• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.3
• /
• pp.63-69
• /
• 2001

Smartcard is highlighted as infrastructure that has an excellent security for executing functions such as user authentication, access control, information storage and control, and its market is expanding rapidly. But possibilities of forgery and alteration by hacking are increasing as well. This paper proposes a method to prevent card forgery and alteration using angular multiplexing and private key multiplexing method on optical encryption, and proposed a Public Key Infrastructure(PKI)-based authentication system combined with One-Time Password (OTP) for verification of forgery and alteration .

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.6
• /
• pp.91-98
• /
• 2009

In this paper, this model ensures confidentiality and integrity of mandatory access cotrol policy which based on fuzzy function with importance of information. And it solves authorization abuse problem through role graph creation algorithm and flowing policy that security grade is applied. Because this model composes role hierarchy which bind similar role concept to apply to commercial environment, it has expansile advantage by large scale security system as well as is easy that add new role.

• Annual Conference of KIPS
• /
• 2020.05a
• /
• pp.231-234
• /
• 2020

In the past few years, the industrial internet of things (IIoT) has received great attention in various industrial sectors which have potentially increased a high level of integrity, availability, and scalability. The increasing of IIoT is expected to create new smart industrial enterprises and build the next generation smart system. However existing IIoT systems rely on centralized servers that are vulnerable to a single point of failure and malicious attack, which exposes the data to security risks and storage. To address the above issues, blockchain is widely considered as a promising solution, which can build a secure and efficient environment for data storing, processing and sharing in IIoT. In this paper, we propose a decentralized, peer-to-peer platform for secure data storing in industrial IoT base on the ethereum blockchain. We exploit ethereum to ensure data security and reliability when smart devices store the data.

• Annual Conference of KIPS
• /
• 2021.11a
• /
• pp.1036-1039
• /
• 2021

산업제어시스템에 침해사고가 발생하여 서비스 제공이 중단될 경우 사회에 큰 혼란을 야기할 수 있기 때문에 주기적으로 내부 자산의 보안 수준을 관리하는 것은 매우 중요하다. 위 논문은 산업제어시스템 내부 자산의 보안성 확립을 위한 산업제어시스템 자산 유형별 보안성 평가 프로그램을 제안한다. 동일 자산 그룹에 따라 보안조치를 선별적으로 적용하고 신규 취약점을 지속적으로 파악하는 프로세스를 프로그램에 적용하여 제어시스템 보안 수준을 안정적으로 유지하는 사내 프로그램으로 활용될 수 있도록 한다.

• Annual Conference of KIPS
• /
• 2023.05a
• /
• pp.187-189
• /
• 2023

IoT(Internet of Things), 빅데이터, AI(Artificial Intelligence), 클라우드와 같은 ICT(Information and Communications Technology) 기술이 발전함에 따라 ICT와 제조기술이 융합된 스마트팩토리가 발전하고 있다. 이는 2개의 영역과 5개의 계층으로 구성되어 기타 환경들과 상이한 구조를 가지고 있으며, 각 영역·계층별 발생 가능한 보안위협도 상이하다. 또한, 각 영역과 계층이 연결됨에 따라 발생 가능한 보안위협이 증가하고 있으며, 이에 대한 효율적인 대응을 위하여 스마트팩토리 영역·계층별 환경을 고려한 대응체계 마련이 필요한 실정이다. 따라서, 본 논문에서는 스마트팩토리 영역·계층별 발생 가능한 보안위협을 분석하고, 이에 대응하기 위한 대응체계 도출 기법을 제안한다.

• International Journal of Computer Science & Network Security
• /
• v.22 no.8
• /
• pp.35-44
• /
• 2022

The Internet is extremely important to accomplish numerous items, from education to businesses and entertainment. Therefore, the quality of its performance must be efficient. Nowadays, there is a lack of information available for users to choose a suitable Internet service. What information is available might be insufficient, inaccurate, or regularly updated. Accordingly, there is a need to develop an electronic system that enables users to evaluate their current Internet service subscription. Several factors are used as evaluation criteria in the system that affect users' decisions. In this paper, a prototype of a design science research project is proposed to address a few objectives. First, it can help Internet service users in Saudi Arabia to make the best decision for themselves regarding Internet services subscriptions. Second, it can assist the Saudi government to seek one of the 2030 vision goals: the digital transformation that depends on having a good Internet connection. The proposed solution is a promising one that would help Internet service users to make the best decision for themselves and choose the best Internet service that fits their needs. A qualitative method has been used to evaluate the efficiency and the utility of the proposed system prototype. The results showed the extent of participants' acceptance of the Internet Service Evaluation System.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1189-1206
• /
• 2020

Recently, ICT companies do not directly design, develop, produce, operate, maintain, and dispose of products and services, but are outsourced or outsourced companies are increasingly in charge. Attacks arising from this are also increasing due to difficulties in managing vulnerabilities for products and services in the process of consignment and re-consignment. In order to respond to this, standards and systems for security risk management of ICT supply chain are being established and operated overseas, and various case studies are being conducted. In addition, research is being conducted to solve supply chain security problems such as Software Bill of Materials (SBOM). International standardization organizations such as ISO have also established standards and frameworks for security of ICT supply chain. In this paper, we presents ICT supply chain security management items suitable for domestic situation by comparing and analyzing ICT supply chain security standards and systems developed as international standards with major countries such as the United States and EU, and explains the necessity of cyber security framework for establishing ICT supply chain security system.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.78-87
• /
• 2009

An attribute-based signature scheme is a signature scheme where a signer's private key is associate with an attribute set and a signature is associated with an access structure. Attribute-based signature schemes are useful to provide anonymity and access control for role-based systems and attribute-based systems where an identity of object is represented as a set of roles or attributes. In this paper, we formally define the definition of attribute-based signature schemes and propose the first efficient attribute-based signature scheme that requires constant number of pairing operations for verification where a policy is represented as a disjunctive normal form (DNF). To construct provably secure one, we introduce a new interactive assumption and prove that our construction is secure under the new interactive assumption and the random oracle model.

• The Journal of Society for e-Business Studies
• /
• v.22 no.4
• /
• pp.39-51
• /
• 2017

In October 2016, the NFSA (National Financial Supervisory Authorities) revised the network separation clause of the Regulation on Supervision of Electronic Financial Activities in order to promote the Cloud Computing implementation in the financial sectors. The new regulation, however, limits the Cloud Computing usage to non-critical information and its processing system. Financial institutions that provide customer data analysis and personalized services based on personal data regard current revision as unchanged as before. The implementation of Cloud Computing has greatly contributed to cost reduction, business innovation and is an essential requirement in ever-changing information communication technology environment. To guarantee both security and reliability of the implementation of the Cloud Computing in financial sectors, a considerable amount of research and debate needs to be done. This paper examines current Cloud Computing policies in the Korean financial sector and the challenges associated with it. Finally, the paper identifies policy suggestions based on both European Union and United States' approach as they have successfully introduced Cloud Computing Services for their financial sectors.

• The Journal of Society for e-Business Studies
• /
• v.19 no.4
• /
• pp.119-134
• /
• 2014

Financial companies are providing electronic financial transactions through a variety of user terminals for non-face-to-face services such as Internet banking, smart phone banking, or etc. However, in these services users' security awareness and the limitations of technical responses has frequently caused the financial loss so that fundamental protection measures are required from financial authorities. Accordingly, financial industry is planning and establishing systems that block unusual financial transactions by comprehensively analyzing and detecting user's electronic information, access information, transaction information, and so on in accordance with "Guide for building Unusual financial transactions detection system" to prevent the financial loss that happens in electronic financial transactions. In this paper, we analyze case studies of unusual financial transactions detection and prevention system that is built and operated in financial companies and current operating status and propose effects of the accident prevention and security measures later.