• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.5
• /
• pp.88-98
• /
• 2011

Recently, according as the importance of GIS(geography information system) database security is embossed, much researches had been achieved about GIS network security. But most such researches are weak against sourceful illegal reproductions and distributions of GIS vector data map. In this paper, we proposed an efficient layer unit contents based partial encryption technique in the vector map compression domain to prevent illegal distributions and unauthorized accesses. This method achieves a partial encryption about each central coordinate and directional parameters of a MCA(minimum coding attribute) that is created at the vector map compression processing in the vector space. First, the position encryption is applied as permutating randomly the center coordinate of each record that is minimum unit of vector map shape. And second, the direction encryption that changing shapes of vector map topography is applied as encrypting the direction of vertices's coordinates of each record. In experimental results, we confirmed that our proposed method can encipher the large volumed vector map data effectively in low computational complexity. Also, we could minimize the decline of compression efficiency that occurred by conventional contents based encryption schemes using AES or DES algorithms.

• Journal of Digital Convergence
• /
• v.19 no.8
• /
• pp.11-20
• /
• 2021

Due to the Covid-19 Pandemic, the world is facing the most serious crisis since the Great Depression, and is facing a new paradigm of the Untact era. Korea has also announced various policies and legal systems, including the 'Korean version of the New Deal', but it is conflicting between the use of information and the protection of information. In this paper, we derive thresholds by analyzing policies, statutes and technologies in the public cloud. Based on this, we propose to introduce the "Building a Nationwide Public Virtual Machine" as a key task to secure the next-generation national growth engine so that all citizens can use digital services in a secure and reliable environment with equal access to information. Through this, all citizens can use various digital new technology services only with low-priced and low-specification terminals, and by establishing a dedicated center for information protection, we want to respond to rapidly increasing security threats. It also points out that the domestic cloud-related legal system only emphasizes the use of information while overlooking the importance of security, and suggests the right direction for the legal system to move forward.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.8
• /
• pp.249-258
• /
• 2022

Since the advent of Bitcoin, various virtual assets have been actively traded through virtual asset services of virtual asset exchanges. Recently, security accidents have frequently occurred in virtual asset exchanges, so the government is obligated to obtain information security management system (ISMS) certification to strengthen information protection of virtual asset exchanges, and 56 additional specialized items have been established. In this paper, we compared the domain importance of ISMS and CryptoCurrency Security Standard (CCSS) which is a set of requirements for all information systems that make use of cryptocurrencies, and analyzed the results after mapping them to gain insight into the characteristics of each certification system. Improvements for 4 items of High Level were derived by classifying the priorities for improvement items into 3 stages: High, Medium, and Low. These results can provide priority for virtual asset and information system security, support method and systematic decision-making on improvement of certified items, and contribute to vitalization of virtual asset transactions by enhancing the reliability and safety of virtual asset services.

• Korean Security Journal
• /
• no.10
• /
• pp.189-213
• /
• 2005

Risk management should be controlled systematically by effectively evaluating and suggesting countermeasures against the various risks which are followed by the change of the society and environment. These days, enterprise risk management became a new trend in the field. The first step in risk analysis is to recognize the risk factors, that is to verify the vulnerabilities of loss in the security facilities. The second step is to consider the probability of loss in assessing the risk factors. And the third step is to evaluate the criticality of loss. The security manager will determine the assessment grades and then the risk levels of each risk factor, on the basis of the result of risk analysis which includes the assessment of vulnerability, the provability of loss and the criticality. It is of great importance to put the result of risk analysis in mathematical statement for a scientific approach to risk management. Using the risk levels gained from the risk analysis, the security manager can develop a comprehensive and supplementary security plan. In planning the risk management measures to prepare against and minimize the loss, insurance is one of the best loss-prevention programs. However, insurance in and of itself is no longer able to meet the security challenges faced by major corporations. The security manager have to consider the cost-effectiveness, to suggest the productive risk management alternatives by using the security files which contains every information about the security matters. Also he/she have to reinforce the company regulations on security and safety, and to execute education repeatedly on security and risk management. Risk management makes the most efficient before-the-loss arrangement for and after-the-loss continuation of a business. So it is very much important to suggest a best cost-effective and realistic alternatives for optimizing risk management above all, and this function should by maintained and developed continuously and repeatedly.

• Journal of Internet Computing and Services
• /
• v.16 no.4
• /
• pp.51-59
• /
• 2015

JavaScript is a popular technique for activating static HTML. JavaScript has drawn more attention following the introduction of HTML5 Standard. In proportion to JavaScript's growing importance, attacks (ex. DDos, Information leak using its function) become more dangerous. Since these attacks do not create a trail, whether the JavaScript code is malicious or not must be decided. The real attack action is completed while the browser runs the JavaScript code. For these reasons, there is a need for a real-time classification and determination technique for malicious JavaScript. This paper proposes the Analysis Engine for detecting malicious JavaScript by adopting the requirements above. The analysis engine performs static analysis using signature-based detection and dynamic analysis using behavior-based detection. Static analysis can detect malicious JavaScript code, whereas dynamic analysis can detect the action of the JavaScript code.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.11
• /
• pp.5496-5505
• /
• 2012

As the IT industry develops, the smart-phone technology and functions which are actively being studied at the moment greatly influence the entire living environment. With the smart-phone technology and functions, people's interest for the wireless LAN which can be used to get access to the Internet anytime anywhere is gradually increasing. However, since the malicious attacker can easily carry out hacking or approach the contents due to the characteristics of the wireless radio wave, the personal information with a high level of importance for data security is easily exposed due to Spoofing, Denial of Service attack and Man in the Middle attack. Therefore, the demand for security is gradually increasing. In this paper, the safe wireless network service environment is provided by supplementing the vulnerability in regard to Spoofing, Session Hijacking and Man in the Middle attack after executing the client's authentication process, the AP authentication process and the Mobile Agency authentication process with the client's information in the USIM, the AP information and the Mobile Agency information when the client uses the wireless Internet through the Mobile Agency AP access in the smart phone environment.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.4
• /
• pp.171-179
• /
• 2016

The purpose of this study is to research the importance of public-private partnerships in disaster management. This study was evaluated by experts specializing in the improvement of public-private partnerships for disaster management. The following items are needed to encourage corporate social contribution activities in the disaster security industry. The researchers first propose a solution by means of ensuring cooperation between government and business networks. Second, we propose for those entities to discover new means to support private companies' participation in social contribution activities. The researchers' third solution is to be utilized to secure funding for induction and to support public-private partnerships to participate in the social contribution activities of private companies. Our fourth solution is promoting a sustainable plan for raising public awareness of corporate social contribution. Finally, the social contribution of the participating companies enhance brand recognition and as well as incentives. This study may contribute to the current operating system to support relevant policies and measures to encourage the participation of enterprises in the field of disaster security. Future research will be to study (such as through questionnaires) ways to participate in disaster management companies in accordance with environmental changes.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.4
• /
• pp.683-690
• /
• 2016

In modern society, disasters frequently occur, and the effect is getting more massive. Also, unpredictable future increases anxiety about social security. Accordingly, in order to prevent national-scale emergency from happening, it is highly required governments' role as ICT power nation and transition to disaster management system using big data applied service. Thus, e-gov necessarily acquires disaster response system in order to predict and manage disasters. Disasters are linked with some attributes of modern society in diversity, complexity and unpredictability, so various approach and remedies of them will appease the nation's anxiety upon them. For this reason, this manuscript suggests epidemics preactive warning algorithm model as a mean of reduce national anxiety on disaster using big data for social security. Also, by recognizing the importance of e-gov and analyzing problems in weak disaster management system, it suggests political implication for disaster response.

• Korean Security Journal
• /
• no.2
• /
• pp.227-258
• /
• 1999

In a broad sense, ‘After-care SYSTEM’ for discharged prisoners mean legal actions of prisoners who have been released from lawful detention In its narrow sense, mean preventive protection and observation activities under regular guidance and supervision against those released from penal facilities after a certain period of detention Therefore, they should not be viewed as objects of mere concern or social work programs but preventive protection should he provided to them as part of national criminal policy After-care system is in the following two ways, The one is based on individual prisoner's request and consent, which is called 'Voluntary After-care system', The other is the one which is not based in personal request or consent but is based on obligation, which is named 'Compulsory After-care system In Korea, however no Compulsory After-care system is in practice Voluntary After-care system is to be carried out 6 method in the following by existing Probation, Parole Law. (1) offer of board and lodging (2) allowance of Traveling expense (3) allowance of occupation instrument or lending rehabilitation fund (4) training of occupation and vocational guidance (5) self-reliance support for After-care probationer (6) guidance of good deed And then to establish the society without offenders is the ideal of human beings, but criminal acts don't fade away, so in the field of the science of criminology, the importance of correctional system has become greater. The correctional idea has moved from severe punishment to educational rehabilitation for the goal of protecting both offender and security from the threat of crime in to day Some it is required that Compulsory After-care system is most important system in effective measures, and that existing Probation, Parole Law in Korea is renewed into Compulsory After-care system in the future.

• Convergence Security Journal
• /
• v.7 no.2
• /
• pp.119-128
• /
• 2007

Since the internet banking service was introduced to Korea in 1999, the service has placed itself as an indispensable service to most users. The internet banking, which provides convenience for internet users as well as efficiency for banks, is expected to increase its importance more and to play a bigger role as a passage of funds. Meanwhile, numerous accounts as to the misusage of the internet banking service have been reported and the types and size of damages, especially making illegal money transfers and embezzling user information through computer hacking, tend to increase continuously. This paper points out fundamental problems of the current internet banking service by analyzing the all components of the internet banking service and fitting the results of structural analysis of hacking threats in accordance with service flow. This paper also attempts to propose the means to minimize the hacking threats of the internet banking service.