Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 25, Issue 6 - Dec 2015
Volume 25, Issue 5 - Oct 2015
Volume 25, Issue 4 - Aug 2015
Volume 25, Issue 3 - Jun 2015
Volume 25, Issue 2 - Apr 2015
Volume 25, Issue 1 - Feb 2015
Selecting the target year
Type II Optimal Normal Basis Multipliers in GF(2
Kim, Chang Han ; Chang, Nam Su ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 979~984
DOI : 10.13089/JKIISC.2015.25.5.979
In this paper, we proposed a Semi-Systolic multiplier of
with Type II optimal Normal Basis. Comparing the complexity of the proposed multiplier with Chiou's multiplier proposed in 2012, it is saved
in total transistor numbers and decrease 4 clocks in time delay. This means that, for
of the field recommended by NIST for ECDSA, the space complexity is 6.4% less and the time complexity of the 2% decrease. In addition, this structure has an advantage as applied to Chiou's method of concurrent error detection and correction in multiplication of
Security Evaluation Against Collision-based Power Analysis on RSA Algorithm Adopted Exponent Splitting Method
Ha, Jaecheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 985~991
DOI : 10.13089/JKIISC.2015.25.5.985
The user's secret key can be retrieved by various side channel leakage informations occurred during the execution of cryptographic RSA exponentiation algorithm which is embedded on a security device. The collision-based power analysis attack known as a serious side channel threat can be accomplished by finding some collision pairs on a RSA power consumption trace. Recently, an RSA exponentiation algorithm was proposed as a countermeasure which is based on the window method adopted combination of message blinding and exponent splitting. In this paper, we show that this countermeasure provides approximately
attack complexity, much lower than
insisted in the original article, when the window size is two.
HB+ protocol-based Smart OTP Authentication
Shin, Ji Sun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 993~999
DOI : 10.13089/JKIISC.2015.25.5.993
OTP(One time password) is widely used as an authentication method for financial and other security-sensitive transactions. OTP provides strong security since each password is used only one time while normal password-based authentications use passwords as long term secrets. However, OTP-based authentications relatively lack usability since they require users to hold an OTP card or generator. To overcome such a problem, smartphones start replacing OTP cards and such a method is called smart OTP. However, smart OTP inherits security vulnerabilities that smartphones have. In this paper, we propose a smart OTP authentication based on an extremely light authentication protocol called HB+. HB+ protocol is developed for low-cost devices and has small communication and computation costs. We present our solution and discuss its security, efficiency and practicality. Our contribution is providing a method to securely use smart OTP without losing its efficiency and usability.
Threatening privacy by identifying appliances and the pattern of the usage from electric signal data
Cho, Jae yeon ; Yoon, Ji Won ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1001~1009
DOI : 10.13089/JKIISC.2015.25.5.1001
In Smart Grid, smart meter sends our electric signal data to the main server of power supply in real-time. However, the more efficient the management of power loads become, the more likely the user's pattern of usage leaks. This paper points out the threat of privacy and the need of security measures in smart device environment by showing that it's possible to identify the appliances and the specific usage patterns of users from the smart meter's data. Learning algorithm PCA is used to reduce the dimension of the feature space and k-NN Classifier to infer appliances and states of them. Accuracy is validated with 10-fold Cross Validation.
Breaking character and natural image based CAPTCHA using feature classification
Kim, Jaehwan ; Kim, Suah ; Kim, Hyoung Joong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1011~1019
DOI : 10.13089/JKIISC.2015.25.5.1011
CAPTCHA(Completely Automated Public Turing test to tell Computers and Humans Apart) is a test used in computing to distinguish whether or not the user is computer or human. Many web sites mostly use the character-based CAPTCHA consisting of digits and characters. Recently, with the development of OCR technology, simple character-based CAPTCHA are broken quite easily. As an alternative, many web sites add noise to make it harder for recognition. In this paper, we analyzed the most recent CAPTCHA, which incorporates the addition of the natural images to obfuscate the characters. We proposed an efficient method using support vector machine to separate the characters from the background image and use convolutional neural network to recognize each characters. As a result, 368 out of 1000 CAPTCHAs were correctly identified, it was demonstrated that the current CAPTCHA is not safe.
Efficient method for finding patched vulnerability with code filtering in Apple iOS
Jo, Je-gyeong ; Ryou, Jae-cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1021~1026
DOI : 10.13089/JKIISC.2015.25.5.1021
Increasing of damage by phishing, government and organization response more rapidly. So phishing use malware and vulnerability for attack. Recently attack that use patch analysis is increased when Microsoft announce patches. Cause of that, researcher for security on defense need technology of patch analysis. But most patch analysis are develop for Microsoft's product. Increasing of mobile environment, necessary of patch analysis on mobile is increased. But ordinary patch analysis can not use mobile environment that there is many file and small size. So we suggest this research that use code filtering instead of Control Flow Graph and Abstract Syntax Tree.
Real-time Abnormal Behavior Detection System based on Fast Data
Lee, Myungcheol ; Moon, Daesung ; Kim, Ikkyun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1027~1041
DOI : 10.13089/JKIISC.2015.25.5.1027
Recently, there are rapidly increasing cases of APT (Advanced Persistent Threat) attacks such as Verizon(2010), Nonghyup(2011), SK Communications(2011), and 3.20 Cyber Terror(2013), which cause leak of confidential information and tremendous damage to valuable assets without being noticed. Several anomaly detection technologies were studied to defend the APT attacks, mostly focusing on detection of obvious anomalies based on known malicious codes' signature. However, they are limited in detecting APT attacks and suffering from high false-negative detection accuracy because APT attacks consistently use zero-day vulnerabilities and have long latent period. Detecting APT attacks requires long-term analysis of data from a diverse set of sources collected over the long time, real-time analysis of the ingested data, and correlation analysis of individual attacks. However, traditional security systems lack sophisticated analytic capabilities, compute power, and agility. In this paper, we propose a Fast Data based real-time abnormal behavior detection system to overcome the traditional systems' real-time processing and analysis limitation.
Study of Snort Intrusion Detection Rules for Recognition of Intelligent Threats and Response of Active Detection
Han, Dong-hee ; Lee, Sang-jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1043~1057
DOI : 10.13089/JKIISC.2015.25.5.1043
In order to recognize intelligent threats quickly and detect and respond to them actively, major public bodies and private institutions operate and administer an Intrusion Detection Systems (IDS), which plays a very important role in finding and detecting attacks. However, most IDS alerts have a problem that they generate false positives. In addition, in order to detect unknown malicious codes and recognize and respond to their threats in advance, APT response solutions or actions based systems are introduced and operated. These execute malicious codes directly using virtual technology and detect abnormal activities in virtual environments or unknown attacks with other methods. However, these, too, have weaknesses such as the avoidance of the virtual environments, the problem of performance about total inspection of traffic and errors in policy. Accordingly, for the effective detection of intrusion, it is very important to enhance security monitoring, consequentially. This study discusses a plan for the reduction of false positives as a plan for the enhancement of security monitoring. As a result of an experiment based on the empirical data of G, rules were drawn in three types and 11 kinds. As a result of a test following these rules, it was verified that the overall detection rate decreased by 30% to 50%, and the performance was improved by over 30%.
A Study on Hard Disk Drive ATA Passwords
Lee, Ju-young ; Lee, Sang-jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1059~1065
DOI : 10.13089/JKIISC.2015.25.5.1059
Hard disk passwords are commonly not well known. If the passwords are set, forensic investigators are not allowed to access data on hard disks, so they can be used to obstruct investigations. Expensive tools such as PC-3000 are necessary for unlocking such hard disk passwords. But it would be a burden on both organizations that should pay for these tools and forensic investigators that are unfamiliar with these tools. This paper discusses knowledge required for unlocking hard disk passwords and proposes methods for unlocking the passwords without high-priced tools. And with a vendor-specific method, this paper provides procedures for acquiring passwords and unlocking hard disk drives.
A Study on android emulator detection for mobile game security
Yoon, Jongseong ; Lee, Sangjin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1067~1075
DOI : 10.13089/JKIISC.2015.25.5.1067
With the recent increase of the number of mobile game users, the side effects such as the manipulation of game points, levels and game speed and payment fraud are emerging. Especially, the emulators which make it possible for mobile applications to run on PC is a great threat to mobile game security since debugging specific game application or automating the game playing can be done easier with them. Therefore, we research the efficient ways to detect widely used Android Emulators such as BlueStacks, GenyMotion, Andy, YouWave and ARC Welder from the perspective of client(app), game server and network to reduce threat to mobile game security.
A study on hard-core users and bots detection using classification of game character's growth type in online games
Lee, Jin ; Kang, Sung Wook ; Kim, Huy Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1077~1084
DOI : 10.13089/JKIISC.2015.25.5.1077
Security issues such as an illegal acquisition of personal information and identity theft happen due to using game bots in online games. Game bots collect items and money unfairly, so in-game contents are rapidly depleted, and honest users feel deprived. It causes a downturn in the game market. In this paper, we defined the growth types by analyzing the growth processes of users with actual game data. We proposed the framework that classify hard-core users and game bots in the growth patterns. We applied the framework in the actual data. As a result, we classified five growth types and detected game bots from hard-core users with 93% precision. Earlier studies show that hard-core users are also detected as a bot. We clearly separated game bots and hard-core users before full growth.
Study of Biometrics using Tritone Paradox
Jung, Changhoon ; Shin, DongOh ; Nyang, DaeHun ; Lee, KyungHee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1085~1095
DOI : 10.13089/JKIISC.2015.25.5.1085
In music theory, the triton is defined as a musical interval composed of three adjacent whole tones(or six semitones), which generates a harmonic and melodic dissonance. The triton paradox is an auditory illusion which is heard as ascending by some people and as descending by others. In this paper we examine an emerging non-static biometric technique that aims to identify users based on analyzing uniqueness and consistency through the user experiences. We also propose some authentication schemes which provides protection against key logging, shoulder surfing, and brute force attacks.
A survey and categorization of anomaly detection in online games
Kwak, Byung Il ; Kim, Huy Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1097~1114
DOI : 10.13089/JKIISC.2015.25.5.1097
As the online game market grows, illegal activities such as cheating play using game bots or game hack programs, running private servers, hacking game companies' system and network, and account theft are also increasing. There are various security measures for online games to prevent illegal activities. However, the current security measures are not enough to prevent all highly evolving game attacks and frauds. Some security measure can do harm game players usability, game companies need to develop usable security measure that is well fit to game genre and contents design. In this study, we surveyed the recent trend of various security measure applied in online games. This research also classified illegal activities and their related countermeasure for detection and prevention.
Research on online game bot guild detection method
Kim, Harang ; Kim, Huy Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1115~1122
DOI : 10.13089/JKIISC.2015.25.5.1115
In recent years, the use of game bots by illegal programs has been expanded from individual to group scale; this brings about serious problems in online game industry. The gold farmers group creates an in-game social community so-called "guild" to obtain a large amount of game money and manage game bots efficiently. Although game developers detect game bots by detection algorithms, the algorithms can detect only part of the gold farmers group. In this paper, we propose a detection method for the gold farmers group on a basis of normal and bot guilds characteristic analysis. In order to differentiate normal and bots guild, we analyze transaction patterns for individuals, auction house and chatting. With the analyzed results, we can detect game bot guilds. We demonstrate the feasibility of the proposed methods with real datasets from one of the popular online games named AION in Korea.
A study on macro detection using information of touch events in Android mobile game environment
Kim, Jeong-hyeon ; Lee, Sang-jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1123~1129
DOI : 10.13089/JKIISC.2015.25.5.1123
Macro(automatic hunting) of mobile game is a program that touch the screen by defined rules like a game bot in PC online games, and it is used by make various ways like android application or windows application program. This gives honest users deprivation and make to lose their interest. Finally they would leave the game and gradually game life would be shorten. Although many studies to prevent these problems in PC online game are conducted, applying mobile game to PC's way is difficult because mobile games are limited to use the network and device performance is different with PC. In this paper, we propose a framework for macro detection by using the touch event information. A touch event on the mobile game is a necessary control command to the game. Because macro touches the screen with the same pattern, there is a difference between normal user's behavior and macro's operation. In mobile games that casual games are mostly, Touch event is the best difference that identify normal user against macro for a short period of time. As a result of detecting macros used in real mobile game by using the proposed framework it showed 100% accuracy and 0% false positive rate.
Game-bot detection based on Clustering of asset-varied location coordinates
Song, Hyun Min ; Kim, Huy Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1131~1141
DOI : 10.13089/JKIISC.2015.25.5.1131
In this paper, we proposed a new approach of machine learning based method for detecting game-bots from normal players in MMORPG by inspecting the player's action log data especially in-game money increasing/decreasing event log data. DBSCAN (Density Based Spatial Clustering of Applications with Noise), an one of density based clustering algorithms, is used to extract the attributes of spatial characteristics of each players such as a number of clusters, a ratio of core points, member points and noise points. Most of all, even game-bot developers know principles of this detection system, they cannot avoid the system because moving a wide area to hunt the monster is very inefficient and unproductive. As the result, game-bots show definite differences from normal players in spatial characteristics such as very low ratio, less than 5%, of noise points while normal player's ratio of noise points is high. In experiments on real action log data of MMORPG, our game-bot detection system shows a good performance with high game-bot detection accuracy.
A recovery method for deleted records in the ESE Database
Kim, Jeong-hyeon ; Choi, Jong-hyun ; Lee, Sang-jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1143~1151
DOI : 10.13089/JKIISC.2015.25.5.1143
Extensible Storage Engine (ESE) database is a database developed by Microsoft. This database is used in web browser like Internet Explorer, Spartan and in Windows system with Windows Search, System Resource Usage Monitor. Previous ESE database viewer can display an incorrect result and can't read the file depending on collected environment and status of files. And the deleted record recovery tool is limited to some program and cannot recover all tables. This paper suggests the universal recovery method for deleted records and presents the experimental results through development of tool.
A Study on Development of Digital Forensic Capability Evaluation Indices
Park, Hee-il ; Yoon, Jong-seong ; Lee, Sang-jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1153~1166
DOI : 10.13089/JKIISC.2015.25.5.1153
With the acceleration of information digitization caused by fast growth of Information Technology, the application of digital forensics has increased but it is underestimated because digital evidence is easy to forge. Especially, the evaluation of the reliability of digital forensics organization is judged only by judges domestically because there is no objective verification system or evaluation method of the capability of digital forensics organization. Therefore, the evaluation model and indices of the capability of digital forensics concentrated on the digital forensics organization, personnel, technology, facilities and the procedure in domestic justice system was presented in this research after reviewing the domestic and foreign evaluation method and the standard of the capability of digital forensics and information security. The standard for judicial evaluation of digital evidence and composition, management, evaluation of digital forensics organization would be presented based on this research.
The Study on Forensic Methodology of Firefox OS
Kim, Do-Su ; Choi, Jong-hyun ; Lee, Sang-jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1167~1174
DOI : 10.13089/JKIISC.2015.25.5.1167
Public Key based Virtual Credit Card Number Payment System for Efficient Authentication in Card Present Transaction
Park, Chan-ho ; Park, Chang-seop ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1175~1186
DOI : 10.13089/JKIISC.2015.25.5.1175
Financial fraud has been increasing along with credit card usage. Magnetic stripe cards have vulnerabilities in that credit card information is exposed in plaintext and cardholder verification is untrustworthy. So they have been replaced by a smart card scheme to provide enhanced security. Furthermore, the FinTech that combines the IT with Financial product is being prevalent. For that reason, many mobile device based payment schemes have been proposed for card present transaction. In this paper, we propose a virtual credit card number payment scheme based on public key system for efficient authentication in card present transaction. Our proposed scheme is able to authenticate efficiently in card present transaction by pre-registering virtual credit card number based on cardholder's public key without PKI. And we compare and analyze our proposed scheme with EMV.
Privacy-Preserving Outlier Detection in Healthcare Services
Lee, Bo Young ; Choi, Wonsuk ; Lee, Dong Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1187~1199
DOI : 10.13089/JKIISC.2015.25.5.1187
Recently, as high-quality sensors are being developed, it is available to conveniently measure any kind of data. Healthcare services are being combined with Internet of things (IoTs). And applications that use user's data which are remotely measured, such as heart rate, blood oxygen level, temperature are emerging. The typical example is applications that find ideal spouse by using a user's genetic information, or indicate the presence or absence of a disease. Such information is closely related to the user's privacy, so biometric information must be protected. That is, service provider must provide the service while preserving user's privacy. In this paper, we propose a scheme which enables privacy-preserving outlier detection in Healthcare Service.
A Study on Deobfuscation Method of Android and Implementation of Automatic Analysis Tool
Lee, Se Young ; Park, Jin Hyung ; Park, Moon Chan ; Suk, Jae Hyuk ; Lee, Dong Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1201~1215
DOI : 10.13089/JKIISC.2015.25.5.1201
Obfuscation tools can be used to protect android applications from reverse-engineering in android environment. However, obfuscation tools can also be misused to protect malicious applications. In order to evade detection of anti-virus, malware authors often apply obfuscation techniques to malicious applications. It is difficult to analyze the functionality of obfuscated malicious applications until it is deobfuscated. Therefore, a study on deobfuscation is certainly required to address the obfuscated malicious applications. In this paper, we analyze APKs which are obfuscated by commercial obfuscation tools and propose the deobfuscation method that can statically identify obfuscation options and deobfuscate it. Finally, we implement automatic identification and deobfuscation tool, then show the results of evaluation.
A Study On Advanced Model of Web Vulnerability Scoring Technique
Byeon, Autumn ; Lim, Jong In ; Lee, Kyong-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1217~1224
DOI : 10.13089/JKIISC.2015.25.5.1217
Web application security problems are addressed by the web vulnerability analysis which in turn supports companies to understand those problems and to establish their own solutions. Ministry of Science, ICT and Future Planning (MSIP) has released its guidelines for analysis and assessment of the web vulnerability. Although it is possible to distinguish vulnerability items in a manner suggested in the MSIP's guidelines, MSIP's factors and criteria proposed in the guidelines are neither sufficient nor efficient in analyzing specific vulnerability entries' risks. This study discusses analysis of the domestic and international Vulnerability Scoring system and proposes an appropriate evaluating method for web vulnerability analysis.
A Study on Awareness of Information Security Influencing Trustness
Jeong, Jaehun ; Choi, Myeonggil ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1225~1233
DOI : 10.13089/JKIISC.2015.25.5.1225
This study investigates the effects of information security awareness arising from E-Commerce in terms of the Elaboration Likelihood Model(ELM) and analyzes the moderating effect of the trust's involvement and experience. Consumers are using E-Commerce Web sites, depending on the level of involvement and experience in E-Commerce. This study is based on the ELM, the information security awareness of consumer confidence in E-Commerce form, according to the degree of experience and involvement suggested a theoretical model to describe the effect that the scaling and, through empirical studies validation of model. Consumer confidence is formed the attitude of the E-Commerce company through different paths, depending on the type of awareness in the E-Commerce web site, this moderate has the effect of consumer involvement and experience. Studying the information security awareness of consumer in the on E-Commerce is considered to present a new perspective on trust.
A Study of Interpretation Effect of Passwords to Password Generation
Kim, Seung-Yeon ; Kwon, Taekyoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1235~1243
DOI : 10.13089/JKIISC.2015.25.5.1235
The purpose of this study was to find if the password composition of domestic users is affected by the different form of the word 'Password' in the interface of login or password change. In particular, 'Password', foreign notation, and 'Secret Number', notation translated by Korean, have a semantic difference. According to the survey of 200 students in S university, passwords made under the word 'Secret Number' are heavy on numbers than alphabet. Because these passwords make much smaller composition space than another case, they have bad security impact. We expect to make use of this paper as a base line data for study to find how improve domestic user's password security.
Protection of Personal Information on Cloud Service Models
Lee, Bosung ; Kim, Beomsoo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1245~1255
DOI : 10.13089/JKIISC.2015.25.5.1245
As cloud computing services become popular, the concern on the data security of cloud services increases and the efforts for the data security become essential. In this paper, we describe the pros and cons of cloud computing including the definition of cloud. Then, we discuss the regulations about the protection of user data defined in cloud promotion act. Previous studies related to the privacy protection and the entrustment of personal information in cloud computing are reviewed. We examine how to store the personal information depending on the cloud service model. As a result, we argue that the entrustment of personal information should vary according to the cloud service model and we propose how to protect the personal information on IaaS and SaaS cloud service models.
A Study on Protection Profile for Multi-function Devices
Lee, Dongubm ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1257~1268
DOI : 10.13089/JKIISC.2015.25.5.1257
Multi-functional devices was originally an equipment performing image processing, but function transmitting image data digitized by combining fax function and function of network are added and it was rapidly developed. Also, functions of internet application, application expansion, remote sharing and image treatment were added to multi-functional devices. But, multi-functional devices can cause security vulnerability such as data exposure, eavesdropping, etc. because of the threatening by network connection. Therefore, common criteria of multi-functional devices are necessary, but there is no protection profile for multi-functional devices now. Therefore, concrete standards of evaluation are not applied to evaluate secure for products, so it was difficult to maintain uniformity of evaluation quality. Therefore, this paper developed protection profile for multi-functional devices based on common criteria of evaluation so as to analyze threats of multi-functional devices and use secure multi-functional devices.
Information and Communication Security legal system's problems and improvement plan
Kwon, Hun-Yeong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1269~1279
DOI : 10.13089/JKIISC.2015.25.5.1269
Korea is recognized as the most advanced nation in regards to capabilities or environments of informatization throughout the world. Nevertheless, Korea brings on itself such stigmas as a nation vulnerable to information security. Now the globe ushered in an era requiring political balances. Yet, issues of legislative supports or system adjustments for information security policies are always pushed back on the priority list. There is a need to face problems at the center of changes departing from such frames. In order to establish a proper system for information security policies, the most urgent issues are reviews of concepts and reorganizations of systems, and then to legislate information security polities by being harmonious with public opinions. This paper is to remind what measures are needed to improve the system of priority policies depending on public backgrounds and why such measures are needed. Furthermore, the paper suggests a new legislation, 'Information Security Policy Act' as one of the specific measures.
Which country's end devices are most sharing vulnerabilities in East Asia?
Kim, Kwangwon ; Won, Yoon Ji ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1281~1291
DOI : 10.13089/JKIISC.2015.25.5.1281
Compared to the past, people can control end devices via open channel. Although this open channel provides convenience to users, it frequently turns into a security hole. In this paper, we propose a new human-centered security risk analysis method that puts weight on the relationship between end devices. The measure derives from the concept of entropy rate, which is known as the uncertainty per a node in a network. As there are some limitations to use entropy rate as a measure in comparing different size of networks, we divide the entropy rate of a network by the maximum entropy rate of the network. Also, we show how to avoid the violation of irreducible, which is a precondition of the entropy rate of a random walk on a graph.
A study on the Development for the National Cybersecurity Capability Assessment Criteria
Bae, Sunha ; Park, Sangdon ; Kim, So Jeong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 5, 2015, Pages 1293~1314
DOI : 10.13089/JKIISC.2015.25.5.1293
As ICT is becoming a major social infrastructure, the need to strengthen cyber capabilities are emerging. In the major advanced countries including the United States, has a continuing interest in strengthening cyber capabilities and has studied in enhancements of cyber capabilities. The cyber capability assessment is necessary in order to determine the current level of the country, establish policy directions and legislations. The selection of criteria has very important meaning to suggest future policy direction as well as an objective assessment of cybersecurity capabilities. But there are variable criteria for national cyber capabilities assessment such as strategy, legislation, technology, society and culture, and human resources. In this paper we perform the analysis of criteria for the other country's cybersecurity assessments including the U.S. and Europe. And we proposed the criteria for the national cybersecurity assessment reflecting the our country's characteristics.