• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.2
• /
• pp.382-389
• /
• 2009

As the use of mobile device is popularized, the needs of variable services of WiMAX technique and the importance of security is increasing. There is a problem that can be easily attacked from a malicious attack because the action is achieved connectionlessly between neighbor link establishing procedure and TEK exchange procedure in mobile WiMAX even though typical 1 hop network security technique is adapted to WiMAX for satisfying these security requirement. In this paper, security connected mechanism which safely connects neighbor link establishing procedure of WiMAX and TEK exchange procedure additional to the basic function provided by IEEE 802.16e standard to satisfy security requirement of mobile WiMAX is proposed. The proposed mechanism strengthens the function of security about SS and BS by application random number and private value which generated by SS and BS to public key of neighbor link establishing procedure and TEK exchange procedure. Also, we can prevent from inside attack like man-in-the-middle which can occur in the request of TEK through cryptographic connection of neighbor link establishing procedure and TEK exchange procedure.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.41-48
• /
• 2016

In this paper we propose a new method of security visualization, VisFlow, using traffic flows to solve the problems of existing traffic flows based visualization techniques that were a loss of end-to-end semantics of communication, reflection problem by symmetrical address coordinates space, and intuitive loss problem in mass of traffic. VisFlow, a simple and effective security visualization interface, can do a real-time analysis and monitoring the situation in the managed network with visualizing a variety of network behavior not seen in the individual traffic data that can be shaped into patterns. This is a way to increase the intuitiveness and usability by identifying the role of nodes and by visualizing the highlighted or simplified information based on their importance in 2D/3D space. In addition, it monitor the network security situation as a way to increase the informational effectively using the asymmetrical connecting line based on IP addresses between pairs of nodes. Administrator can do a real-time analysis and monitoring the situation in the managed network using VisFlow, it makes to effectively investigate the massive traffic data and is easy to intuitively understand the entire network situation.

• Journal of the Korea Convergence Society
• /
• v.9 no.7
• /
• pp.55-62
• /
• 2018

Recently, as the threat of cyber crime increases, the importance of security control to cope with cyber attacks on the information systems in the first place such as real-time detection is increasing. In the name of security control center, cyber terror response center and infringement response center, institutional control personnel are making efforts to prevent cyber attacks. Especially, we are detecting infringement accident by using network security equipment or utilizing control system, but it's not enough to prevent infringement accident by just controlling based on device-driven simple patterns. Therefore, the security control system is continuously being upgraded, and the development and research on the detection method are being actively carried out by the prevention activity against the threat of infringement. In this paper, we have defined the method of detecting infringement of major component module in order to improve the problem of existing infringement detection method. Through the performance tests for each module, we propose measures for effective security control and study effective infringement threat detection method by upgrading the control system using Security Information Event Management (SIEM).

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.12
• /
• pp.215-225
• /
• 2011

This paper suggests several methods of improving information securities of universities through the investigations of the current status of information securities in universities, which is becoming a hot topic in knowledge and information societies. In this paper, universities were randomly selected according to their size, and surveyed through email questionnaire to the persons in charge of security in each university, and 27 universities and 18 colleges were replied. From the survey results we confirmed that the pre-prevention is the most important thing in securing information assets, also in universities, and, in this paper, systematic support must be strengthened to establish a comprehensive security management policy and guidelines for the universities, and the importance of information assets and the necessity of security needs to be shared with the members in the universities. Moreover there must be full administrative and financial support, including recruitment and training of information security professionals and the establishing a separate security division.

• Journal of the Korea Safety Management & Science
• /
• v.12 no.4
• /
• pp.1-11
• /
• 2010

The purpose of this study is, by recognizing that recently, as crimes using information and various adverse-effect phenomena such as hacking and virus occur frequently with rapid development of information network such as Internet in every field of industry, the range of security is widening to the field of industrial areas for preventing the leaking of industrial technology and protecting that technology as well as information security only limited to IT area, and by establishing common concept about industrial security through education on the industrial security at the point of increasing importance of industrial security, to prepare the base of comprehensive risk management system for protecting company's assets (physical factor, technical factor and managerial factor) safely from the random threats or attacks inside and outside the company through assessment of important assets of the company, evaluation of threats and weak points, and risk assessment by building industrial security management system in order to protect company's information assets and resources which are connected to the existence of the company safely from the threats or attacks from inside or outside the company and to spread stable business activities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.719-728
• /
• 2019

Recently, there has been a growing market for shared mobility businesses that share 'transport' such as cars and bikes, and many operators offer a variety of services. However, if the fare can not be charged normally because of security vulnerability, the operator can not continue the business. So there should be no security loopholes. However, there is a lack of awareness and research on shared mobility security. In this paper, we analyzed security vulnerabilities exposed in application log of shared bike service in Korea. We could easily obtain the password of the bike lock and the encryption key of the AES-128 algorithm through the log, and confirmed the data generation process for unlocking using software reverse engineering. It is shown that the service can be used without charge with a success rate of 100%. This implies that the importance of security in shared mobility business and new security measures are needed.

• Journal of Korea Entertainment Industry Association
• /
• v.14 no.3
• /
• pp.75-82
• /
• 2020

It is important to secure patient healthcare information in medical institutions. Education can enhance healthcare information security practice. The purpose of this study is to investigate the effect size of the correlation between healthcare information security education and healthcare information security practice in medical institutions. Systematic Review and Meta-Analysis were used for this study. Data were collected from January 1, 2010 to July 31, 2019 through DBpia, RISS, NDSL. Four studies were eligible for inclusion in the analysis. Data were analyzed with R. The results of the Meta-Analysis demonstrated statistically significant large effect size of correlation with education and practice. Based on the results of this study, we will be able to understand the importance of healthcare information security education in medical institutions and use them as a basis for developing healthcare information security education programs.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.43-54
• /
• 2016

The occurrence of cyber crime is on the rise every year, and the security control center, which should play a crucial role in monitoring and early response against the cyber attacks targeting various information systems, its importance has increased accordingly. Every endeavors to prevent cyber attacks is being attempted by information security personnel of government and financial sector's security control center, threat response Center, cyber terror response center, Cert Team, SOC(Security Operator Center) and else. The ordinary method to monitor cyber attacks consists of utilizing the security system or the network security device. It is anticipated, however, to be insufficient since this is simply one dimensional way of monitoring them based on signatures. There has been considerable improvement of the security control system and researchers also have conducted a number of studies on monitoring methods to prevent threats to security. In accordance with the environment changes from ESM to SIEM, the security control system is able to be provided with more input data as well as generate the correlation analysis which integrates the processed data, by extraction and parsing, into the potential scenarios of attack or threat. This article shows case studies how to detect the threat to security in effective ways, from the initial phase of the security control system to current SIEM circumstances. Furthermore, scenarios based security control systems rather than simple monitoring is introduced, and finally methods of producing the correlation analysis and its verification methods are presented. It is expected that this result contributes to the development of cyber attack monitoring system in other security centers.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.12
• /
• pp.59-69
• /
• 2011

Recently, as people's interest in health care has been rising, the health care service awareness and utilization has been increasing. However, the existing healthcare services have problems such as inconvenience of mobility, the low reliability of input for information and low accuracy of information provided as well. in this study, we developed the m-Health application by utilizing smart phone with improvement of these problems. This application provided the total of 5 services such as notification for risk of cardiovascular disease, personalized dietary recommendations targeted to 20s and 30s who do not properly manage their health care by bad habits. In addition, the benefits and problems of these services were found out through the analysis for the general importance and satisfaction of these services by Importance-Performance Analysis (IPA) technique. In result of IPA analysis, The six items such as 'input accuracy and reliability of information', 'content reliability', 'proper health service recommendations', etc. among 12 of the items needed to receive the effective services on m-Health were belonged to importance and satisfaction area with high level. And, in the 'information security', the importance is high but the satisfaction was low. In conclusion, the further study for strengthening security of information, service update provided with PHR to consistently keep the advantage of these services will be conducted.

• Strategy21
• /
• s.39
• /
• pp.140-162
• /
• 2016

The construction of Jeju Naval Base was finally completed and donated to the Republic of Korea Navy on February 26th this year. There is no doubt that the new base will contribute to the substantial augmentation of Korea's naval power and maritime security. However, we should note that the new naval base took a long and hard twenty-three years to be completed. In the 21st century, Korea should adopt a new strategy that can fulfill the security requirements of Korea for the new age of international relations. The 21st century is characterized by globalization, and in the world of globalization, a national boarder has become meaningless. In the late 20th century, after the Cold War, trade between countries have greatly increased and so did the importance of the seas. Having transformed from an agricultural country into a commercial country, Korea went from a continental state to a maritime state. Korea has become the 9th largest trading state, and obviously, the importance of the sea has become significant. Korea's national strategic focus needs to be on the sea for national survival. Thus, since the 1990s, the Korean Navy has planned to build the Jeju Naval Base. Jeju, due to its geopolitical characteristics, is extremely important to the 21st century Korea's economy and national security. Jeju is the starting point of the sea route that reaches out to the world, and at the same time, the ending point of the sea route that heads towards Korea. Jeju is located in the center of Northeast Asia and thus, Jeju Naval Base is extremely important for the area's security and order. Jeju Naval Base will be very useful not only for the maritime security of Korea, but also for keeping peace and order in Northeast Asia. Jeju Naval Base was the minimal effort against the six sea route security threats towards Korea. The six sea route threats are: 1) Threat from North Korea; 2) China's Threat towards Korea's sovereignty; 3) China's treat towards Korea's fishery; 4) Threat from Japan; 5) Threat towards Korea's sea routes; 6) Threat from recent phenomena of isolationism of the United States. Jeju Naval Base is built for both warships and civilian ships--such as cruise ships--to use. Just like the United States' Pearl Harbor, Jeju Naval Base will become not only the largest military base, but a beautiful tourist site.