• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.17-22
• /
• 2023

Traditional authentication systems typically involve users entering their username and password into a centralized identity management system. To address the inconvenience of such authentication methods, a decentralized identity authentication system based on Distributed Identifiers(DID) is proposed, utilizing decentralized identity technology. The proposed system employs QR code scanning for login, enhancing security through the use of blockchain technology to ensure the uniqueness and safety of user identities during the login process. This system utilizes DIDs and integrates the InterPlanetary File System(IPFS) to securely manage organizational members' identity information while keeping it private. Using the distributed identity authentication system proposed in this study, it is possible to effectively manage the security and personal identity of organization members. To improve the usability of the system proposed in this study, research is needed to expand it into a solution.

• Annual Conference of KIPS
• /
• 2003.05c
• /
• pp.1981-1984
• /
• 2003

최근에 유포되고 있는 악의적인 소프트웨어로 Melissa와 Love letter와 같은 전자우편 바이러스가 있는데, 이들은 단순히 전자우편을 열기 만해도 메일 주소록에 등록된 모든 사용자에게 자신을 유포함으로써 막대한 피해를 유발시킨다 본 논문에서는 메일 주소 변형모듈 및 복원모듈을 전자우편 송신부에 추가 도입함으로써 전자우편 바이러스에 의한 바이러스 전파를 차단하는 시스템을 제안한다. 변형모듈은 송신자 행위에 의해서만 수행되어 수신자의 메일 주소를 변형하며, 복원모듈은 송신부의 서버 단에서 전자우편 전송 시마다 수행되어 역변형 과정을 거쳐 메일 주소를 복구한다. 변형모듈은 전자우편 바이러스에 의해서는 실행되지 않도록 구현되며, 전자우편 수신부에서는 추가로 하는 작업이 전혀 없다. 제안한 시스템에서는 새로운 전자우편 바이러스 공격에 대응하기 위해서, 다형성(polymorphism) 기법도 적용한다.

• Annual Conference of KIPS
• /
• 2003.11c
• /
• pp.1815-1818
• /
• 2003

인터넷 사용의 급증으로 통신망 관리와 정보보호 시스템에 대한 연구 개발이 급속히 이루어지고 있으며, 정보보호를 위한 시스템이 개별적으로, 구축하고 있다. 구축된 정보보호 시스템은 사설망과 WAN에서 독립적인 시스템으로 운영관리 되고 있는바, 사설망과 공중망 간의 통합적인 정보보호 관련 정보공유의 부재 및 상호 호환성이 없는 실정으로 사이버 테러와 효율적인 정보보호 관리에 능동적인 대처를 하지 못하고 있다. 본 논문에서는 정책 기반의 방화벽, IDS, 라우터 등의 정보보호 시스템에서 보안정책 정보를 공유하여, 보안 시스템을 손쉽게 제어관리 가능한 보안정책 정보모델을 제시하였으며, UML를 사용하여 보안정책 객체들 간의 접속과 정보공유 모델을 확인하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.221-222
• /
• 2014

This paper suggests that confidentiality and integrity of information should be guaranteed when transmitting and storing important information in encryption. Encryption should consider both one-way encryption and two-way one and that encryption key should assure security.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.59-68
• /
• 2020

In January 2020, the National Assembly passed the revisions of three bills which ease regulations on the use of personal information. The revised laws include the launch of an independent supervisory body, the arrangement of redundant regulations, and regulations for the development of the data economy. This paper analyzes the content and meaning of each law of the Three Revised Bills that Ease Regulations on the Use of Personal Information. And the future challenges outline three aspects: the establishment of a system to ensure the right to informational self-determination of privacy concerns, the establishment of a certification system and the presentation of reasonable guidelines, and the expectation of professional performance by the Personal Information Protection Commission.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.4
• /
• pp.143-156
• /
• 2023

The domestic threat information sharing system to deal with various security threats in the rapidly changing cyber environment needs to be improved. In this study, to solve these problems and promote the activation of threat information sharing, we derive a research model based on the value-based containment model (VAM) for vital factors in information sharing. After conducting a Ricardian 5-point survey on a total of 204 individuals, the statistical results of the first 151 individuals were analyzed using SPSS and AMOS, and the statistical results of the second 204 individuals were analyzed using R-Studio. As a result, perceivability was found to have a significant impact as a core factor in the activation of cyber threat information sharing (β=0.405, p<0.01), and the hindrance factor was analyzed as innovation resistance (β=-0.152, p<0.01). Microscopically, the obtained results can be applied to factor analysis for activating information sharing of cyber threats by companies in the future, and macroscopically, they can contribute to the foundational development of a national cyber threat response system.

• Journal of Multimedia Information System
• /
• v.8 no.1
• /
• pp.35-44
• /
• 2021

The Myanmar rice cycle's existing system is still relying on a third party to manage every rice data information from several organizations. It is inconvenient to supervise simultaneously due to the unreliability of information provided by organizations. Thus, the rice cycle's original data is challenging to be utterly trusted since irresponsible parties can manipulate the current state of information. Moreover, the applied system does not preserve a proper incentive for the involved parties. In this paper, we leverage the Ethereum blockchain to be adopted to tackle the aforementioned issues. The main objective is to build trust between parties in the Myanmar rice cycle system. Our proposed scheme allows customers to check and trace information about the rice cycle information without worrying about the integrity of the data. Furthermore, the authorized parties are also rewarded by the government through Ethereum smart contract features. Eventually, our scheme achieves traceability in the rice chain system and leads to the complete digitization and automation of the rice cycle information.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.41-49
• /
• 2017

According to a research by global IT market research institute IDC, CSIM(Converged Security Information Management) market of Korea was estimated to be 1.7 trillion KRW in 2010, and it has grown approximately 32% every year since. IDC forcasts this size to grow to 12.8 trillion KRW by 2018. Moreover, this case study exemplifies growing importance of CSIM market worldwide. Traditional CSIM solution consists of various security solutions(e.g. firewall, network intrusion detection system, etc.) and devices(e.g. CCTV, Access Control System, etc.). With this traditional solution, the the data collected from these is used to create events, which are then used by the on-site agents to determine and handle the situation. Recent development of IoT industry, however, has come with massive growth of IoT devices, and as these can be used for security command and control, it is expected that the overall amount of event created from these devices will increase as well. While massive amount of events could help determine and handle more situations, this also creates burden of having to process excessive amount of events. Therefore, in this paper, we discuss potential events that can happen in CSIM system and classify them into 3 groups, and present a model that can categorize and process these events effectively to increase overall efficieny of CSIM system.

• Journal of Convergence for Information Technology
• /
• v.10 no.3
• /
• pp.1-6
• /
• 2020

Information System is influenced by the innovation of new IT. Therefore, IS should response to external environment's changes quickly. Particularly, resilience should be considered in barriers of IS. This study suggests a new information system evaluation model in which resilience is added to the existing factors of Delone and Mclean. Then the effect of resilience is evaluated through the DEA(Data Envelopment Analysis) based on a survey targeting 115 users of a mid-sized manufacturing company. The results show that the effect of resilience is stronger than any other factors in the previous researches. We, thus, suggest that the resilience should be included as an evaluation factor of the ISO27001 information security standard in order to enhance the absorptive capacity of the information system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.211-224
• /
• 2015

Financial companies have invested a lot in their disaster recovery system and exercised training more than once a year to comply related laws and regulations. But massive PCs(Personal Computers) became disrupted simultaneously and it took a lot of time to recover massive PCs concurrently when March 20 cyber attack occurred. So, it was impossible to meet the tartgeted business continuity level. It was because the importance of PC recovery was neglected compared to other disaster recovery areas. This study suggests the measure to recover massive branch terminal PCs of financial companies simultaneously in cost-effective way utilizing the existing technology and tests recovery time. It means that in the event of disaster financial companies could recover branch terminal PCs in 3 hours which is recommended recovery time by regulatory body. Other financial companies operating similar type and volume of branches would refer to the recovery structure and method proposed by this study.