• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.445-451
• /
• 2014

The related-key attack is regarded as one of the important cryptanalytic tools for the security evaluation of block ciphers. This is due to the fact that this attack can be effectively applied to schemes like block-cipher based hash functions whose block-cipher keys can be controlled as their messages. In this paper, we improve the related-key attack on lightweight block cipher PRINCE proposed in FSE 2013. Our improved related-key attack on PRINCE reduces data complexity from $2^{33}$ [4] to 2.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.787-797
• /
• 2016

This paper is directed for the information security education of the elementary students. The dependence on human involvement and human behavior to protect information assets necessitates an information security education to make the awareness of their roles and responsibilities towards information security. The information security education is needed even to elementary school students. The information security learning model integrating knowledge, attitudes, and ways to practice was developed, and the teaching plan and learning material hand-out were accordingly made out. As the test result analysis, it was verified that the developed teaching tools of elementary network security learning using gamification mechanism was effective to help the students learn the knowledge, attitudes, skills and ways to practice.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.525-528
• /
• 2006

최근 전자투표 시스템에 대한 투표자의 신뢰성을 높이기 위해 영수증을 발급하는 기술에 대한 연구가 활발히 진행되고 있다. 전자투표 영수증은 투표자가 자신이 투표한 결과가 최종집계에 올바르게 반영되었음을 확인할 수 있어야 하며, 매표 방지 기능도 함께 가지고 있어야 한다. 본 논문에서는 기존의 연구되었던 기술 중에서 일반 용지 및 프린터를 이용하여 검증 가능한 영수증을 발급하는 전자투표 시스템을 구현하고자 한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.677-680
• /
• 2006

신뢰할 수 없는 저장매체에 데이터를 안전하게 보관하기 위해서 대부분의 시스템은 데이터를 암호화하는 방식을 사용한다. 암호화된 데이터를 통해서는 원래의 평문에 어떠한 내용이 포함되어 있는지 알 수가 없으며, 해당 데이터의 내용을 열람하기 위해서는 암호화된 데이터 전체를 복호화해야만 한다. 본 논문에서는 암호화된 데이터에 대해 키워드 검색이 가능한 프로토콜을 제안하여, 데이터 전체를 복호화하지 않고 특정 키워드의 포함 여부를 판단할 수 있도록 하였다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.521-524
• /
• 2006

최근 사회적 이슈가 되고 있는 전자투표는 관리적 측면에서는 유용하지만, 사회적으로 투표기의 동작에 대한 신뢰성을 확보하지 못하여 도입에 어려움을 겪고 있다. 본 논문에서는 전자투표기에 대한 신뢰성을 높이기 위하여 투표소 밖으로 가지고 나갈 수 있는 영수증 발급 기술을 제안한다. 이 방식은 기존 방식과 비교하여 특별한 용지나 프린터가 필요없고, 투표소 내의 기기나 관리자를 신뢰하지 않아도 되므로 실제 투표에 유용하게 사용될 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1225-1241
• /
• 2014

Recently, Financial companies implement DLP(Data Leaks Prevention) security products and enforce internal controls to prevent customer information leaks. Accidental data leaks in financial business increase more and more because internal controls are insufficient. Security officials and IT operation staffs struggle to plan countermeasures to respond to all kinds of accidental data leaks. It is difficult to prevent data leaks and to control information flow in business without research applications that handle business and privacy information. Therefore this paper describes business and privacy information flow on applications and how to plan and deploy security container based OS-level and Hypervisor virtualization technology to enforce internal controls for applications. After building security container, it was verified to implement internal controls and to prevent customer information leaks. With security policies additional security functions was implemented in security container and With recycling security container costs and time of response to security vulnerabilities was reduced.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.907-909
• /
• 2012

주민등록번호는 주민생활의 편익 증진과 행정사무의 적정한 처리를 목적으로 도입되었으나 인터넷의 발달과 함께 관행적이고 무분별하게 사용되어 왔다. 수집된 주민등록번호가 해킹 등의 유출사고로 명의도용 등 범죄에 악용될 우려가 커지자 이를 근본적으로 해결하기 위하여 2011년 방송통신위원회는 인터넷상 주민등록번호 수집 이용을 제한하는 법 제도적 정책을 추진하였다. 정보통신망법이 개정되어 주민등록번호의 사용이 제한되면서 사업자에게 본인확인, 연령확인 등 법률의무의 이행이나 고객의 분쟁조정 등 목적을 위해 주민등록번호를 대체할 본인확인수단이 필요하게 되었다. 본 논문에서는 주민등록번호를 이용자가 입력하지 않으며 보편적으로 사용하고 있는 인프라를 이용하고 단순한 입력정보의 변경을 통해 본인확인을 할 수 있는 방안을 제안한다.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.2
• /
• pp.51-57
• /
• 2017

The first thing to be prioritized is to set the scope of the management system when establishing an information security management system for systematic and effective information security management. It is important to set the scope for an organization's information security goals due to the scope affects the organization's overall information security activities. If the scope is set incorrectly, it might become impossible to protect important services and therefore, the scope of the management system should be determined in consideration of the core business services of the organization. We propose a core service selection model based on the organization's mission-critical service and high risk service in order to determine the effective information security management system scope in this paper. Core service selection criteria include the type of service, contribution to sales, socio-economic impact, and linkage with other services.

• Asia pacific journal of information systems
• /
• v.24 no.4
• /
• pp.531-557
• /
• 2014

Although the area of information security planning and management has gained an increased attention, not much discussion was available on the role and the impact of the board members towards a firm's security management and governance decisions. In this research, we draw on corporate governance and the organizational demography literature to conduct an exploratory empirical study on the association between the board structure of a firm and the possibility of information security breaches. Our results show that the board size, the average age/tenure and the heterogeneity of age could reduce the possibility of security breaches while the proportion of independent directors and the heterogeneity of tenure could increase it. Our findings shed lights on the important role played by the board when managing information security risks in organizations.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.183-188
• /
• 2021

The study aimed to assess the state of electronic security for the website of the Deanship of Library Affairs at Northern Border University, as one of the university's electronic portals, which provides distinguished knowledge services to faculty members, through the Saudi Digital Library, and the integrated automated system for libraries (Symphony) with the definition of cyber security of the university, and the most important threats The study sought to analyze the opinions of a wide sample of faculty members, towards evaluating the state of electronic security for the Deanship of Library Affairs portal, through the use of both the analytical method, as well as the survey, using the questionnaire tool, and the study sample consisted of 95 A faculty member of all academic categories and degrees, and university faculties, and the study concluded that it is necessary to work to overcome the relative slowness of the university's Internet, with the faculty members notifying the information security services through e-mail and SMS service, with the continuous updating of operating systems, Apply and use the latest anti-spyware, hacking, and antivirus software at the university, while conducting extensive research studies towards information security services, and contracting It aims to introduce information security risks, and ways to combat and overcome them, and spread the culture of information security among faculty members.