• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06c
• /
• pp.233-235
• /
• 2012

하둡 프레임워크는 현재 오픈소스 기반의 클라우드 인프라의 사실상 표준이다. 최초 하둡은 보안요소를 고려하지 않고 설계 되었지만 현재는 강력한 인증프로토콜인 커버로스를 사용하는 등의 보안 기능이 추가되었다. 하둡 보안은 꽤 안전해 보이지만, 클라우드 컴퓨팅의 범용적인 사용의 가장 중요한 요소는 보안인 것을 감안해보면 클라우드 제공자는 기존보다 더욱 강력한 보안 레벨을 고객에게 보장하여야 한다. 본 논문에서는 하둡 보안의 한계점을 제시하고 하드웨어 보안칩 TPM(Trusted Platform Module)을 이용한 해결방안을 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.05a
• /
• pp.222-223
• /
• 2018

본 논문에서는 인간과 사물, 서비스 세 가지 분산된 환경 요소에 대해 인간의 명시적 개입 없이 상호 협력적으로 정보 센싱, 네트워킹, 정보 처리 등 지능적인 기능을 제공하는 표준 IoT 플랫폼 기반에 대량의 이벤트에 대한 융합분석이 가능한 CEP(Complex Event Processing) 및 시나리오 기반 자동화된 절차에 따라 대응이 가능한 워크플로우 기술을 적용하여 중요시설감지, 국경감시, 해안감시, 도시안전 분야 등 다양한 분야에 활용이 가능한 지능형 시큐리티 플랫폼을 제안하고자 한다.

• Journal of the Korean Society of Safety
• /
• v.21 no.6 s.78
• /
• pp.116-121
• /
• 2006

In metal cutting processes, cutting conditions have an influence on reducing the production cost and deciding the quality of a final product. Process planners usually make modification to recommended cutting parameters obtained from machining data handbooks in order to satisfy requirements for individual operation. The modified cutting parameters also need to be examined for the safe machining. In this paper, a new operation planning system that allows the generation and check of modified cutting parameters is proposed for the milling process. A neural network methodology is introduced to identify mathematical models for generation of the modified cutting parameters, and several simplified rules and equations are presented for the check of the cutting parameters. Finally, the results are demonstrated with an example part.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.13-31
• /
• 2023

Korean Government-PKI (GPKI) is a public-key infrastructure which provides authentication and security functions for information system used by central government, local governments, and public institutions of the Republic of Korea to provide their own administrative and public services. The current cryptosystem of GPKI was established in the early 2000s, and more than ten years have passed since the last improvement in 2010. Over the past decade or so, the information security, including cryptography, has undergone many changes and will continue to face many changes. Therefore, for the sustainable security of GPKI, it is necessary to review the security of the cryptosystem at this point. In this paper, we analyze the current status and the security of technologies and standards used in the system. We identify cryptographic algorithms with degraded security, international standards which are obsoleted or updated, and cryptographic parameters that should be revised for the high security level. And based on this, we make several suggestions on the reorganization of cryptographic algorithms and related technologies for the security enhancement of GPKI.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.989-1000
• /
• 2023

In order to respond to supply chain threats, active research and development efforts are underway for software tamper prevention technologies such as Secure Boot and management systems like Software Bill of Materials(SBOM). Particularly, the Trusted Computing Group (TCG) is introducing standards for Trusted Platform Module(TPM) to provide a secure and trustworthy computing boot environment. This paper emphasizes the need for introducing secure booting technology for cryptographic modules to ensure that they remain safe and provide reliable functionality even in the face of supply chain threats. Furthermore, it analyzes vulnerabilities in cryptographic modules verified by the ISO/IEC 19790 standard and proposes security requirements for secure booting of cryptographic modules to address these vulnerabilities.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2012.10a
• /
• pp.117-118
• /
• 2012

As the technical standard of hydrographic data was transferred from S-57 to S-101, a standard system was set up for producing the next generation ENCs but also various maritime safety information. ECDIS that display a S-57 ENC and include a navigation support function, should be developed considering new standard. S-10X data and e-Nav information can be used in this system. In this study, an implementation mechanism of S-100 standard was analyzed for design of navigation support system based on S-100. From the results, it was designed as loading module of S-10X data, display module of SENC, navigation supporting module. Also, this study considered a next generation ENC, a bathymetric grid data, an electronic nautical publication as an input information.

• Journal of Internet Computing and Services
• /
• v.13 no.4
• /
• pp.83-93
• /
• 2012

HTML5 has developed not to have browser dependancy considering interoperability as same as maintaining compatability with lower versions of HTML. HTML5, the newest web standardization is on going of being structured. Along with the smart phone boom, HTML5 is spotlighted because it can be applied to cross platforms in mobile web environments. Specially the local Storage that has been listed in new features in HTML5 supports offline function for web application that enables web application to be run even when the mobile is not connected to 3G or wifi. With Local storage, development of server-independent web application can be possible. However Local storage stores plaintext data in it without applying any security measure and this makes the plaintext data dangerous to security threats that are already exist in other client side storages like Cookie. In the paper we propose secure Local storage methods to offer a safe way to store and retrieve data in Local storage guaranteeing its performance. Suggested functions in this paper follow localStorage standard API and use a module that provide cryptographic function. We also prove the efficiency of suggested secure Local storage based on its performance evaluation with implementation.

• Journal of Convergence for Information Technology
• /
• v.12 no.1
• /
• pp.76-82
• /
• 2022

Recently, natural and social disasters in Korea are increasing, and new disasters such as COVID 19 and sinkholes, and large-scale disasters that combine natural and social disasters are occurring frequently. In order to reduce damage caused by disasters and effectively respond to disasters, the importance of disaster safety education is emerging because it is necessary to understand the awareness of disaster situations and the functional response process. Ministry of Public Interior and Security is providing disaster safety education for emergency managers through 54 specialized disaster safety education institutions. There is also a lack of experience facilities. This has a problem in that it makes it difficult for disaster safety personnel to effectively respond to disasters due to lack of experience in actual disaster sites. Also, unlike other education fields, the connection between disaster safety education contents and new technologies such as AI is still lacking. In this study, focusing on natural disaster, the current status and problems of domestic disaster safety education institutions and their contents are investigated and analyzed, and based on this, this study suggested improvement plans for domestic disaster safety education contents such as establishment of a unified disaster safety standard curriculum, production and distribution of disaster safety education experience contents using virtual reality technology and infotainment technology, and development of mobile AI tutoring service.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.50 no.4
• /
• pp.259-267
• /
• 2022

The existing method of deriving the fail-safe design requirements for the domestic developed rotary-wing aircraft system may miss the factors that cause critical system function failures, when being applied to the latest integrated avionics system. It is because the existing method analyzes the severity effect of the failures caused by a single item. To solve the issue, we present a systematic analysis procedure for deriving fail-safe design requirements of system architecture by utilizing functional hazard assessment and development assurance level analysis of SAE ARP4754A, international standard for complex system development. To demonstrate that our proposed procedure can be a solution for the aforementioned issue, we set up experimental environments that include common factors that can cause critical function failures of a system, and we conducted a cross-validation with the existing method. As a result, we showed that the proposed procedure can identify the potential critical common factors that the existing method have missed, and that the proposed procedure can derive fail-safe design requirements to control the common factors.

• Electronics and Telecommunications Trends
• /
• v.20 no.1 s.91
• /
• pp.43-53
• /
• 2005

웹서비스 보안기술은 웹서비스 기술 표준을 적용하여 다수의 응용들 간의 안전한 문서 전송, 인터넷 자원의 접근제어와 인가, 합법적 사용자 확인을 위한 인증 서비스 등을 제공하는 표준 보안 기술이다. 웹서비스 보안기술은 기술 특성에 따라 XML 정보보호 기술, 웹서비스 보안 프레임워크 기술, 웹서비스 응용보안 기술로 구분된다. XML 정보보호 기술은 XML 기반 서비스나 시스템을 위한 보안 기반 기술로인증, 인가, 기밀성, 무결성, 부인봉쇄 등의 보안서비스 및 보안정보 관리 기능을 제공하며, 세부기술로는 XML 전자서명 및 암호화 기술, XML 기반 보안정보 교환기술, XML 기반 접근제어기술, XML 기반 공개키 관리기술 등이 있다. 본 고에서는 현재 표준화가 되었거나 진행중인 XML 정보보호 기술과 웹서비스 보안 프레임워크 기술에 대한 개요, 시장 동향 및 표준화 동향 등을 소개한다.