• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1183-1192
• /
• 2022

Information and Information processing systems must maintain a certain level of security during the total life cycle of Information. To maintain a certain level of security, security management processes are applied to software, automobile development, and the U.S. federal government information system over a life cycle, but theme of no similar security management process in Korea. This paper proposes a Korean-style security risk management framework to maintain a certain level of security in the total life cycle of information and information processing system in the defense sector. By applied to the defense field, we intend to present the direction of defense security work in the future and induce an shift in security paradigm.

• The Journal of Korean Association of Computer Education
• /
• v.19 no.6
• /
• pp.81-89
• /
• 2016

As the social and technical circumstance changes rapidly, passive learners who were knowledge-finders not only remember and regenerate about the given information but also critically grasp the phenomena of real life, and then also it became necessary for us to help cultivate the ability to solve the problem creatively in the new form of educational goal, educational content, educational methods and evaluation, educational environment. As a result, this study analyzes the smart learning education, fit the model of smart learning education training in high school information ethics parts, design the lesson that is proposal class of 'Information protection and Security' section, and develop the teaching and experience educational contents, furthermore, It is to investigate the impact on the ethics consciousness about information communications.

• Journal of Convergence for Information Technology
• /
• v.11 no.2
• /
• pp.16-24
• /
• 2021

This paper introduces a smart aging service that helps the elderly lead a happy old age by actively utilizing IoT and AI technologies for the elderly who are increasing rapidly as they enter the aging society. In particular, we propose a future-oriented, age-friendly well-being support system that breaks away from the existing welfare concept to solve the aging problem but leads to a paradigm shift toward building a vibrant aging society by protecting from emergency and satisfying emotions. By introducing IoT and AI, it judges the life situation and emotional state from the living information of the elderly can respond to emergencies and suggest meetings as a change of mood and give an emotional comfort. Since the proposed system uses artificial intelligence techniques to determine the degree of depression when inputting information such as pulse-rate, dangerous word usage, and external communication, I think it showed the feasibility of the new concept of wellbeing support system that is totally different from conventional wellbeing concept of health-care.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.113-120
• /
• 2006

C4I system is the centerpiece of the military force. The system is an information based system which facilitates information grid, collection of data and dissemination of the information. The C4I system seeks to assure information dominance by linking warfighting elements in the battlespace to information network which enables sharing of battlespace information and awareness; thereby shifting concept of warfare from platform-centric paradigm to Network Centric Warfare. Although, it is evident that C4I system is a constant target from the adversaries, the issues of vulnerability via cyberspace from attack still remains. Therefore, the protection of C4I system is critical. The roadmap I have constructed in this paper will guide through the direction to protect the system during peace and war time. Moreover, it will propose vision, objectives and necessary supporting framework to secure the system from the threat. In order to fulfill these tasks, enhanced investments and plans from the Joint chief of Staff and Defense of Acquisition and Program Administration (DAPA) is critical; thereby enabling the establishment of rapid and efficient security system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.331-340
• /
• 2021

As the communication industry develops, the development of SoC (System on Chip) is increasing. Accordingly, the paradigm of technology design of industries and companies is changing. In the existing process, companies purchased micro-architecture, but now they purchase ISA (Instruction Set Architecture), and companies design the architecture themselves. RISC-V is an open instruction set based on a reduced instruction set computer. RISC-V is equipped with ISA, which can be expanded through modularization, and an expanded version of ISA is currently being developed through the support of global companies. In this paper, we present benchmarking frameworks ARIA, LEA, and PIPO of Korean block ciphers in RISC-V. We propose implementation methods and discuss performance by utilizing the basic instruction set and features of RISC-V.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.597-613
• /
• 2024

MyData is an approach of personal data management, which grants data subjects the right to decide how to use and where to provide their data. With the explicit consent of the subjects, service providers can collect scattered data from data sources and offer personalized services based on the collected data. In existing service models, personal data saved in data storage can be shared with data processors of service providers or third parties. However, once personal data are transferred to third-party processors, it is difficult for data subjects to trace and control their personal data. Therefore, in this paper, we propose a cloud model where both data storage and processor are located within a single cloud, ensuring that data do not leave the cloud.

• The Journal of the Convergence on Culture Technology
• /
• v.6 no.4
• /
• pp.553-558
• /
• 2020

Data has emerged as a key driver of national, corporate and individual competitiveness as a result of the entry into the data economy. The value of personal information is increasing in various fields such as customized services and social problem solving. MyData refers to a new paradigm in which individuals have the authority to manage and control their information and make active decisions on where to use and scope of personal information. MyData, which is emerging as a big topic in the data economy, is a necessary concept in an era when the value of data is important, and related laws and systems should be prepared.

• The Journal of Society for e-Business Studies
• /
• v.23 no.3
• /
• pp.65-84
• /
• 2018

The government is continuously expanding its national R&D investment to actively respond to the advent of the $4^{th}$ industrial revolution era and to develop the national economy. The R&D structure is likely to be liberalized as the paradigm shifts from the pursuit type R&D to the leading type R&D, and R&D capacity enhancement that focuses on researchers' creativity is emphasized. Such changes in R&D environment will increase the risk of security accidents such as leakage of research information. In addition, security policy for protection of research result should be the Researcher-Centric Security and security policy should be changed. This study explored transforming the research security system into the Researcher-Centric Security system so that researchers can voluntarily implement necessary security measures in the course of conducting research.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.8
• /
• pp.1161-1170
• /
• 2013

Currently in 2013, a law that was drawn as a result of social agreement for personal information protection was enacted, and through several amendments, definite policy of written law and guideline were presented for definitive information protection in various fields of social business including IT field. Based on a series of social issues about the importance of personal information, a new access paradigm to personal information appeared. And from macroscopic access method called information protection, the necessity of technical access method came to the fore. Of course, it seems somewhat irrational to restrict all data in the form of personal information to a certain category of information until now. But in the deluge of information based on IT field, it is true that the part of checking the flow of personal information and selecting as security target has been standardized. But still there are cases in which it is difficult to routinely apply the five standardized flows of personal information Life-Cycle-collect, process, provide, store, and destroy-to information that all companies and organizations have. Therefore, the researcher proposes the standardized methodology by proposing the access control methodology for dualised hierarchical personal information Life-Cycle. The results of this research aim to provide practical data which makes optimal access control to personal information Life-Cycle possible.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.1
• /
• pp.1-14
• /
• 2015

To conform to new emerging computing paradigm, various researches and challenges are being done. New information technologies make easy to access and acquire information in various ways. In other side, however, it also makes illegal access more powerful and various threat to system security. In this paper, we suggest a new extended access control method that make it possible to conform to security policies enforcement even with discrepancy between policy based constraints rules and query based constraints rules, based on their semantic information. New method is to derive security policy rules using context tree structure and to control the exceed granting of privileges through the degree of the semantic discrepancy. In addition, we illustrate prototype system architecture and make performance comparison with existing access control methods.