• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.53-60
• /
• 2007

In a known plaintext scenario, fast correlation attack is very powerful attack on stream ciphers. Most of fast correlation attacks consider the cryptographic problem as the suitable decoding problem. In this paper, we introduce advanced multi-pass fast correlation attack which is based on the fast correlation attack, which uses parity check equation and Fast Walsh Transform, proposed by Chose et al. and the Multi-pass fast correlation attack proposed by Zhang et al. We guess some bits of initial states of the target LFSR with the same method as previously proposed methods, but we can get one more bits at each passes and we will recover the initial states more efficiently.

• Journal of Information Technology Services
• /
• v.13 no.1
• /
• pp.209-220
• /
• 2014

Most of monitoring systems in logistics industry have limitations on monitoring container information in real-time. And customers only could check information gathered from certain points through web browser. That is why it is very hard to take actions in advance when emergency situation has happened. But if customers could check information such as position and status of freight in real-time through their mobile devices, they could take prompt actions. So, in this study, mobile application based on mobile devices is developed to monitor position and status information of the container in real-time. Entire devices monitoring container in aspect of logistics security are handled by workers in the field. So it is strongly required to develop monitoring system operated in mobile devices. For that reason this study aims to develop mobile application in order to monitor information related to container security and safety in real-time.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.113-127
• /
• 2014

The use of mobile devices offers a variety of services to the individuals and companies. On the other hand, security threats and new mobile security threats that exist in IT infrastructure to build the environment for mobile services are present at the same time. Services such as mobile and vaccine management services, such as MDM (Mobile Device Management) has attracted a great deal of interest in order to minimize the threat of security in mobile environment. These solutions can not protect an application that was developed for the mobile service from the threat of vulnerability of mobile application itself. Under these circumstances, in this paper, we proposed mobile application security checklists based on application security review items in order to prevent security accidents that can occur in a mobile service environment. We collected and analyzed Android applications, we performed a total inspection of the applications for verification of the effectiveness of the check items. And we checked that the check items through a survey of experts suitability was verified.

• The KIPS Transactions:PartC
• /
• v.15C no.3
• /
• pp.173-190
• /
• 2008

The purposes of this study is development of information security evaluation model for governments to analyze domestic and foreign existing models. Recent domestic information security certification systems have several problems, because shortage of organic connectivity each other. Therefore we analysis on domestic and foreign existing models, specify security requirements, evaluation basis and other facts of models, optimize these facts for governments, and develop new model for domestic governments.

• Journal of Information Technology Services
• /
• v.21 no.4
• /
• pp.63-74
• /
• 2022

Globally researchers at medical institutions are actively sharing COHORT data of patients to develop vaccines and treatments to overcome the COVID-19 crisis. OMOP-CDM, a common data model that efficiently shares medical data research independently operated by individual medical institutions has patient personal information (e.g. PII, PHI). Although PII and PHI are managed and shared indistinguishably through de-identification or anonymization in medical institutions they could not be guaranteed at 100% by complete de-identification and anonymization. For this reason the security of the OMOP-CDM database is important but there is no detailed and specific OMOP-CDM security inspection tool so risk mitigation measures are being taken with a general security inspection tool. This study intends to study and present a model for implementing a tool to check the security vulnerability of OMOP-CDM by analyzing the security guidelines for the US database and security controls of the personal information protection of the NIST. Additionally it intends to verify the implementation feasibility by real field demonstration in an actual 3 hospitals environment. As a result of checking the security status of the test server and the CDM database of the three hospitals in operation, most of the database audit and encryption functions were found to be insufficient. Based on these inspection results it was applied to the optimization study of the complex and time-consuming CDM CSF developed in the "Development of Security Framework Required for CDM-based Distributed Research" task of the Korea Health Industry Promotion Agency. According to several recent newspaper articles, Ramsomware attacks on financially large hospitals are intensifying. Organizations that are currently operating or will operate CDM databases need to install database audits(proofing) and encryption (data protection) that are not provided by the OMOP-CDM database template to prevent attackers from compromising.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.26 no.3
• /
• pp.55-65
• /
• 2018

The SBD systems have made it possible that all boarding procedures are completed by passengers. With the SBD, air tickets can be issued and baggage can be consigned without the help of airline officers. This way, the SBD can improve the passenger circulation speed as well as decrease the time for passengers to wait for check-in, which is connected to the reduction of airlines' operaitonal costs. However, given that the SBD is a new technology, it has potentials to be used as a tool for air terrorism. This study purposes to determine methods to enhance the security and operation of SBD systems. With the aim, this paper investigated the existing literature on SBDs, self-check-in, airport security, air terrorism, risk management, aviation accidents, and information security. In order to compile real-time information about the SBD operations, twelve airports in North America, Europe, and Asia were analyzed based on existing studies on international SBD trends.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.27-40
• /
• 2001

In an offline system, the bank does not participate in payments. As a result, it is difficult to make the refund spendable. Due to this, current offline systems do not provide spendable refunds. In these systems, a check consists of two parts: a spendable part and a refund part. A client uses the spendable part during the payment phase, and uses the refund part to get the refund for the remainder of the check. Therefore, a client cannot reuse the remaining and must always refund it. Moreover, the relationship between the spent amount and the refund amount can be used to guess which check the client used when the client refunds the remaining. To remedy these problems, we propose a new offline system which allow clients to reuse the remaining values of the check. This system provides unlinkability of the payments made by using a single check. It also provides mechanisms to detect and identify clients who perform misconduct such as double spending and over spending. The required overall computational cost to withdraw, spend and refund a check in our system is lower than using several checks in other offline systems.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.05a
• /
• pp.119-121
• /
• 2018

IWhile the investment on virtual currency is incresing, it is needed to check the authentication and security on virtual currency exchange. Therefore, this research is to examine the elements of authentication and security on virtual currency exchange.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.198-204
• /
• 2024

Correspondence security between IoT devices is a significant concern, and the blockchain makes the latest difference by reducing this matter. In the blockchain idea, the larger part or even all organization hubs check the legitimacy and precision of traded information before tolerating and recording them, regardless of whether this information is identified with monetary exchanges or estimations of a sensor or a confirmation message. In assessing the legitimacy of a traded information, hubs should agree to play out an uncommon activity. The chance to enter and record exchanges and problematic cooperation with the framework is fundamentally decreased. To share and access the executives of IoT devices data with disseminated demeanour, another confirmation convention dependent on block-chain is proposed, and it is guaranteed that this convention fulfils client protection saving and security. This paper highlights the recent approaches conducted by other researchers to secure the Internet of Things environments using blockchain. These approaches are studied and compared with each other to present their features and disadvantages.

• Journal of the Korea Safety Management & Science
• /
• v.12 no.4
• /
• pp.107-116
• /
• 2010

To give a solution to solve personal information problems issued in this study, the domestic and overseas cases about information security management system including an authentication technique are analyzed. To preserve the outflow of personal information, which is such a major issue all over the world, a new security audit check list is also proposed. We hope this study to help information system developers construct and operate confidential information systems through the three steps: Analysis of risk factors that expose personal information, Proposal to solve the problem, Verification of audit checking items.