• Journal of Digital Convergence
• /
• v.17 no.3
• /
• pp.215-220
• /
• 2019

The block chain technology is a technique that prevents manipulation of data and ensures integrity and reliability. Ethereum is building a smart contract environment as a type of encryptionenabled system based on block chains. Smart contracts can be implemented when conditions are met, thus increasing confidence in digital data. However, smart contracts that are being tried in various ways are not covered by information security and personal information protection. The structure in which the network participant can view the open transaction ledger is exposed to data or personal information listed in the block chain. In this study, it is possible to manage the data of personal information recorded in the block chain directly. This study is protected personal information by preventing the exposure of personal information and by executing time code, it is possible to erase recorded information after a certain period of time has elapsed. Based on the proposed system in the future, it is necessary to study the additional management techniques of unknown code defects or personal information protection.

• Journal of KIISE:Computing Practices and Letters
• /
• v.13 no.2
• /
• pp.86-99
• /
• 2007

Packet filtering is to filter out potentially malicious network packets. In order to test a packet filtering function we should verify whether security policies are performed correctly as intended. However there are few existing tools to test the function. Besides, they need user participation when generating test cases or deciding test results. Many security administrators have a burden to test systematically new security policies when they establish new policies or modify the existing ones. To mitigate the burdens we suggest a new test method with minimal user articipation. Our tool automates generation steps of the test cases and the test oracles, respectively. By using the test oracles generated automatically, deciding test results is possible without user intervention. Our method realizes an automatic testing in three phases; test preparation phase, test execution, and test evaluation. As a result it may enhance confidence of test activities more highly. This paper describes the design and implementation of our test method and tool.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.51-59
• /
• 2013

Cyberspace, based on the dramatic development of information and communications technology, has brought enormous benefits to mankind. However, concerns over cyber terrorism and cyber attack are becoming serious. It is time to expand the global dialogue on international security issues in cyberspace. It is imperative to have a common understanding that cyberspace, the infrastructure for prosperity, should not be utilized as a space to create conflicts among states, and that all states agree to build confidence and peace in cyberspace. For this purpose, there are 3 tracks of international cooperations: 1)international cooperation such as UN and Conference on Cyberspace, 2)regional cooperations such as ARF and OSCE. 3)bilateral cooperations such US-Russia Cybersecurity Agreement, US-China presidential level dialogue. This paper will analyze the 1st track of international cooperations of UN and Conference on Cyberspace. With this, Korean government can prepare the forthcoming GGE activities and make our own strategy to deal with the global norms of good behaviour in cyberspace.

• Journal of KIISE
• /
• v.42 no.8
• /
• pp.979-989
• /
• 2015

Machine to Machine (M2M) technology has gained attention due to the fast diffusion of Internet of Things (IoT) technologies and smart devices. Most wireless network experts believe that Bluetooth Low Energy (BLE) Communications technology in an iBeacon network has amazing advantages in terms of providing communication services at a low cost in smartphone applications. Specifically, BLE does not require any pairing process during its communication phases, so it is possible to send a message to any node without incurring additional transmissions costs if they are within the BLE communication range. However, BLE does not require any security verification during communication, so it has weak security. Therefore, a security authorization process would be necessary to obtain customer confidence. To provide security functions for iBeacon, we think that the iBeacon Message Encryption process and a Decryption (Authorization) process should be designed and implemented. We therefore propose the BLE message Authorization Mechanism based on a One Time Password Algorithm (BLE-OTP). The effectiveness of our mechanism is evaluated by conducting a performance test on an attendance system based on BLE-OTP.

• International Journal of Computer Science & Network Security
• /
• v.21 no.8
• /
• pp.141-148
• /
• 2021

Project management is a current trend of management in the public sphere, based on different principles, methods and tools. The tools include information technologies providing control over time, cost, quality and planning process in order to ensure accountability to interested parties. The goal of the research was to examine the impact of the integration of information systems in project management of the public sphere on the quality of public governance and administration using the example of infrastructure projects involving the private sector in developing countries. The methodology of the research is based on the concepts of "digital-era governance" (DEG), "Information governance" and "project governance" to determine the effectiveness of information systems and technologies in the management of infrastructure projects in the public sphere. The data from the countries with Lower middle income (India, Indonesia, Philippines, Ukraine, Vietnam) and Upper middle income (Argentina, Brazil, China, Colombia, Mexico, Peru, Romania, Russian Federation, Thailand, Turkey) for 1996-2020 were used to study the effects of DEG. The results show two main trends in the countries with Lower middle income and Upper middle income. The first trend is the development of digital governance, the concept of "digital-era governance" through information systems and performance measurement of the governance system, forecasting of investment flows of infrastructure projects, measurement of payback and effectiveness parameters for investment management in the public sector, decision support. The second trend is the existence of systemic challenges related to corruption, social and institutional factors through the development of democracy in developing countries and the integration of NPM similar to developed countries. The confidence of interested parties, especially private investors, in public authorities is determined by other factors - the level of return on investment, risks and assignment of responsibility, probability of successful completion of the project. These data still remain limited for a wide range of project participants, including citizens.

• Proceedings of the CALSEC Conference
• /
• 2004.02a
• /
• pp.75-82
• /
• 2004

Recently introduced by the major credit card associations as replacements for the decommissioned SET and 3DSET protocols, the new payment models, 3DSecure and UCAF/SPA, have been designed to provide online merchants with a solution to an existing problem in online credit card transactions - the lack of an effective and efficient means of authenticating cardholders. The expected benefits arising from this added level of security from the merchant′s perspective are increased consumer confidence, significant reduction in the levels of fraud and charge backs and "liability shift". Using data gleaned from preliminary interviews, discussion forums and promotional material, we present a critical analysis of the potential barriers and facilitators that will impact on the widespread traction of these programs in the marketplace in the coming years.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.1
• /
• pp.87-93
• /
• 2013

MANET has the advantage of having the flexibility to build easily a network in a difficult situation that builds a wired network. But, data transmission errors by movement of nodes and eavesdropping by wireless communications have become a problem of security. Authentication service is the most essential in order to overcome these problems and operate network stably. In this paper, we propose 3-tiers authentication structure to exclude of malicious node and operate stable network through more systematic and thorough node authentication. After network is composed into a cluster, cluster head which play CA role is elected. Among these, the highest-CA is elected. The highest-CA receives certificates to cluster head and the cluster head evaluates trust value of their member nodes. Authentication technique which issues member node key is used. We compared PSS and experimented to evaluate performance of proposed scheme in this paper and efficiency of the proposed technique through experience was confirmed.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.2
• /
• pp.397-404
• /
• 2019

This study developed the ICT curriculum focusing on apartment security guards and analyzed the actual application results. We developed the educational contents and it designed ICT job courseware for elder education by considering and that designed in consideration of the computer attitudes and physical and cognitive characteristics of the elderly. The educational program was applied to the experimental group and the satisfaction and the educational effect were analyzed through the pre and post test results. As a result of the analysis, the satisfaction level of the education program was higher than the average of 4.00 points. The elderly informal education program was examined by using the qualitative assessment test tool before and after the application of the education program. Internet self-efficacy of experiment group, improvement of internet utilization ability, usage of internet use, personal information willingness, life correction, elimination of conflict among generations, self-confidence, and internet stress increased statistically significantly. These results suggest that the "Private Expense ICT Job Training" program developed in this study can be effective for elderly informatization and can be applied to other elderly education programs and contribute to promotion.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.3
• /
• pp.87-97
• /
• 2014

Pharming attack is a confidence trick that the hacker catch away customers financial information on Internet banking. At first, a hacker installs malicious execution code on customers PC in secret. As a customer tries to connect a Internet banking Web site, the malicious code changes it to phishing site in Internet explorer. The hacker catch away customers financial information in process of internet banking. The hacker steals money from customer's bank account using stolen information. PKI is a widespread and strong technology for providing the security using public key techniques. The main idea of PKI is the digital certificate that is a digitally signed statement binding an user's identity information and his public key. The Internet banking service stands on the basis of PKI. However, the bank is trusted in natural, the only customer is certified in the present Internet banking. In this paper, we propose a method of cross certification in Internet banking. The customer certify a bank and the bank certify the customer in proposed method. The method can service to customer the secure Internet banking about pharming attack. We compare the proposed method with other methods.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.40 no.4
• /
• pp.22-29
• /
• 2003

In the virtual home environment (VHE), which was proposed to offer global roaming and personal service environment portability, user's profiles and service logics are conveyed from home network to visited network to provide services at the visited network. Because user's profiles and service logics may contain confidential information, some procedures for mutual authentication among entities for offering confidence are needed. For these issues, we propose and analyze three 3-Party mutual authentication Protocols adaptable to the VHE in 3G ; password based mutual authentication protocol, mutual authentication protocol with CHAP and key exchange and mutual authentication protocol with trusted third party.