• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.889-903
• /
• 2015

As the number of recent information security incident occurrence increases, more and more workload and liability pressure are given to info-security professionals, which results in decrease of morale level of working groups in the field. In order to solve this problem, Korean government is providing various action plans to improve the morale level of info-security professionals, and also requiring financial companies to submit its own action plan of increasing morale of info-security professionals to Financial Service Agency. For this study, based on the previous studies and relevant professionals' interviews, we selected 16 critical morale increase variables, and performed survey for empirical analysis. As a result, 3 features; role, system, and relationship were presented as the main factor of morale increasement of info-security professionals. This study also suggests a decision making method of utilizing the developed morale measurement model for individual organizations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.95-108
• /
• 2011

Smart Grids are intelligent next generating Electric Power System (EPS) that provide environment-friendliness, high-efficiency, and high-trustworthiness by integrating information and communication technology with electric power technology. Smart grids help to supply power more efficiently and safely than past systems by bilaterally exchanging information between the user and power producer. In addition, it alleviates environmental problems by using renewable energy resources. However, smart grids have many cyber security risks because of the bilateral service, the increase of small and medium-sized energy resources, and the installation of multi-sensors or control devices. These cyber risks can cause critical problems within a national grid through even small errors. Therefore, in order to reduce these risks, it is necessary to establish a cyber security strategy and apply it from the developmental stage to the implementation stage. This thesis analyzes and recommends security strategy in order to resolve the security risks. By applying cyber security strategy to a smart grid, it will provide a stepping-stone to creating a safe and dependable smart grid.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2001.05a
• /
• pp.64-76
• /
• 2001

In this paper, A simple image hologram encryption and decryption technique based on the principle of interference are proposed. The technique using the photorefractive material for getting a stable interference pattern is also proposed. And combine these two techniques, I would like to implement a stable optical information security system. In the encrypting process, I would generate binary phase hologram which can reconstruct original image perfectly, and regard this hologram as original image to be encrypted image. And then the hologram is encrypted as randomly generated binary phase image. Reference image is also generated from the encrypted image by applying interference rule. In the decrypting process, I can get a interference intensity by interfering the reference image and the encrypted image in the interferometer. and transform inferference intensity information into phase information. I recover original image by inverse Fourier transforming the phase information. In this process, the intensity information generated by interference of two images is very sensitive to external vibrations. So, I would like to get a stable interference using the characteristic of SPPCM(self pumped phase conjugate mirror) in photorefractive materials, especially BaTiO₃.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.5
• /
• pp.25-33
• /
• 2005

We propose a method to protect the tag's information from illegal reader in RFID system. In this method, a special tag called ownership tag makes intentionally collisions during singulation. By the forced collision of an ownership tag a reader can obtain the information of ordinary tags. Whereas a reader can not find my information on tag's ID without the ownership tag.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.985-994
• /
• 2016

Since the inauguration of Defense Acquisition Program Administration(DAPA) in 2006, the national defense core technology research & development business has not only pertained to the weapons systems development but also to the improvement of the national science & technology capability via the acquisition of cutting-edge technologies. Furthermore, it has been closely related to the promotion of the defense industry and the mutual improvements of defense and civil technologies. The cyber warfare weapon system, a newly added national defense weapon system field since 2015, has become a promising weapon system branch for improving the national defense power as well as the national defense industry as shown in the case of Israel. By utilizing the existing result of the national defense core technology level, in order to establish the direction of technology planning of the cyber warfare weapon system, this paper analyzes the technology level and features of the cyber warfare weapon system in various aspects via comparisons with other weapons systems. The result of these analyses shows that the cyber warfare weapon system possesses a relatively high technology level due to the technology accumulation in the civilian sector while the relatively slow inclusion to the national weapons systems and the lack of the correspondence case regarding aggressive cyber responses in the defense sector yields a relatively low national rank. However, the technological gap between South Korea and the most advanced country in the field of cyber warfare technology is analyzed to be among the lowest, which indicates that with efficient and effective pursuits in terms of pthe weapons systems acquisitions as well as the core technologies research & development business, an outstanding cyber warfare capacity can be obtained in a short time.

• Journal of Internet Computing and Services
• /
• v.17 no.1
• /
• pp.91-99
• /
• 2016

A security system in Android OS adopts sandbox and an permission model. In particular, the permission model operates the confirmation of installation time and all-or-nothing policy. Accordingly, the Android OS requires a user agreement for permission when installing an application, however there is very low level of user awareness for the permission. In this paper, the current status of permission requirement within mobile apps will be discovered, and the key inspection list with an appropriate method, when a mobile service provider autonomously inspects the violation of least privilege around financial companies, and its usefulness will be explored.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.4C
• /
• pp.454-461
• /
• 2007

The next-generation computer is the ultra-lightweight mobile computer that communicates with peripheral handhold devices and provides dynamically the services appropriate to user. To provide the dynamic services on the ultra-lightweight mobile computer, security problem for user or computer system information should be solved and security mechanism is necessary for the ultra-lightweight mobile computing environment that has battery limit and low performance. In this paper, the security mechanism on the component based middleware for the ultra-lightweight mobile computer was implemented using RC-5 cipher algorithm and SHA-1 authentication algorithm. The security components are dynamically loaded and executed into the component based middleware on the ultra-lightweight mobile computer.

• Journal of Communications and Networks
• /
• v.12 no.6
• /
• pp.592-599
• /
• 2010

In recent years, significant improvements have been made to the techniques used for analyzing satellite communication and attacking satellite systems. In 2003, a research team at Los Alamos National Laboratory, USA, demonstrated the ease with which civilian global positioning system (GPS) spoofing attacks can be implemented. They fed fake signals to the GPS receiver so that it operates as though it were located at a position different from its actual location. Moreover, Galileo in-orbit validation element A and Compass-M1 civilian codes in all available frequency bands were decoded in 2007 and 2009. These events indicate that cryptography should be used in addition to the coding technique for secure and authenticated satellite communication. In this study, we address this issue by using an authenticated key-exchange protocol to build a secure and authenticated communication channel for satellite communication. Our protocol uses identity-based cryptography. We also prove the security of our protocol in the extended Canetti-Krawczyk model, which is the strongest security model for authenticated key-exchange protocols, under the random oracle assumption and computational Diffie-Hellman assumption. In addition, our protocol helps achieve high efficiency in both communication and computation and thus improve security in satellite communication.

• The Journal of Information Systems
• /
• v.14 no.3
• /
• pp.1-8
• /
• 2005

This paper formally defines a role-driven security and access control model of a business process in order eventually to provide a theoretical basis for realizing the secured business process management systems. That is, we propose a graphical representation and formal description of the mechanism that generates a set of role-driven security and access control models from a business process modeled by the information control net(ICN) modeling methodology that is a typical business process modeling approach for defining and specifying business processes. Based upon the mechanism, we are able to design and accomplish a secured business process management system that provides an unified resource access control mechanism of the business process management engine domain's and the application domain's. Finally, we strongly believe that the secured access control policies from the role-driven security and access control model can be easily transformed into the RBAC(Role-based Access Control) model that is a standardized security technology for computer and communications systems of commercial and civilian government organizations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.131-144
• /
• 2010

IT developed countries since the late 1980s are used to develop IT security evaluation criteria to ensure safety and reliability of information protection products. Currently a variety of products used for the evaluation based on CC and it takes a long period of product evaluation is required to reduce the developers and users. In this paper refer to the published standard evaluation schedule for the EAL4 calculation model offers a trial period. In addition, based on this commitment by adjusting the number of evaluaters to evaluate the applicant in the evaluation period to minimize the position offers.