• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.153-160
• /
• 2024

Information technology plays an important role in healthcare. The cloud has several applications in the fields of education, social media and medicine. But the advantage of the cloud for medical reasons is very appropriate, especially given the large volume of data generated by healthcare organizations. As in increasingly health organizations adopting towards electronic health records in the cloud which can be accessed around the world for various health issues regarding references, healthcare educational research and etc. Cloud computing has many advantages, such as "flexibility, cost and energy savings, resource sharing and rapid deployment". However, despite the significant benefits of using the cloud computing for health IT, data security, privacy, reliability, integration and portability are some of the main challenges and obstacles for its implementation. Health data are highly confidential records that should not be made available to unauthorized persons to protect the security of patient information. In this paper, we discuss the privacy and security requirement of EHS as well as privacy and security issues of EHS and also focus on a comprehensive review of the current and existing literature on Electronic health that uses a variety of approaches and procedures to handle security and privacy issues. The strengths and weaknesses of some of these methods were mentioned. The significance of security issues in the cloud computing environment is a challenge.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.41-50
• /
• 2021

Cloud computing is one of the most expanding technologies nowadays; it offers many benefits that make it more cost-effective and more reliable in the business. This paper highlights the various benefits of cloud computing and discusses different cryptography algorithms being used to secure communications in cloud computing environments. Moreover, this thesis aims to propose some improvements to enhance the security and safety of cloud computing technologies.

• Asia pacific journal of information systems
• /
• v.33 no.4
• /
• pp.1135-1155
• /
• 2023

Management of the workforce in the early career stage who enter information security work after graduating from college or university so that they can continue to develop their information security careers without leaving the organization can be a solution to the problem of absolute shortage of staffing and lack of skills. This is because the workforce can improve their job skills, and organizations can build a stable, cost-effective human resource management system. This paper constructed and verified a turnover intention research model focusing on the factors that affect the turnover intention of early-stage workforce who took their first steps in society as an information security workforce after graduating from university or college; it confirmed that self-realization is a crucial factor. Furthermore, with in-depth interviews, the career path information of skilled workers, which is essential information necessary for self-realization, was analyzed, and the direction of HRM for self-realization of the workforce in the early career stage was presented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.109-116
• /
• 2010

We consider an information system where its throughput deteriorates due to security threats and evaluate information security investment portfolios. We assume that organizations adopt information security countermeasures (or portfolios consisted of countermeasures) to lessen the damage resulted from the productivity (or throughput) deterioration. A probability model is used to derive the system throughput and the average number of repairs according to the occurrence rate of security threats. Considering the revenue from throughput, the repair cost, and the investment for the security system, the net present value for each portfolio is derived. Organizations can compare information security investment portfolios and select the optimal portfolio.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.781-797
• /
• 2013

Nowadays, it is increasing that corporates consign tasks related to the personal information processing to the consignees for efficiency and quality improvements and cost reductions. As the consignments are increased, there are increases on types and amounts of personal information. Therefore, the needs on the information managements and the security threats are increased. This report will analyze the laws that consignors and consignees should follow. Moreover, it identifies issues and analyzes the current levels on consignees in terms of the personal information protection so that the consignors can come up with the best and efficient way to monitor the consignees when they consign the personal information processing tasks.

• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.41-48
• /
• 2024

Existing PoS (Point of Sale) based payment frameworks are vulnerable as the Payment Application's integrity in the smart phone and PoS are compromised, vulnerable to reverse engineering attacks. In addition to these existing PoS (Point of Sale) based payment frameworks do not perform point-to-point encryption and do not ensure communication security. We propose a Smart and Secure PoS (SSPoS) Framework which overcomes these attacks. Our proposed SSPoS framework ensures point-to-point encryption (P2PE), Application hardening and Application wrapping. SSPoS framework overcomes repackaging attacks. SSPoS framework has very less communication and computation cost. SSPoS framework also addresses Heartbleed vulnerability. SSPoS protocol is successfully verified using Burrows-Abadi-Needham (BAN) logic, so it ensures all the security properties. SSPoS is threat modeled and implemented successfully.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.21-28
• /
• 2009

In the recent years, power attacks were widely investigated, and so various countermeasures have been proposed, In the case of block ciphers, masking methods that blind the intermediate values in the algorithm computations(encryption, decryption, and key-schedule) are well-known among these countermeasures. But the cost of non-linear part is extremely high in the masking method of block cipher, and so the inversion of S-box is the most significant part in the case of AES. This fact make various countermeasures be proposed for reducing the cost of masking inversion and Zakeri's method using normal bases over the composite field is known to be most efficient algorithm among these masking method. We rearrange the masking inversion operation over the composite field and so can find duplicated multiplications. Because of these duplicated multiplications, our method can reduce about 10.5% gates in comparison with Zakeri's method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1413-1424
• /
• 2019

Cryptocurrency has limitations to be used as an actual payment method due to the scalability problem of the blockchain consensus protocol, and various off-chain solutions to solve these limitations are being studied. In this paper, we design an efficient off-chain payment channel using one-way hash function and implement the designed payment channel using Ethereum smart contract. In addition, the experiment was conducted to measure and analyze execution time and cost for each method by deploying it in the same environment as the previously implemented plasma MVP. As a result, compared with plasma MVP, the proposed solution was able to reduce the total cumulative time by about 34% and reduce the overall execution cost by about 41%.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.12
• /
• pp.453-460
• /
• 2022

As high-performance quantum computers are expected to be developed, studies are being actively conducted to build a post-quantum security system that is safe from potential quantum computer attacks. When the Grover's algorithm, a representative quantum algorithm, is used to search for a secret key in a symmetric key cryptography, there may be a safety problem in that the security strength of the cipher is reduced to the square root. NIST presents the post-quantum security strength estimated based on the cost of the Grover's algorithm required for an attack of the cryptographic algorithm as a post-quantum security requirement for symmetric key cryptography. The estimated cost of Grover's algorithm for the attack of symmetric key cryptography is determined by the quantum circuit complexity of the corresponding encryption algorithm. In this paper, the quantum circuit of the SCHWAEMM algorithm, AEAD family of SPARKLE, which was a finalist in NIST's lightweight cryptography competition, is efficiently implemented, and the quantum cost to apply the Grover's algorithm is analyzed. At this time, the cost according to the CDKM ripple-carry adder and the unbounded Fan-Out adder is compared together. Finally, we evaluate the post-quantum security strength of the lightweight cryptography SPARKLE SCHWAEMM algorithm based on the analyzed cost and NIST's post-quantum security requirements. A quantum programming tool, ProjectQ, is used to implement the quantum circuit and analyze its cost.

• Journal of Korean Society for Quality Management
• /
• v.39 no.3
• /
• pp.432-443
• /
• 2011

The purpose of this research is to understand users' information protection behavior on personal information security from health psychology theory perspectives. Empirical results indicate that users' information protection behavior on personal information is predicted by perceived threat and perceived responsiveness. Perceived threat is determined by perceived susceptibility and perceived severity. Perceived responsiveness is determined by response efficacy and self-efficacy, but response cost is not significant. These findings provide an enriched understanding about users' information protection behavior on personal information security.