• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.995-1012
• /
• 2016

In Internet of Things (IoT) environments, devices or sensors everywhere can automatically collect data without the individual awareness, further combine and share data using ubiquitous network, and thus the development of IoT raises new challenges in respect of personal data protection and privacy. This study aims to identify main issues related to data protection in the IoT and propose adequate measures. We analyzed the types of personal data controllers and processors in IoT and figured out the issues regarding the processing of personal data and the rights to privacy of data subject. Accordingly, we suggested the institutional ways (e.g., establishment of user-friendly notice and flexible consent system, re-identification risk monitoring system, data protection in cross-border transfer, and user education) to improve the situation of personal data protection in IoT and finally proposed the improvement tasks to carry out first based on the degree of urgency and importance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.129-145
• /
• 2017

This study proposes a methodology to estimate the financial damages by personal information breach of a company and to analyse risk systematically through a case study of a company which experiences private information breach. Using FAIR(Factor Analysis of Information Risk) model, estimate the loss amount and to analyse risk objectively of a company by personal information breach. This study estimates adequacy and importance of corresponding factors applying AHP(Analytic Hierarchy Process) on each factors for assessing loss amount. By adopting proposed methodology in this study, the person in charge of actual work can assess and prove the loss amount though the latest risk estimation methodology. In addition, the person in charge can select the proper parameters for the corresponding company and can obtain the objective quantitative estimation. Hence it can be reported to the management by accurately assessing loss amount caused by personal information breach.

• Journal of Technology Innovation
• /
• v.15 no.2
• /
• pp.123-152
• /
• 2007

The striking characteristic of the contemporary global security environment is that the nature of threats has become diverse and complex. For example, transnational and non-military threats including terrorism and proliferation of weapon of mass destruction has increased. In this security environment, Advanced countries funnel their investments for defense budgets into the assurance of key force capability and R&D of cutting-edge core technologies, in consideration of future battlefield environments so as to get an edge on not only defense science and technology but also intelligence capabilities. As shown by past practices of the korea's defense acquisition, the ministry of national defense has tried to enhance its force capabilities in the short-term by purchasing foreign weapon systems rather than by investing in domestic R&D. Accordingly, the technological gaps between the korea and advanced countries were widened due to both insufficient investment in development of domestic technologies and avoidance of technological transfer by advanced countries. Thus, for the effective execution of the R&D budget and the successful performance of the projects, the importance of selection, management and evaluation of the R&D projects is emphasized. So, The objective of this study is that the analysis of the proposal-selection evaluation system for the realization of the successful defense core technology R&D projects. This study focused on the improvement of the proposal-selection evaluation model which can be applicable to the national defense core R&D projects. Using the improved proposal-selection evaluation system, we propose a model to enhance the reliability of the national defense core technology R&D project evaluation system.

• Journal of the Korea Convergence Society
• /
• v.6 no.4
• /
• pp.187-195
• /
• 2015

In the knowledge and information society which came into being with the advancements made in information and communication technology, there is an increasing perception of the importance of having knowledge and therefore being able to appropriately respond to the rapidly-changing society. Along with this, for the paradigm that stresses creativity and character, there must accompany advanced ways of conducting education which are capable of supporting changes in the educational objectives and contents. With respect to this, there is a need for sustained and long-term research into ways of utilizing SNS and ICT in the field of education. Accordingly, in this paper, a digital curation system was developed for educational contents that aim to develop one's creativity and character. Recently, web hacking is taking place actively. In this paper, a digital curation system that is secure against WebShell - one of the web hacking methods - is analyzed, as well as how to appropriately deal with this type of an attack.

• Journal of the Korea Convergence Society
• /
• v.6 no.4
• /
• pp.225-234
• /
• 2015

With the growing number of people that use web services, the perception of the importance of securing web applications is also increasing. There are many different types of attacks that target web applications. In the rapidly-changing knowledge and information society, which came into being with the advancements made in information and communication technology, there is currently an urgent need for building web sites for the purposes of developing one's creativity and character. In this paper, attack schemes that use SQL injections and XSS and target educational digital curation systems which provide educational contents with the aim of developing of one's creativity and character are analyze, in terms of how the attacks are carried out and their vulnerabilities. Furthermore, it suggests ways of dealing appropriately with these web-based attacks that use SQL injections and XSS.

• Journal of the Korea Convergence Society
• /
• v.11 no.6
• /
• pp.37-42
• /
• 2020

In the field of public informatization maintenance business, the attacks of external illegal users such as unauthorized leakage, destruction, and alteration due to intentional or inadequate management of personal information are increasing. In order to prevent such security incidents in advance, it is necessary to develop and quantitatively manage SLA indicators. This study presents the privacy SLA indicators and suggests specific methods such as information collection method and timing of the privacy SLA indicators. In order to confirm the validity and reliability of the proposed SLA indicators, an online survey was conducted with a group of experts. As a result, it was evaluated that compliance rate of personal information destruction and compliance rate of personal information protection system would be effective when applied to new and revised SLA indicators in terms of importance and validity. In the future, using SLA indicators for personal information protection as a standard for public information maintenance will contribute to improving SW quality and securing safety.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.501-522
• /
• 2016

In the digital era, information is a source of value creation. However, the growing importance of knowledge and information also increases risks and threats. When information is leaked, full recovery is difficult, and additional spreading of risk is high because it is easy to accomplish. Especially personal information is the main target due to its availability. Although individuals normally have to consent to the use of their personal information, they often do not know the use of their information. In such a difficult situation, one must exercise self-determination and privacy. Therefore, the goal of this study is to development a privacy literacy level measurement model for the proper exercise of the right to informational self-determination. It will be presented with the concept of privacy literacy index in order to determine the level of knowledge and understanding and practical application skills for individual. Through the index, we going to enhance the selection ability of information subject, and to promote the judgement and the determination capability for the protection and utilization of personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.279-286
• /
• 2013

The recent power shortages due to surge in demand for electricity highlights the importance of smart grid technologies for efficient use of power. The experimental content for vulnerability against availability of smart meter, an essential component in smart grid networks, has been reported. Designing availability protection mechanism to boost the realization possibilities of the secure smart grid is essential. In this paper, we propose a mechanism to detect the availability infringement attack for smart meter and also to find anomaly nodes through analyzing smart grid structure and traffic patterns. The proposed detection mechanism uses approximate entropy technique to decrease the detection load and increase the detection rate with few samples and utilizes the signal information(CIR or RSSI, etc.) that the anomaly node can not be changed to find the anomaly nodes. Finally simulation results of proposed method show that the detection performance and the feasibility.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.669-677
• /
• 2020

As the number of Internet users exploded, attacks on the web increased. In addition, the attack patterns have been diversified to bypass existing defense techniques. Traditional web firewalls are difficult to detect attacks of unknown patterns.Therefore, the method of detecting abnormal behavior by artificial intelligence has been studied as an alternative. Specifically, attempts have been made to apply natural language processing techniques because the type of script or query being exploited consists of text. However, because there are many unknown words in scripts and queries, natural language processing requires a different approach. In this paper, we propose a new classification model which uses byte pair encoding (BPE) technology to learn the embedding vector, that is often used for web attack payloads, and uses an attention mechanism-based Bi-GRU neural network to extract a set of tokens that learn their order and importance. For major web attacks such as SQL injection, cross-site scripting, and command injection attacks, the accuracy of the proposed classification method is about 0.9990 and its accuracy outperforms the model suggested in the previous study.

• Knowledge Management Research
• /
• v.19 no.2
• /
• pp.109-132
• /
• 2018

Recently, new financial services related to FinTech has gained attention more and more. Online P2P financial services transactions such as FinTech require careful examination of the constituents of information systems as an investment is made based on the information presented on the online platform without direct face-to-face contact. The purpose of this study is to find out the success factors of online P2P Lending service among FinTech. To serve the purpose, we build IS (information system) success model, and then use Kano model and fuzzy analytic hierarchy process (Fuzzy-AHP) to find out factors for the success of online P2P Lending service. In particular, this study uses Kano model to classify information system satisfaction factors and to calculate the satisfaction coefficient. The Kano model, however, has a drawback of evaluating single criterion. Therefore, we use multi-criteria decision-making technique such as Fuzzy-AHP to derive the relative importance of the factors. The analysis results show different results depending on the analysis technique. In the Kano model, most of the information system factors are a one-dimensional quality attribute. The satisfaction coefficient is highest for personalized service, followed by the responsiveness of service, ease of using a system, understanding of information, usefulness of information' reliability. The service reliability is the highest in dissatisfaction coefficient, followed by system security, service responsiveness, system stability, and personalized service. The results of the Fuzzy-AHP analysis shows that the usefulness of information quality, the personalization of service quality, and the security of system quality are the significant factors and the stability of system quality was a secondary factor.