• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.765-768
• /
• 2007

In this paper, the security evaluation method about mobile web services message is suggested in the method for improving the safety an reliability about the mobile web services message. In order that the goal of this paper is accomplished, the security threat and the security vulnerability which can be occurred in the mobile web services message are defined. The evaluation method for performing the security evaluation about the mobile web services message is defined. Also, the requirements for the mobile web services message security evaluation are defined. Finally, the evaluation framework for performing the mobile web services message security evaluation is constituted, and the evaluation scenario example is suggested. By using the mobile web services message security evaluation defined in the paper, before the mobile web services is deployed, the security threats and security vulnerability can be verified. Also, the countermeasure for the security threat and security vulnerability discovered in the verification result can be prepared. Therefore, the sorority and reliability about the mobile web services can be improved.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.3-13
• /
• 2020

Organizations are facing a new, diverse security threat as ICT based industrial environment arises. As a way of effective countermeasure for security threat, organizations are making an effort to establish internalization of security culture, targeting a organizational members. However, members' awareness toward security receptiveness is low as inconvenience exists in business process and existing security culture focuses on controlling and regulating. Accordingly, this research desires to develop a participatory security culture which can higher the efficiency of security work process and induce members' voluntary participation. A comparative analysis on security culture related prior researches is conducted and based on a drawn components, statistical verification is accomplished. It is expected to contribute on future research on measuring a security culture level.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1455-1459
• /
• 2016

Recently, the frequency of dealing important information regarding financial services like paying through smart device or internet banking on smart device has been increasing. Also, with the development of smart device execution environment towards open software environment, it became easier for users to download and use random application software, and its security aspect appears to be weakening. This study will inspect features of hardware-based smart device security technology. Furthermore, this study will propose a realization method in MTM hardware-based secure smart device execution environment for application software runs that in smart device.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.33-41
• /
• 2010

Many experimental results shows that RSA-CRT algorithm can be broken by fault analysis attacks. We analyzed the previous fault attacks and their countermeasures on RSA-CRT algorithm and found an weakness of the countermeasure proposed by Abid and Wang. Based on these analyses, we propose a new countermeasure which uses both double exponentiation and fault infective computation method. The proposed method efficiently computes a fault verification information using double exponentiation. And, it is designed to resist simple power analysis attack and (N-1) attack.

• International Journal of Computer Science & Network Security
• /
• v.23 no.8
• /
• pp.63-76
• /
• 2023

Identity and access management in cloud computing is one of the leading significant issues that require various security countermeasures to preserve user privacy. An authentication mechanism is a leading solution to authenticate and verify the identities of cloud users while accessing cloud applications. Building a secured and flexible authentication mechanism in a cloud computing platform is challenging. Authentication techniques can be combined with other security techniques such as intrusion detection systems to maintain a verifiable layer of security. In this paper, we provide an interactive, flexible, and reliable multi-factor authentication mechanisms that are primarily based on a proposed Authentication Method Selector (AMS) technique. The basic idea of AMS is to rely on the user's previous authentication information and user behavior which can be embedded with additional authentication methods according to the organization's requirements. In AMS, the administrator has the ability to add the appropriate authentication method based on the requirements of the organization. Based on these requirements, the administrator will activate and initialize the authentication method that has been added to the authentication pool. An intrusion detection component has been added to apply the users' location and users' default web browser feature. The AMS and intrusion detection components provide a security enhancement to increase the accuracy and efficiency of cloud user identity verification.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.769-771
• /
• 2001

인터넷의 급속한 발달과 이를 통한 다양한 서비스가 확산됨에 따라, 인증과 보안은 아주 중요한 분야로 대두되고 있다. 본 논문에서는 Egterl 을 이용하여 최근 정보화 사회에서 개인적 정보 뿐만 아니라 비즈니스 간의 데이터 응용 분야에 이르기까지 폭 넓게 사용되어지고 있는 스마트 카드의 인증과 보안 시스템 대한 모델링 및 정형검증에 대해 논한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.6
• /
• pp.3032-3042
• /
• 2013

Multimedia Broadcast communication convergence services are broadcast communication convergence services new form that combines a platform technology for driving the application services of various media-related Internet and TV devices. It is possible to mounted the embedded OS of TV existing technology and to support a variety of smart application services to a TV technology evolved form equipped with various platforms on the OS. The services that are fused in this way, multi-media broadcasting communication convergence new services Open IPTV, Smart TV, mobile IPTV, and N-screen, are services actively focusing on three companies domestic services. However, in order to use the software to connect to the Internet for the provision of services, is inherent software vulnerabilities or the Internet. These vulnerabilities can lead to serious security incidents. Therefore, in this paper, or be able to derive the potential security threats that occur in multimedia broadcasting service environment based on security threats and vulnerabilities of existing threats lead to such security incidents in fact, the security it was carried out through a mock hacking validation for threats. It was also suggested necessary technical security measures that can be protect against security threats revealed by using the verification result through the penetration testing. Has been presented countermeasures in fusion communication service environment of multimedia broadcasting by using these results.

• Journal of Korea Multimedia Society
• /
• v.10 no.8
• /
• pp.1052-1059
• /
• 2007

Network security system used in the large scale network composes individual security system which protects only own domain. Problems of individual security system are not to protect the backbone network and to be hard to cope with in real-time. In this paper we proposed a security system which includes security function at the router, and the access point, which exist at the backbone network, to solve the problems. This security system sends the alert messages to an integrated security management system after detecting intrusions. The integrated security management system releases confrontation plan to each suity system. Thus the systematic and immediate confrontation is possible. We analyzed function verification and efficiency by using the security system and the integrated security management system suggested in this paper. We confirmed this integrated security management system has a possibility of a systematic and immediate confrontation.

• Journal of the Korea Convergence Society
• /
• v.11 no.9
• /
• pp.229-242
• /
• 2020

The purpose of this study is to present the environmental factors of positive and negative aspects that affect the information security compliance intention, and reveals the relationship of the individual's the security compliance intention. The subjects of this study are employees of organizations that apply information security policies and technologies, and effective samples were obtained through surveys. In the process of analysis, the study model was verified through structural equation modeling. The measurement variables consisted of security policy, security system, technical support, work impediment, security non-visibility, compliance intention and organizational commitment and used for analysis. The results confirmed that security compliance factors such as policy, system, technical support, and non-compliance factors, work impediment, respectively, had an impact on organizational commitment, leading to compliance intention. The verification result of the research model suggests the direction of establishing a security compliance strategy for employees to improve the level of information security compliance of the organization.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.12
• /
• pp.179-185
• /
• 2021

Private security has the common job characteristics of the police and crime prevention, and is responsible for the safety of our society. However, the hiring process for private security is very different from that of the police. Therefore, in this study, the problems of the private security recruitment process were identified through the police recruitment process and improvement points were suggested. As a result of comparing and examining the recruitment process of the police, the recruitment of private security guards is carried out through education and training, and problems such as the training process and physical strength verification required for security work were investigated. In order to improve the problems in the private security recruitment process, the curriculum of criminal law and criminology, physical examination such as 100m running and left and right grip strength, and practical cases of security work should be added. It is hoped that this study will serve as a basic data for the development of the private security industry along with the recruitment of excellent security guards.