• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.443-444
• /
• 2021

Security threats to information services are increasingly being developed, and the frequency and damage caused by security threats are also increasing. In particular, security threats occurring inside the organization are increasing significantly, and the size of the damage is also large. A zero trust model has been proposed as a way to improve such a security environment. In the zero trust model, a subject who has access to information resources is regarded as a malicious attacker. Subjects can access information resources after verification through identification and authentication processes. However, the initially proposed zero trust model basically focuses on the network and does not consider the security environment for systems or data. In this study, we proposed a zero trust-based access control mechanism that extends the existing zero trust model to the file system. As a result of the study, it was confirmed that the proposed file access control mechanism can be applied to implement the zero trust model.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2006.06a
• /
• pp.437-462
• /
• 2006

The objective of this study is to investigate what factors influence a major role in building trust on Internet shopping mall and to examine whether these factors on trust have differences between Korean and Chinese users. Based on relevant literature review, this study posits six factors of transaction security, perceived reputation, Perceived size, interactivity, propensity of trust, and familiarity as key determinants of trust in internet shopping mall. Analysis of 470 responses(Korean: 320 users, Chinese: 150 users) of survey questionnaire indicates the following; First, in terms of the relationship between influencing factors and the trust, five factors of transaction security, perceived reputation, perceived size, interactivity, and propensity to trust have a significant positive effects on the trust. Second, the differences between Korean and Chinese users are transaction security, perceived size, and familiarity. In conclusions, we suggested the factors to create user trust in internet shopping mall. Also we suggested differences in the determinant factors between Korean and Chinese users, and discussed some policies to build the trust in each user types.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.9
• /
• pp.2665-2691
• /
• 2024

The philosophy of Zero Trust in cybersecurity lies in the notion that nothing assumes to be trustworthy by default. This drives defense organizations to modernize their cybersecurity architecture through integrating with the zero-trust principles. The enhanced architecture is expected to shift protection strategy from static and perimeter-centric protection to dynamic and proactive measures depending on the logical contexts of users, assets, and infrastructure. Given the domain context of defense environment, we aim three challenge problems to tackle and identify four technical approaches by the security capabilities defined in the Zero Trust Architecture. First approach, dynamic access control manages visibility and accessibility to resources or services with Multi Factor Authentication and Software Defined Perimeter. Logical network separation approach divides networks on a functional basis by using Software Defined Network and Micro-segmentation. Data-driven analysis approach enables machine-aided judgement by utilizing Artificial Intelligence, User and Entity Behavior Analytics. Lastly, Security Awareness approach observes fluid security context of all resources through Continuous Monitoring and Visualization. Based on these approaches, a comprehensive study of modern technologies is presented to materialize the concept that each approach intends to achieve. We expect this study to provide a guidance for defense organizations to take a step on the implementation of their own zero-trust architecture.

• Journal of Internet of Things and Convergence
• /
• v.9 no.2
• /
• pp.55-60
• /
• 2023

Recently, demand for cloud computing has increased and remote access due to home work and external work has increased. In addition, a new security paradigm is required in the current situation where the need to be vigilant against not only external attacker access but also internal access such as internal employee access to work increases and various attack techniques are sophisticated. As a result, the network security model applying Zero-Trust, which has the core principle of doubting everything and not trusting it, began to attract attention in the security industry. Zero Trust Security monitors all networks, requires authentication in order to be granted access, and increases security by granting minimum access rights to access requesters. In this paper, we explain zero trust and zero trust architecture, and propose a new cloud security system for strengthening access control that overcomes the limitations of existing security systems using zero trust and blockchain and can be used by various companies.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.3-11
• /
• 2023

Zero Trust, characterized by the principle of "Never Trust, Always Verify," represents a novel security paradigm. The proliferation of remote work and the widespread use of cloud services have led to the establishment of Work From Anywhere (WFA) environments, where access to corporate systems is possible from any location. In such environments, the boundaries between internal and external networks have become increasingly ambiguous, rendering traditional perimeter security models inadequate to address the complex and diverse nature of cyber threats and attacks. This research paper introduces the implementation principles of Zero Trust and focuses on the Micro Segmentation approach, highlighting its relevance in mitigating the limitations of perimeter security. By leveraging the risk management framework provided by the National Institute of Standards and Technology (NIST), this paper proposes a comprehensive procedure for the adoption of Zero Trust. The aim is to empower organizations to enhance their security strategies.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.9-17
• /
• 2023

Due to COVID-19, the concept of Zero Trust, a safe security in a non-face-to-face environment due to telecomm uting, is drawing attention. U.S. President Biden emphasized the introduction of Zero Trust in an executive order to improve national cybersecurity in May 2021, and Zero Trust is a global trend. However, the most difficulty in introd ucing new technologies such as Zero Trust in Korea is excessive regulation of cloud and network separation, which is based on the boundary security model, but is limited to not reflecting all new information protection controls due to non-face-to-face environments. In particular, in order for the government's policy to ease network separation to b ecome an effective policy, the zero trust name culture is essential. Therefore, this paper aims to study legal improve ments that reflect the concept of zero trust under the Electronic Financial Transactions Act.

• Journal of the Korea Safety Management & Science
• /
• v.7 no.4
• /
• pp.193-206
• /
• 2005

In recent years, electronic commerce has provided another access for consumers to purchase products. Shopping on line provides much information and less searching cost for customers, but some researches have pointed out that there are difficulties for companies to do business on web. For lack of trust, many people not prefer purchasing through virtual channels. Based on the literature review, this study aims at empirically testing the impact of website design on individual trust in internet firms. From statistic analysis, we will conclude that security, interaction, and navigation functionality will affect on-line trust. The result of this study may provide some managerial implications, especially for firms which want to enter on-line businesses.

• International journal of advanced smart convergence
• /
• v.8 no.4
• /
• pp.169-178
• /
• 2019

Due to the characteristics of an ad hoc network without a control center, self-organization, and flexible topology, the trust evaluation of the nodes in the network is extremely difficult. Based on the analysis of ad hoc networks and the blockchain technology, a blockchain-based node-level trust evaluation model is proposed. The concepts of the node trust degree of the HASH list on the blockchain and the perfect reward and punishment mechanism are adopted to construct the node trust evaluation model of the ad hoc network. According to the needs of different applications the network security level can be dynamically adjusted through changes in the trust threshold. The simulation experiments demonstrate that ad-hoc on-demand distance vector(AODV) Routing protocol based on this model of multicast-AODV(MAODV) routing protocol shows a significant improvement in security compared with the traditional AODV and on-demand multipath distance vector(AOMDV) routing protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1217-1232
• /
• 2017

Because websites contain personal information such as address, contact information, etc., Attention about website security is required. This research is a study to examine that user's security awareness has a moderating effect on the relationship between website quality factors and trust, information and service value on websites holding personal information. As a result of questionnaire survey of the secondary school students and parents 635 people, website quality factors excluding usability positively affected trust of the website. Information quality on the website had a positive influence on service value and service value also affected trust. User's security awareness about the website has a moderating effect on the relationship between information and service value. The result of this research means that users are not continuously using websites with a low security level. Based on the results of this research, we presented theoretical and practical suggestions for the stakeholders of websites.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.13-25
• /
• 2020

The most important responsibility of a government is to protect citizen lives and its own territory from outside threats. Especially recent political changes surrounding the Korea Peninsula seriously threaten the korean national security. To copy the situation, perception of national security based on citizen's trust in the army is needed. Accordingly survey analysis on effect of trust in the army on perception of national security had been conducted on students of a university located in Ulsan. Result of the statistical analysis as follows. First, while social contribution and military abilities among trust in the army are highly evaluated, integrity and characteristics of organizational culture are low evaluated. Second, all the correlation coefficients among studying variables are significantly positive. But correlation coefficient between social contribution and perception of national security is relatively low. Third, integrity, characteristics, and military abilities has a significant and positive effect on perception of national security, but social contribution has no significant effect.