• International Journal of Computer Science & Network Security
• /
• v.22 no.12
• /
• pp.37-50
• /
• 2022

Modern supply chains include multiple activities from collecting raw materials to transferring final products. These activities involve many parties who share a huge amount of valuable data, which makes managing supply chain systems a challenging task. Current supply chain management (SCM) systems adopt digital technologies such as the Internet of Things (IoT) and blockchain for optimization purposes. Although these technologies can significantly enhance SCM systems, they have their own limitations that directly affect SCM systems. Security, performance, and scalability are essential components of SCM systems. Yet, confidentiality and scalability are one of blockchain's main limitations. Moreover, IoT devices are lightweight and have limited power and storage. These limitations should be considered when developing blockchain-based IoT-SCM systems. In this paper, the requirements of efficient supply chain systems are analyzed and the role of both IoT and blockchain technologies in providing each requirement are discussed. The limitations of blockchain and the challenges of IoT integration are investigated. The limitations of current literature in the same field are identified, and a secure and scalable blockchain-based IoT-SCM system is proposed. The proposed solution employs a Hyperledger fabric blockchain platform and tackles confidentiality by implementing private data collection to achieve confidentiality without decreasing performance. Moreover, the proposed framework integrates IoT data to stream live data without consuming its limited resources and implements a dualstorge model to support supply chain scalability. The proposed framework is evaluated in terms of security, throughput, and latency. The results demonstrate that the proposed framework maintains confidentiality, integrity, and availability of on-chain and off-chain supply chain data. It achieved better performance through 31.2% and 18% increases in read operation throughput and write operation throughput, respectively. Furthermore, it decreased the write operation latency by 83.3%.

• Korea Journal of Hospital Management
• /
• v.10 no.4
• /
• pp.98-112
• /
• 2005

The purpose of this study is to develop a framework for evaluating security levels in hospitals. We classify security indicators into administrative, technical and physical safeguards. The security evaluation model for hospital information systems was applied to three general hospitals. The analysis of the results showed a low security level in information systems. In particular, requirements for administrative and physical safeguards were very low. Hospitals need strict security policies more than other organizations because their information systems contain patients' highly confidential data. The evaluation model developed in this study can be used for guidelines and as a checklist for hospitals. The security evaluation in hospital informational systems needs to be an essential element of hospital evaluation.

• Journal of Korea Water Resources Association
• /
• v.53 no.spc1
• /
• pp.719-730
• /
• 2020

Recognizing a complexity of global water challenges, such as water shortage, water pollution, water-related disasters, and degradation of water environments, this study introduces the newly established concept and definition of water security and water security assessment framework based on the review of previous works on water security. In order to critically assess the situations of water security of each country, an water security assessment framework is employed highlighting the four core areas: 1) social equity; 2) economic efficiency; 3) environmental sustainability; and 4) resilience to water-related disasters. 28 Asian countries have been selected and evaluated for the level of water security, and as a consequence, Japan, Malaysia and South Korea demonstrate a high degree of water security whereas India, Pakistan and the Philippines show a relatively low level of water security. The significance of this study lies in clarifying weak areas in water security as well as suggesting the areas that should be improved for achieving sustainable water management.

• Journal of Industrial Convergence
• /
• v.21 no.3
• /
• pp.181-188
• /
• 2023

The e-Government standard framework provides overall technologies such as reuse of common components for web environment development such as domestic government/public institutions, connection of standard modules, and resolution of dependencies. However, in a standardized development environment, there is a possibility of updating old versions according to core versions and leakage of personal and confidential information due to hacking or computer viruses. This study directly analyzes security vulnerabilities focusing on websites that operate eGovFrame in Korea. As a result of analyzing/classifying vulnerabilities at the internal programming language source code level, five items associated with representative security vulnerabilities could be extracted again. As a countermeasure against this, the security settings and functions through the 2 steps (1st and 2nd steps) and security policy will be explained. This study aims to improve the security function of the e-government framework and contribute to the vitalization of the service.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2008.02a
• /
• pp.17-20
• /
• 2008

네트워크에서의 공격은 일반 사용자의 개인 정보 노출 및 국가 중요 네트워크에서의 불법 정보 노출 등 많은 위험 상황을 야기할 수 있다. 현재의 네트워크가 대규모화되고 고속화되고 있는 시점에서 기존의 저 수준의 공격이 아닌 다양한 기술이 접목된 네트워크 공격이 발생하고 있다. 이러한 공격의 영향을 실제 상황에서 분석하기에는 많은 어려움이 따르며 정확한 분석에 제약이 따르게 된다. 따라서 이러한 네트워크 공격을 모델링하고 침입탐지 및 차단을 모델링할 수 있는 시뮬레이션의 발달이 필요하다. 본 논문에서는 정상상태 모델, 공격 모델, 방어 모델로 이루어지는 네트워크 공격 및 방어 시뮬레이션 프레임워크를 제안하도록 하겠다.

• International conference on construction engineering and project management
• /
• 2022.06a
• /
• pp.385-392
• /
• 2022

As energy-saving techniques based on human behavior patterns have recently become an issue, the occupant-centered control system is adopted for estimating personal preference of indoor environment and optimizing environmental comfort and energy consumption. Accordingly, IoT devices have been used to collect indoor environmental quality (IEQ) data and personal data. However, the need to safely collect and manage data has been emerged due to cybersecurity issues. Therefore, this paper aims to present a framework that can safely transmit occupant-centered data collected from IoT to a private blockchain server using Hyperledger fabric. In the case study, the minimum value product of the mobile application and smartwatch application was developed to evaluate the usability of the proposed blockchain-based occupant-centered data collection framework. The results showed that the proposed framework could collect data safely and hassle-free in the daily life of occupants. In addition, the performance of the blockchain server was evaluated in terms of latency and throughput when ten people in a single office participated in the proposed data collection framework. Future works will further apply the proposed data collection framework to the building management system to automatically collect occupant data and be used in the HVAC system to reduce building energy consumption without security issues.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.65-78
• /
• 2023

Investigations on information security factors re- main elusive at small and medium enterprises (SMEs), es- specially for custom-made software solutions. This article aims to investigate, classify, adopt factors from recent literature addressing information security resources. SMEs al- ready have information security in place, but they are not easy to adopt through the negotiation processes between the in-house software development companies and custom-made software clients at SMEs. This article proposes a strategic framework for implementing the process of adoption of the information security factors at SMEs after conducting a systematic snapshot approach for investigating and classifying the resources. The systematic snapshot was conducted using a search strategy with inclusion and exclusion criteria to retain 128 final reviewed papers from a large number of papers within the period of 2001-2022. These papers were analyzed based on a classification schema including management, organizational, development, and environmental categories in software development lifecycle (SDLC) phases in order to define new security factors. The reviewed articles addressed research gaps, trends, and common covered evidence-based decisions based on the findings of the systematic mapping. Hence, this paper boosts the broader cooperation between in-house software development companies and their clients to elicit, customize, and adopt the factors based on clients' demands.

• Asia pacific journal of information systems
• /
• v.18 no.4
• /
• pp.1-26
• /
• 2008

Rapid progress of information technology and widespread use of the personal computers have brought various conveniences in our life. But this also provoked a series of problems such as hacking, malicious programs, illegal exposure of personal information etc. Information security threats are becoming more and more serious due to enhanced connectivity of information systems. Nevertheless, users are not much aware of the severity of the problems. Using appropriate password is supposed to bring out security effects such as preventing misuses and banning illegal users. The purpose of this research is to empirically analyze a research model which includes a series of factors influencing the effectiveness of passwords. The research model incorporates the concept of risk based on information systems risk analysis framework as the core element affecting the selection of passwords by users. The perceived risk is a main factor that influences user's attitude on password security, security awareness, and intention of security behavior. To validate the research model this study relied on questionnaire survey targeted on evening class MBA students. The data was analyzed by AMOS 7.0 which is one of popular tools based on covariance-based structural equation modeling. According to the results of this study, while threat is not related to the risk, information assets and vulnerability are related to the user's awareness of risk. The relationships between the risk, users security awareness, password selection and security effectiveness are all significant. Password exposure may lead to intrusion by hackers, data exposure and destruction. The insignificant relationship between security threat and perceived risk can be explained by user's indetermination of risk exposed due to weak passwords. In other words, information systems users do not consider password exposure as a severe security threat as well as indirect loss caused by inappropriate password. Another plausible explanation is that severity of threat perceived by users may be influenced by individual difference of risk propensity. This study confirms that security vulnerability is positively related to security risk which in turn increases risk of information loss. As the security risk increases so does user's security awareness. Security policies also have positive impact on security awareness. Higher security awareness leads to selection of safer passwords. If users are aware of responsibility of security problems and how to respond to password exposure and to solve security problems of computers, users choose better passwords. All these antecedents influence the effectiveness of passwords. Several implications can be derived from this study. First, this study empirically investigated the effect of user's security awareness on security effectiveness from a point of view based on good password selection practice. Second, information security risk analysis framework is used as a core element of the research model in this study. Risk analysis framework has been used very widely in practice, but very few studies incorporated the framework in the research model and empirically investigated. Third, the research model proposed in this study also focuses on impact of security awareness of information systems users on effectiveness of password from cognitive aspect of information systems users.

• Journal of Digital Convergence
• /
• v.10 no.1
• /
• pp.105-111
• /
• 2012

This study is to propose national information security policies based on the policy framework, which has four components: government, industry/company, individual, and environments. According to the framework, the four policy agenda are derived: national information security governance scheme, information security industry competitiveness and corporate security level enhancement, eco-system for security professionals, and finally related laws & regulations modification and security culture movement. Specific issues and policies in each agenda are proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.661-670
• /
• 2023

With the emergence of serverless computing paradigm and the innovations of cloud technology, the structure of backend server infrastructure has evolved from on-premises to container-based serverless computing. However, an access control on the server still heavily relies on the traditional SSH protocol, which poses limitations in terms of security and scalability. This hampers user convenience and productivity in managing server infrastructure. A web shell is an interface that allows easy access to servers and execution of commands from any device with a web browser. While hackers often use it to exploit vulnerabilities in servers, we pay attention to the high portability of web shell technology for server management. This study proposes a novel proxy-based server management framework utilizing web shell technology. Our evaluation demonstrates that the proposed framework addresses the drawbacks of SSH without additional overhead, and efficiently operates large-scale infrastructures in diverse computing environments.