• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.139-147
• /
• 2011

More convenient and value-added application services can be provided to user in case of using location-based service on Smart phone. However, privacy problem will be happen when an application disclosures the personal location information. Therefore, each user should securely control and manage his own personal location information by specifying access control list and profiles. In this study, we implemented personal location information self-control protocol and developed secure personal location management system with OTP based authentication procedure.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.1
• /
• pp.137-142
• /
• 2014

Industrial control system (ICS) is a computer based system which are typically used in nation-wide critical infra-structure facilities such as electrical, gas, water, wastewater, oil and transportation. In addition, ICS is essentially used in industrial application domain to effectively monitor and control the remotely scattered systems. The highly developed information technology (IT) and related network techniques are continually adapted into domains of industrial control system. However, industrial control system is confronted significant side-effects, which ICS is exposed to prevalent cyber threats typically found in IT environments. Therefore, cyber security vulnerabilities and possibilities of cyber incidents are dramatically increased in industrial control system. The vulnerabilities that may be found in typical ICS are grouped into Policy and Procedure, Platform, and Network categories to assist in determining optimal mitigation strategies. The order of these vulnerabilities does not necessarily reflect any priority in terms of likelihood of occurrence or severity of impact. Firstly, corporate security policy can reduce vulnerabilities by mandating conduct such as password usage and maintenance or requirements for connecting modems to ICS. Secondly, platfom vulnerabilities can be mitigated through various security controls, such as OS and application patching, physical access control, and security software. Thirdly, network vulnerabilities can be eliminated or mitigated through various security controls, such as defense-in-depth network design, encrypting network communication, restricting network traffic flows, and providing physical access control for network components.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.2 s.46
• /
• pp.93-102
• /
• 2007

Firewall system is a security system for protect the network and is needed for constructing the trusted network. However, these firewall systems deteriorate the performance of whole network in about 60% because of Inefficiency policy establishment and unnecessary traffic occurrence. Therefore, there is a strong needs to establish the network performance elevation, efficient operation and reassignment of the firewall system. In this dissertation, we will analyze how each functionalities of the firewall system affect to the network performance via using a simulation result according to functionality of the firewall system and propose a exclusive firewall system for the efficient network operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.999-1007
• /
• 2018

To implement crowdsensing system in reality, trustiness between service provider server and user is necessary. Service provider server could manipulate the evaluation of sensing data to reduce incentive. Moreover, user could send a fake sensing data to get unjust incentive. In this paper, we adopt private blockchain on crowdsensing system, and thus paid incentives and sent data are unmodifiablely recorded. It makes server and users act as watcher of each others. Through adopting smart contract, our system automates sensing data evaluation and opens to users how it works. Finally, we show the feasibility of proposing system with performance evaluation and comparison with other systems.

• Journal of Information Processing Systems
• /
• v.15 no.3
• /
• pp.520-537
• /
• 2019

This paper proposes a system that can detect the data leakage pattern using a convolutional neural network based on defining the behaviors of leaking data. In this case, the leakage detection scenario of data leakage is composed of the patterns of occurrence of security logs by administration and related patterns between the security logs that are analyzed by association relationship analysis. This proposed system then detects whether the data is leaked through the convolutional neural network using an insider malicious behavior graph. Since each graph is drawn according to the leakage detection scenario of a data leakage, the system can identify the criminal insider along with the source of malicious behavior according to the results of the convolutional neural network. The results of the performance experiment using a virtual scenario show that even if a new malicious pattern that has not been previously defined is inputted into the data leakage detection system, it is possible to determine whether the data has been leaked. In addition, as compared with other data leakage detection systems, it can be seen that the proposed system is able to detect data leakage more flexibly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.41-56
• /
• 2007

In this paper, we propose a specification-based intrusion detection system for WIPI(Wireless Internet Platform for Interoperability). In proposing the system, we focused on providing lightweight code, supporting multiple languages and hardware independence. The proposed system is based on an algorithm which detects an intrusion to main API of WIPI-HAL(Handset Adaptation Layer) and defines the prototype of mIDS(mobile IDS) API group that it can be added on the HAL. Moreover, we prove apply possibility through a WIPI emulator using java library.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.91-99
• /
• 2003

In this paper, we analyze the current trading systems and suggest two secure electronic trading systems that make a fair exchange for online game items. The system is made up for the weak points in the current item trading system. In the proposed system, a game server issues a certificate each item on the user's request. On the one hand, this certificate is used to recover the item when the system error is occured. On the other hand, the user may exchange it with another item or cyber money. The proposed system supports private and reliable trading. Further, the trading can be completed only by online processing.

• The Journal of the Korea Contents Association
• /
• v.20 no.5
• /
• pp.11-22
• /
• 2020

The academic credit banking system is an educational system to implement a lifelong learning society. Students who meet the requirements of this system can achieve academic degrees equivalent to those of junior colleges or four-year universities. Credits and degree information of these students are recorded and managed by the central institution. However, this system can cause security problem such as hacking due to centralized management. In this paper, we propose an academic credit banking system which can manage credits and degree information based on blockchain technology. In the proposed system, credits and degree information are stored in block and managed in the public ledger in a permanent manner. Blocks are connected in the form of blockchain on a distributed network to improve security problems such as hacking and manipulation. Also, the efficiency of credit bank management can be increased because the functions of the central institution are distributed to the network participants. The prototype of the proposed system was implemented on the Go-Ethereum platform and experimentally verified the blockchain information among participating organizations using smart contracts.

• Journal of Korean Society for Geospatial Information Science
• /
• v.17 no.2
• /
• pp.123-131
• /
• 2009

The telecommunication technology in the 21st century has come up to the standard which could transmit various spatial information by means of on-line and the printing technology using computers has been on a par with presswork in quality. In addition, map users also would like to get various spatial information through on-line directly or indirectly. None the less, the supply system of national base map in our country has maintained the off-line sales method. It is owing to this reason that the nation's supply system has shown a high degree of inefficiency from the viewpoint of the inventory control, rapidity, and economical efficiency as compared with the on-line sales system in the developed countries. This study tried to analyze some problems of the present supply system in order to build up the foundation of the efficient map supply system and also developed the system such as On-demand maps, on-line paying and sales, inventory control, meta dat establishment, and security module, etc. This study tried to analyze some problems of the present supply system in order to build up the foundation of the efficient map supply system and also developed the system such as On-demand maps, on-line paying and sales, inventory control, meta dat establishment, and security module, etc.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.199-206
• /
• 2021

Rhetorical relations between two text fragments are essential information and support natural language processing applications such as Question - Answering (QA) system and automatic text summarization to produce an effective outcome. Question - Answering (QA) system facilitates users to retrieve a meaningful response. There is a demand for rhetorical relation based datasets to develop such a system to interpret and respond to user requests. There are a limited number of datasets for developing an Arabic QA system. Thus, there is a lack of an effective QA system in the Arabic language. Recent research works reveal that unsupervised learning can support the QA system to reply to users queries. In this study, researchers intend to develop a rhetorical relation based dataset for implementing unsupervised learning applications. A web crawler is developed to crawl Arabic content from the web. A discourse-annotated corpus is generated using the rhetorical structural theory. A Naïve Bayes based QA system is developed to evaluate the performance of datasets. The outcome shows that the performance of the QA system is improved with proposed dataset and able to answer user queries with an appropriate response. In addition, the results on fine-grained and coarse-grained relations reveal that the dataset is highly reliable.