• Smart Media Journal
• /
• v.9 no.4
• /
• pp.91-96
• /
• 2020

A blockchain is a technology in which all nodes participating in a distributed network manage each transaction's contents without a central server managing the transaction, which is a record of the transaction. The block containing the transaction record of a specific period is connected to the blockchain by referring to the hash value for the previous block, and the chain with the new block added is shared with all nodes again. Transactions using existing certificates will pass through FinTech, and in the near future, applications using blockchains are expected to emerge. In this study, we analyze the problems of the existing model, and propose a transaction model that applies the blockchain to come. Among various applications, this study develops a trading model targeting the energy sales market among the topics that will lead the fourth industrial revolution. As a result of analyzing the proposed model, it was possible to be sure of the possibility of a safer energy sales transaction than the existing method.

• Journal of Platform Technology
• /
• v.9 no.4
• /
• pp.32-41
• /
• 2021

The EU enacted a law strongly regulating the GDPR to protect the privacy of its citizens on 25 May 2018. Compliance with GDPR is an essential prerequisite for companies to enter the European market in the global economic era. In this paper, Step-by-step measures have been defined to conclude DPA agreements for the appropriate level of protection against EU personal data transfer. To explore the benefits and expected effects of determining appropriateness at the government level. As a result, enterprises benefit from simplifying processes, reducing time, and reducing costs when entering the EU. Government-level support in response to personal data breach and communication with the EU Commission will have a positive impact, However, even after the adequacy decision, the entity continues to need activities to secure personal data through compliance with GDPR principles and obligations. Major operations of companies that comply with GDPR are also maintained as important tasks that must be observed in most cases except for the Data Protection Agreement.

• Journal of Platform Technology
• /
• v.12 no.3
• /
• pp.55-61
• /
• 2024

As the digital environment becomes more complex and cyber attacks become more sophisticated, the importance of data protection is emerging. As various security threats such as data leakage, system intrusion, and authentication bypass increase, secure key management is emerging. Key Management System (KMS) manages the entire encryption key life cycle procedure and is used in various industries. There is a need for a key management system that considers requirements suitable for the environment of various industries including public and finance. The purpose of this paper is to derive the characteristics of the key management system for each industry by comparing and analyzing key management systems used in representative industries. As for the research method, information was collected through literature and technical document analysis and case analysis, and comparative analysis was conducted by industry sector. The results of this paper will be able to provide a practical guide when introducing or developing a key management system suitable for the industrial environment. The limitations are that the analyzed industrial field was insufficient and experimental verification was insufficient. Therefore, in future studies, we intend to conduct specific performance tests through experiments, including key management systems in various fields.

• Journal of Platform Technology
• /
• v.12 no.1
• /
• pp.67-76
• /
• 2024

Small and medium-sized enterprises play a fundamental role in the foundation of our country's industry and economy, and most technological innovations occur in small and medium-sized enterprises rather than large corporations. Technology development and innovation are the only way for small and medium-sized enterprises to survive in a fiercely competitive environment, so they focus on it, but interest and investment in technology protection tend to be stingy. As a result, industrial technology leakage accidents occur frequently, and it is difficult to meet improvement measures. When a leak occurs, digital evidence is required to prove criminal activity, but problems such as digital evidence being damaged or deleted due to management loopholes often occur. Therefore, through this study, we aim to design a digital evidence-based countermeasure depending on the type of technology leak accident. We will classify the types of technology leak incidents that actually occurred and study ways to secure digital evidence in the security environment of small and medium-sized businesses that operate internal information leak prevention solutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.863-872
• /
• 2015

Kernel rootkit is recognized as one of the most severe and widespread threats to corrupt the integrity of an operating system. Without an external monitor as a root of trust, it is not easy to detect kernel rootkits which can intercept and modify communications at the interfaces between operating system components. To provide such a monitor isolated from an operating system that can be compromised, most existing solutions are based on external hardware. Unlike those solutions, we develop a kernel introspection system based on the ARM TrustZone technology without incurring extra hardware cost, which can provide a secure memory space in isolation from the rest of the system. We particularly use a secure timer to implement an autonomous switch between secure and non-secure modes. To ensure integrity of reference, this system measured reference from vmlinux which is a kernel original image. In addition, the flexibility of monitoring block size can be configured for efficient kernel introspection system. The experimental results show that a secure kernel introspection system is provided without incurring any significant performance penalty (maximum 6% decrease in execution time compared with the normal operating system).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.705-717
• /
• 2020

Cities in the world are rushing to develop smart cities to create a sustainable and happy city by solving many problems in cities using information and communication technologies such as big data and IoT. However, in Korea's smart cities and smart city certification systems, the focus is on platform-oriented hardware infrastructure, and the information security aspect is first considered to build and authenticate. It is a situation in which a response system for the risk of leakage of big data containing personal information is needed through policy research on the aspect of personal information protection for smart city operation. This paper analyzes the types of personal information in smart cities, problems associated with the construction and operation of smart cities, and the limitations of the current smart city law and personal information protection management system. As a solution, I would like to present a model of a personal information protection management system in the smart city field and propose a plan to strengthen personal information protection through this. Since the management system model of this paper is applied and operated in the national smart city pilot cities, demonstration cities, and CCTV integrated control centers, it is expected that citizens' personal information can be safely managed.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.21-27
• /
• 2006

With the introduction of sound source sharing over the high speed internet and portable digital audio, the digitalization of sound source has been rapidly expanded and the sales and distribution of sound sources of the former offline markets are stagnant. Also, the problem of infringement of copyright is being issued seriously through illegal reproduction and distribution of digitalized sound sources. To solve these problems, the DRM technology for protecting contents and copyrights in portable digital audio device began to be introduced. However, since the existing DRM was designed based on the fast processing CPU and network environment, there were many problems in directly applying to the devices with small screen resolution, low processing speed and network function such as digital portable audio devices which the contents are downloadable through the PC. In this study, the DRM structural model which maintains similar security level as PC environment in the limited hardware conditions such as portable digital audio devices is proposed and analyzed. The proposed model chose portable digital audio exclusive device as a target platform which showed much better result in the aspect of security and usability compared to the DRM structure of exiting portable digital audio device.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.93-103
• /
• 2006

Network solutions for protecting against worm attacks that complement partial end system patch deployment is a pressing problem. In the content-based worm filtering, the challenges focus on the detection accuracy and its performance enhancement problem. We present a worm filter architecture using the bloom filter for deployment at high-speed transit points on the Internet, including firewalls and gateways. Content-based packet filtering at multi-gigabit line rates, in general, is a challenging problem due to the signature explosion problem that curtails performance. We show that for worm malware, in particular, buffer overflow worms which comprise a large segment of recent outbreaks, scalable -- accurate, cut-through, and extensible -- filtering performance is feasible. We demonstrate the efficacy of the design by implementing it on an Intel IXP network processor platform with gigabit interfaces. We benchmark the worm filter network appliance on a suite of current/past worms, showing multi-gigabit line speed filtering prowess with minimal footprint on end-to-end network performance.

• Strategy21
• /
• s.37
• /
• pp.65-103
• /
• 2015

This study is an attempt to look into the future role of the ROKN and to provide a strategic way forward with a special focus on naval strategic concept and force planning. To accomplish this goal, this research takes four sequential steps for analysis: 1) assessing the role and utility of naval power of ROKN since its foundation back in 1945; 2) forecasting features of various maritime threats to influence the security of Korea in the future directly or indirectly; 3) identifying the roles to be undertaken by future ROKN; and 4) recommending Korean way of naval force planning and the operational concept of naval power. This study seeks to show that ROKN needs comprehensive role to better serve the nation with respect to national security, national prosperity and development, and future battle-space management. To safeguard the national security of Korea, it suggests three roles: 1) national guard for the peaceful unification; 2) protector of the maritime sovereignty; and 3) suppressor to maritime threats. Three more roles are highlighted for national prosperity: 1) escort of the national economy; 2) guardian for national maritime activities; and 3) contributor to the world peace. These roles need to be closely connected with the role for the battle-space management. This paper addresses the need for a dramatic shift of the central operational domain from land to maritime in the future. This will eventually offer future ROKN a leading role for developing strategic concept and force planning rather than merely a supporting one. This study finally suggests 'balanced' strategy both in concept development and force planning. A balanced force planning is a 'must' rather than an 'option' when considering a division of function between Task Fleets and Area Fleets, constructing cutting-edge conventional forces such as Aegis destroyer, CVs, or submarines, and the mix of high-profile platform and low-profile when composing future fleets. A 'balance' is also needed in operational concept. The fleet should be prepared to fulfill its missions based on two different types of force operation i.e., coercive or cooperative application of the utility of naval force. The findings and recommendations of the study are relevant today, and will be increasingly important in the future to achieve various political goals required by enhancing the utility of naval power.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.5
• /
• pp.36-46
• /
• 2019

The number of hosts connected to the Internet has increased dramatically, introducing the Domain Name System(DNS) in 1984. DNS is now an important key point for all users of the Internet by allowing them to use a convenient character address without memorizing a series of numbers of complex IP address. However, relative to the importance of DNS, there still exist many problems such as the authorization allocation issue, the disputes over public registration, security vulnerability such as DNS cache poisoning, DNS spoofing, man-in-the-middle attack, DNS amplification attack, and the need for many domain names in the age of hyper-connected networks. In this paper, to effectively improve these problems of existing DNS, we proposed a method of implementing DNS using distributed ledger technology, blockchain, and implemented using a Ethereum-based platform. In addition, the qualitative analysis performance comparative evaluation of the existing domain name registration and domain name server was conducted, and conducted security assessments on the proposed system to improve security problem of existing DNS. In conclusion, it was shown that DNS services could be provided high security and high efficiently using blockchain.