• Journal of the Korea Society of Computer and Information
• /
• v.16 no.2
• /
• pp.217-224
• /
• 2011

Existing wire based physical security system solutions show limitations in time and space. In order to solve these deficiencies, a remote physical security system has been implemented using smart phone based on mobile cloud computing technique. The security functions of mobile cloud computing technique include mobile device user authentication, confidentiality of communication, integrity of information, availability of system, and target system access control, authority management and secure hand off etc. Proposed system has been constructed as remote building management system using smart phone, and also has been efficient to reduce energy cost (5~30%), result of system average access and response time 7.082 second. This systems are evaluated to have high efficiency compared to performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.883-899
• /
• 2012

This study will propose the policy priorities of cyber information security by AHP(Analytic Hierarchy Process) survey. The policy categories for AHP survey consist in the foundation of information security and activity of information security(1st hierarchy). In the second hierarchy, the foundation of information security was classified into laws-system, human resources, h/w-s/w technology and sociocultural awareness. And the activity of information security was divided into infrastructure protection, privacy protection, related industry promotion, and national security. Information policy alternatives were composed of 16 categories in the third hierarchy. According to the AHP result, in the perspective of policy importance, the modification of related laws was the first agenda in the policy priority, better treatment of professionals was the second, and the re-establishment of policy system was the third. In the perspective of policy urgency, the re-establishment of policy system was the first item, the modification of related laws was the second, and better treatment of professionals is the third.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.85-94
• /
• 2014

Information Security Check System was Introduced in 2004, higher than in 2013, the effectiveness of Information Security Management System(ISMS) certification scheme was to unification. This is incident to the Internet affecting people's lives telecommunications service provider to target accountability because, considering the subject's duty selection criteria need to be clarified. however, Obligations under the current legislation, subject selection criteria applying the law itself is ambiguous, the result being a significant problem. Moreover, the regulatory system of certification systems subjects, although selection criteria should be clear and objectively not the obligation not to distrust the system itself and the subject was raised many issues for you. In this study, with SMART Technic in order to improve this certification you can easily determine whether a medical person authorized to develop a model for selection of medical subjects, The developed model is verified through empirical ways to improve the system by presenting the system to help, to secure the effectiveness.

• The Journal of Information Systems
• /
• v.22 no.4
• /
• pp.49-69
• /
• 2013

Recently, enterprises have reinforced security control in order to prevent infringement of personal information and abuse of customer information by insiders. However, the reinforcement of security control by enterprises makes it difficult for internal users to perform business by using a business information system. There is, therefore, a need for research on various fields, which makes it possible to establish an appropriate security control policy while minimizing an impact on business. The present research verifies and analyzes an impact on difficulty in business of internal users using customer information, which is caused by security control performed by display restriction on customer information identifiers. The present research is intended to academically develop a technique for statistically analyzing an impact degree and a causal relationship between security control and an impact on business, which is a dichotomous variable, and to practically contribute to the establishment of an efficient security policy in consideration of an impact on business when an enterprise applies security control. A research target was internal business information systems of domestic securities enterprises, data was collected by questionnaire, and verification/analysis was performed by logistic regression analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.463-478
• /
• 2024

The limitations of previous research on improving security vulnerabilities in power generation control systems were analyzed, and as an alternative, a cyber security information sharing model is proposed. Understanding the operational characteristics of power generation control systems, we examined the concepts and policies of cyber security information sharing, analyzing practical implementation cases. We presented effective policies and technological approaches that can be applied to power generation control systems, and their efficacy was verified through a model evaluation to validate their impact.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.6C
• /
• pp.893-900
• /
• 2004

While security traditionally has been an important issue in information systems, the problem of the greatest concern today is related to the availability of information and continuity of services. Since people and organizations now rely on distributed systems in accessing and processing critical services and mission, the availability of information and continuity of services are becoming more important. Therefore the importance of implementing systems that continue to function in the presence of security breaches cannot be overemphasized. One of the solutions to provide the availability and continuity of information system applications is introducing an intrusion tolerance system. Security mechanism and adaptation mechanism can ensure intrusion tolerance by protecting the application from accidental or malicious changes to the system and by adapting the application to the changing conditions. In this paper we propose an intrusion tolerance model that improves the developmental structure while assuring security level. We also design and implement an adaptive intrusion tolerance system to verify the efficiency of our model by integrating proper functions extracted from CORBA security modules.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.219-224
• /
• 2002

In this paper, after designing an efficient and secure Internet voting protocol (called as “votopia”) based on modified Ohkubo et. al.'s scheme [8] under Public Key Infrastructure (PKI), we have implemented this system and served via the Internet to select the Most Valuable Players and Best Goal Keepers of 2002 FIFA World Cup Korea/Japan$\^$TM/. The sketch of voting protocol, practical implementation and voting result arc described.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.287-290
• /
• 2006

디지털 기술의 발전으로 인해 원본과 동일한 품질을 가지는 디지털 콘텐츠의 무한한 복제가 가능할 뿐만 아니라 인터넷을 통해 전 세계 어디라도 전파될 수 있다. 이러한 디지털 콘텐츠의 불법복제에 따른 문제를 해결해 줄 수 있는 것이 바로 DRM(Digital Rights Management)이다. 하지만 현재의 DRM은 콘텐츠를 구매하여 License를 받은 최초의 디바이스에서만 사용이 가능하도록 설계 되어 있다. 이러한 방식은 콘텐츠를 구매한 사용자의 권리를 제한하는 것이다. 본 논문에서는 Home Network와 같은 특정 Domain영역 안에서만 콘텐츠의 사용이 가능한 DRM 시스템을 제안한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.791-794
• /
• 2006

컴퓨터의 정상적인 활동을 방해하는 공격행위는 네트워크로 연결된 컴퓨터를 기반으로 하는 사회 활동이 증가함에 따라 심각한 문제를 유발하고 있다. 하지만 기존의 네트워크 및 시스템공격에 대한 분류기법은 주로 공격자 입장에서 연구되어서 피해를 입은 시스템이 사용하기에는 부족하였다. 그래서 피해시스템 입장에서 공격을 정확히 분류하고 탐지할 수 있는 분류기법을 개발하는 것은 중요하다. 본 논문에서는 기존의 공격 분류방식을 분석하여 문제점을 발견한 후, 공격 분류방식이 가져야할 요구사항을 도출한다. 공격 분류기법의 요구사항을 만족하면서, 피해 시스템의 관리자가 공격에 대한 대책수립에 도움이 되는 공격 분류기법을 제안한다. 제안하는 분류기법은 공격방식에 따라 확장이 가능하므로 복합적 공격을 보다 정확하게 분류할 수 있다.

• 제어로봇시스템학회:학술대회논문집
• /
• 2001.10a
• /
• pp.59.1-59
• /
• 2001

The attackers on Internet-connected systems we are seeing today are more serious and more technically complex than those in the past. Computer security incidents are different from many other types of crimes because detection is unusually difficult. So, network security managers need a IDS and Firewall. IDS (Intrusion Detection System) monitors system activities to identify unauthorized use, misuse or abuse of computer and network system. It accomplishes these by collecting information from a variety of systems and network resources and then analyzing the information for symptoms of security problems. A Firewall is a way to restrict access between the Internet and internal network. Usually, the input ...