• The Journal of Society for e-Business Studies
• /
• v.23 no.3
• /
• pp.65-84
• /
• 2018

The government is continuously expanding its national R&D investment to actively respond to the advent of the $4^{th}$ industrial revolution era and to develop the national economy. The R&D structure is likely to be liberalized as the paradigm shifts from the pursuit type R&D to the leading type R&D, and R&D capacity enhancement that focuses on researchers' creativity is emphasized. Such changes in R&D environment will increase the risk of security accidents such as leakage of research information. In addition, security policy for protection of research result should be the Researcher-Centric Security and security policy should be changed. This study explored transforming the research security system into the Researcher-Centric Security system so that researchers can voluntarily implement necessary security measures in the course of conducting research.

• The Journal of Society for e-Business Studies
• /
• v.25 no.3
• /
• pp.109-130
• /
• 2020

Recently, the importance of research and development for technological innovation is increasing. The rapid development of research and development has a number of positive effects, but at the same time there are also negative effects that accelerate crimes of information and technology leakage. In this study, a research security level measurement model was developed that can safely protect the R&D environment conducted at the organizational level in order to prepare for the increasingly serious R&D result leakage accident. First, by analyzing and synthesizing security policies related to domestic and overseas R&D, 10 research security level evaluation items (Research Security Promotion System, Research Facility and Equipment Security, Electronic Information Security, Major Research Information Security Management, Research Note Security Management, Patent/Intellectual Property Security Management, Technology Commercialization Security Management, Internal Researcher Security Management, Authorized Third Party Researcher Security Management, External Researcher Security Management) were derived through expert interviews. Next, the research security level evaluation model was designed so that the derived research security level evaluation items can be applied to the organization's research and development environment from a multidimensional perspective. Finally, the validity of the model was verified, and the level of research security was evaluated by applying a pilot target to the organizations that actually conduct R&D. The research security level evaluation model developed in this study is expected to be useful for appropriately measuring the security level of organizations and projects that are actually conducting R&D. It is believed that it will be helpful in establishing a research security system and preparing security management measures. In addition, it is expected that stable and effective results of R&D investments can be achieved by safely carrying out R&D at the project level as well as improving the security of the organization performing R&D.

• The Journal of Korean Association of Computer Education
• /
• v.16 no.1
• /
• pp.73-80
• /
• 2013

Government promotes that the strategy of national R&D converts from catch-up R&D type to leading R&D type for the future growth and national competitiveness according to the recent paradigm shift in the research and development. So the many national researches about foundation, source and core technology are actively being made. As a result of these researches, the security has become an important part of success factor in R&D. And so various security diagnosis and evaluation is being conducted about national R&D program. Existing the research security evaluation models are classified domains in terms of security management and created evaluation indicators according to the domains. However the models are inappropriate in case of researchers doing self-diagnosis of research security. This paper set up the domains in aspect of research management and then proposed the evaluation indicator of research security according to the domains. The evaluation indicator model that is suggested can be utilized in self-diagnosis of research security effectively.

• The Journal of Korean Association of Computer Education
• /
• v.17 no.2
• /
• pp.21-29
• /
• 2014

In spite of the R&D level of Korea, the efforts to protect the R&D results from outflowing has not been raised up. We investigated the current status of security education and the level of researcher's awareness for research security in the government-financed institutes. Also, we attempted to find out the needs for institutionalization of the security education. We conducted a survey and in-depth interviews of all the security officers in the thirty-seven government-financed institutes. The results show that the awareness level of the researchers for R&D security is below adequate level, and that security education is necessary in order to increase the security awareness. Also, it is necessary to institutionalize the security education.

• The Journal of Society for e-Business Studies
• /
• v.27 no.1
• /
• pp.111-126
• /
• 2022

As the technology hegemony war between the United States and China develops and the importance of R&D increases, countries around the world are increasing their R&D investment. In Korea, the size of R&D investment by the government and companies has steadily increased every year, and cutting-edge technologies are being developed in various fields as it shifts to the direction of creative technology development. However, the number of cases in which high-tech core technologies in Korea, which have invested a lot of budget, time, and effort, are illegally leaked overseas is also steadily increasing. Research security is an activity to safely protect protected objects in the research environment from risk factors such as leakage and deodorization, and laws and systems for research security are being reorganized not only in Korea but also in the United States and other countries around the world. In this paper we aims to derive Korea's research security policy direction, focusing on US research security cases which ranks first in R&D expenses around the world to improve the R&D system and actively discusses R&D policies and laws.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.164-168
• /
• 2006

전력 공격은 암호화 연산 과정 중 발생하는 소비 전력의 파형을 측정하여 비밀 정보를 알아내는 공격 방식이다. 이러한 전력 공격에 대한 취약성을 막기 위하여 message blinding, exponent blinding과 같은 기법들이 적용되어 왔다. 본 고에서는 $ECC^{[1]}$암호화 연산 과정에서, r이 임의의 정수일 때, dP=(d-r)P+rP인 관계를 이용하는 exponent blinding기법$^{[2]}$에 대하여 언급하고, 위 기법을 전력 공격의 대응책으로 적용 시 적절히 구현되지 않으면 power attack에 대하여 매우 취약하다는 것을 보인다.

• Journal of Platform Technology
• /
• v.11 no.1
• /
• pp.23-37
• /
• 2023

As the importance of R&D increases amid the paradigm of technology hegemony competition, countries around the world are increasing investment in R&D, at the same time, making effrots to portect R&D. Centering to technology-leading countries, such as Korea, the United States and Japan, they reorganize research security regulations to protect national R&D; however, the burden of compliance for researcher and research institutes is still high. Korea enacted the National R&D Innovation Act and the Enforcement Decree of the same Act to establish an integrated and systematic research security support system, but research institutes and researchers still lack understanding and practice of research security. In order to strengthen researcher's research security compliance, this study organized information requirements for each security management area through domestic and foreign research security laws and prior research analysis, and designed research security information requirements items centered on researchers. The designed information requirements are meaningful in that they were designed by considering both the management area and the stage of R&D, focusing on researchers performing R&D in the field. Based on the designed information requirements items, it is expected that systematic security management will be possible at the research site, which will ease the security burden of researchers and improve research security compliance at the research and development site.

• Journal of Information Processing Systems
• /
• v.14 no.3
• /
• pp.740-750
• /
• 2018

There are a great number of Internet-connected devices and their information can be acquired through an Internet-wide scanning tool. By associating device information with publicly known security vulnerabilities, security experts are able to determine whether a particular device is vulnerable. Currently, the identification of the device information and its related vulnerabilities is manually carried out. It is necessary to automate the process to identify a huge number of Internet-connected devices in order to analyze more than one hundred thousand security vulnerabilities. In this paper, we propose a method of automatically generating device information in the Common Platform Enumeration (CPE) format from banner text to discover potentially weak devices having the Common Vulnerabilities Exposures (CVE) vulnerability. We demonstrated that our proposed method can distinguish as much adequate CPE information as possible in the service banner.

• Journal of Platform Technology
• /
• v.10 no.4
• /
• pp.91-96
• /
• 2022

Recently, the importance of Research and Development(R&D) security as well as R&D investment is emphasized in the flow of technology hegemony competition, where technology is directly related to national competitiveness.However, despite the enormous impact of the R&D security failure results, research output leakage accidents continue to occur.To solve this problem, this study analyzed leakage accidents and cases of R&D output and concluded that it is priory to develop regulations to raise security awareness at the field researcher level rather than the macroscopic security management system. In addition, in order to design the direction of the researcher security measures, observational study was conducted at the university research site, and four directions were presented, including case analysis and integration. The direction for designing researcher security measures will be used as a basis for developing security regulations specialized in future research sites and security management systems for research institutes.

• Convergence Security Journal
• /
• v.16 no.2
• /
• pp.55-62
• /
• 2016

Recently, research outcome is frequently leaked in the process of progressing domestic R&D. Security system such as research security law and manual is implemented to prepare these leakage. However piecemeal solutions, simply technological measures, have a limit. Consequently, this study organizes a integrated research security framework by designing multidimensional security measures based on the R&D life cycle perspective. Concretely, this study constructs various control items predicated on law, moreover reviews the applicability of research security assessment items.