• Journal of Digital Convergence
• /
• v.19 no.10
• /
• pp.287-293
• /
• 2021

Recently, public certificates issued by nationally-recognized certification bodies have been abolished, and internet companies have issued their own common certificates as certification authority. The Electronic Signature Act was amended in a way to assign responsibility to Internet companies. As the use of a joint certificate issued by Internet companies as a certification authority is allowed, it is expected that the fraud damage caused by the theft of public key certificates will increase. We propose an authentication model that can be used in a security gateway that combines PKI with a blockchain with integrity and security. and to evaluate its practicality, we evaluated the security of the authentication model using Sugeno's hierarchical fuzzy integral, an evaluation method that excludes human subjectivity and importance degree using Delphi method by expert group. The blockchain-based joint certificate is expected to be used as a base technology for services that prevent reckless issuance and misuse of public certificates, and secure security and convenience.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.111-122
• /
• 2021

With the spread of technology in the 4th Industrial Revolution, the defense industry in South Korea is getting developed into an industrial structure in which high-tech technologies are concentrated. As the importance of defense technology has gradually increased, the government has enacted the Defense Technology Security Act and required to build a protection system for institutions that possess or manage defense technology. In order for the target institution to introduce a protection system, it is necessary to identify the defense technologies that are protected and to ensure systematic data management. In order to cope with this, we derived master data items for data management and analyzed the implementation types of defense technology master data system suitable for the defense industry environments. The derived method identified the defense technology master data, such as primary and secondary master data, and through AHP analysis, Co-existence type was suitable as the target model for the master data management system. We expect that stronger defense technology security policy will be implemented through the defense technology MDM system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.15-24
• /
• 2006

Recently, the importance of the area efficient implementation of cryptographic algorithm for the portable device is increasing. Previous ARIA(Academy, Research Institute, Agency) implementation styles that usually concentrate upon speed, we not suitable for mobile devices in area and power aspects. Thus in this paper, we present an area efficient AR processor which use 32-bit architecture. Using new implementation technique of diffusion layer, the proposed processor has 11301 gates chip area. For 128-bit master key, the ARIA processor needs 87 clock cycles to generate initial round keys, n8 clock cycles to encrypt, and 256 clock cycles to decrypt a 128-bit block of data. Also the processor supports 192-bit and 256-bit master keys. These performances are 7% in area and 13% in speed improved results from previous cases.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.601-613
• /
• 2012

It is required to design and implement secure web applications to provide safe web services. For this reason, there are several scoring frameworks to measure vulnerabilities in web applications. However, these frameworks do not classify according to seriousness of vulnerability because these frameworks simply accumulate score of individual factors in a vulnerability. We rate and score vulnerabilities according to probability of privilege acquisition so that we can prioritize vulnerabilities found in web applications. Also, our proposed framework provides a method to score all web applications provided by an organization so that which web applications is the worst secure and should be treated first. Our scoring framework is applied to the data which lists vulnerabilities in web applications found by a web scanner based on crawling, and we show the importance of categorizing vulnerabilities according to privilege acquisition.

• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.135-140
• /
• 2022

Scientific and technological progress is also fundamental to the evolving merchant shipping industry, both in terms of the size and speed of modern ships and in the level of their technical capabilities. While the freight performance of ships is growing, the number of crew on board is steadily decreasing, as more work processes are being automated through the implementation of information technologies, including ship management systems. Although there have been repeated appeals from international maritime organizations to focus on building effective maritime security defenses against cyber attacks, the problems have remained unresolved. Owners of shipping companies do not disclose information about cyberattack attempts or incidents against them due to fear of commercial losses or consequences, such as loss of image, customer and insurance claims, and investigations by independent international organizations and government agencies. Issues of cybersecurity of control systems in the world today have gained importance, due to the fact that existing threats concern not only the security of technical means and devices, but also issues of environmental safety and safety of life at sea. The article examines the implementation of cyber risk management in the shipping industry, providing recommendations for the safe ship operation and its systems in order to improve vulnerability to external threats related to cyberattacks, and to ensure the safety and security of such a technical object as a seagoing ship.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.159-166
• /
• 2022

The purpose of this study conducted to conduct a survey to understand the effect of security major college students' major selection motives on major satisfaction and career decisions. The questionnaire was written as "First, motivation for choice, second, major satisfaction, third, career decision". In this study, Chronbach's Alpha coefficient was calculated to analyze the reliability and importance of variables and to identify exploratory factors. And the Berimax method was performed. Both the AVE and CR values of the measured items were calculated to be above the reference value of 0.7, and thus, the convergent validity of each item was investigated as favorable. In the hypothesis test results, the standardization coefficient of 'selection motive ⇨ major satisfaction' was 0.653 and 'major satisfaction ⇨ career decision' was 0.403, so both research hypotheses were adopted. However, 'selection motive ⇨ career decision' was rejected with 0.392. In the future, universities and related professors seem to need more efforts to simultaneously increase the selection motive and major satisfaction in order to improve the career decisions of college security students.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.39-54
• /
• 2022

Recently, the importance of collecting, analyzing, and real-time sharing of various cybersecurity data has emerged in order to effectively respond to intelligent and advanced cyber threats. To cope with this situation, Korea is making efforts to expand its cybersecurity data sharing system, but many private companies are unable to participate in the cybersecurity data sharing system due to a lack of budget and professionals to collect cybersecurity data. In order to solve such problems, this paper analyzes the research and development trends of existing domestic and foreign cyber security data sharing systems, and based on that, propose a cybersecurity data sharing system model with a hierarchical structure that considers the size of the organization and a step-by-step security policy that can be applied to the model. In the case of applying the model proposed in this paper, it is expected that various private companies can expand their participation in cybersecurity data sharing systems and use them to prepare a response system to respond quickly to intelligent security threats.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.7
• /
• pp.1986-2009
• /
• 2024

The integration of blockchain technology with the rapid growth of Internet of Things (IoT) devices has enabled secure and decentralised data exchange. However, security vulnerabilities and performance limitations remain significant challenges in IoT blockchain networks. This work proposes a novel approach that combines transaction representation and machine learning techniques to address these challenges. Various clustering techniques, including k-means, DBSCAN, Gaussian Mixture Models (GMM), and Hierarchical clustering, were employed to effectively group unlabelled transaction data based on their intrinsic characteristics. Anomaly transaction prediction models based on classifiers were then developed using the labelled data. Performance metrics such as accuracy, precision, recall, and F1-measure were used to identify the minority class representing specious transactions or security threats. The classifiers were also evaluated on their performance using balanced and unbalanced data. Compared to unbalanced data, balanced data resulted in an overall average improvement of approximately 15.85% in accuracy, 88.76% in precision, 60% in recall, and 74.36% in F1-score. This demonstrates the effectiveness of each classifier as a robust classifier with consistently better predictive performance across various evaluation metrics. Moreover, the k-means and GMM clustering techniques outperformed other techniques in identifying security threats, underscoring the importance of appropriate feature selection and clustering methods. The findings have practical implications for reinforcing security and efficiency in real-world IoT blockchain networks, paving the way for future investigations and advancements.

• Journal of International Area Studies (JIAS)
• /
• v.14 no.4
• /
• pp.27-52
• /
• 2011

The regions of Central Asia have each acquired an elevated strategic importance in the new security paradigm of post-September 1lth. Comprised of five states, Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan, Central Asia's newly enhanced strategic importance stems from several other factors, ranging from trans-national threats posed by Islamic extremism, drug production and trafficking, to the geopolitical threats inherent in the region's location as a crossroads between Russia, Southwest Asia and China. Although the U.S. military presence in the region began before September 11th, the region became an important platform for the projection of U.S. military power against the Taliban in neighboring Afghanistan. The analysis goes on to warn that 'with US troops already in place to varying extents in Central Asian states, it becomes particularly important to understand the faultlines, geography, and other challenges this part of the world presents'. The Kyrgyz military remains an embryonic force with a weak chain of command, the ground force built to Cold War standards, and an almost total lack of air capabilities. Training, discipline and desertion - at over 10 per cent, the highest among the Central Asian republics - continue to present major problems for the creation of combat-effective armed forces. Kyrgyzstan has a declared policy of national defence and independence without the use of non-conventional weapons. Kyrgyzstan participates in the regional security structures, such as the Collective Security Treaty Organisation (CSTO) and the Shanghai Co-operation Organisation (SCO) but, in security matters at least, it is dependent upon Russian support. The armed forces are poorly trained and ill-equipped to fulfil an effective counter-insurgency or counter-terrorist role. The task of rebuilding is much bigger, and so are the stakes - the integrity and sovereignty of the Kyrgyz state. Only democratization, the fight against corruption, reforms in the military and educational sectors and strategic initiatives promoting internal economic integration and national cohesion hold the key to Kyrgyzstan's lasting future

• Korean Security Journal
• /
• no.62
• /
• pp.321-346
• /
• 2020

The purpose of this study is to identify the relationship among customer access service, internal response, and consumption behavior of security agency users through a structural model. The research will be meaningful in that it can contribute to the development of the security industry by identifying the importance of customer access service, which is an empirical face of buyers using security agency, and thus establishing the relationship between consumer reaction and consumption behavior. The study subject is a store that uses security agency in areas with dense shopping districts in Cheonan and Asan of South Chungcheong Province, where 375 store representatives and employees were selected to conduct the research. Research tools were modified and used to suit the purpose of the research based on domestic and foreign prior research. Using two statistical programs, SPSS 25.0 and AMOS 25.0, data processing was performed: frequency analysis, exploratory factor analysis, reliability analysis, confirmed factor analysis, and structural model analysis. The statistical significance level was analyzed by setting a value of .05 and the following conclusions were obtained. First, the customer access service of security agency users has a positive impact on consumption behavior. Second, the customer access service of security agency users has a positive effect on the internal response. Third, the internal response of security agnecy users has a positive effect on consumption behavior. Fourth, the internal response has a positive effect as a medium effect between customer access service and consumption behavior of security agency users.