• Journal of KIISE:Databases
• /
• v.29 no.6
• /
• pp.417-428
• /
• 2002

XML(extensible Markup Language) is effective to information retrieval and sharing but has defects related to the data security. And, as a solution of this problem, the current XML security researches such as XML digital signature, XML data encryption, and XML access control exclude the validation property of XML document. The validation of XML should be considered for the secure information sharing in the XML-based environment. In this paper, we design and implement the system to support both security and validation to XML document. Our system performs data encryption and maintenance of valid status of XML document by referencing new XML schema namespace. In addition, it also provides the XML schema security function through the XML schema digital signature. During generating XML schema digital signature, DOMHash method which has the advantage of the faster speed than canonical XML method is applied to XML schema. In conclusion, our system shows the improved functions in flexibility, scalability, and reliability compared with the existing XML security researches.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1489-1497
• /
• 2018

Web application services have diversified. At the same time, research on intrusion detection is continuing due to the surge of cyber threats. Also, As a single-defense system evolves into multi-level security, we are responding to specific intrusions by correlating security events that have become vast. However, it is difficult to check the OS, service, web application type and version of the target system in real time, and intrusion detection events occurring in network-based security devices can not confirm vulnerability of the target system and success of the attack A blind spot can occur for threats that are not analyzed for problems and associativity. In this paper, we propose the validation of effectiveness for intrusion detection events using TF-IDF. The proposed scheme extracts the response traffics by mapping the response of the target system corresponding to the attack. Then, Response traffics are divided into lines and weights each line with an TF-IDF weight. we checked the valid intrusion detection events by sequentially examining the lines with high weights.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.67-70
• /
• 2014

Last was the main issue of financial security in the future will be more emphasis on security. Such as March 20, 2013 Computational crisis, June 25 Cyber terrorism information to credit card companies and customers due to carrier spill in Financial computational security measures 'released in 2014 and the financial authorities' customer information leakage prevention measures "were published the efforts to protect customers' information assets and ensure the stability of the financial transactions carried out by financial institutions protected status check "the information annually authorities This study business operations for the protection of information technology services for IT systems security equipment, data security operating services, security management services operations, operational management of IT systems security requirements from the point to the need for information security, IT systems administrator it would be great help.

• Journal of Internet Computing and Services
• /
• v.18 no.6
• /
• pp.75-84
• /
• 2017

As there has been growing interests in PHR-based personalized health management project, various institutions recently explore safe methods of recording personal medical and health information. In particular, innovative medical solution can be realized when medical researchers and medical service institutes can generally get access to patient data. As EMR data is extremely sensitive, there has been no progress in clinical information exchange. Moreover, patients cannot get access to their own health data and exchange it with researchers or service institutions. It can be operated in terms of technology, yet policy environment are affected by state laws as well as Privacy and Security Policy. Blockchain technology-independent, in transaction, and under test-is introduced in the medical industry in order to settle these problems. In other words, medical organizations can grant preliminary approval on patient information exchange by using the safely encrypted and distributed Blockchain ledger and can be managed independently and completely by individuals. More apparently, medical researchers can gain access to information, thereby contributing to the scientific advance in rare diseases or minor groups in the world. In this paper, we focused on how to manage personal medical information and its protective use and proposes medical treatment exchange system for patients based on a permissioned Blockchain network for the safe PHR operation. Trusted Model for Sharing Medical Data (TMSMD), that is proposed model, is based on exchanging information as patients rely on hospitals as well as among hospitals. And introduce medical treatment exchange system for patients based on a permissioned Blockchain network. This system is a model that encrypts and records patients' medical information by using this permissioned Blockchain and further enhances the security due to its restricted counterfeit. This provides service to share medical information uploaded on the permissioned Blockchain to approved users through role-based access control. In addition, this paper presents methods with smart contracts if medical institutions request patient information complying with domestic laws by using the distributed Blockchain ledger and eventually granting preliminary approval for sharing information. This service will provide an independent information transaction and the Blockchain technology under test will be adopted in the medical industry.

• Convergence Security Journal
• /
• v.12 no.2
• /
• pp.107-113
• /
• 2012

Recently, according to the establishment of personal information protection Act, the public and private organizations are taking a step to protect personal information rights and interests by employing the technical methods such as the access control mechanism, cryptography, etc. The result of the personal information leakage causes a serious damage for the organization image and also has to face with the responsibility by law. However, applying access control and cryptographic approach on the personal information item for every connection to large database system causes significant performance degradation in a large database system. In this paper, we designed and implemented the light weight system using JVM (Java Virtual Machine) for the Oracle DBMS environment which the concurrent transaction occurs many, thereby the proposed system provides the minimum impact on the system performance and meets the need of personal information protection. The proposed system was validated on the personal information protection system which sits on a 'A' public organization's portal site and personnel information management system.

• Journal of Platform Technology
• /
• v.11 no.5
• /
• pp.126-135
• /
• 2023

Demand for NFT is expanding along with Blockchain. And cyber security threats are also increasing. Therefore, this study derives security level inspection items by analyzing status related to NFT security such as NFT features, security threats, and compliance for the purpose of strengthening NFT security. Based on this, the relative importance was confirmed by applying it to the AHP model. As a result of the empirical analysis, the priority order of importance was found in the order of Security management system establishment and operation, encryption, and risk management, etc. The significance of this study is to reduce NFT security incidents and improve the NFT security management level of related companies by deriving NFT-related security level check items and demonstrating the research model. And If you perform considering relative importance of the NFT check items, the security level can be identified early.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.8
• /
• pp.1920-1925
• /
• 2009

'05. June, the first Internet banking accident occurred by the malignant cord. It discontinued security programs for protecting important financial informations. A computer hacker had made a collation of password, OTP(One Time Password) values etc and illegally withdraw one´s savings from the bank using the financial information. The attackers are continuously attempted with the hacking tool under bypass security programs as the vaccine program or the personal fire-wall. Therefore, an electronic financial system should be composed with the goal which is to protect financial informations from user's terminal to a banking server. In this paper, we make an analysis of menaces in electronic financial transactions and explain considerable security issues to enhance safety in Internet banking, CD/ATM and mobile banking.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.10
• /
• pp.2620-2631
• /
• 2012

In this paper, a rerouting-controlled ISL (Inter-Satellite link) handover protocol for LEO satellite networks (RCIHP) is proposed. Through topological dynamics and periodic characterization of LEO satellite constellation, the protocol firstly derives the ISL related information such as the moments of ISL handovers and the intervals during which ISLs are closed and cannot be used to forward packet. The information, combined with satellite link load status, is then been utilized during packet forwarding process. The protocol makes a forwarding decision on a per packet basis and only routes packets to living and non-congested satellite links. Thus RCIHP avoids periodic rerouting that occurs in traditional routing protocols and makes it totally unnecessary. Simulation studies show that RCIHP has a good performance in terms of packet dropped possibility and end-to-end delay.

• Journal of Korea Multimedia Society
• /
• v.13 no.12
• /
• pp.1843-1854
• /
• 2010

The utilization of underground space has recently increased with the complication of road, the rise of the land price, and the development of green technology. Underground space ranges from classical excavations to subway, underground cities, and shopping malls where there are crowds of people. At this time, government has spent a lot of money in installing various types of safety facilities for preparations of increasing potential disasters. Therefore, an effective facility management system is required. In this paper, we propose an information retrieval process to effectively extract the facilities' information based on the ontology and spatial analysis in underground space. The ontology-based searching supports hierarchical and associated results as well as knowledge sharing with hierarchy concepts. The spatial analysis based searching has "Buffer" and "Near" functions to operate on a map without understanding any property of the facility information.

• Knowledge Management Research
• /
• v.19 no.4
• /
• pp.119-131
• /
• 2018

In this paper, I research the issue of information security for medical information system of each parties. The outflow of the Personal medical information can lead to problems of medical systems and disadvantage to an individual. In this paper, we research the information security based on a blockchain. In addition, I have analyzed blockchain. I suggest a medical information system framework that can help to keep the privacy of patients by using a blockchain network. Also, In this paper try to explain using private blockchain for medical system. Blockchain can keep the integrity and transparency of the medical records. This research, shows how can build the private blockchain for medical records and how to get the integrity of Data from Private Blockchain and Distuributed Ledger Technology.