• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.203-212
• /
• 2013

Recently, cloud computing is one of the parts showing the biggest growth in the IT market and is expected to continue to grow into. Especially, many companies are adopting virtual desktop infrastructure as private cloud computing to achieve in saving the cost and enhancing the efficiency of the servers. However, current digital forensic investigation methodology of cloud computing is not systematized scientifically and technically. To do this, depending on the type of each cloud computing services, digital evidence collection system for the legal enforcement should be established. In this paper, we focus on virtual desktop infrastructure as private cloud computing and introduce the most widely used around the world desktop virtualization solutions of VMware, Citrix, and Microsoft. And We propose digital forensic investigation methodology for private cloud computing that is constructed by these solutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.223-230
• /
• 2013

Recently, a large number of corporations are adopting cloud solution in order to reduce IT-related costs. By the way, Digital Trace should have admissibility to be accepted as digital evidence in court, and integrity is one of the factors for admissibility. In this context, this research implemented integrity verification test to VM Data which was collected by well-known private cloud solutions such as Citrix, VMware, and MS Hyper-V. This paper suggests the effective way to verify integrity of VM data collected in private cloud computing environment based on the experiment and introduces the error that EnCase fails to mount VHD (Virtual Hard Disk) files properly.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.5
• /
• pp.199-204
• /
• 2022

The purpose of this study is to broaden the understanding of the Security Services Industry Act, and also to examine the meanings of various phenomena by analyzing the media report big data rather than the researchers' perspective on the Security Services Industry Act. In the research method, this study searched for a keyword 「Security Services Industry Act」 that prescribes the security work as an important subject of crime prevention and maintenance of public order in Korea. The data was searched from 1990 to 2021 the BIG KINDS could provide. Also, for the concrete analysis during the period of data search, it was divided into settlement period(1976~2001), growth period-quantitative(2002~2012), and growth period-qualitative(2013~2021). In the results of this study, the media report perception of the Security Services Industry Act is continuously emphasizing the social roles and importance of private security according to the flow of time. The consequent marketability of private security will play great roles in the protection of people's lives and properties in the combination with various other industries in the future. However, the private security industry that provides public peace service together with the police, could be rising as an element that hinders the development of private security industry because of various social issues caused by legal regulations and illegal problems, so it would be necessary to more strengthen its responsibility and roles accordingly.

• The Journal of the Korea Contents Association
• /
• v.18 no.7
• /
• pp.620-627
• /
• 2018

With the widespread adoption of blockchain in the field of business, the importance of confidentiality of critical information has been emerging. Although blockchain models solve the security problem regarding integrity threat by sharing transactions and making them public, it is vulnerable in terms of confidentiality. Therefore, a security mechanism to provide confidentiality of critical information and private information of a firm is necessary to utilize block chain in the process of work. In order to solve the problem, we suggest Private blockchain based cryptographic protocol application model using Smart contract commitment scheme of the Ethereum. It can contribute to activation of blockchain services by enabling non-trusted participants to perform businesses through application of smart contract enhanced in terms of confidentiality and integrity to private blockchain.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.11-18
• /
• 2019

In current public blockchain, any node can see every blocks, so that public blockchain provider transparent property. However, some application requires the confidential information to be stored in the block. Therefore, this paper proposes a multi-layer blockchain that have the public block layer and the private block for confidential information. This paper suggests the requirement for encryption of private block. Also, this paper shows the t-of-n threshold cryptosystem without dealer who is trusted third party. Finally proposed scheme satisfies the requirements for encryption and fairness.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.6
• /
• pp.1-8
• /
• 2019

Medical information is an important personal information for patients, and it must be protected. In particular, when medical personnel approach electronic medical records, authentication for enhanced security is essential. However, the existing public certificate-based certification model did not reflect the security characteristics of the electronic medical record(EMR) due to problems such as personal key management and authority delegation. In this study, we propose a fingerprint recognition-based authentication model with enhanced security to solve problems in the approach of the existing electronic medical record system. The proposed authentication model is an EMR system based on fingerprint recognition using PEMS (Private-key Escrow Management Server), which is applied with the private key commission protocol and the private key withdrawal protocol, enabling the problem of personal key management and authority delegation to be resolved at source. The performance experiment of the proposed certification model confirmed that the performance time was improved compared to the existing public certificate-based authentication, and the user's convenience was increased by recognizing fingerprints by replacing the electronic signature password.

• Journal of Korea Multimedia Society
• /
• v.2 no.2
• /
• pp.166-175
• /
• 1999

Since the intranet is a combination of open internet technologies and private information systems, various technologies for information security are essentially needed. On recent, a lot of firewall systems are being constructed to be secure the informations from external networks such as Internet in many private companies. Even though internal attacks are more frequently happened than external ones in the intranet environments, there are quite few researches on secure intranet and the internal threats are underestimated so far. In this paper, we study the security threats for each service in the intranet and propose the security models appropriate to the intranet environments by using several cryptographic tools and protocols. Furthermore, we implement the proposed security models in Java applications through computer simulation.

• Journal of the Society of Disaster Information
• /
• v.8 no.1
• /
• pp.1-9
• /
• 2012

Informatization of society through the computer and the Internet, because large amounts of information production and exchange and new way of communicating is born. Passive way past the one-sided information flows actively interact to evolve in a manner of information producers and information consumers distinction and personal relationships that enhance the online Social Networking Service (SNS) has developed into the social structure of. Thus, the spread of information work closely with the social network structure spark social conflict may act as a factor, and systems and the environment, personal and cultural adaptation of speed to keep up with the rapid development of science and technology as the inability conflict and confusion should lead to even. This paper the characteristics of the information society, with a look at the evolution of social risk factors as the wavelength of information about this look at the role of private security sought to evaluate. Information Society in time and space by shrinking the area of human life that has brought the convenience and simplicity, whereas the non-performance due to the nature of anonymous raises many social side-effects are. This made the preparation of national regulatory measures, but for the protection of personal protection devices in the private sector has not yet been discussed. Way of life and property of the purchaser to protect an individual's private security will have to charge it.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.4C
• /
• pp.197-206
• /
• 2011

In the RFID system, bulk tag information is stored into the back-end database as plaintext format not ciphertext. In this case, the tags's private informations can be easily compromised by an external hacker or an insider attacker. If the private informations of tags disclosed by the attackers, it can occur serious privacy invasion problem. Recently the database(DB) security is an important issue to prevent the above DB compromised attack. However, DB security for RFID systeme has not been considered yet. If we use the DB security technique into the RFID system, the above described privacy invasion' problem can be easily prevented. Based on this motivation, this paper proposes a secure and efficient back-end database security and authentication(S-DB) scheme with XOR-based encryption/decryption algorithm. In the proposed scheme, all tag's private information is encrypted and stored by using the DB secret key to protect the DB compromised attack. As a result, the proposed S-DB scheme 'can provide stronger security and more efficiency for the secure RFID system environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.183-194
• /
• 2010

A company's private network protected by a firewall and NAT(Network Address Translation) is not accessible directly through an external internet. However, as Reverse Connection technology used by NetCat extends to the technologies such as SSH Tunnel or HTTP Tunnel, now anyone can easily access a private network of corporation protected by a firewall and NAT. Furthermore, while these kinds of technologies are commercially stretching out to various services such as a remote control and HTTP Tunnel, security managers in a company or general users are confused under the circumstances of inner or outer regulation which is not allowed to access to an internal system with a remote control. What is more serious is to make a covert channel invading a company's private network through a malicious code and all that technologies. By the way, what matters is that a given security system such as a firewall cannot shield from these perceived dangers. So, we analyze the indirect access of technological methods and the status quo about a company's internal network and find a solution to get rid of the related dangers.