• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.38 no.4
• /
• pp.30-38
• /
• 2015

IT security service provides customers with the capability of protecting the networked information asset and infrastructures, and the scope of security service is expanding from a technology-intensive task to a comprehensive protection system for IT environment. To improve the quality of this service, a research model which help assess the quality is required. Several research models have been proposed and used in various service areas, but few cases are found for IT security service. In this work, a research model for the IT security quality has been proposed, based on research models such as SERVQUAL and E-S-QUAL. With the proposed model, factors which affect the service quality and the best quality measure have been identified. And the feasibility of using quantitative measures for quality has been examined. For analysis, structural equation modeling and various statistical methods such as principal component analysis were used. The result shows that satisfaction is the most significant measure affected by the proposed quality factors. Two quality factors, fulfillment and empathy, are the main determinants of the service quality. This leads to a strategy of quality improvement based on factors of emotion and perception, not of technology. The quantitative measures are considered as promising alternative measures, when combined with other measures. In order to design reliable quantitative measures, more work should be done on target processing time and users' expectation. It is hoped that work of this research will provide efficient tools and methods to improve the quality of IT security service and help future research works for other IT service areas.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.10
• /
• pp.5153-5170
• /
• 2016

The benefit of the scalability and flexibility inherent in cloud computing motivates clients to upload data and computation to public cloud servers. Because data is placed on public clouds, which are very likely to reside outside of the trusted domain of clients, this strategy introduces concerns regarding the security of sensitive client data. Thus, to provide sufficient security for the data stored in the cloud, it is essential to encrypt sensitive data before the data are uploaded onto cloud servers. Although data encryption is considered the most effective solution for protecting sensitive data from unauthorized users, it imposes a significant amount of overhead during the query processing phase, due to the limitations of directly executing operations against encrypted data. Recently, substantial research work that addresses the execution of SQL queries against encrypted data has been conducted. However, there has been little research on top-k join query processing over encrypted data within the cloud computing environments. In this paper, we develop an efficient algorithm that processes a top-k join query against encrypted cloud data. The proposed top-k join processing algorithm is, at an early phase, able to prune unpromising data sets which are guaranteed not to produce top-k highest scores. The experiment results show that the proposed approach provides significant performance gains over the naive solution.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.11
• /
• pp.4224-4243
• /
• 2021

Cognitive radio (CR) is a feasible intelligent technology and can be used as an effective solution to spectrum scarcity and underutilization. As the key function of CR, cooperative spectrum sensing (CSS) is able to effectively prevent the harmful interference with primary users (PUs) and identify the available spectrum resources by exploiting the spatial diversity of multiple secondary users (SUs). However, the open nature of the cognitive radio networks (CRNs) framework makes CSS face many security threats, such as, the malicious user (MU) launches Byzantine attack to undermine CRNs. For this aim, we make an in-depth analysis of the motive and purpose from the MU's perspective in the interweave CR system, aiming to provide the future guideline for defense strategies. First, we formulate a dynamic Byzantine attack model by analyzing Byzantine behaviors in the process of CSS. On the basis of this, we further make an investigation on the condition of making the fusion center (FC) blind when the fusion rule is unknown for the MU. Moreover, the throughput and interference to the primary network are taken into consideration to evaluate the impact of Byzantine attack on the interweave CR system, and then analyze the optimal strategy of Byzantine attack when the fusion rule is known. Finally, theoretical proofs and simulation results verify the correctness and effectiveness of analyses about the impact of Byzantine attack strategy on the throughput and interference.

• The Journal of Information Systems
• /
• v.20 no.3
• /
• pp.257-277
• /
• 2011

The current study categorizes factors of smartphone into three, using KANO model: attractive factors which cause only product satisfaction, must-be factors for dissatisfaction, and one-dimensional factors for both. Based on it, it presents a new model for the effects that smartphone factors have on satisfaction or dissatisfaction. The purpose is to theoretically explain that smartphone factors on which companies and users place a high value can actually affect satisfaction or dissatisfaction. After choosing 15 factors out of 25 which had been selected through literature study, these were divided into attractive, must-be, and one-dimensional ones. 93 out of 109 questionnaires returned were used for analysis. After frequency analysis using SPSS were conducted on the surveys, the factors were grouped, based on KANO table. The grouping results are as follows. Attractive factors include 'expansion slots for external memory, battery desorption, brand awareness, mobile banking and internet telephony'. Must-be ones include 'multi-touch, information security, entertainment, information retrieval, location based service and SNS. Finally, 'screen visibility, size of internal memory, the amount of internal memory, battery life, and response to after-sales service' are classified as one-dimensional factors. A critical finding of this paper is that since the results are different depending on the operating system of smartphones, it must be taken into consideration in studies on smartphones. The wide and rapid spread of smartphones has changed people's lifestyle as well as business environment, which forces companies to compete with each other to adapt to the changed circumstances. In this competitive system, studies on smartphone factors of satisfaction and dissatisfaction are essential for firms to establish a new strategy. From this point of view, the present paper is expected to be a basic material for enterprises not only to develop goods and services that maximize customer satisfaction and minimize dissatisfaction, but also to establish the future business strategy.

• Journal of Digital Convergence
• /
• v.10 no.11
• /
• pp.59-65
• /
• 2012

The evolution of cloud computing service over the recent years is potentially one of the major advances in information and communication technology. However, if cloud computing service is to achieve its potential, there needs to be a clear understanding of the various issues such as service security, performance and availability and so on, both from the perspectives of the providers and the consumers of the cloud service. As more and more information on individuals, companies and public sectors are placed in the cloud service, concerns are beginning to grow about just how safe and reliable an environment it is. In order to overcome these situations, the Korea cloud service certification system and U.S. FedRAMP were performed in each country. This paper aims at comparing and analyzing between Korean cloud service certification systems and U.S. FedRAMP and describing the difference between them. Eventually, we propose the improvement strategy of Korea cloud service certification systems based on the comparison results between them.

• Journal of Information Technology Applications and Management
• /
• v.30 no.6
• /
• pp.113-142
• /
• 2023

As society becomes more digital, the need for digital forensics experts are gradually increasing. It is necessary to establish a training policy that reflects the special characteristics of digital forensics personnel. Although there are fragmented policies for digital forensics-related systems and human resources training in academia, it is an urgently necessary to establish a systematic and long-term policy to foster digital forensics experts. This study suggests curriculum of digital forensic based on the importance ranking among forensic subjects. The importance ranking can be decided by forensic experts. This study can be used as policy data to foster diverse talent that can effectively meet the increasing demand for digital forensics talent. The systematic curriculum proposed in this study is a practical curriculum at the undergraduate level and can be suitable for university level

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.2
• /
• pp.478-493
• /
• 2024

In this paper, the Mixed Integer Linear Programming (MILP) model is improved for searching differential characteristics of block cipher Midori-64, and 4 search strategies of differential path are given. By using strategy IV, set 1 S-box on the top of the distinguisher to be active, and set 3 S-boxes at the bottom to be active and the difference to be the same, then we obtain a 5-round differential characteristics. Based on the distinguisher, we attack 12-round Midori-64 with data and time complexities of 2⁶³ and 2^103.83, respectively. To our best knowledge, these results are superior to current ones.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2067-2072
• /
• 2016

Recently, due to the development of attack techniques that can circumvent existing information protection systems, continuous threats in a form unrecognized by the user have threatened information assets. Therefore, it is necessary to support the prompt responses to anticipated attempts of APT attacks, bypass access attacks, and encryption packet attacks, which the existing systems have difficulty defending against through a single response, and to continuously monitor information protection systems with a defense strategy based on Indicators of Attack (IOA). In this paper, I suggest a centralized intelligent information protection system to support the intelligent response to a violation by discerning important assets through prevention control in a performance impact assessment about information properties in order to block the attack routes of APT; establishing information control policies through weakness/risk analyses in order to remove the risks in advance; establishing detection control by restricting interior/exterior bypass networks to server access and monitoring encrypted communications; and lastly, performing related corrective control through backup/restoration.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.267-274
• /
• 2021

The article deals with problems of innovation development on a network basis, which require effective mechanisms of innovation communications. In research the organizational aspects of ICT infrastructure development for innovation networks sustainable development based on cooperative marketing principles is considered. The proposed research idea is based on the idea that ICT implementation is based not only on the operational approach for innovation management as a factor of efficiency of internal communications, but also on knowledge economy and post-industrial economy trends. Therefore, the purpose of study is to develop an ICT model of innovation infrastructure to improve its effectiveness (strategic character) and efficiency (operative character) through increasing the efficiency of network communication interactions. Creation of information space and communication tools to support innovation network sustainable development and cooperation activities in research is proposed to be solved with the help of specialized ICT platform. It is shown, that ICT platform of innovation cooperation innovation network is important tool for common work of participants. ICT platform is considered as an integrated information system designed to automate business processes related to the sustainable development of innovation network, segment management and integration with HEI information systems and industrial cooperation. The main factors that determine the need to use a special ICT platform for innovation network cooperation were considered. The main issues of concurrent engineering (C-technology) application in high-technology industries and innovation cooperation for integrated product development were studied.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.6
• /
• pp.189-196
• /
• 2023

Today, in the era of the 4th industrial revolution based on the paradigm of hyper-connectivity, super-intelligence, and superconvergence, the remote work environment is becoming central based on technologies such as mobile, cloud, and big data. This remote work environment has been accelerated by the demand for non-face-to-face due to COVID-19. Since the remote work environment can perform various tasks by accessing services and resources anytime and anywhere, it has increased work efficiency, but has caused a problem of incapacitating the traditional boundary-based network security model by making the internal and external boundaries ambiguous. In this paper, we propse a method to improve the limitations of the traditional boundary-oriented security strategy by building a security model centered on core components and their relationships based on the zero trust idea that all actions that occur in the network beyond the concept of the boundary are not trusted.