• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1079-1090
• /
• 2014

Data mining is a technique to get the useful information that can be utilized for marketing and pattern analysis by processing the data that we have. However, when we use this technique, data provider's personal data can be leaked by accident. To protect these data from leakage, there were several techniques have been studied to preserve privacy. Vertically partitioned data is a state called that the data is separately provided to various number of user. On these vertically partitioned data, there was some methods developed to distinguishing kth element and (k+1) th element by using score. However, in previous method, we can only use on two-party case, so in this paper, we propose the extended technique by using paillier cryptosystem which can use on multi-party case.

• Journal of Platform Technology
• /
• v.9 no.1
• /
• pp.46-57
• /
• 2021

Recently, research has been actively conducted to utilize blockchain technology in various fields. In particular, blockchain-based smart contracts are applied to various automation systems that require reliability as they have the characteristics of recording data in a distributed ledger environment to verify the integrity and validity of data. However, blockchain does not provide data access control and information security because data is shared among network participants. In this paper, we propose a user dynamic access control mechanism utilizing smart contracts in blockchain environments. The proposed mechanism identifies the user's contextual information when accessing data, allocating the user's role and dynamically controlling the data access range. This can increase the security of the system and the efficiency of data management by granting data access dynamically at the time of user authentication, rather than providing the same services in roles assigned to each user group of the network system. The proposed mechanism is expected to provide flexible authentication capabilities through dynamic data access control by users to enhance the security of data stored within blockchain networks.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.21 no.9
• /
• pp.95-100
• /
• 2007

The importance of communication security is increased in the power industry. The representative communication network of power industry is the SCADA(Supervisory Control and Data Acquisition) systems. The SCADA system has been used for remote measurement and control in the power industry. Recently, many studies of SCADA network security have been carried out around the world. In this paper, we introduce recent security issues in the SCADA network and propose the application of a symmetric encryption method to the Korea SCADA network.

• Journal of the Korean Operations Research and Management Science Society
• /
• v.34 no.3
• /
• pp.155-163
• /
• 2009

We develop a probability model to evaluate information security investment portfolios. We assume that organizations install portfolios of information security countermeasures to mitigate the damage such as loss of the transaction being processed, damage of hardware and data, etc. A queueing model and Its expected value analysis are used to derive the lost cost of transactions being processed, the replacement cost of hardwares, and the recovery cost of data. The net present value for each portfolio is derived and organizations can select the optimal information security investment portfolio by comparing portfolios.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.119-126
• /
• 2021

The Internet of Things (IoT) applications are quickly spread in many fields. Blockchain methods (BC), defined as a distributed sharing mechanism, offer excellent support for IoT evolution. The BC provides a secure way for communication between IoT devices. However, the IoT environments are threatened by hacker attacks and malicious intrusions. The IoT applications security are faced with three challenges: intrusions and attacks detection, secure communication, and compressed storage information. This paper proposed a system based on double-blockchain to improve the communication transactions' safety and enhance the information compression method for the stored data. Information security is enhanced by using an Ellipse Curve Cryptography (ECC) considered in a double-blockchain case. The data compression is ensured by the Compressed Sensing (CS) method. The conducted experimentation reveals that the proposed method is more accurate in security and storage performance than previous related works.

• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.155-161
• /
• 2023

In the process of remarkable progress in the medical and technical field and activating the role of technology in health care services and applications, and since the safety of medical data and its protection from security violations plays a major role in assessing the security of health facilities and the safety of medical servers Thus, it is necessary to know the cyber vulnerabilities in health information systems and other related services to prevent and address them in addition to obtaining the best solutions and practices to reach a high level of cybersecurity against attackers, especially due to the digital transformation of health care systems and the rest of the dealings. This research is about what cyberattacks are and the purpose of them, in addition to the methods of penetration. Then challenges, solutions and some of the security issues will be discussed in general, and a special highlight will be given to obtaining a safe infrastructure to enjoy safe systems in return.

• International journal of advanced smart convergence
• /
• v.13 no.2
• /
• pp.69-79
• /
• 2024

AI technology is a central focus of the 4th Industrial Revolution. However, compared to some existing non-artificial intelligence technologies, new AI adversarial attacks have become possible in learning data management, input data management, and other areas. These attacks, which exploit weaknesses in AI encryption technology, are not only emerging as social issues but are also expected to have a significant negative impact on existing IT and convergence industries. This paper examines various cases of AI adversarial attacks developed recently, categorizes them into five groups, and provides a foundational document for developing security guidelines to verify their safety. The findings of this study confirm AI adversarial attacks that can be applied to various types of cryptographic modules (such as hardware cryptographic modules, software cryptographic modules, firmware cryptographic modules, hybrid software cryptographic modules, hybrid firmware cryptographic modules, etc.) incorporating AI technology. The aim is to offer a foundational document for the development of standardized protocols, believed to play a crucial role in rejuvenating the information security industry in the future.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.643-647
• /
• 2021

The use of data analysis on large volumes of data constitutes a challenge for deducting knowledge and new information. Data can be heterogeneous and complex: Semi-structured data (Example: XML), Data from social networks (Example: Tweets) and Factual data (Example: Spreading of Covid-19). In this paper, we propose a generic multidimensional model in order to analyze complex data, according to several dimensions.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.109-116
• /
• 2009

In the paper, we designed an automatic security diagnostic evaluation System(SeDES) based on a security diagnostic evaluation model(SeDEM) for an organization's security assurance. The SeDEM evaluates a security level of an organization quantitatively by a security evaluation formula which is composed of security variables and security index as applying the statistical CAEL model for evaluate risk level of banks. The SeDES has a good expandability as changing security variables according to an organization scale, characteristics and so on. And it also has a excellent usage because it inputs only numeric data got from statistical technique to security index. We can understand more a security level correctly than the existent risk assessment system because it is possible to assess quantitatively with an security grade as well as score. analysis.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.4
• /
• pp.1-10
• /
• 2021

The purpose of the study is to contribute to the positive development of blockchain technology by providing data to examine security vulnerabilities and threats to blockchain-based services and review countermeasures. The findings of this study are as follows. Threats to the security of blockchain-based services can be classified into application security threats, smart contract security threats, and network (P2P) security threats. First, application security threats include wallet theft (e-wallet stealing), double spending (double payment attack), and cryptojacking (mining malware infection). Second, smart contract security threats are divided into reentrancy attacks, replay attacks, and balance increasing attacks. Third, network (P2P) security threats are divided into the 51% control attack, Sybil attack, balance attack, eclipse attack (spread false information attack), selfish mining (selfish mining monopoly), block withholding attack, DDoS attack (distributed service denial attack) and DNS/BGP hijacks. Through this study, it is possible to discuss the future plans of the blockchain technology-based ecosystem through understanding the functional characteristics of transparency or some privacy that can be obtained within the blockchain. It also supports effective coping with various security threats.