• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.39 no.2
• /
• pp.54-63
• /
• 2016

As technology has developed and cost for data processing has reduced, big data market has grown bigger. Developed countries such as the United States have constantly invested in big data industry and achieved some remarkable results like improving advertisement effects and getting patents for customer service. Every company aims to achieve long-term survival and profit maximization, but it needs to establish a good strategy, considering current industrial conditions so that it can accomplish its goal in big data industry. However, since domestic big data industry is at its initial stage, local companies lack systematic method to establish competitive strategy. Therefore, this research aims to help local companies diagnose their big data capabilities through a reference model and big data capability assessment system. Big data reference model consists of five maturity levels such as Ad hoc, Repeatable, Defined, Managed and Optimizing and five key dimensions such as Organization, Resources, Infrastructure, People, and Analytics. Big data assessment system is planned based on the reference model's key factors. In the Organization area, there are 4 key diagnosis factors, big data leadership, big data strategy, analytical culture and data governance. In Resource area, there are 3 factors, data management, data integrity and data security/privacy. In Infrastructure area, there are 2 factors, big data platform and data management technology. In People area, there are 3 factors, training, big data skills and business-IT alignment. In Analytics area, there are 2 factors, data analysis and data visualization. These reference model and assessment system would be a useful guideline for local companies.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.10
• /
• pp.2481-2490
• /
• 2015

The issue of PHR is maintained on the server will be in the hospital. PHR information stored on the server, such as a patient's illness and treatment is very sensitive information. Therefore, patients should be guaranteed the protection of privacy. In addition, the PHR should be allowed to group access of it's approach. Therefore, in this paper the proposed group signature using hierarchical identity-based encryption schemes into can guarantee the PHR data privacy. The session key generated by group signature, it is use a tiered approach. The generated session keys safe PHR data transmission is possible. The proposed method is average 80% than the PKI encryption and ID-based encryption rather than average 50% the algorithm processing is more efficient

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.61-67
• /
• 2018

IoT technology is currently being applied at various industrial sites and is developing as a core technology in the fourth industrial revolution. Along with IoT developments, awareness and importance of IoT security is increasing, and research on IoT security is underway to counter these threats. However, research trends in the context of IoT security awareness are insufficient. This paper is a research that analyzes the progress of R&D and IoT security in both domestic and international IoT and thus leads to improvements. The research covered the 229 papers and articles of domestic and foreign journals covering security fields as a main theme. Among them, detailed analyses of 96 papers related to IoT security were performed. Research has shown that many studies are being conducted on trends in IoT security, key management and privacy. A detailed study on the characteristics of services to apply IoT technologies and access control and authentication between IoT devices is needed, and a study that addressed the issues of privacy in IoT environments in Korea.

• Journal of Internet Computing and Services
• /
• v.13 no.2
• /
• pp.59-71
• /
• 2012

PKI-based public key scheme is outstanding in terms of authenticity and privacy. Nevertheless its application brings big burden due to the certificate/key management. It is difficult to apply it to limited computing devices in WSN because of its high encryption complexity. The Bilinear Pairing emerged from the original IBE to eliminate the certificate, is a future significant cryptosystem as based on the DDH(Decisional DH) algorithm which is significant in terms of computation and secure enough for authentication, as well as secure and faster. The practical EC Weil Pairing presents that its encryption algorithm is simple and it satisfies IND/NM security constraints against CCA. The Random Oracle Model based IBE PKG is appropriate to the structure of our target system with one secret file server in the operational perspective. Our work proposes modification of the Weil Pairing as proper to the closed network for secret file distribution[2]. First we proposed the improved one computing both encryption and message/user authentication as fast as O(DES) level, in which our scheme satisfies privacy, authenticity and integrity. Secondly as using the public key ID as effective as PKI, our improved IBE variant reduces the key exposure risk.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.33-38
• /
• 2019

In this paper, we propose a new blockchain technology that could comply with GDPR. The proposed model can prevent illegal access by controlling access to the personal information according to a access policy. For example, it can control access to the information on a role-basis and information validation period. The core mechanism of the proposed model is to encrypt the personal information with public key which is associated with users attributes policy, and then decrypt it with a private key and users attributes based on a Attribute-based Encryption scheme. It can reduce a trusted third-part risk by replacing it with a number of nodes selected from the blockchain. And also the private key is generated in the form of one-time token to improve key management efficiency. We proved the feasibility by simulating the proposed model using the chaincode of the Hyperledger Fabric and evaluate the security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.103-118
• /
• 2002

To provide the privacy of transmitted message over network the use of cryptographic system is increasing gradually. Because the security and reliability of the cryptographic system is totally rely on the key, the key management is the most important part of the cryptographic system. Although there are a lot of security products providing encryption, the security of the key exchange protocols used in the product are not mostly proved yet. Therefore, we have to study properties and operation of key agreement protocols based on elliptic curve in ANSI X9.63. furthermore, we analyze the security of their protocols under passive and active attacker models and propose the most suitable application field taking the feature of the protocols into account.

• Korean Management Science Review
• /
• v.21 no.1
• /
• pp.57-76
• /
• 2004

The development of informational technology has lead to a sharp change in not only the existing way of operations and management, but the way of human life or thinking as well. Those shifts of the paradigm in information technology have also affected Individuals to the organizational structure. A series of unexpected problems was, however, accompanied by the advance in informational technology, which had broaden its own area of application. Those problems include the losses of property or data the malfunction of systems and their wastefulness would result in, continuous increases in computer crimes, reliability and efficiency of the functional process with the development of information systems, such as the processing problems of inaccurate data, economical issues, and subjects related to safety, as interruptions of privacy, which would result from lots of one's exposure to the drains of personal information. Accordingly, Auditors' roles of information systems, for now, is more important than anything else in that they are responsible for the objective assessment of relevance and effectiveness of internal control systems under the environment of information systems. The objective of the study is, so as to obtain safety of information systems： First, to provide data to line-design internal control systems after finding internal control factors to prevent and eliminate the risks of information systems. Second, to evaluate the priorities of internal control factors with their effective management being considered as the key to settle the problems of risks of information systems. Third, to discriminate what factors affect In evaluating the relative degrees of Importance of internal control factors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.171-180
• /
• 2008

This paper also suggests the Digital Evidence Transmission System for E-Discovery which is suited to domestic environments in order to solve these problems and promote safe and convenient transmission of the electronic evidences. The suggested Digital Evidence Transmission System for E-Discovery is the system that submit digital evidences to Court's Sever through the Internet using Public Key Infrastructure and Virtual Private Network, and solves the problems - such as privileged and privacy data, trade secret of company, etc.

• The KIPS Transactions:PartC
• /
• v.18C no.6
• /
• pp.379-388
• /
• 2011

Ensuring the security of medical records is becoming an increasingly important problem as modern technology is integrated into existing medical services. As a consequence of the adoption of EMR(Electronic Medical Records) in the health care sector, it is becoming more and more common for a health professional to edit and view a patient's record. In order to protect the patient's privacy, a secure authentication model to access the electronic medical records system must be used. A traditional identity based digital certificate for the authenticity of EMR has private key management and key escrow of a user's private key. In order to protect the EMR, The traditional authentication system is based on the digital certificate. The identity based digital certificate has many disadvantages, for example, the private key can be forgotten or stolen, and can be easily escrow of the private key. Nowadays, authentication model using fingerprint recognition technology for EMR has become more prevalent because of the advantages over digital certificate -based authentication model. Because identity-based fingerprint recognition can eliminate disadvantages of identity-based digital certificate, the proposed authentication model provide high security for access control in EMR.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.7
• /
• pp.2532-2553
• /
• 2014

In Asiacrypt 2003, Al-Riyami and Paterson proposed the notion of certificateless cryptography, a technique to remove key escrow from traditional identity-based cryptography as well as circumvent the certificate management problem of traditional public key cryptography. Subsequently much research has been done in the realm of certificateless encryption and signature schemes, but little to no work has been done for the identification primitive until 2013 when Chin et al. rigorously defined certificateless identification and proposed a concrete scheme. However Chin et al.'s scheme was proven in the random oracle model and Canetti et al. has shown that certain schemes provable secure in the random oracle model can be insecure when random oracles are replaced with actual hash functions. Therefore while having a proof in the random oracle model is better than having no proof at all, a scheme to be proven in the standard model would provide stronger security guarantees. In this paper, we propose the first certificateless identification scheme that is both efficient and show our proof of security in the standard model, that is without having to assume random oracles exist.