• Review of KIISC
• /
• v.2 no.1
• /
• pp.63-68
• /
• 1992

• Proceedings of the PSK Conference
• /
• 2001.04a
• /
• pp.245.2-245.2
• /
• 2001

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.29-34
• /
• 2023

KMS (Knowledge Management System) is used by various organizations to share information. This KMS includes important information as well as basic information used by each organization. To protect infortant information stored in KMS, many KMS use user identification and authentication features. In such a KMS security environment, if the account information of a user who can access the KMS is leaked, a malicious attacker using the account information can access the KMS and access all authorized important information. In this study, we propose KMS with user access control function that can protect important information even if user account information is leaked. The KMS with the user access control function proposed in this study protects the stored files in the KMS by applying an encryption algorithm. Users can access important documents by using tokens after logging in. A malicious attacker without a Token cannot access important files. As a result of checking the unit function for the target user access control function for effectiveness verification, it was confirmed that the access control function to be provided by KMS is normally provided.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.6 no.11
• /
• pp.585-594
• /
• 2016

Information system development projects are increasingly enlarging in size and are becoming more complex in the development environment. The traditional approaches for the development of information system, however, haven't shown the expected performances in the management for them and many researchers have been trying to find a new approach for overcoming this challenges. And one of the new approaches is the PMO and it is introduced to solve the problems of project management and the related organizational, technical, and administrative problems. This study attempted to find the efficient information system establishment plan. In particular, this study wants to research the practicality of PMO and the detailed utilization plans. As a result, this study proposes the structure of project implementation, the requirements, the direction of the basic system design, the scope of system development, and the budgeting for the systems. It is expected to contribute the successful implementation of the project.

• Journal of Digital Convergence
• /
• v.12 no.11
• /
• pp.299-307
• /
• 2014

N-Data Center which provide of cloud computing service for the Government departments, will be prepared transforming to cloud data center and transformed into an 'IT service' provided as a service to the information resources required by each department. N-Data center already provide a cloud service to the departments as maintains a high level of security, and plan to connecting with the private sector as a precondition of security. Therefore, in order to promote them effectively, it is necessary to determine the level of security in the cloud data center, and we have proposed appropriate measures. In this paper, we analyze security requirements of cloud data centers in developed countries and identify the leading private cloud data center security. In addition, we identify the N-data center security level, and analyzes the data center and private cloud gap and provide a transition strategy in terms of security finally.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1063-1075
• /
• 2019

In recent years, industrial automation has been established and WISN (Wireless Industrial Sensor Network) has been introduced for efficient system management. By introducing WISN, many engineering costs have been reduced and process processors have been optimized. And communication flow using wireless is increasing. An empirical study on industrial wireless sensor networks is actively conducted, but there are few security studies on them and they are exposed to such threats. If there is a problem with the standard of the wireless communication protocol itself, the device that is certified according to the standard may also be subject to security threats including problems. We analyze security functions and threats of ISA 100.11a and WirelessHART protocol stack based on standards. Procedures for distributing the security key are not provided or it is vulnerable using the Global Data Link key when the device enters the network. This paper presents the problems of the standard itself and presents the security requirements accordingly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.59-65
• /
• 2008

In security layer in the CDMA2000 1x EV-DO, a standard - C.S0024-a v2.0 is being accomplished under the project of 3GPP2(3rd Generation Partnership Project2). Therefore, a security device is needed to implement the security layer which is defined on the standard document for data transfer security between AT(Access Terminal) and AN(Access Network) on CDMA2000 1x EV-DO environment. This paper realizes the security layer system that can make safe and fast transfer of data between AT and AN. It could be applied to various platform environments by designing and implementing the Security Layer in the CDMA2000 1x EV-DO Security Layer to which applies C.S0024-A v2.0 of 3GPP2.

• Journal of Internet of Things and Convergence
• /
• v.9 no.2
• /
• pp.55-60
• /
• 2023

Recently, demand for cloud computing has increased and remote access due to home work and external work has increased. In addition, a new security paradigm is required in the current situation where the need to be vigilant against not only external attacker access but also internal access such as internal employee access to work increases and various attack techniques are sophisticated. As a result, the network security model applying Zero-Trust, which has the core principle of doubting everything and not trusting it, began to attract attention in the security industry. Zero Trust Security monitors all networks, requires authentication in order to be granted access, and increases security by granting minimum access rights to access requesters. In this paper, we explain zero trust and zero trust architecture, and propose a new cloud security system for strengthening access control that overcomes the limitations of existing security systems using zero trust and blockchain and can be used by various companies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.579-588
• /
• 2019

Industrial control systems consist of various physical devices such as sensors, actuators. Security Infringement such as waterworks facilities Remote Access Infringement and power control systems Infection have been occured by vulnerability of Access Control. Access control to physical devices must be fulfilled with a reliable system. However, Having a single access control system inside company can not guarantee reliability. In addition, when single access control is struggled with error or infringement, access control system is totally unavailable. so system requires a additional access control method or system. In this paper, we proposed access control mechanism for reliable and stable operation using blockchain and smart contract. Proposed Mechanism using trust score to consider resources to be consumed depending on each industrial environment in consideration of the industrial control system where availability is more important than integrity and confidentiality. Unlike other blockchain-based access control system, proposed system is designed for the currently operating industrial control system.

• International Journal of Computer Science & Network Security
• /
• v.21 no.4
• /
• pp.47-51
• /
• 2021

The article analyzes and studies that pedagogical design of the educational process using information and communication technologies in educational institutions of higher education based on the development of a model and methodology personalization of training will improve the quality of the educational process at the university and solve the identified contradiction. A qualitative analysis of foreign countries in the possibility of using information and communication technologies in educational institutions of higher education is carried out.