• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.398-401
• /
• 2014

Due to recent arise of cybercrime, importance of cyber security is highlighted more than ever. Korean government has been running Korea Cryptographic Module Validation Program, namely KCMVP, to validate security level of cryptographic modules for public organizations: indeed, many are achieving the validation. According to the program, operating environments for any specific cryptographic module are fixed. In other words, running validated module in other software environment is strictly prohibited. However, this paper asserts that it is possible for a C language based module to operate in Java based environment as long as the module is running on a validated environment. We expect this paper to help saving great amount of money and time for developing another cryptographic modules for the same operating environment. Also, this method will provide an idea for developing faster modules.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.39-50
• /
• 2005

An evaluation demand and a market growth regarding evaluation and certification are increasing because the importance of information Security is gradually rising to solve the information disfunction. Therefore, it is necessary the cost-effect evaluation management of the Information Security System(ISS). In this paper, we propose the Semi-automated Evaluation Workflow Management System(Sa-EWMS) based on the Common Criteria(CC) which performs and manages evaluation work through the procedure when evaluator evaluates the Information Security System(ISS). The Sa-EWMS is solving a problem of consumption of time and effort and performing efficient evaluation, it is playing a significant role that traces workflow process of each work of the Engines and controls performance. It will be able to use useful the private evaluation enterprise which confront in an evaluation demand and a market growth.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.37-46
• /
• 2007

The authentication in WSN(Wireless Sensor Network) usually means the entity authentication, but owing to the data centric nature of sensor network, much more importance must be put on the authentication(or attestation) for code of sensor nodes. The naive approach to the attestation is for the verifier to compare the previously known memory contents of the target node with the actual memory contents in the target node, but it has a significant drawback. In this paper, we show what the drawback is and propose a countermeasure. This scheme can verify the whole memory space of the target node and provides extremely low probability of malicious code's concealment without depending on accurate timing information unlike SWATT. We provide two modes of this verification method: BS-to-node and node-to-node. The performance estimation in various environments is shown.

• Journal of Digital Convergence
• /
• v.19 no.2
• /
• pp.169-174
• /
• 2021

While the importance of information security policies is heightened, numerous empirical studies have been conducted to investigate the factors that influence employee's willingness to comply organizational security policies. Some of those studies, however, were not consistent and even contradictory each other. Synthesizing research outcomes has been resulted as qualitative literature reviews or quantitative analysis on individual effect sizes, which leads to meta-analyze on whole research model. This study investigated 28 empirical research based on the deterrence theory with sanction certainty, severity and celerity. The analysis with random effect model resulted in well-fitted research model as well as all of significant paths in the model. Future research can include informal deterrent factors and contextual factors as moderator variables.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.12
• /
• pp.595-602
• /
• 2021

The robot is developing into a software-oriented shape that recognizes the surrounding situation and is given a task. Cloud Robotics Platform is a method to support Service Oriented Architecture shape for robots, and it is a cloud-based method to provide necessary tasks and motion controllers depending on the situation. As it evolves into a humanoid robot, the robot will be used to help humans in generalized daily life according to the three robot principles. Therefore, in addition to robots for specific individuals, robots as public goods that can help all humans depending on the situation will be universal. Therefore, the importance of information security in the Cloud Robotics Computing environment is analyzed to be composed of people, robots, service applications on the cloud that give intelligence to robots, and a cloud bridge that connects robots and clouds. It will become an indispensable element for In this paper, we propose a Security Scheme that can provide security for communication between people, robots, cloud bridges, and cloud systems in the Cloud Robotics Computing environment for intelligent robots, enabling robot services that are safe from hacking and protect personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.527-536
• /
• 2024

In the digital age, the growth of AI and digital technologies brings opportunities and cybersecurity risks. At the forefront of this change are teenagers, referred to as 'digital natives'. However, they may have difficulty using technology safely without proper information security knowledge. This paper highlights the need for information security education for teenagers in South Korea by referring to cases in the UK, Australia, and the US. These countries are already providing education that prepares young people for cyber threats and future societal needs. Reflecting this trend, South Korea should also establish comprehensive information security education for teenagers to equip them for the digital age.

• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.51-57
• /
• 2024

Cryptocurrency service providers and virtual asset operators, built on blockchain technology, face transaction risks such as cyber threats, wallet theft by internal personnel, theft of customers' private keys, and fraudulent cryptocurrency transfer signatures. To ensure secure operations against these threats, their security is validated through the ISMS-P certification. This study to analyze the risks presented in ISO TR 23576, which is specialized for cryptocurrency service providers and operators, in addition to the ISMS-P certification they obtain. The study will focus on the detailed inspection items of ISMS-P and ISO TR 23576 for cryptocurrency service providers and assess their importance. Based on this analysis, the study proposes an internal security control process for cryptocurrency service providers to address the top-priority risks, enabling practitioners to perform security control tasks more efficiently.

• Journal of Digital Convergence
• /
• v.18 no.6
• /
• pp.53-63
• /
• 2020

Electronic financial transactions are also actively increasing due to the rapid spread of information communication media such as the Internet, smart devices, and IoT, but as a derivative by-product, threats of financial security such as leakage of various personal information and hacking are also increasing. Therefore, the importance of financial security against this is increasing, but in Korea, financial security technology is relatively insufficient compared to advanced countries in the field of financial security, such as Active-X. Therefore, this study aims to present the major development direction in the domestic financial security field by comparing key technology trends with IPC classification frequency analysis, keyword frequency analysis, and keyword network analysis based on domestic and foreign financial security-related patent data. In conclusion, it seems that recent domestic and foreign trends have focused on the development of related technologies according to the development of smart device-based electronic financial services. Accordingly, it is intended to be used as the basis data for technology development of financial security by mapping the trend of financial security research trend and technology trend analysis through thesis data analysis that reflects the research of the preceding aspect as the technology of commercialization in the future.

• Informatization Policy
• /
• v.23 no.4
• /
• pp.76-94
• /
• 2016

Recently in Korea, the importance of information security awareness has been receiving a growing attention. Attacks such as social engineering and ransomware are hard to be prevented because it cannot be solved by information security technology. Also, the profitability of information security industry has been decreasing for years. Therefore, many companies try to find a new growth-engine and an entry to the foreign market. The main purpose of this paper is to draw out some information security issues and to analyze them. Finally, this study identifies issues and suggests how to improve the situation in Korea. For this, topic modeling analysis has been used to find information security issues of each country. Moreover, the score of sentiment analysis has been used to compare them. The study is exploring and explaining what critical issues are and how to improve the situation based on the identified issues of the Korean information security industry. Also, this study is also demonstrating how text mining can be applied to the context of information security awareness. From a pragmatic perspective, the study has the implications for information security enterprises. This study is expected to provide a new and realistic method for analyzing domestic and foreign issues using the analysis of real data of the Twitter API.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.382-393
• /
• 2017

Smart TV sareequipped with an operating system and combined with internet functionality. They can use various apps and contents, and provide personalized and interactive services. However, the Internet connectivity of smart TVs has several security vulnerabilities that can cause significant personal and social harm. Therefore, it is necessary to develop a smart TV with a higher level of security than is currently available. In this study, we analyze consumers' purchase intention for smart TVs with security reinforcement by applying the UTAUT2 model. The results are as follows. Firstly, it was found that performance expectancy, social influence, facilitating conditions and price value, as important variables under the existing UTAUT2 model, have significant effects on purchase intention. Secondly, effort expectancy did not have a positive impact on purchase intention. Thirdly, there was a moderating effect of gender on social influence. According to the results of this study, social influence has the most powerful effect on the purchase intention of smart TVs with security reinforcement. Therefore, in order to improve the purchase intention of smart TVs, it is necessary to expand the publicity activities designed to promote the necessity and importance of reinforcing the security of smart TVs and make them easier to use.