• Journal of KIISE
• /
• v.43 no.11
• /
• pp.1179-1187
• /
• 2016

Android- and Linux-based embedded systems require device drivers, which are structured and built in kernel functions. However, device driver software (firmware) provided by various 3rd parties is not usually checked in terms of their security requirements but is simply included in the final products, that is, Android-based smart phones. In addition, static analysis, which is generally used to detect vulnerabilities, may result in extra cost to detect critical security issues such as privilege escalation due to its large proportion of false positive results. In this paper, we propose and evaluate an effective technique to detect vulnerabilities in Android device drivers using both static and dynamic analyses.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.57-63
• /
• 2015

Development of IT technology, the rapid computerization of society has accelerated the digitization of the world's information. Then, the activation of the e-commerce is the collection of a number of sensitive information, storage, operational increased rapidly. Currently, the public sector, financial sector, the private sector has utilized a number of privacy. Accidents caused by leakage of information is a tendency to increase day by day. For a review of the problems of security and protection for such sensitive information, the need for easier support system it is required. This thesis suggests E-PIAMS(Enterprise-Privacy Impact Assessment Management System) applicable effectively in private sectors.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.137-144
• /
• 2020

Non-commissioned officers reach 80% of the 6,500 recruitment target, and 88% of the workforce is operated, about 9,500 less than the quota. To solve this problem, RNTC was tested and operated for about four years since 2015. And it was run directly by the Army in 2020. However, the Army has not solved the problem of RNTCs in college. While maintaining RNTC in universities, measures were needed to cope with the decrease in school-age populations, but the army did not address them. The universities tried to achieve two goals: securing students and increasing employment rates, which failed to meet the expectation. This was mainly because students only from particular departments were selected. And this was not what the army aimed to achieve through RNTC. After analyzing the cause of this phenomenon. the problem turned out to be the erroneous perception of RNTC to the general public. In order to eradicate this problem, there needs to be more effective promotion by the Army, and some improvements are also needed in terms of RNTC's selection process. In this paper, we find and describe the problems of the system itself. If this problem is solved, we will be able to not only satisfy the needs of both the Army and the universities, but also produce good non-commissioned officers through the RNTC system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.45-53
• /
• 2020

Blockchain can control transactions in a decentralized way and is already being considered for manufacturing, finance, banking, logistics, and medical industries due to its advantages such as transparency, security, and flexibility. And it is predicted to have a great economic effect. However, Blockchain has a Trilemma that is difficult to simultaneously improve scalability, decentralization and security characteristics. Among them, the biggest limitation of blockchain is scalability, which is very difficult to cope with the constantly increasing number of transactions and nodes. To make the blockchain scalable, higher performance should be achieved by modifying existing consensus methods or by improving the characteristics and network efficiency that affect many ways of scaling. Therefore, in this paper, we propose a cluster-based scalable PBFT consensus algorithm called CBS-PBFT which reduces the message complexity O(n²) of PBFT to O(n), which is a representative consensus algorithm of blockchain, and the validity is verified through simulation experiments.

• TTA Journal
• /
• s.97
• /
• pp.166-171
• /
• 2005

한국정보통신기술협회(TTA)에서 제공하고 있는 상호운용성시험(ION: Interoperability ON!)은 각 기술분야에 대해 서로 다른 회사 제품들간 상호운용성을 시험하는 행사로서 2004년 12월 7일부터 9일까지 3일 동안 IEEE802.11a+g 듀얼밴드 고속무선랜 AP(Access Point)와 카드에 대한 ION을 실시하였다. 이번 ION에서는 상호운용성과 더불어 WPA(Wi-Fi Protected Access)보안, 그리고 무선랜 제품의 RF(Radio Frequency) 적합성, AP의 성능 및 안정성에 대하여 시험하였다. 총 6개의 국내업체가 참가한 가운데 TTA 기준장비와의 상호운용성 시험, 참가업체간 상호운용성 시험을 실시하여 국내업체의 802.11a+g 듀얼모드 장비 기술수준 향상 및 앞으로 진행될 무선랜 RF 및 성능에 대한 TTA 인증 안 검토에도 많은 도움을 얻을 수 있었다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.11
• /
• pp.2514-2520
• /
• 2010

The objective of this paper is to propose the methodology for automated generation of the optimal security defense strategies using evolutionary techniques. As damages by penetration exploiting vulnerability in computer systems and networks are increasing, security techniques have been researched actively. However it is difficult to generate optimal defense strategies because it needs to consider various situations on network environment according to countermeasures. Thus we have adopted a genetic algorithm in order to generate an optimal defense strategy as combination of countermeasures. We have represented gene information with countermeasures. And by using simulation technique, we have evaluated fitness through evaluating the vulnerability of system having applied various countermeasures. Finally, we have examined the feasibility by experiments on the system implemented by proposed method.

• Review of KIISC
• /
• v.18 no.5
• /
• pp.1-20
• /
• 2008

편리한 금융거래 수단으로써 인터넷뱅킹을 포함한 전자금융 서비스가 생활화 되었으며 그 중요성 또한 갈수록 증가하고 있다. 이에 대한 부작용으로서 사용자의 실수나 금융기관, 쇼핑몰, 포털 등의 해킹을 통한 전자금융 접근매체의 유출, 비정상적인 지불결제나 인터넷뱅킹 이체 사고 등 침해사고 또한 함께 증가하고 있다. 금융권은 금융감독원을 중심으로 전자금융 종합보안 대책 수립(2005년) 및 전자금융거래법 시행(2007년) 등을 통해 고객 PC의 해킹방지를 위한 다양한 보안프로그램 제공 의무화, 보안등급에 따른 이체한도 차등화, 금융권 통합 OTP 인증체계 구축 등 전자금융 침해사고 예방을 위한 적극적인 노력을 기울여오고 있으나, 최근 들어 피싱/파밍 등 신종 사이버사기 기법이나 해외의 전문 해커에 의해 개발된 고도의 지능화된 해킹툴이 사용되어 보안프로그램을 무력화시킨 후 고객정보를 유출해가거나 일반 포털사이트, 웹하드, 웹메일 등의 해킹을 통해 인터넷 사이트에 등록된 고객의 인터넷뱅킹 접근 매체를 유출하여 인터넷뱅킹 침해 사고를 일으키는 등의 신종 침해사고를 완벽히 차단하지는 못하고 있어, 더욱 강력한 전자금융 침해사고 예방 통제 방안의 수립과 함께 침해사고 발생 시 원인 파악 및 범인 검거를 위한 역추적 시스템의 구축 등 기존 보안체계를 대폭 강화할 필요성이 발생하고 있다. 본 연구에서는 시중 은행의 인터넷뱅킹 침해사고 발생 현황 조사를 중심으로 최근 발생한 전자금융 침해사고의 추이분석, 침해사고 주요 원인과 기존 대응 체계의 현황, 한계점 등을 파악하였다. 그리고 전자금융 침해사고의 효과적인 예방 및 대응 강화 방안으로서 사용자 관점에서 공인인증서를 중심으로 한 전자금융 접근매체의 관리 강화 방안을 제안하였으며, 전자금융 서비스를 제공하는 금융 기관 관점에서 효과적인 전자금융거래 로깅 및 역추적 시스템의 구축 및 전체 금융기관과 감독기관 간의 유기적인 공조를 기반으로 한 침해사고 공동 대응체계의 구축 및 운영을 위한 시스템의 구성 방법, 운영 프로세스, 관련 법률의 검토 및 대응 방법 등을 제안하였다.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.9
• /
• pp.85-91
• /
• 2014

Encryption is a method to convert information to no-sense code in order to prevent data from being lost or altered by use of illegal means. Audit logging creates audit log of users' activities, exceptions, and information security events, and then conserves it for a certain period for investigation and access-control auditing. Our paper suggests that confidentiality and integrity of information should be guaranteed when transmitting and storing important information in encryption. Encryption should consider both one-way encryption and two-way one and that encryption key should assure security. Also, all history related to electronic financial transactions should be logged and kept. And, it should be considered to check the details of application access log and major information. In this paper, we take a real example of encryption and log audit for safe data transmission and periodic check.

• Tunnel and Underground Space
• /
• v.10 no.4
• /
• pp.533-543
• /
• 2000

Deformation behavior and stability of vertical pipeline subjected to underground excavation have been studied by means of numerical analysis. Vortical ground displacements cause the pipe to be compressed, while horizontal ones cause it to be bent. In that region the vertical pipeline meets with the induced compressive stress and bending stress. In addition horizontal rock stress subjected to underground excavation may press the tube in its radial direction and it finally produces the tangential stress of pipe. In this study active gas well system is considered as an example of vertical pipelines. Factor analysis has been conducted which has great influence on the pipeline behavior. Three case studies are investigated which have the different pillar widths and gas well locations in pillar. For example, where overburden depth is 237.5 m and thickness of coal seam is 2.5 m, chain pillar of 45.8 m width in the 3-entry longwall system is proved to maintain safely the outer casing of gas welt which is made of API-55 steel, 10$\frac{3}{4}$ in. diameter and 0.4 in. thickness. Finally an active gas well which was broken by longwall mining is analyzed, where the induced shear stress turn out to exceed the allowable stress of steel.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1561-1570
• /
• 2015

Even though much investment to prevent or mitigate damage from information security breaches have been considered, researches on economically rational information security decision-making such as investment, management, etc. are not introduced in Korea. This study analyzes research themes and methodologies of articles presented at the Workshop on the Economics of Information Security (WEIS) for 2002 - 2014. Results of the study can suggest future research topics for researchers, and help make rational information security decision-making for practitioners.