• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.951-958
• /
• 2021

With the growing cyber threat to information assets, it has become important to share threat information quickly. This paper examines the sharing of cyber threat information and presents a method to determine the importance of threat indicators in the information sharing market by calculating weights. The analysis was conducted using AHP techniques, with a pairwise comparison of the four factors(attacker & infected system indicators, role indicators, malicious file indicators, technique & spread indicators) and the details of each factor. Analysis shows that malicious file indicators are the most important among the higher evaluation factors and infected system IP, C&C and Smishing are the most important factors in comparison between detailed items. These findings could be used to measure the preference of consumers and the contribution of information provider for facilitating information sharing.

• Journal of Digital Convergence
• /
• v.17 no.3
• /
• pp.215-220
• /
• 2019

The block chain technology is a technique that prevents manipulation of data and ensures integrity and reliability. Ethereum is building a smart contract environment as a type of encryptionenabled system based on block chains. Smart contracts can be implemented when conditions are met, thus increasing confidence in digital data. However, smart contracts that are being tried in various ways are not covered by information security and personal information protection. The structure in which the network participant can view the open transaction ledger is exposed to data or personal information listed in the block chain. In this study, it is possible to manage the data of personal information recorded in the block chain directly. This study is protected personal information by preventing the exposure of personal information and by executing time code, it is possible to erase recorded information after a certain period of time has elapsed. Based on the proposed system in the future, it is necessary to study the additional management techniques of unknown code defects or personal information protection.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.19 no.1
• /
• pp.19-25
• /
• 2024

This paper proposes an artificial intelligence-based personal information area object detection optimization method in an embedded system to de-identify personal information in video data. As an object detection optimization method, first, in order to increase the detection rate for personal information areas when detecting objects, a gyro sensor is used to collect the shooting angle of the image data when acquiring the image, and the image data is converted into a horizontal image through the collected shooting angle. Based on this, each learning model was created according to changes in the size of the image resolution of the learning data and changes in the learning method of the learning engine, and the effectiveness of the optimal learning model was selected and evaluated through an experimental method. As a de-identification method, a shuffling-based masking method was used, and double-key-based encryption of the masking information was used to prevent restoration by others. In order to reuse the original image, the original image could be restored through a security key. Through this, we were able to secure security for high personal information areas and improve usability through original image restoration. The research results of this paper are expected to contribute to industrial use of data without personal information leakage and to reducing the cost of personal information protection in industrial fields using video through de-identification of personal information areas included in video data.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.87-93
• /
• 2007

We propose a mobile point-of-sale system, which consists of only mobile information terminals and personal computers. The proposed system provides most of functionalities related with resource planning, adminstration and management, provided by medium-scale or large-scale POS systems, with additional functionalities, such as automatic information gathering and management through mobile interconnection, while eliminating the necessity of additional special-purpose devices, such as bar-code systems. The proposed system transmits order information through wireless and wired communication lines, thus allowing real-time sharing of order information among diverse information devices, such as mobile order receiving terminals, main server within stores, monitors and printers located in production lines. Also, the system is able to transfer such detail information produced within stores in real-time to the enterprise-level accounting, sales, logistics, personnel management system, which facilitate enterprise-wide management and administrative decision-making. No additional programs are required for mobile terminals. Order information received by such terminals are entered into databases through web server of main server and that information is again transferred to main server and production line printers. The proposed system can handle all the point-of-sale information and can provide almost of the POS functionalities by simply utilizing wireless internet, personal computers, and mobile terminals without installing specific-purpose peripheral devices. The proposed system can be widely applied to the small-scale stores and will contribute in reducing construction and maintenance cost required for point-of-sale management.

• Journal of the Korean Society of Fisheries and Ocean Technology
• /
• v.45 no.3
• /
• pp.177-187
• /
• 2009

This paper describes a automatic video surveillance system(AVSS) with long range and 360$^{\circ}$ coverage that is automatically rotated in an elevation over azimuth mode in response to the TTM(tracked target message) signal of vessels tracked by ARPA(automatic radar plotting aids) radar. This AVSS that is a video security and tracking system supported by ARPA radar, CCTV(closed-circuit television) camera system and other sensors to automatically identify and track, detect the potential dangerous situations such as collision accidents at sea and berthing/deberthing accidents in harbor, can be used in monitoring the illegal fishing vessels in inshore and offshore fishing ground, and in more improving the security and safety of domestic fishing vessels in EEZ(exclusive economic zone) area. The movement of the target vessel chosen by the ARPA radar operator in the AVSS can be automatically tracked by a CCTV camera system interfaced to the ECDIS(electronic chart display and information system) with the special functions such as graphic presentation of CCTV image, camera position, camera azimuth and angle of view on the ENC, automatic and manual controls of pan and tilt angles for CCTV system, and the capability that can replay and record continuously all information of a selected target. The test results showed that the AVSS developed experimentally in this study can be used as an extra navigation aid for the operator on the bridge under the confusing traffic situations, to improve the detection efficiency of small targets in sea clutter, to enhance greatly an operator s ability to identify visually vessels tracked by ARPA radar and to provide a recorded history for reference or evidentiary purposes in EEZ area.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.7
• /
• pp.551-562
• /
• 2013

Current CCTV systems, which require continuous monitoring of the screens, have the limitation to detect and respond to the crime scenes in timely manner. Therefore, in recent years, the request for more intlligent surveillance system, with a ubiquitous sensor network, is increasing in order to behave more humanly fashions. Such systems require cllective data processing of the environments based on various sensors. In this article, we suggests a new paradigm based surveillance system which integrates PSD and dual PIR sensors. The proposed system evlves from a existing indoor intrusion detection system which can only identify the intrusion event to a better inteligent system with context awareness. We have conducted the various simulations in order to prove the effectiveness of the proposed system.

• The KIPS Transactions:PartD
• /
• v.13D no.1 s.104
• /
• pp.67-74
• /
• 2006

The security requirements identification in the software development has received some attention recently. However, previous methods do not provide clear method and process of security requirements identification. We propose a process that software developers can build application specific security requirements from state transition diagrams at the security threat location. The proposed process consists of building model and identifying application specific security requirements. The state transition diagram is constructed through subprocesses i) the identification of security threat locations using security failure data based on the point that attackers exploit software vulnerabilities and attack system assets, ii) the construction of a state transition diagram which is usable to protect, mitigate, and remove vulnerabilities of security threat locations. The identification Process of application specific security requirements consist of i) the analysis of the functional requirements of the software, which are decomposed into a DFD(Data Flow Diagram; the identification of the security threat location; and the appliance of the corresponding state transition diagram into the security threat locations, ii) the construction of the application specific state transition diagram, iii) the construction of security requirements based on the rule of the identification of security requirements. The proposed method is helpful to identify the security requirements easily at an early phase of software development.

• Journal of Digital Convergence
• /
• v.12 no.9
• /
• pp.219-223
• /
• 2014

In line with the advanced wireless communication technology, M2M (Machine-to-Machine) communication has drawn attention in industry. M2M communication features are installed and operated in the fields where human accessibility is highly limited such as disaster, safety, construction, health and welfare, climate, environment, logistics, culture, defense, medical care, agriculture and stockbreeding. In M2M communication, machine replaces people for automatic communication and countermeasures as part of unmanned information management and machine operation. Wireless M2M inter-device communication is likely to be exposed to intruders' attacks, causing security issues, which warrants proper security measures including cross-authentication of whether devices are legitimate. Therefore, research on multiple security protocols has been conducted. The present study applied SessionKey, HashFunction and Nonce to address security issues in M2M communication and proposed a safe protocol with reinforced security properties. Notably, unlike most previous studies arguing for the security of certain protocols based on mathematical theorem proving, the present study used the formal verification with Casper/FDR to prove the safety of the proposed protocol. In short, the proposed protocol was found to be safe and secure.

• Journal of Digital Convergence
• /
• v.15 no.8
• /
• pp.195-202
• /
• 2017

Unmanned Aerial Vehicles (UAV) have mostly been used for military purposes but with the progress in ICT and reduced manufacturing costs, they are increasingly used for various private services. UAVs are expected to carry out autonomous flying in the future. In order to carry out complex tasks, swarm flights are essential. Although the swarm flights has been researched a lot due to its different network and infrastructure from the existing UAV system, There are still not enough study on security threats and requirements for the secure swarm flights. In this paper, to solve these problems, UAV autonomous flight technology is defined based on US Army Corps of Engineers (USACE) and Air Force Research Laboratory (AFRL), and swarm flights and security threat about it are classified. And then we defined and compared security requirements according to security threats of each swarm flights so as to contribute to the development of secure UAC swarm flights in the future.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.1-9
• /
• 2015

Recently, with smart device proliferation and providing the various services using this, they have interested in mobile and Smart TV security. Smartphone users are enjoying various service, such as cloud, game, banking. But today's mobile security solutions and Study of Smart TV Security simply stays at the level of malicious code detection, mobile device management, security system itself. Accordingly, there is a need for technology for preventing hacking and leakage of sensitive information, such as certificates, legal documents, individual credit card number. To solve this problem, a variety of security technologies(mobile virtualization, ARM TrustZone, GlobalPlatform, MDM) in mobile devices have been studied. In this paper, we propose an efficient method to implement security technology based on TYPE-I virtualization using ARM TrustZone technology.