• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.297-302
• /
• 2004

Internet becomes absolutely necessary tools due to rapid progress of information technology. Educational correspondence abount an age of information demand is a education focused on a learner and remote education based on information technology. WBI(Web Based Instruction) is a formation that remotly educate a learner using web, possible mutual reaction between instructor and learner, submint various studying material, has a good point to overcome spatial restriction. Internal and external standardization working is accelerated and recently XML security studies are activated using XML which is next generation web standard document format. And XML electronic signature raise interworking between digital signature systems used by various field of using XML document. Using these merit and complementing defect are main contents that users have to pay about Certification service to get CA certificate from 2004 june. This paper propose multiplex Certification remote education agent system using XML digital signature to satisfy security requirement.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.29-34
• /
• 2004

As the number of internet users grows rapidly, the services which users required becomes various. However, for fulfilling these various user requirements, the existing passive network should be standardized for a long time. To resolve the delay on providing services, active network as a new technology was suggested. Its router or switch with DARPA as center has the program running ability, so user oriented network can be composed. However, active network's architecture can resolve the user required service using mobile code on the network node, but it is more complex, easy-to-attack, various than the passive network. Many researchers have tried to resolve this problem. So, this paper studied the mobile code security service in active network environment to provide user's convenience and accommodation, and introduced ANASP system as an alternative.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.91-96
• /
• 2004

Proxy signature scheme based on delegation of warrant is studied in these days. Proxy signature is a signature scheme that the original signer delegates his signing warrant to the proxy signer, and the proxy signer creates a signature on behalf of the original signer. For using this scheme, the security for protecting from the forgeability or misuse is necessary, There are several security requirements for using the proxy signature schemes. In this paper we suggest the proxy-register protocol scheme that original signer registers to the verifier about the proxy related information. In our scheme, verifier verifies the signature that original signer creates about the proxy information and sets the warrant of proxy signer, validity period for proxy signature and some limitation. Finally, we will show the advantages of our suggestion by comparing with the previous proxy signature schemes.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.259-265
• /
• 2004

Since the 2003.1.25 Internet Crisis, the government has been looking at a number of options to strengthen national cyber-security/crisis management capability to guard against ever increasing threat of cyber-war and terror. Thus, the focus of this study was to explorer new ways of developing a comprehensive cyber-security/crisis management system, in particular by combining modern social-science analytic theories. As a result, although there has to be more in-depth researches into incorporating advanced techniques to generate more detailed and object-specific indexes and protocols, the use of 'event data system,' which has been widely utilized in many recent social science researches to assess a wide-range of socio-political risks and crises, could be adopted as a basis for a comprehensive nationwide cyber-risk management system.

• The Journal of Society for e-Business Studies
• /
• v.24 no.4
• /
• pp.31-48
• /
• 2019

To survive in the trend of the fourth industrial revolution, companies are putting a lot of attention and effort into personalization services using the latest technologies such as big data, artificial intelligence and the Internet of Things, while entrusting third parties to handle personal information on the grounds of work efficiency, expertise and cost reduction. In such an environment, consignors need to check trustees on a more effective and reasonable basis to ensure personal information safety for trustees. This study used AHP techniques to derive the importance and priority of each item of "Personal Information Safety Assurance Measures" for financial companies and trustees, and objectively compared and analyzed differences in perceptions of importance between financial institutions and trustees. Based on this, the company recognizes the difference between self-inspection of financial institutions and inspection of trustees and presents policy grounds and implications for applying differentiated inspection standards that reflect the weights appropriate for the purpose.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.7
• /
• pp.175-184
• /
• 2012

The purpose of this study is to investigate the home trading system (HTS) of the security companies in order to examine the critical factors of HTS service quality and the effect of these factors on HTS customer satisfaction and loyalty. The results show : (1) the quality factors of HTS are assurance, reliability, tangible, responsiveness, and empathy, (2) and these quality factors significantly affect customer satisfaction on HTS and customer satisfaction and loyalty to the security company. (3) Also, customer satisfaction on HTS plays an important role in improving customer satisfaction and loyalty to the security company.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.11
• /
• pp.139-146
• /
• 2020

Cloud computing technology provides economic and efficient system operation and management features to deal with rapidly changing IT technologies. However, this is less used in institutes and companies due to low security of cloud computing service. It is recognized that storing and managing important information, which is confidential in external systems is vulnerable to security threats. In order to enhance security of this cloud computing service, this paper suggests a system and user authentication reinforcement model. The suggested technology guarantees integrity of user authentication information and provides users with convenience by creating blocks for each cloud service and connecting service blocks with chains. The block chain user authentication model offers integrity assurance technology of block chains and system access convenience for SSO users. Even when a server providing cloud computing is invaded, this prevents chained invasions not to affect other systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1033-1047
• /
• 2017

Traditional explicit authentication, which requires awareness of the user's authentication process, is a burden on the user, which is one of main reasons why users tend not to employ authentication. In this paper, we try to reduce such cost by employing implicit authentication methods, such as biometrics and location based authentication methods. We define the 4-level security assurance model, where each level is mapped to an explicit authentication method. We implement our model as an Android application, where the implicit authentication methods are touch-stroke dynamics-based, face recognition based, and the location based authentication. From user experiment, we could show that the authentication cost is reduced by 14.9% compared to password authentication-only case and by 21.7% compared to the case where 6-digit PIN authentication is solely used.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.295-316
• /
• 2012

In the recent field, cybersecuriyt has become one of the critical areas in the information technology field, and demands for cyberseucirty professionals have been increasing tremendously. However, there is In the recent past, cybersecurity has become one of the critical areas in the Information Technology (IT) field, and demands for cybersecurity professionals have been increasing tremendously. However, there is a shortfall in the qualified cybersecurity workforce which is a factor that contributes to the vulnerability of society to various cyber threats. Our study articulates a model to explain career selection behavior in the cybersecurity field. The study explored factors that affect scholars' behavioral intention to pursue a cybersecurity career. Positive outcome expectations from a cybersecurity career as well as high self-efficacy about skills and knowledge about cybersecurity have a strong impact on the scholars' cybersecurity career decisions. Further, perceived usefulness of the cybersecurity curriculum has a positive effect on the scholars' career decisions. The results of this research have implications for retaining a qualified workforce in the computer and information security fields.

• Journal of Technology Innovation
• /
• v.15 no.2
• /
• pp.123-152
• /
• 2007

The striking characteristic of the contemporary global security environment is that the nature of threats has become diverse and complex. For example, transnational and non-military threats including terrorism and proliferation of weapon of mass destruction has increased. In this security environment, Advanced countries funnel their investments for defense budgets into the assurance of key force capability and R&D of cutting-edge core technologies, in consideration of future battlefield environments so as to get an edge on not only defense science and technology but also intelligence capabilities. As shown by past practices of the korea's defense acquisition, the ministry of national defense has tried to enhance its force capabilities in the short-term by purchasing foreign weapon systems rather than by investing in domestic R&D. Accordingly, the technological gaps between the korea and advanced countries were widened due to both insufficient investment in development of domestic technologies and avoidance of technological transfer by advanced countries. Thus, for the effective execution of the R&D budget and the successful performance of the projects, the importance of selection, management and evaluation of the R&D projects is emphasized. So, The objective of this study is that the analysis of the proposal-selection evaluation system for the realization of the successful defense core technology R&D projects. This study focused on the improvement of the proposal-selection evaluation model which can be applicable to the national defense core R&D projects. Using the improved proposal-selection evaluation system, we propose a model to enhance the reliability of the national defense core technology R&D project evaluation system.