• Title/Summary/Keyword: Usable-Security

Search Result 49, Processing Time 0.02 seconds

A Multi-Perspective Benchmarking Framework for Estimating Usable-Security of Hospital Management System Software Based on Fuzzy Logic, ANP and TOPSIS Methods

  • Kumar, Rajeev;Ansari, Md Tarique Jamal;Baz, Abdullah;Alhakami, Hosam;Agrawal, Alka;Khan, Raees Ahmad
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.15 no.1
    • /
    • pp.240-263
    • /
    • 2021
  • One of the biggest challenges that the software industry is facing today is to create highly efficient applications without affecting the quality of healthcare system software. The demand for the provision of software with high quality protection has seen a rapid increase in the software business market. Moreover, it is worthless to offer extremely user-friendly software applications with no ideal security. Therefore a need to find optimal solutions and bridge the difference between accessibility and protection by offering accessible software services for defense has become an imminent prerequisite. Several research endeavours on usable security assessments have been performed to fill the gap between functionality and security. In this context, several Multi-Criteria Decision Making (MCDM) approaches have been implemented on different usability and security attributes so as to assess the usable-security of software systems. However, only a few specific studies are based on using the integrated approach of fuzzy Analytic Network Process (FANP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) technique for assessing the significant usable-security of hospital management software. Therefore, in this research study, the authors have employed an integrated methodology of fuzzy logic, ANP and TOPSIS to estimate the usable - security of Hospital Management System Software. For the intended objective, the study has taken into account 5 usable-security factors at first tier and 16 sub-factors at second tier with 6 hospital management system softwares as alternative solutions. To measure the weights of parameters and their relation with each other, Fuzzy ANP is implemented. Thereafter, Fuzzy TOPSIS methodology was employed and the rating of alternatives was calculated on the foundation of the proximity to the positive ideal solution.

A Study on the Need of the Usable Security in the Corelation between IT Security and User Experience

  • Lee, Soowook
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.9 no.4
    • /
    • pp.14-18
    • /
    • 2017
  • In this paper, an contemplate the direction for Usable Security in IT security and User Experience. To evaluate how the user interface is convenient to use, we examine the components such as the property, learnable property, memory simplicity, faults and satisfaction level. By considering for the security, we should bring positive effects on the user experience. By emphasizing usability and security at the same time, we should increase the satisfaction level of the user experience and then produce the valuable experience through participation, use and observation. The positive user experience is the important task for the software engineering, business administration and others., and this will result satisfaction of the users, brand trust, and success in the market. On the other hand, for the negative user experience, the users cannot achieve their desired goal and therefore, are unsatisfied due to emotional, rational and economic inconvenience. Due to this, we should try to maintain a certain level of usability and security of the system in IT security and User Experience.

Study on Usable Security of Facebook (Facebook의 Usable Security에 관한 연구)

  • Kim, Chung-han;Park, Min-su;Kim, Seung-joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.1
    • /
    • pp.285-296
    • /
    • 2016
  • Recently, as the widespread use of Facebook through a smartphone or tablet PC, it has increased the threat that contains the malicious code to post a social attacks and comments that use personal information that has been published of Facebook. To solve these problems, Facebook is, by providing a security function, but would like to address these threats, in setting the security function, the security function of the user's convenience is not considered a properly there is a problem that is not in use. Thus, in this paper, on the basis of the information obtained via the cogTool, on Facebook security features, the user experience by presenting a method that can be quantitatively measured by this, the user convenience It classifies about Facebook security features to decrease.

An Analysis of Security Threats and Security Requirements on the Designated PC Solution

  • Lee, Kyungroul;Lee, Sun-Young;Yim, Kangbin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.5
    • /
    • pp.29-39
    • /
    • 2017
  • In this paper, we analyse security threats and security requirements about the designated PC solution which restricts usable PCs that are only an user own PCs or a registered PC for online banking or very important services. Accordingly, causable threats of the designated PC solution are classified a process, a network layer, a software module, and an environment of platform, and we draw security requirements based on analysed security threats. Results of this research are considered utilization of criteria for improving security of the designated PC solution and standards for giving hint of imposition of the designated PC solution.

모바일 환경의 사용자 인증 기법에 대한 usable security 연구 동향

  • Kim, Seungyeon;Kwon, Taekyoung
    • Review of KIISC
    • /
    • v.28 no.1
    • /
    • pp.22-28
    • /
    • 2018
  • 패스워드, PIN, 패턴 락, 지문 인증 등은 현재 가장 널리 사용되고 있는 모바일 장치의 사용자 인증 수단이다. 그러나 사용자가 기억의 편의성을 위해 쉬운 패스워드를 반복 사용한다는 것은 널리 알려진 사실이며 이를 보완하기 위해 개발된 그래픽 패스워드, 또는 지문 등 생체 인증은 사용성 개선을 이루어냈으나 여전히 사용성, 안전성에서 많은 취약점이 보고되고 있다. 본 논문에서는 모바일 장치에서의 인증 기법에 관한 연구동향을 살펴보고 분석한다.

A survey and categorization of anomaly detection in online games (온라인 게임에서의 이상 징후 탐지 기법 조사 및 분류)

  • Kwak, Byung Il;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.5
    • /
    • pp.1097-1114
    • /
    • 2015
  • As the online game market grows, illegal activities such as cheating play using game bots or game hack programs, running private servers, hacking game companies' system and network, and account theft are also increasing. There are various security measures for online games to prevent illegal activities. However, the current security measures are not enough to prevent all highly evolving game attacks and frauds. Some security measure can do harm game players usability, game companies need to develop usable security measure that is well fit to game genre and contents design. In this study, we surveyed the recent trend of various security measure applied in online games. This research also classified illegal activities and their related countermeasure for detection and prevention.

A Study on Privacy by Design and Usable Security for Biometric Authentication (생체인증을 위한 프라이버시 중심 설계와 보안사용성에 대한 연구)

  • Moon, Jung-Hyun;Kim, Ye-Eun;Choi, Su-Bin;Lee, Il-Gu
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2021.11a
    • /
    • pp.305-308
    • /
    • 2021
  • 최근 편리하고 안전한 생체인증 기술이 핀테크 서비스의 필수 구성요소가 되고 있다. 그러나 생체인증의 보안성과 정확도 향상을 위해 많은 양의 생체 정보를 활용한다면 연산과정이 복잡해져서 속도 저하와 개인정보 유출 가능성이 높아지고, 실시간성을 제공하기 위해 생체 정보의 일부만 샘플링하여 활용하는 경우에는 보안성과 정확도가 열화되는 Trade-off 문제가 있다. 종래의 생체인증 기술은 메타데이터를 이용한 필터링의 경우 데이터 간의 상관성이 고려하지 않아서 개인정보보호와 사용자 편의성에 한계가 있었다. 본 연구에서는 상관성 높은 데이터를 활용하여 프라이버시 중심의 생체인증 설계와 보안사용성을 향상시키는 방안을 제안한다.

Enhanced Knock Code Authentication with High Security and Improved Convenience

  • Jang, Yun-Hwan;Park, Yongsu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.9
    • /
    • pp.4560-4575
    • /
    • 2018
  • Since smartphone contains various personal data, security is one of the important aspects in smartphone technologies. Up to now, various authentication techniques have been proposed to protect smartphones. The pattern lock on the Android system is one of the most widely used authentication methods for low-cost devices but it is known to be vulnerable to smudge attack or shoulder surfing attack. LG's smartphone uses its own technique, which is called "Knock Code." The knock code completes the authentication by touching the user defined area in turn on the screen. In this paper, we propose the new, enhanced version of knock code by adding the sliding operation and by using flexible area recognition. We conducted security analysis, which shows that under the same password size, the search space is overwhelmingly larger than the original algorithm. Also, by using the sliding operation, the proposed scheme shows resilience against smudge attacks. We implemented the prototype of our scheme. Experimental results show that compared with the original Knock Code and Android pattern lock, our scheme is more convenient while providing better security.

A Design and Security of One Card System using Smart Card (스마트카드를 이용한 원카드 시스템의 설계 및 보안)

  • Lee, Dae-Sik;Yun, Dong-Sic;Ahn, Heui-Hak
    • Convergence Security Journal
    • /
    • v.5 no.2
    • /
    • pp.57-63
    • /
    • 2005
  • According to rapid development of computer and wired-wireless internet, information exchange of networking is growing. Also according as size of industry related e-commerce is bigger, it is Required the necessity of convenient user authentication system. So, the study of new authentication method to have a security and convenience is progressing systematically. Smart card of new authentication method overcome problem of established scheme. So it prospect that will be replaced One Card to have a high security and multi-function. In this papar, we suggest about the implementation of One Card System that the security of smart card and usable in all fields.

  • PDF

Study on APT Penetration Analysis and Plan of Reaction for Secure XaaS (안전한 XaaS 구현을 위한 APT 공격 분석과 대응방안에 관한 연구)

  • Lee, Sun Ho;Kim, DaeYoub
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.40 no.5
    • /
    • pp.841-850
    • /
    • 2015
  • XaaS (Everything as a Service) provides re-usable, fine-grained software components like software, platform, infra across a network. Then users usually pay a fee to get access to the software components. It is a subset of cloud computing. Since XaaS is provided by centralized service providers, it can be a target of various security attacks. Specially, if XaaS becomes the target of APT (Advanced Persistent Threat) attack, many users utilizing XaaS as well as XaaS system can be exposed to serious danger. So various solutions against APT attack are proposed. However, they do not consider all aspects of security control, synthetically. In this paper, we propose overall security checkup considering technical aspect and policy aspect to securely operate XaaS.