• Journal of Convergence for Information Technology
• /
• v.11 no.7
• /
• pp.21-30
• /
• 2021

With the development of IoT technology, various cloud computing-based services such as smart cars, smart healthcare, smart homes, and smart farms are expanding. With the advent of a new environment, various problems continue to occur, such as the possibility of exposure of important information such as personal information or company secrets, financial damage cases due to hacking, and human casualties due to malicious attack techniques. In this paper, we propose a message communication protocol for smart home-based secure communication and user data protection. As a detailed process, secure device registration, message authentication protocol, and renewal protocol were newly designed in the smart home environment. By referring to the security requirements related to the smart home service, the stability of the representative attack technique was verified, and as a result of performing a comparative analysis of the performance, the efficiency of about 50% in the communication aspect and 25% in the signature verification aspect was confirmed.

• Journal of the Korean Institute of Gas
• /
• v.26 no.1
• /
• pp.34-40
• /
• 2022

Gas cylinder cabinets have risks such as cylinder explosion and scattering of debris when a fire occurs. These risks are likely to cause gas spills and cause secondary damage. In order to reduce damage, it is very important to secure the fire resistance performance of the gas cylinder cabinet. In foreign countries, NFPA codes in the United States and EN-14470-2 in Europe stipulate fire resistance test standards for gas cylinder cabinets to protect internal cylinders for a certain period of time in a situation where gas cylinder cabinets are exposed to flames. However, in Korea, only internal pressure performance and airtight performance standards are specified, and the target is limited to piping, and research and regulations for the fire resistance performance of gas cylinder cabinets are insufficient compared to overseas. Therefore, in this study, finite element analysis was used to establish fire resistance standards for domestic gas cylinder cabinets. In the event of a fire, optimal conditions are derived in terms of structure and material.

• Journal of Industrial Convergence
• /
• v.20 no.7
• /
• pp.65-71
• /
• 2022

With the development of ICT, as the era of the 4th industrial revolution arrives, the amount of data is enormous, and as big data technologies emerge, technologies for processing, storing, and processing data are becoming important. In this paper, we propose a system that detects events through monitoring and judges them using hash values because the damage to important files in case of leakage in industries and public places is serious nationally and property. As a research method, an optional event method is used to compare the hash value registered in advance after performing the encryption operation in the event of a file leakage, and then determine whether it is an important file. Monitoring of specific events minimizes system load, analyzes the signature, and determines it to improve accuracy. Confidentiality is improved by comparing and determining hash values pre-registered in the database. For future research, research on security solutions to prevent file leakage through networks and various paths is needed.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.647-654
• /
• 2023

Deep Learning is a useful method for classifying and recognizing complex data such as images and text, and the accuracy of the deep learning method is the basis for making artificial intelligence-based services on the Internet useful. However, the vast amount of user da vita used for training in deep learning has led to privacy violation problems, and it is worried that companies that have collected personal and sensitive data of users, such as photographs and voices, own the data indefinitely. Users cannot delete their data and cannot limit the purpose of use. For example, data owners such as medical institutions that want to apply deep learning technology to patients' medical records cannot share patient data because of privacy and confidentiality issues, making it difficult to benefit from deep learning technology. In this paper, we have designed a privacy preservation technique-applied deep learning technique that allows multiple workers to use a neural network model jointly, without sharing input datasets, in multi-party system. We proposed a method that can selectively share small subsets using an optimization algorithm based on modified stochastic gradient descent, confirming that it could facilitate training with increased learning accuracy while protecting private information.

• Korean Security Journal
• /
• no.48
• /
• pp.79-111
• /
• 2016

This study aims at analyzing the global trend of standardization in the field of Industrial Security through ISO/TC 292. It covers broad areas from risk management for industrial property protection and loss prevention through supply chain security, product and document fraud and counterfeiting countermeasures and control and community resilience. It also explores the historical background of the standardization in the security field, how ISO TC 292 came out as a leading group in order to standardize relevant security management systems. TC 292 deals with terminology, general security-related standards and supply chain security management. One of the major findings from this analysis is that security targets and threats are diversified and so organizations like enterprises should have proper flexibility to adapt themselves to new security environment and take appropriate resilience system to cope with the threats and incidents. Also the ISO standardization requires public or private entities to take holistic approaches in security management. Finally, it was found that South Korea has to prepare for this global trend of standardization in this field so that ISO certification market demand and the requirements for transnational trades can be well met.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.445-457
• /
• 2013

This paper is about the study to build a quantitative methodology to assess cyber threats and vulnerabilities on control systems. The SCADA system in power industry is one of the most representative and biggest control systems. The SCADA system was originally a local system but it has been extended to wide area as both ICT and power system technologies evolve. Smart Grid is a concept to integrate energy and IT systems, and therefore the existing cyber threats might be infectious to the power system in the integration process. Power system is operated on a real time basis and this could make the power system more vulnerable to the cyber threats. It is a unique characteristic of power systems different from ICT systems. For example, availability is the most critical factor while confidentiality is the one from the CIA triad of IT security. In this context, it is needed to reflect the different characteristics to assess cyber security risks in power systems. Generally, the risk(R) is defined as the multiplication of threat(T), vulnerability(V), and asset(A). This formula is also used for the quantification of the risk, and a conceptual methodology is proposed for the objective in this study.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1692-1706
• /
• 2004

Recently, there are rapid development of information and communication and rapid growth of e-business users. Therefore we try to solve security problem on the internet environment which charges from wire internet to wireless internet or wire/wireless internet. Since the wireless mobile environment is limited, researches such as small size, end-to-end and privacy security are performed by many people. Wireless e-business adopts credit card WPP protocol and AIP protocol proposed by ASPeCT. WAP, one of the protocol used by WPP has weakness of leaking out information from WG which conned wire and wireless communication. certification chain based AIP protocol requires a lot of computation time and user IDs are known to others. We propose a Micro-Payment protocol based on credit card. Our protocol use the encryption techniques of the public key with ID to ensure the secret of transaction in the step of session key generation. IDs are generated using ECC based Weil Paring. We also use the certification with hidden electronic sign to transmit the payment result. The proposed protocol solves the privacy protection and Non-repudiation p개blem. We solve not only the safety and efficiency problem but also independent of specific wireless platform. The protocol requires the certification organization attent the certification process of payment. Therefore, other domain provide also receive an efficient and safe service.

• Fire Science and Engineering
• /
• v.32 no.6
• /
• pp.1-6
• /
• 2018

This study is to analyze the characteristics of the yellow insulation ring type of the CSST used for tubing when it is artificially deteriorated and damaged by burning. The CSST for tubing consists of a tube, protective coating, nut, yellow insulation ring, packing, and socket. In addition, it is thought that a yellow insulation ring and rubber packing were used to connect the tube and socket in order to improve the airtightness and insulation performance. The result of the verification of the data acquired from the tests in the 95% confidence interval shows that the Anderson-Darling (AD) and P value were analyzed to be 0.945 and 0.015, respectively. This confirms that the test data of the CSST for tubing is reliable. The analysis of the arithmetic mean of the insulation resistance of a CSST showed that the CSST damaged by burning by a torch, and the one damaged by electrical burning, was $16.7k{\Omega}$ (the greatest relatively) and $208{\Omega}$ (the lowest), respectively, while it was $1.72k{\Omega}$ in the case of a normal product. Therefore, the analysis result of the insulation resistance of the CSST collected from the scene of a fire can be utilized to examine the cause of damage by burning. In addition, it was found that when the maximum current of 97 A was applied to the CSST for about 5 s using a Primary Current Injection Test System (PCITS) the protective film and insulation ring of the CSST has no difference from that of a normal product. However, a part of the metal tube was melted.

• The Magazine of the Society of Air-Conditioning and Refrigerating Engineers of Korea
• /
• v.39 no.9
• /
• pp.41-51
• /
• 2010

건물의 배수 및 통기시스템에서 나타나는 현상중에 확실한 내용이 아직 밝혀지지 않은 부분이 몇 가지 남아 있다. 이것은 19세기 말엽의 근대 위생공학의 시작 단계에서부터 잘 알려진 사실이다. 건물의 배수 및 통기시스템 운용에 대한 내용은 일반 공학과 특정 유체역학의 범위 내에서 가장 잘 이해할 수 있다. 건물의 배수 및 통기시스템의 운영에 종사했던 초기의 기술진들은 이러한 점을 잘 알고 있었으며 유체역학에 적합하게 응용한 많은 사례를 확인할 수 있었다. 제2차 세계대전이 끝나고 이에 대한 많은 연구가 진행되어 왔으며 특히 유럽에서 시작된 전후 재건 붐을 통해 배수 및 통기시스템의 설계에 좀 더 효율적인 접근이 진척되게 되었다. 이러한 배수시스템의 중심에는 배수관 내부의 오염된 공기가 배수구 또는 위생기구를 통하여 주거 공간으로 유입되는 것을 방지하는 트랩(Water Trap)이 있다. 배수트랩의 주요 기능인 봉수는 일반적으로 깊이가 40 mm에서 50 mm 정도로 위생기구의 종류에 따라 봉수의 깊이는 다소 차이가 있다. 배수관내 공기의 흐름이 중요한 것처럼 트랩의 봉수 메커니즘이 중요하기 때문에 이 메커니즘을 소홀히 여긴다면 안전한 배수시스템의 운영을 기대하기는 어렵다. 배수관 내의 공기의 흐름은 배수에 의해 유입되거나 또는 배출된다. 배수관에서 내부 압력의 불규칙한 변화로 인하여 야기되는 불안정한 배수의 흐름은 트랩의 봉수를 파괴하고 나아가 주거공간으로 오염된 공기가 새어 나갈 수 있는 통로를 제공하게 된다. 관내압력의 천이는 이로 인한 문제가 발생할 가능성이 있는 위치에 그 압력을 완화할 수 있는 장치를 설계단계에 반영하여 적용함으로써 제어할 수 있다. 건물 내부에 상당한 길이의 통기배관을 설치하는 것은 배관의 마찰손실로 인하여 천이 현상을 효과적으로 제어할 수 있는 확실한 방법이 되지는 못한다. 그렇지만 통기밸브를 설치하는 것과 같이 배수관 내로 공기를 공급해주는 유입구를 건물 내부에 분산 설치하는 것이 효율적인 통기방식이 될 수 있고, 정압 천이로 인한 위험을 줄여줄 수 있다. 통기밸브는 정압 발생의 원인이 되지 않으며 단지 정압에 반응하여 더욱 기밀하게 닫히며, 약화된 압력파를 반사할 뿐이다. 고층 건물에서 배수입상관과 평행하게 설치된 통기입상관(Parallel Vent Pipe)의 경우 극히 일부분의 정압 천이 현상을 완화할 수 있다. (통기 배관의 직경이 배수 입상배관과 동일한 경우 대략 1/3 정도임), 그러므로 정압의 천이로 인한 압력 파동은 배수 시스템의 나머지 부분을 통해 전파되어 배수 트랩에 영향을 미치게 된다. 정압의 천이가 예상되는 위치에 정압천이 완화 장치(Positive Air Pressure Transient Alleviation Device)를 사용하면 배관 내부압력의 급격한 상승을 방지하여 연결된 트랩의 봉수를 보호할 수 있다. 이렇게 되면 순간적으로 발생하는 배관내 압력의 급등 현상을 90% 정도까지 완화 시킬 수 있다. 경험적으로 배수시스템에서 배관이 완전하게 막혀 과도한 정압이 발생하는 경우는 거의 없다. 이러한 경우에는 가장 낮은 위치에 있는 배수 트랩의 봉수가 깨지면서 자연스럽게 배수시스템의 압력이 해소되게 된다. 이러한 사례는 통기 방식과 상관없이 발생할 수 있다. 실제와 유사한 시뮬레이션을 통하여 통기 밸브(Air Admittance Valves)는 전면 통기 시스템 (Fully Vented System)에서 최소한 트랩의 봉수 보호용으로 적합한 것이 확인 되었다. 어떤 경우 에는 고층 건물에 더욱 적합하다는 것을 확인할 수 있었다. 부압 해소용으로 통기밸브를 이용하고 정압완화용으로 정압 완화장치(PAPAs: Positive Air Pressure Transient Attenuators)를 사용하는 전면적 능동 제어시스템(Fully Engineered Designed Active Control System)이 사용자에게 육안으로는 확인하지 못하는 기능을 보장하면서 배수 시스템의 안전과 효율성에 대한 효과적인 방법을 제공하고 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.827-846
• /
• 2023

Recently, various information technologies such as network communication and sensors have begun to be integrated into weapon systems that were previously operated in stand-alone. This helps the operators of the weapon system to make quick and accurate decisions, thereby allowing for effective operation of the weapon system. However, as the involvement of the cyber domain in weapon systems increases, it is expected that the potential for damage from cyber attacks will also increase. To develop a secure weapon system, it is necessary to implement built-in security, which helps considering security from the requirement stage of the software development process. The U.S. Department of Defense is implementing the Risk Management Framework Assessment and Authorization (RMF A&A) process, along with the introduction of the concept of cybersecurity, for the evaluation and acquisition of weapon systems. Similarly, South Korea is also continuously making efforts to implement the Korea Risk Management Framework (K-RMF). However, so far, there are no cases where K-RMF has been applied from the development stage, and most of the data and documents related to the U.S. RMF A&A are not disclosed for confidentiality reasons. In this study, we propose the method for inferring the composition of the K-RMF based on systematic threat analysis method and the publicly released documents and data related to RMF. Furthermore, we demonstrate the effectiveness of our inferring method by applying it to the naval battleship system.