• Journal of Information Technology Services
• /
• v.15 no.4
• /
• pp.25-39
• /
• 2016

The drone is an unmanned aerial vehicle which has no human pilot. Drones can be classified into military drones, commercial drones, and personal drones by usage. Also, drones can be classified from large-sized to nano-sized drone by size and autonomous, remote controlled drone by control type. Especially, military drones can be classified into low-altitude drones, medium-altitude, and high-altitude drones by altitude. Recently, the drone industry is one of the fast growing industries in the world. As drone technologies have become more advanced and cost-effective, Korean government has set its goal to become a top-level country in drone business. However, the government's strict regulation for drone operations is one of the biggest hurdles for the development of the related technologies in Korea and other countries. For example, critical problems for drone delivery can be classified into technical issues and institutional issues. Technical issues include durability, conditional awareness, grasp and release mechanisms, collision avoidance systems, drone operating system. Institutional issues include pilot and operator licensing, privacy rules, noise guidelines, security rules, education for drone police. This study analyzes the trends of the drone industry from the viewpoint of technology and regulation. Also, we define the business areas of drone utilization. Especially, the drone business types or models for public sector are proposed. Drone services or functions promoting public interests need to be aligned with the business reference model of Korean government. To define ten types of drone uses for public sector, we combine the business types of government with the future uses of drones that are proposed by futurists and business analysts. Future uses of drones can be divided into three sectors or services. First, drone services for public or military sectors include early warning systems, emergency services, news reporting, police drones, library drones, healthcare drones, travel drones. Second, drone services for commercial or industrial services include parcel delivery drones, gaming drones, sporting drones, farming and agriculture drones, ranching drones, robotic arm drones. Third, drone services for household sector include smart home drones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.141-154
• /
• 2022

In the data economy era, various policies are being implemented to create an active data distribution environment. In South Korea, the formation of a big data distribution platform and data trading began with the launch of the Financial Data Exchange under public data governance. In the case of major advanced countries in the data field, they have built a data distribution environment based on the data broker industry for decades and have strengthened national data competitiveness through added values generated from the industry. However, behind the active data distribution through data brokers, there are numerous information security issues, which have resulted in various privacy issues and national security threats. These problems can occur sufficiently in the process of domestic financial data exchange. In our study, we analyzed various information security issues of data trading caused by data brokers and derived information security requirements to be considered when trading data. We verified whether information security requirements are well reflected in the information security policy for each transaction stage of the domestic financial data exchange. Based on the verification, measurements to strengthen information security for financial data exchange are presented in our paper.

• Korean Security Journal
• /
• no.53
• /
• pp.211-228
• /
• 2017

In May 2012, the police was empowered to electronically obtain location information of mobile devices from the telecommunication service provides for the purpose of rescue by the Act on the Protection, Use, ETC. of Location Information, after years of pressure with repeated serious violent crime outbreaks and controversy concerning the risk of breaching privacy. This study examines the environmental, legal, and technological challenges related to location tracking at the time of five years after the amendment of the law. The bottom line of police's locating power is to secure the lives of people in deadly emergent circumstance. Therefore, location tracking using given information should be swiftly proceeded after consideration and judgment of justification in timely manner to electronically request information to mobile carriers, and it is necessary to have somewhat flexibility of interpretation to be applied to diverse situation. In addition, location tracking technology should be continuously updated through cooperation with the stake-holders. Recognizing substantial problems in practice, we identified and explored the issues including obtaining prior consent for tracking the user's location in case of emergency, confirmation of emergency situation requiring police presence, qualification of legitimate requester, and limited applicability in various circumstances, which are required to reconsidered in conjunction with the personal information protection laws. Additional practical issues may include the expenses for information provision and other incentives to promote active cooperation by the telecom companies.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.8
• /
• pp.2133-2144
• /
• 1999

IMT-2000 system is expected to start its service at the beginning of 2000 on the purpose of providing with the highest qualitative service through one mobile terminal. In this paper, we investigate some of the important issues which need to be addresses in designing an authentication protocol for IMT-2000. Also proposed is an authentication protocol which addresses the above issues, and we design a correct and efficient authentication protocol to establish secure communication channel. Our protocol provides an authentication of the communication entities, location privacy, and secure messaging as well as global roaming service.

• Review of Korean Society for Internet Information
• /
• v.14 no.3
• /
• pp.52-57
• /
• 2013

Information and Communication Technologies(ICTs) have substantially enlarged both the opportunities to realize one's human rights but have also resulted in the emergence of new challenges. ICTs are so deeply embedded and cental to almost all aspects of human activity. And ICTs are assuming an increasingly central role in all aspects of human and societal development across the world. But this is especially true of the right to privacy, which faces challenges such as profiling and data mining for public(including national security) and private purposes. ICTs access is a fundamental right for all humans in the information age. So we have need for regulation based on human rights in the digital age. And governments have a responsibility to protect individuals against violations of human rights and data protection by public authorities, but also by private entities. In addition, internet governance and multi-stakeholder principle have to be stressed on all of the internet issues because internet governance is included in the principle of democracy which have bottom-up communication and equality. So it is very importance that Internet Governance Forum is the space for a meaningful discussion on public policy issues relating to the internet.

• Journal of Information Technology Applications and Management
• /
• v.24 no.1
• /
• pp.81-91
• /
• 2017

In Korea, "Act on the Development of Cloud Computing and Protection of its Users" has been enforced since September 28, 2015. Many countries implemented 'Cloud First' policies and global companies such as Amazon, Microsoft, IBM started cloud services in Korea. Under these circumstance, the Act was established for developing the cloud computing industry. The Act includes clauses for encouraging the use of private cloud computing by public organizations, supporting small- and medium-size cloud service providers, and utilizing secure cloud computing services by users. However, some terms appear to be similar but have different meanings from "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc." and "Personal Information Protection Act". This generated some confusion and conflicts in relation to providing user information to a 3rd party and notifying the intrusion in the Cloud Computing Act. This paper discusses these issues and suggestions for revision of the Cloud Computing Act.

• IE interfaces
• /
• v.20 no.2
• /
• pp.177-185
• /
• 2007

e-Business in healthcare sector has been called e-Health, which is evolving into u-Health with advances of ubiquitous technologies. Seamless information sharing among health organizations is being discussed in many nations including USA, UK, Australia and Korea. Efforts for establishing the electronic health record (EHR) system and a nation-wide information sharing environment are called NHII (National Health Information Infrastructure) initiatives. With the advent of u-Health and progress of health information systems, information security issues in healthcare sector have become a very significant problem. In this paper, we analyze several issues on health information security occurring in u-Health environment and develop an information security standard for protecting health information. It is expected that the standard proposed in this work could be established as a national standard after sufficient reviews by information security experts, stakeholders in healthcare sector, and health professionals. Health organizations can establish comprehensive information security systems and protect health information more effectively using the standard. The result of this paper also contributes to relieving worries about privacy and security of individually identifiable health information brought by NHII implementation and u-Health systems.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.516-519
• /
• 2014

Cloud computing is an up-and-coming paradigm shift transforming computing models from a technology to a utility. However, security concerns related to privacy, confidentiality and trust are among the issues that threaten the wide deployment of cloud computing. With the advancement of ubiquitous mobile-based clients, the ubiquity of the model suggests a higher integration in our day to day life and this leads to a rise in security issues. To strengthen the access control of cloud resources, most organizations are acquiring Identity Management Systems (IDM). This paper presents one of the most popular IDM systems, specifically OAuth, working in the scope of Mobile Cloud Computing which has many weaknesses in its protocol flow. OAuth is a Delegated Authorization protocol, and not an Authentication protocol and this is where the problem lies. This could lead to very poor security decisions around authentication when the basic OAuth flow is adhered to. OAuth provides an access token to a client, so that it can access a protected resource, based on the permission of the resource owner. Many researchers have opted to implement OpenlD alongside OAuth so as to solve this problem. But OpenlD similarly has several security flows. This paper presents scenarios of how insecure implementations of OAuth can be abused maliciously. We incorporate an authentication protocol to verify the identities before authorization is carried out.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.919-939
• /
• 2021

As a next-generation communication technology, 5G networks are capable of handling large amounts of traffic based on higher speeds, shorter communication delays, and higher connectivity compared to 4G networks. In this 5G network environment, base stations are installed all over the city at high density due to their characteristics, and are connected to user terminals to provide services. Therefore, if the base station is damaged by a malicious attacker, it is expected to cause great damage to users and society as a whole. So the need for secure communication equipment such as 5G base stations has emerged. Therefore, in this paper, we propose the security functional requirements derived using threat modeling, a systematic methodology for 5G base stations, and the security assurance requirements at the level that can cope with the backdoor issues. The security requirements proposed in this paper can be used for base station design and development to construct a secure network environment as a security evaluation standard for 5G base stations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.125-137
• /
• 2007

This paper proposes a new scheme to provide the location privacy of sources in Wireless Sensor Networks (WSNs). Because the geographical location of a source sensor reveals contextual information on an 'event' in WSN, anonymizing the source location is an important issue. Despite abundant research efforts, however, about data confidentiality and authentication in WSN, privacy issues have not been researched well so far. Moreover, many schemes providing the anonymity of communication parties in Internet and Ad-hoc networks are not appropriate for WSN environments where sensors are very resource limited and messages are forwarded in a hop-by-hop manner through wireless channel. In this paper, we first categorize the type of eavesdroppers for WSN as Global Eavesdropper and Compromising Eavesdropper. Then we propose a novel scheme which provides the anonymity of a source according to the types of eavesdroppers. Furthermore, we analyze the degree of anonymity of WSN using the entropy-based modeling method. As a result, we show that the proposed scheme improves the degree of anonymity compared to a method without any provision of anonymity and also show that the transmission range plays a key role to hide the location of source sensors.