격의 취약점을 분석하기 위하여, 공개된 도구들의 문제점을 분석하고 개선함으로써, 드론 환경에서의 DHCP 고갈 공격의 가능성을 검증한다. 본 연구 결과는 DHCP를 제공하는 드론 환경의 안전성을 향상하기 위한 지표로 활용될 것으로 사료된다.

A Study on the Linkage and Gap in Personal Information Policy in Cloud Services between Multinational Companies' Human Resource Management and Domestic Companies' Human Resource Management (제조 전문 국제기업 인사관리와 국내 인사관리 클라우드 서비스 운영 개인정보정책과의 연계 및 괴리에 대한 연구)

  • Seo, Woo-Seok
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.19 no.1
    • /
    • pp.639-643
    • /
    • 2018
  • Laws concerning the protection of personal information have been enacted and revised as the legislation on personal information protection on the basis of the Act on the Protection of Personal Information Maintained by Public Institutions. Nevertheless, there have been continuing threats resulting from the fact that restrictions on security subject to laws remain unclear. By proposing protected access utilizing a unique identification key of enterprises, regarding the personal information of various internal and external clients held by international manufacturing companies and attempting to make policy aspect and management access at the same time, there is a change of gradual decline in cloud personnel information management service, which is the domestic ISP service for personnel management as the technology facilitated to reduce the burden on personnel and cost for the protection of personal information and the market is also changing to the direction for companies to directly operate. Therefore, this study intends to examine the convenience of integrated management for ensuring security, while confirming the gap on flexibility and safety on management point regarding the human resources of international manufacturing companies arising from its interactions.

The Analysis of Economic Impact for Information Security Industry using Inter-Industry Analysis (산업연관분석을 이용한 정보보호 산업의 경제 파급효과 분석)

  • Jeong, Eun-Hee
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.13 no.1
    • /
    • pp.72-80
    • /
    • 2020
  • The information security industry is increasing in importance and market size due to the development of the fourth industry such as artificial intelligence, IoT and etc. This paper was analyzed the impact of the increasing information security industry on the domestic economy by using the Input-Output table. It was classified industrial sectors into information security products and information security services industries, and then reclassified the Input-Output table into 35 industries. And it was estimated the production inducement coefficient, the value-added inducement coefficient, employment inducement coefficient, and etc. The production inducement coefficients of the information security product and service industry are each 1.571, 1.802, and the value-added inducement coefficients of them are each 0.632, 0.997, and the employment inducement coefficients of them are each 2.494, 7.361. Only the value-added inducement coefficient of the information security service industry is slightly higher than the total industry, and the remaining inducement coefficients are all lower than the total industry. In addition, the information security product industry has no the forward and backward linkage effect, and the information security service industry has no the backward linkage effect. But it has the forward linkage effect. As a result of analyzing the economic ripple effect of the information security industry, the production inducement amounted to 359.9 trillion won, value-added inducement amounted to 164.8 trillion won, and employment inducement amounted to 803 thousand people.

nhancing Anonymity Protection in RWA Token Trading Using Blockchain Exchange Platforms (블록체인 거래소 플랫폼을 활용한 RWA 토큰 거래에서의 개인정보보호 개선 방안)

  • Jaeseong Lee;Junghee Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.4
    • /
    • pp.641-649
    • /
    • 2024
  • This paper addresses the issue of anonymity protection in the trading of Real-World Asset (RWA) tokens, a prominent topic in the cryptocurrency market in recent years. The principle of transparency inherent in blockchain technology makes it challenging to ensure the anonymity of traders. Although there have been instances in existing blockchain research where mixer services have been utilized to protect the privacy of Fungible Tokens (FTs), and prior studies have explored the privacy protection for Non-Fungible Tokens (NFTs), RWA tokens, which can embody characteristics of both FTs and NFTs and are tied to physical assets, present a complex challenge in achieving the goal of anonymity protection through any single method. This paper proposes a hypothetical token trading platform, ARTeX, and describes the trading process to analyze measures for protecting the anonymity of RWA token transactions.

디지털 저작권권리 (DRM)와 Rights Language

  • 박정희;성평식
    • Proceedings of the Korea Society for Industrial Systems Conference
    • /
    • 2003.05a
    • /
    • pp.23-26
    • /
    • 2003
  • 인터넷의 발달은 전통적인 자연 발생적인 시장에 의한 상거래를, 기술에 의한 안전하면서 세계 시장을 쉽게 접근할 수 있는 전자상거래 구조를 제공하고 있다. 현재 전자상거래의 대상은 실물에 대한 상거래와 디지털 컨텐츠에 대한 상거래로 크게 분류할 수 있으며, 실물에 대한 상거래는 전통적 상거래 방식이 컴퓨터로 바뀐 상황이라고 볼 때, 디지털컨텐츠에 대한 상거래 즉, D-Commerce에 대한 상거래의 개념이 도래하고 있다. 디지털 컨텐츠의 상거래에 필요한 요소 기술에 대한 연구, 그리고 특히 새로운 유통 비즈니스 모델에 대한 연구가 필요하다. 디지털 컨텐츠는 생성, 가공, 유통, 분배 둥의 측면에서 많은 장점을 갖는 반면, 복사를 여러 번해도 원본의 품질에 손상 없이 쉽게 복사 될 수 있다는 것이 디지털 저작권 보호에 커다란 문제점으로 대두되고 있다. 디지털 저작권권리(Digital Rights Management: DRM)은 디지털 콘텐츠의 보호와 적절한 유통체계를 설립하여 안전하게 상거래를 할 수 있게 하기 위한 새로운 기술이다. XrML은 권리(Right)를 명시하는 언어로써 디지털 컨텐츠와 그에 따른 서비스들을 사용할 수 있는 권리와 조건들을 명시해준다. XrML은 현재 디지털 저작권권리(Digital Rights Management: DRM)에 가장 많이 쓰이고 있는 Rights Language이다. XrML은 ContentGuard가 개발한 DRM 서술 언어로 전 세계 산업계 표준으로 추진하기 위하여 파트너 회사 확대, 기능 확장, 무료/공개 형식으로 보급을 추진하고 있다.

  • PDF

The Method for Data Acquisition on a Live NAS System (활성 상태의 NAS 시스템 상에서 내부 데이터 수집 기법 연구)

  • Seo, Hyeong-Min;Kim, Dohyun;Lee, Sang-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.3
    • /
    • pp.585-594
    • /
    • 2015
  • As the storage market has been expanded due to growing data size, the research on various kinds of storages such as cloud, USB, and external HDD(Hard Disk Drive) has been conducted in digital forensic aspects. NAS(Network-Attached Storage) can store the data over one TB(Tera Byte) and it is well used for private storage as well as for enterprise, but there is almost no research on NAS. This paper selects three NAS products that has the highest market share in domestic and foreign market, and suggests the process and method for data acquisition in live NAS System.

Analysis of Vulnerability in Electron Based Collaboration Tools (Electron 기반 협업 프로그램 취약점 분석)

  • Lee, Hyomin;Jang, Yeonseok;Kwon, Yonghee;Lim, Eunji;Kim, Jongmin;Park, Jinwoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.4
    • /
    • pp.573-586
    • /
    • 2021
  • As the proportion of non-contact work is increasing in the situation of COVID-19 pandemic, the collaboration program market is growing rapidly. As the size of the market grows, vulnerabilities in collaborative programs are constantly being disclosed which increases interest in the security of collaborative tools. In this paper, we introduce the results of vulnerability analysis on Electron-based collaboration programs, noting that a number of collaboration programs are based on the Electron framework, and propose countermeasures to enhance the security of Electron-based applications.