• The Journal of Information Systems
• /
• v.17 no.3
• /
• pp.153-174
• /
• 2008

Mobile commerce is defined as any direct or indirect transaction conducted and facilitated through a wireless telecommunication network such as payment, ticketing, auction and mobile banking. Despite the importance of mobile commerce, there have not been so many academic studies on the unique characteristics of mobile commerce environments. In this study, our research model is developed based on TAM(Technology Acceptance Model) to investigate the user's technology acceptance process in mobile commerce environment. The factors, such as ubiquity, compatibility, perceived usefulness, perceived ease of use, cost, security, attitude and behavior intention for mobile commerce were selected from pier study in information systems area. The data for empirical analysis of the research model is collected online-questionnaire of 167 mobile commerce users in South Korea. The hypotheses were analyzed using SPSS 15.0 and AMOS 7.0. The results of our study show that: (1) compatibility, perceived usefulness and security had influences on the attitude whereas perceived ease of use and cost did not have any significant impact on the attitude, (2) compatibility influenced perceived usefulness whereas perceived ease of use did not, and finally (3) ubiquity, perceived usefulness and attitude had considerable influences on intention for mobile commerce. Therefore, practitioners should focus on enhancing security, quality of contents and services as well as offering what mobile commerce users want. The results of this study may useful for academicians and practitioners alike.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.731-734
• /
• 2006

RFID(Radio Frequency Identification)는 무선 주파수를 이용하여 물리적인 접촉 없이 개체에 대한 정보를 읽거나 기록하는 자동인식 기술이다. 그러나 RFID의 특성으로 인하여 사용자의 프라이버시 침해가 발생하면서 이를 해결하기 위한 많은 프로토콜들이 제안되었으나 공격자의 여러 공격 형태로 인하여 많은 취약점이 발생하였다. 최근 저가형 RFID를 위한 효율적인 인증프로토콜이 제안되었으나 공격자의 불법적인 태그에 대해 인증이 가능한 문제점을 해결하는 연구가 요구된다. 본 논문에서 제안된 프로토콜은 기존의 인증 프로토콜에서 리더에게 역할을 부여함으로써 처음 생산된 태그에 대해서도 위조된 태그의 인증이 불가능하다. 또한 연산량이 적은 장점과 더욱 강화된 보안성으로 인하여 안전하고 효율적인 저가의 RFID 태그에 적용이 가능할 것이다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.12B
• /
• pp.728-734
• /
• 2007

In this paper, we propose a GOSST(Grade Of Services Steiner minimum Tree) heuristic mechanism for the design of a physical multiple security grade network with minimum construction cost. On the network, each node can communicate with other nodes by its desiring security grade. Added to the existing network security methods, the preventing method from illegal physical access is necessary for more safe communication. To construct such network with minimum cost, the GOSST problem is applied. As the GOSST problem is a NP-Hard problem, a heuristic with reasonable complexity is necessary for a practical solution. In this research, to design the physical multiple security grade network with the minimum construction cost, the reformed our previous Distance Direct GOSST heuristic mechanism is proposed. The mechanism brings average 29.5% reduction in network construction cost in comparison with the experimental control G-MST.

• Journal of Digital Convergence
• /
• v.10 no.10
• /
• pp.119-128
• /
• 2012

This study is to identify the factors that influence an intention to information security policy compliance of employees. To do this, this study is based on three theoretical backgrounds because of the lack of holistic perspective. Research results show that detection certainty and individual attachment have a positive effect on information security policy compliance intention. Detection certainty is influenced by security awareness education and training. Finally, response cost has a negative effect on information security policy compliance intention.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.399-408
• /
• 2021

Information security reports four types of basic attacks on information. One of the attacks is named as fabrication. Even though mobile devices and applications are showing its maturity in terms of performance, security and ubiquity, location-based applications still faces challenges of quality of service, privacy, integrity, authentication among mobile devices and hence mobile users associated with the devices. There is always a continued fear as how location information of users or IoT appliances is used by third party LB Service providers. Even adversary or malicious attackers get hold of location information in transit or fraudulently hold this information. In this paper, location information fabrication scenarios are presented after knowing basic model of information attacks. Peer-to-Peer broadcast model of location privacy is proposed. This document contains introduction to fabrication, solutions to such threats, management of fabrication mitigation in collaborative or peer to peer location privacy and its cost analysis. There are various infrastructure components in Location Based Services such as Governance Server, Point of interest POI repository, POI service, End users, Intruders etc. Various algorithms are presented and analyzed for fabrication management, integrity, and authentication. Moreover, anti-fabrication mechanism is devised in the presence of trust. Over cost analysis is done for anti-fabrication management due to nature of various cryptographic combinations.

• Journal of Information Processing Systems
• /
• v.12 no.2
• /
• pp.226-233
• /
• 2016

Cloud computing is a distributed computing model that has lot of drawbacks and faces difficulties. Many new innovative and emerging techniques take advantage of its features. In this paper, we explore the security threats to and Risk Assessments for cloud computing, attack mitigation frameworks, and the risk-based dynamic access control for cloud computing. Common security threats to cloud computing have been explored and these threats are addressed through acceptable measures via governance and effective risk management using a tailored Security Risk Approach. Most existing Threat and Risk Assessment (TRA) schemes for cloud services use a converse thinking approach to develop theoretical solutions for minimizing the risk of security breaches at a minimal cost. In our study, we propose an improved Attack-Defense Tree mechanism designated as iADTree, for solving the TRA problem in cloud computing environments.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.3182-3203
• /
• 2023

With the growing adoption of cloud-based technologies, maintaining the privacy and security of cloud data has become a pressing issue. Privacy-preserving encryption schemes are a promising approach for achieving cloud data security, but they require careful design and implementation to be effective. The integrated approach to cloud data security that we suggest in this work uses CogniGate: the orchestrated permissions protocol, index trees, blockchain key management, and unique Opacus encryption. Opacus encryption is a novel homomorphic encryption scheme that enables computation on encrypted data, making it a powerful tool for cloud data security. CogniGate Protocol enables more flexibility and control over access to cloud data by allowing for fine-grained limitations on access depending on user parameters. Index trees provide an efficient data structure for storing and retrieving encrypted data, while blockchain key management ensures the secure and decentralized storage of encryption keys. Performance evaluation focuses on key aspects, including computation cost for the data owner, computation cost for data sharers, the average time cost of index construction, query consumption for data providers, and time cost in key generation. The results highlight that the integrated approach safeguards cloud data while preserving privacy, maintaining usability, and demonstrating high performance. In addition, we explore the role of differential privacy in our integrated approach, showing how it can be used to further enhance privacy protection without compromising performance. We also discuss the key management challenges associated with our approach and propose a novel blockchain-based key management system that leverages smart contracts and consensus mechanisms to ensure the secure and decentralized storage of encryption keys.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.85-100
• /
• 2004

All information system is information security system that enforced security function. To improve qualify of information security system, suity requirement analysis and specification must be Performed by consistently and typically at early requirement analysis step. In this paper, we propose a security requirements analysis and specification model and process by using Misuse Case Model that extends UML's Use Case Model. And, we propose a cost-effective security product selection algorithm that security product is sufficient of all constructed security functional requirements. It may raise quality of information security system that developed through proposed model and process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1393-1399
• /
• 2018

Companies that use a variety of software use patch management systems provided by security vendor to manage security vulnerabilities of software to improve security. System administrators monitor the vendor sites that provide new patch information to maintain the latest software versions, but it takes a lot of cost and monitoring time to find and collect patch information because the patch cycle is irregular and the structure of web page is different. In order to reduce this, studies to automate patch information collection based on keyword or web service have been conducted, but since the structure to provide patch information in vendor site is not standardized, it was applicable only to specific vendor site. In this paper, we propose a system that automates the collection of patch information by analyzing the structure and characteristics of the vendor site providing patch information and using web crawler to reduce the cost and monitoring time consumed in collecting patch information.

• Journal of Digital Convergence
• /
• v.19 no.11
• /
• pp.327-339
• /
• 2021

The ultimate aim of this study is to examine the effect of security policy characteristics (policy threat, policy effectiveness, policy compliance cost, policy compliance self-efficacy, social influence) on organizational information security policy compliance motivation based on TTAT (Technology Threat Avoidance Theory). We found the following results. First, the security policy threat has a significant positive effect on policy compliance motivation. Second, it was found that the policy effectiveness has a statistically significant effect on the compliance motivation. Third, the policy compliance cost has an influence on the policy compliance motivation. Fourth, the policy compliance self-efficacy does not have an effect on compliance motivation. Finally, social influence has a significant effect on compliance motivation.