• Review of KIISC
• /
• v.28 no.1
• /
• pp.43-47
• /
• 2018

Textual passwords are widely used for accessing online accounts. Despite the problems of current textual passwords, research has shown that there is no other strong alternatives for a textual password due to its simplicity. There has been significant research to make passwords more secure and usable through password composition policies, password managers, password meters, and multi-factor authentications. In this paper, we focus on several key research that investigates and analyzes widely used password composition policies, and summarize the latest research which aims to improve current password composition policies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.503-509
• /
• 2019

Order-revealing encryption which enables a range query over encrypted data is attracting attention as one of the important security technologies in industry such as IoT, smart manufacturing, and cloud computing. In 2015, an ideally-secure order-revealing encryption whose ciphertexts reveal no additional information beyond the order of the underlying plaintexts has been proposed. However, their construction is too inefficient for practical use and some security analysis of multilinear maps, which their construction relies on, have been proposed. Recently, more practical schemes have been proposed, focusing on achieving practically usable efficiency rather than the ideal security. In this paper, we propose a more storage-efficient order-revealing encryption scheme than the Lewi et al.'s scheme most recently published by presenting an idea that can generate shorter ciphertexts without any security loss.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.127-130
• /
• 2022

The number of published journals, conferences, and research papers in computer science is increasing rapidly, which has led to a challenge in coming up with new and unique ideas for research. To alleviate the issue, this paper uses artificial neural networks (ANNs) to generate new computer science research ideas. It does so by using a dataset collected from IEEE published journals and conferences to train an ANN model. The results reveal that the model has a 14% success rate in generating usable ideas. The outcome of this paper has implications for helping both new and experienced researchers come up with novel research topics.

• The Journal of Asian Finance, Economics and Business
• /
• v.9 no.6
• /
• pp.11-21
• /
• 2022

The perspectives on aging women's financial security during their retirement years are based on their behavior, planning, and decision-making processes during their working years. Elderly women are considered vulnerable and have a longer life expectancy, lower-income, and limited financial understanding compared to males; therefore, drastic steps need to be taken to improve their financial stability and quality of life. The current study sought to determine the most important contributors to retired women's financial health by measuring the value of four factors/variables: capability, opportunity, willingness, and biopsychosocial. This study used a mixed model approach, with qualitative analysis in the first phase involving a focus group discussion session, a pilot analysis, and quantitative analysis for phase two involving the distribution and collection of questionnaires completed by retired women. The surveys were distributed across Malaysia in five distinct zones and yielded 339 usable replies to support the theory. The outcomes of the Multiple Regression Analysis in Malaysia revealed that capability, opportunity, and biopsychosocial factors are significant predictors of retired women's financial security, whereas the willingness indicator lacked statistical significance.

• The KIPS Transactions:PartD
• /
• v.13D no.1 s.104
• /
• pp.67-74
• /
• 2006

The security requirements identification in the software development has received some attention recently. However, previous methods do not provide clear method and process of security requirements identification. We propose a process that software developers can build application specific security requirements from state transition diagrams at the security threat location. The proposed process consists of building model and identifying application specific security requirements. The state transition diagram is constructed through subprocesses i) the identification of security threat locations using security failure data based on the point that attackers exploit software vulnerabilities and attack system assets, ii) the construction of a state transition diagram which is usable to protect, mitigate, and remove vulnerabilities of security threat locations. The identification Process of application specific security requirements consist of i) the analysis of the functional requirements of the software, which are decomposed into a DFD(Data Flow Diagram; the identification of the security threat location; and the appliance of the corresponding state transition diagram into the security threat locations, ii) the construction of the application specific state transition diagram, iii) the construction of security requirements based on the rule of the identification of security requirements. The proposed method is helpful to identify the security requirements easily at an early phase of software development.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.763-780
• /
• 2024

As the domestic and international landscape undergoes rapid changes, the importance of implementing security measures in response to the growing threats that businesses face is increasing. In this context, the need for Security by Design (SbD), integrating security from the early design stages, is becoming more pronounced, with threat modeling recognized as a fundamental tool of SbD. Particularly, to save costs and time by detecting and resolving security issues early, the application of the Shift Left strategy requires the involvement of personnel with limited security expertise, such as software developers, in threat modeling. Although various automated threat modeling tools have been released, their lack of user-friendliness for personnel lacking security expertise poses challenges in conducting threat modeling effectively. To address this, we conducted an analysis of research related to threat modeling tools and derived usability evaluation criteria based on the GQM(Goal-Question-Metric) approach. An expert survey was conducted to validate both the validity and objectivity of the derived criteria. We performed usability evaluations of three threat modeling tools (MS TMT, SPARTA, PyTM), and the evaluation results led to the conclusion that MS TMT exhibited superior usability compared to other tools. This study aims to contribute to the creation of an environment where personnel with limited security expertise can effectively conduct threat modeling by proposing usability evaluation criteria.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.69-80
• /
• 2022

Now that climate change and food resource security are becoming issues around the world, smart farms are emerging as an alternative to solve them. In addition, changes in the production environment in the primary industry are a major concern for people engaged in all primary industries (agriculture, livestock, fishery), and the resulting food shortage problem is an important problem that we all need to solve. In order to solve this problem, in the primary industry, efforts are made to solve the food shortage problem through productivity improvement by introducing smart farms using the 4th industrial revolution such as ICT and BT and IoT big data and artificial intelligence technologies. This is done through the public and private sectors.This paper intends to consider the minimum requirements for the smart farm data collection system for the development and utilization of smart farms, the establishment of a sustainable agricultural management system, the sequential system construction method, and the purposeful, efficient and usable data collection system. In particular, we analyze and improve the problems of the data collection system for building a Korean smart farm standard model, which is facing limitations, based on in-depth investigations in the field of livestock and livestock (pig farming) and analysis of various cases, to establish an efficient and usable big data collection system. The goal is to propose a method for collecting big data.

• International Commerce and Information Review
• /
• v.12 no.2
• /
• pp.133-158
• /
• 2010

Since 11 September 2001, the awareness of terrorists' actions has clearly risen. The potential threat of terrorists using containers poses a large risk to our economies and to our societies. In order to protect cargo from damage and terrorist threats, business and government turn to RFID and IC tags, and tradition container is replaced by IC smart container. In this study, presented application of IC tag and future tasks to Container transport by sea in viewpoint of security strengthening. First, realization and international SCM realization structural order that cover container supply chain whole of international standardization and association between industry are certainly needed. Second, it may have to try in technical development for IC tag Ratio that can read elevation moment develop suitable IC tag or reader in International Standard. Third, Need to establish concrete use policy as soon as possible in national dimension at the same time effort for international standard normalization of frequency. Finally, it shows to uses jointly with electron sealing and must solve problem about usable plan and information leak.

• Journal of Korea Multimedia Society
• /
• v.10 no.12
• /
• pp.1663-1670
• /
• 2007

One-way hash chains are important cryptographic primitives and have been used as building blocks of various cryptographic applications. Advantages of one-way hash chains are their simplicity and efficiency for generation based on low-powered processors with short time. However, a drawback of one-way hash chains is their difficulty of control to compute interval values of one-way hash chains. That is, when hash values in one-way hash chain are used as encryption keys, if one hash value is compromised, then the attacker can compute other encryption keys from the compromised hash value. Therefore, direct use of one-way hash chains as encryption keys is limited to many cryptographic applications, such as pay per view system and DRM system. In this paper, we propose a new concept which is called interval hash chain using a hash function. In particular, proposed hash chains are made for only computing interval hash values by using two different one-way hash chains. The proposed scheme can be applied to contents encryption scheme for grading and partially usable contents in DRM system.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.273-283
• /
• 2021

The aim of this paper is to review the current knowledge management (KM) practices and their importance in the public sector of Saudi Arabia. Using the term "knowledge management in public sector", a search for available works was done in Google Scholar. In the first stage, the search for literature published under anytime choice was done in the first 10 pages of the search engine. Then another nine pages of Goggle Scholar were searched for more recent works published setting the time as 2014 to 2018. The search yielded 37 usable works for this review. The results of this literature search and review indicated that out of the 37 works reviewed, only three works were related to Saudi Arabia. Number of papers on factors of KM were maximum, many of them giving diagrammatic presentation of their results. KM modelling itself is not easy as only very few papers on KM modelling were available. Problems of too much reliance on qualitative data and hypotheses not matching with the literature backgrounds for them were also found. Considering the works related to KM, the number of papers in various categories may indicate the dimensions of KM to be considered when KM is implemented or evaluated in any public sector of any country. This applies to Saudi Arabian public sector organizations also. There is a fertile ground of research waiting to be investigated by researchers in Saudi Arabia.