• The Korean Journal of Health Service Management
• /
• v.9 no.2
• /
• pp.23-32
• /
• 2015

In this paper, we evaluated web security vulnerability and privacy information management of hospital web sites which are registered at the Korea Hospital Association. Vulnerability Scanner (WVS) based on the OWASP Top 10 was used to evaluate the web security vulnerability of the web sites. And to evaluate the privacy information management, we used ten rules which were based on guidelines for protecting privacy information on web sites. From the results of the evaluation, we discovered tertiary hospitals had relatively excellent web security compared to other type of hospitals. But all the hospital types had not only high level vulnerabilities but also the other level of vulnerabilities. Additionally, 97% of the hospital web sites had a certain level of vulnerability, so a security inspection is needed to secure the web sites. We discovered a few SQL Injection and XSS vulnerabilities in the web sites of tertiary hospitals. However, these are very critical vulnerabilities, so all hospital types have to be inspected to protect their web sites against attacks from hacker. On the other hand, the inspection results of the tertiary hospitals for privacy information management had a better compliance rate than that of the other hospital types.

• Journal of the Korean Dietetic Association
• /
• v.10 no.4
• /
• pp.390-400
• /
• 2004

Food and nutrition sites are the major portion of the health information sites. For the point of public health it is very important to secure validity and reliability of information on those web sites. Therefore, in this study we would like to identify problems when acquiring recipes in web sites by analyzing and reviewing recipes in web sites. To investigate Korean food recipes provided in web sites, domestic search engines such as Simmani, Naver, Hanmir, and Empas and foreign search engines such as Yahoo Korea, Lycos and Altabista Korea were used. Searchs were done using 'recipe' and 'Joribeob (cooking method)' from March 20, 2002 to June 20, 2002. Informations in each sites were reviewed and analyzed Results are as follow; When classifying 46sites searched with 'Joribeob' by the information provider, 24sites were individual, 16sites were corporate and 6sites were others. When searching 'recipe', total 12,654recipes were returned. Out of them, individual provided 2,581sites(20.4%), corporate provided 7,249sites(57.3%), and others provided 2,824sites(22.3%). 9,979(78.9%) recipes out of 12,654recipes were proved to be appropriate as Korean food. Classifying recipes by dish group, vegetables 11.7%, soups and hot soups 9.7%, stew and casseroles 8.2%, pan cakes 8.0%, stir fried foods and skewers 7.8%, rice 7.2%, hard boiled food 7.1%, steam 6.4%, noodles and mandu 5.3%, Kimchi 4.5%, fried 4.1%, and porridge 3.7% in order. 21.1% of recipes were not appropriate as Korean food but provided as Korean Food. The proportion of individual as the information provider were higher than that of enterprises. Recipes from enterprises were based on food and nutrient information and more reliable. However, there were some cases that they provided the same amount of ingredients with different calories or provided the same calories with different ingredients. Additionally, depending on sites, they provided different calories even for the same recipe. There were some cases that the calories provided on the site were too high or too low, for the suggested amount of ingredients and serving size. Recipes those provide amount of calories were evaluated using the nutrient analysis program. Calculated calories and provided calories on the Web were compared together. There are difference between two valus. With these results, it may lead misuse of recipe by those who need accuracy in diet such as patients or who are interested in recipe information for academic purposes. These results could be used as basic materials to improve quantity and quality of recipes in the future. Also, to improve the accuracy of recipies for Korean foods in the web sites, there should be some systems to monitor and let internet users know monitoring results.

• Journal of Korea Multimedia Society
• /
• v.19 no.2
• /
• pp.308-315
• /
• 2016

With the advancement in the area of cloud storage services as well as a tremendous growth of social networking sites, permission for one web service to act on the behalf of another has become increasingly vital as social Internet services such as blogs, photo sharing, and social networks. With this increased cross-site media sharing, there is a upscale of security implications and hence the need to formulate security protocols and considerations. Recently, OAuth, a new protocol for establishing identity management standards across services, is provided as an alternative way to share the user names and passwords, and expose personal information to attacks against on-line data and identities. Moreover, OwnCloud provides an enterprise file synchronizing and sharing that is hosted on user's data center, on user's servers, using user's storage. We propose a secure Social Networking Site (SSN) access based on OAuth implementation by combining two novel concepts of OAuth and OwnCloud. Security analysis and performance evaluation are given to validate the proposed scheme.

• Food Science and Industry
• /
• v.49 no.2
• /
• pp.78-82
• /
• 2016

DB Integration website(tentatively named Food Processing Aptitude Information Center, FPAIC) has been designed through a "high-value products development project(2013)". Basically, the project aims to secure connections between food raw materials and processing industry, a variety of information sources, and users's convenience. It also aims to build the industry-university-based mutual growth in the food industry through sharing of processing suitability and material research on food raw materials. FPAIC consists of raw material story, information of sample characteristics, food processing study, preceding research data, food industry trends, and understanding of food processing. The major database of research on Food Processing is provided on information of sample characteristics, and food processing study. Currently the web site has 36 raw material stories, 380 information on sample characteristics and food processing studies, 1,600 preceding research data about 31 food raw materials. The web site also provides information on 70 useful web sites, as well as 77 food industry trends, 27 basic information about food processing.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.9
• /
• pp.405-412
• /
• 2013

Current web has evolved to a mashed-up format according to the change of the implementation and usage patterns. Web services and user experiences have improved, however, security threats are also increased as the web contents that are not yet verified combine together. To mitigate the threats incurred as an adverse effect of the web development, we need to check security on the combined web contents. In this paper, we propose a scheduling method to detect malicious web pages not only inside but also outside through extended links for secure operation of a web site. The scheduling method considers several aspects of each page including connection popularity, suspiciousness, and check elapse time to make a decision on the order for security check on numerous web pages connected with links. We verified the effectiveness of the security check complying with the scheduling method that uses the priority given to each page.

• Journal of Intelligence and Information Systems
• /
• v.14 no.2
• /
• pp.137-156
• /
• 2008

The purpose of this study is to implement evaluation on domestic cyber University web site to analyze web usability and web accessibility in order to present how much cyber University provides various personalized services and qualitative contents to users on web site. And also with this result, I hope to contribute in qualitative development of web site and reliability of remote education. For this purpose, I developed checklist suitable to remote University by applying SM-ABCDE assessment method of Moonhyeongnam, the professor in Sookmyung Women's University, and implemented evaluation on web sites of 17 cyber University over the five aspects of attraction, business, contents, design, and engineering. As the result of this study, it was found that Busan Digital University was best in the respect of attraction, both Kyunghee Cyber University and Cyber University of foreign studies were best in the respect of business, Kyunghee University was best in the respect of contents, and Hanyang Cyber University was best in the respect of design. It was also evaluated in the comprehensive view and the order was found that Kyunghee Cyber University, Busan Cyber University, and Hanyang Cyber University. However in the respect of engineering, it came out that all the sites did not observe the regulation on web accessibility. If domestic Cyber Universities are to observe the regulation on web accessibility with the long term view, on the base of this study, web usability would be increasing. Then they can secure various classes of customers as well as ordinary people so that they will be able to take the real place of educational institution orienting the most advanced educational method in the society of knowledge and information in addition to advance in themselves.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.459-466
• /
• 2017

One of the most widely-used open source project; OpenSSL is a cryptography library that is used to secure most web sites, servers and clients. One can secure the communication with the Secure Socket Layer (SSL) or its successor, Transport Layer Security (TLS) protocols by using the OpenSSL library. Since cryptography protocols will be updated and enhanced in order to keep the system protected, the library was written in such a way that simplifies the integration of new cryptographic methods, especially for the symmetric cryptography protocols. However, it gets a lot more complicated in adding an asymmetric cryptography protocol and no guide can be found for the integration of the asymmetric cryptography protocol. In this paper, we explained the architecture of the OpenSSL library and provide a simple tutorial to modify the OpenSSL library in order to accommodate custom protocols of both symmetric and asymmetric cryptography.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.769-780
• /
• 2014

In general, internet users need to remember several IDs and passwords when they use diverse web sites. From an effective management perspective, SSO system was suggested to reduce user inconvenience. Kerberos authentication, which uses centralized system management, is a typical example of a broker-based SSO authentication model. However, further research is required, because the existing Kerberos authentication system has security vulnerability problems of password and replay attacks. In SSO authentication systems, a major security vulnerability is the replay attack. When user credentials are seized by attackers, an authorized session can be obtained through a replay attack. In this paper, an improved SSO authentication model based on the broker-based model and a secure lightweight SSO mechanism against credential replay attack is proposed.

• The Journal of Information Systems
• /
• v.23 no.1
• /
• pp.225-246
• /
• 2014

With the recent establishment of a ubiquitous environment and the paradigm shift to a smart society, the use of mobile devices, such as smart phones and tablet PCs, has become widespread. Thus, the trend is gradually shifting from using Web-based Instant Messenger to using Mobile-based Instant Messenger. Mobile Instant Messenger refers to a service that allows instant messaging as well as data sending and receiving between individuals with exclusive application programs(mobile Apps), which can be used in portable devices-such as smart phones-with wireless Internet access. Korea's portal sites, telecommunication companies, and even big companies have all rushed into the MIM market to join the competition. The reason so many companies are showing interest in the MIM business is because it is rising as a core platform to substitute portal sites in the mobile society, and MIM is perceived as the best means to attract and secure users. The intention to reuse or use continually was considered an important factor in maintaining a dominant position amidst such fierce competition, and consequently, most research thus far has reflected such thought. However, the frequent or long-term use of a system alone cannot indicate the definite success of the system, nor guarantee its dominant position in the market. On the contrary, MIM dependence, which goes beyond simple repetitive use and indicates a state where users actually or emotionally depend on a specific system, can better explain the user action. However, not much research has been conducted on dependence. The research results showed that lively message, concise message, message responsiveness, and social belonging significantly affected perceived usefulness. Message responsiveness, Link, and social belonging significantly affected flow. Flow significantly affected MIM dependence, and perceived usefulness did not affect MIM dependence. This study has proven that lively message, concise message, message responsiveness, Link, social belonging and perceived usefulness are important antecedents and mediating factors of MIM dependence. Moreover, this study is significant in that it explains the overall process of MIM dependence, and expands on the variety and scope of research that can be applied to MIM-related studies.

• Journal of the Korea Convergence Society
• /
• v.10 no.10
• /
• pp.21-26
• /
• 2019

At present, it is indispensable to utilize data as an information society. Therefore, the database is used to manage large amounts of data. In real life, most of the data in a database is the personal information of a group of members. Because personal information is sensitive data, the role of the database administrator who manages personal information is important. However, there is a growing number of attacks on databases to use this personal information in a malicious way. SQL Injection is one of the most known and old hacking techniques. SQL Injection attacks are known as an easy technique, but countermeasures are easy, but a lot of efforts are made to avoid SQL attacks on web pages that require a lot of logins, but some sites are still vulnerable to SQL attacks. Therefore, this study suggests effective defense measures through analysis of SQL hacking technology cases and contributes to preventing web hacking and providing a secure information communication environment.