• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.131-144
• /
• 2010

IT developed countries since the late 1980s are used to develop IT security evaluation criteria to ensure safety and reliability of information protection products. Currently a variety of products used for the evaluation based on CC and it takes a long period of product evaluation is required to reduce the developers and users. In this paper refer to the published standard evaluation schedule for the EAL4 calculation model offers a trial period. In addition, based on this commitment by adjusting the number of evaluaters to evaluate the applicant in the evaluation period to minimize the position offers.

• International Journal of Computer Science & Network Security
• /
• v.22 no.11
• /
• pp.33-42
• /
• 2022

One of the most pressing socioeconomic problems confronting humanity on a worldwide scale is food security, particularly in light of the expanding population and declining land productivity. These causes have increased the number of people in the world who are at risk of starving and have caused the natural ecosystems to degrade at previously unheard-of speeds. Happily, the Internet of Things (IoT) development provides a glimmer of light for those worried about food security through smart agriculture-a development that is particularly relevant to automating food production operations in order to reduce labor expenses. When compared to conventional farming techniques, smart agriculture has the benefit of maximizing resource use through precise chemical input application and regulation of environmental factors like temperature and humidity. Farmers may make data-driven choices about the possibility of insect invasion, natural disasters, anticipated yields, and even prospective market shifts with the use of smart farming tools. The technical foundation of smart agriculture serves as a potential response to worries about food security. It is made up of wireless sensor networks and integrated cloud computing modules inside IoT.

• International Journal of Computer Science & Network Security
• /
• v.23 no.3
• /
• pp.169-176
• /
• 2023

The vehicular ad hoc network (VANET) is currently an important approach to improve personal safety and driving comfort. ANEL is a MAC-based authentication scheme that offers all the advantages of MAC-based authentication schemes and overcomes all their limitations at the same time. In addition, the given scheme, ANEL, can achieve the security objectives such as authentication, privacy preservation, non-repudiation, etc. In addition, our scheme provides effective bio-password login, system key update, bio-password update, and other security services. Additionally, in the proposed scheme, the Trusted Authority (TA) can disclose the source driver and vehicle of each malicious message. The heavy traffic congestion increases the number of messages transmitted, some of which need to be secretly transmitted between vehicles. Therefore, ANEL requires lightweight mechanisms to overcome security challenges. To ensure security in our ANEL scheme we can use cryptographic techniques such as elliptic curve technique, session key technique, shared key technique and message authentication code technique. This article proposes a new efficient and light authentication scheme (ANEL) which consists in the protection of texts transmitted between vehicles in order not to allow a third party to know the context of the information. A detail of the mapping from text passing to elliptic curve cryptography (ECC) to the inverse mapping operation is covered in detail. Finally, an example of application of the proposed steps with an illustration

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.959-962
• /
• 2005

Efficient video data storage and search techniques are essential for DVR-based security systems. We have designed appropriate data structures and search techniques for efficient image storage and search, in this study. The date and time can be saved and searched as a folder form. The overall system is designed for MPEG4 CODEC. It can handle variable sizes of frames (100bytes $^{\sim}$ 6Kbytes) produced by MPEG4 CODEC without errors. We also have developed image transmission techniques through inter-net networking.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.157-167
• /
• 2020

The big data and artificial intelligence technology, which has provided the foundation for the recent 4th industrial revolution, has become a major driving force in business innovation across industries. In the field of information security, we are trying to develop and improve an intelligent security system by applying these techniques to large-scale log data, which has been difficult to find effective utilization methods before. The quality of security log big data, which is the basis of information security AI learning, is an important input factor that determines the performance of intelligent security system. However, the difference and complexity of log data by various product has a problem that requires excessive time and effort in preprocessing big data with poor data quality. In this study, we research and analyze the cases related to log data collection of various firewall. By proposing firewall log data collection format standard, we hope to contribute to the development of intelligent security systems based on security log big data.

• Convergence Security Journal
• /
• v.11 no.1
• /
• pp.39-48
• /
• 2011

QoS(Quality of Service) is defined "The collective effect of service performance which determines the degree of satisfaction of a user of the service" by ITU-T Rec. E.800. The final goal of information system is to secure the performance efficiency within the required time. The security QoS framework is the modeling of the QoS measurement metrics, the measurement time schedule, instrument, method of measurement and the series of methodology about analysis of the result of measurement. This paper relates to implementing issue and performance measuring about blended mechanism between networking technology and security technology. We got more effectiveness in overall network security, when applying and composing amalgamated security mechanism between network technology and security technology. In this paper, we suggest techniques being used on infrastructure system and also offers a security QoS methodology as a model of more effective way. Methodology proposed in this research has proven that it is possible to measure response time through the scheduled method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.3
• /
• pp.79-94
• /
• 1997

OMG (Object Management Group) published a security service specification, called CORBA (Common Object Request Broker Architecture) security reference model because the integration of security and object-oriented techniques was critical for successful deployment of distributed object systems. The CORBA security reference model treats access control as an implementation independent semantic concept but has incomplete semantics of the access control function. Because of such imcompleteness it is difficult for the system administrator and the CORBA security implementor to have the same understanding for the meaning of access control in the CORBA security. We propose a formal model for access control the CORBA security using the formal description language, which is called Z language based on typed set theory. The proposed model provides concrete semantics of the access control function to both the system administrator and the implementor.

• Journal of the Korea Convergence Society
• /
• v.12 no.2
• /
• pp.247-258
• /
• 2021

Recently, organizations are demanding strict information security behavior from their employees. Strict information security policies and techniques can cause information security related stress. The purpose of this study is to present the negative effects of information security related techno stress and role stress that reduce knowledge sharing behavior and person-organization fit. The survey was conducted to people working in organizations with information security policies and system, and the research hypothesis was verified by structural equation modeling using 309 samples. As a result of the study, person-organization fit had a positive effect on knowledge sharing behavior, but role stress had a negative effect. And, techno-stress negatively affected the person-organization fit. Additionally, role ambiguity had a moderating effect between person-organization fit and knowledge sharing behavior. The implications of the study were to confirm the negative effects of information security related techno stress and role stress, and to suggest directions for minimizing negative behavior of insiders.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.214-216
• /
• 2021

It proposes a plan to strengthen the limitations of existing corporate security systems based on Zero-Trust. With the advent of the era of the Fourth Industrial Revolution, the paradigm of security is also changing. As remote work becomes more active due to cloud computing and COVID-19, security issues arising from the changed IT environment are raised. At the same time, in the current situation where attack techniques are becoming intelligent and advanced, companies should further strengthen their current security systems by utilizing zero trust security. Zero-trust security increases security by monitoring all data communications based on the concept of doubting and trusting everything, and allowing strict authentication and minimal access to access requestors. Therefore, this paper introduces a zero trust security solution that strengthens the existing security system and presents the direction and validity that companies should introduce.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.9-17
• /
• 2024

This paper examines the security threats to enterprise Generative Artificial Intelligence systems and proposes countermeasures. As AI systems handle vast amounts of data to gain a competitive edge, security threats targeting AI systems are rapidly increasing. Since AI security threats have distinct characteristics compared to traditional human-oriented cybersecurity threats, establishing an AI-specific response system is urgent. This study analyzes the importance of AI system security, identifies key threat factors, and suggests technical and managerial countermeasures. Firstly, it proposes strengthening the security of IT infrastructure where AI systems operate and enhancing AI model robustness by utilizing defensive techniques such as adversarial learning and model quantization. Additionally, it presents an AI security system design that detects anomalies in AI query-response processes to identify insider threats. Furthermore, it emphasizes the establishment of change control and audit frameworks to prevent AI model leakage by adopting the cyber kill chain concept. As AI technology evolves rapidly, by focusing on AI model and data security, insider threat detection, and professional workforce development, companies can improve their digital competitiveness through secure and reliable AI utilization.