• Journal of Internet Computing and Services
• /
• v.9 no.2
• /
• pp.83-88
• /
• 2008

Session initiation protocol (SIP) is an application-layer prolocol to initiate and control multimedia client session. When client ask to use a SIP service, they need to be authenticated in order to get service from the server. Authentication in a SIP application is the process in which a client agent present credentials to another SIP element to establish a session or be granted access to the network service. In 2005, Yang et al. proposed a key exchange and authentication scheme for use in SIP applications, which is based on the Diffie-Hellman protocol. But, Yang et al.'s scheme is not suitable for the hardware-limited client and severs, since it requires the protocol participant to perform significant amount of computations (i.e., four modular exponentiations). Based on this observation. Huang and Wei have recently proposed a new efficient key exchange and authentication scheme thor improves on Yang et al.'s scheme. As for security, Huang and Wei claimed, among others, that their scheme is resistant to offline dictionary attacks. However, the claim turned out to be untrue. In this paper, we show thor Huang and Wei's key exchange and authentication scheme is vulnerable to on offline dictionary attack and forward secrecy.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.4
• /
• pp.91-98
• /
• 2012

A group key exchange (GKE) protocol is designed to allow a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. Among the many protocols is Yi et al.'s password-based GKE protocol in which each participant is assumed to hold their individual password registered with a trusted server. A fundamental requirement for password-based key exchange is security against off-line dictionary attacks. However, Yi et al.'s protocol fails to meet the requirement. In this paper, we report this security problem with Yi et al.'s protocol and show how to solve it.

• Journal of the Korean Society of Hazard Mitigation
• /
• v.7 no.3
• /
• pp.41-49
• /
• 2007

In order to reduce the amount of damage from natural disasters and perform the natural disaster mitigation program, the prevention activities and forecasting based on meteorological parameters and disaster datas are required. In addition, it is necessary to process prevention meteorological information for prevention activities in advance. For this, we have analyzed four data, such as Statistical yearbook of calamities and Statistics Yearbook issued by the Ministry of Government Administration and Human affairs. And Annual Climatological Report issued by the Korea Meteorological Administration and Recently 10 years for natural disaster damage from the Central Disaster and Safety Countermeasures Headquarters. We analyzed the causes, elements, occurrence frequencies, and vulnerable areas of natural disaster, using the 4 disaster datas, but these datas was not consistent with their terminology and items. Through the analysis of a kind and damage of disaster, we have selected the disaster variables, such as causes and elements, the amount of damage, vulnerable areas of natural disaster, etc and made a database. This database will be used to assess the natural disasters and develop the risk model and natural disasters mitigation plan.

• The KIPS Transactions:PartC
• /
• v.16C no.2
• /
• pp.183-188
• /
• 2009

Wireless sensor networks will be broadly deployed in the real world and widely utilized for various applications. A prerequisite for secure communication among the sensor nodes is that the nodes should share a session key to bootstrap their trust relationship. The open problems are how to verify the identity of communicating nodes and how to minimize any information about the keys disclosed to the other side during key agreement. At any rate, any one of the existing schemes cannot perfectly solve these problems due to some drawbacks. Accordingly, we propose a new pre-distribution scheme with the following merits. First, it supports authentication services. Second, each node can only find some indices of key spaces that are shared with the other side, without revealing unshared key information. Lastly, it substantially improves resilience of network against node capture. Performance and security analyses have proven that our scheme is suitable for sensor networks in terms of performance and security aspects.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2016.05a
• /
• pp.7-7
• /
• 2016

인도네시아 산불에 의한 연무는 동남아시아 인접한 국가들에 있어서 심각한 환경문제 중 하나이다. 국제적으로 심각한 문제를 야기하는 인도네시아의 산불은 건조기에 강수량이 적게 내리는 극심한 가뭄 조건에서 발생한다. 건조기 강수량을 모니터링 하는 것은 산불 발생 가능성을 예측하기 위해 중요하지만 산불을 사전에 예방하고 영향을 최소화하기에는 부족하다. 따라서 산불에 대한 선제적 사전예방을 위해서는 수개월의 선행예측 기간을 갖는 조기경보 시스템이 절실하다. 따라서 본 연구는 인도네시아 산불에 대한 선제적 대응을 위한 강수량 예측시스템을 개발하고 예측성을 평가하여 동남아시아 지역의 화재 연무 조기경보 시스템의 시제품(Prototype)을 개발하는데 있다. 강수량 예측을 위해서 APEC 기후센터의 계절예측정보의 활용 정도에 따라서 4가지 서로 다른 방법을 통합하여 사용하였다. 예측정보 기반의 방법들로는 대상지역의 강수량 예측을 위해서 대상 지역 상공의 계절예측 강수자료를 보정을 통해 직접적으로 사용하는 SBC (Simple Bias Correction) 방법과 대상 지역 상공의 강수 예측자료를 사용하는 대신에 지역 강수량과 높은 상관 관계를 보이는 다른 지역의 대리변수를 예측인자로 사용하는 MWR (Moving Window Regression) 방법이 있다. 또한 예측자료의 사용 없이 과거자료 기반의 기후지수(Climate Index) 중에서 지체시간을 고려하여 지역 강수량과 높은 상관관계를 갖는 경우 예측에 활용하는 관측자료 기반의 CIR (Climate Index Regression) 방법과 예측기반 MWR과 관측기반의 CIR 방법에서 선정된 예측인자를 동시에 활용하는 ITR (Integrated Time Regression) 방법이 사용되었다. 장기 강수량 예측은 보르네오 섬의 4개 지역에서 3개월 이하의 선행예측기간에 대하여 0.5 이상의 TCC (Temporal Correlation Coefficient)의 값을 보여 양호한 예측성능을 보였다. 예측된 강수량 자료는 위성기반 관측 강수량 및 관측 탄소 배출량 관계에서 결정된 강수량의 임계값과의 비교를 통해 산불발생 가능성으로 환산하였다. 개발된 조기경보 시스템은 산불 발생에 가장 취약한 해당지역의 건조기(8월~10월) 강수량을 4월부터 예측해 산불 연무에 대한 조기경보를 수행한다. 개발된 화재 연무조기경보 시스템은 지속적인 개선을 통해 현장 실효성을 높여 동남아국가 정부의 화재 및 산림관리자들에게 보급함으로써 동남아의 화재 연무로 인한 환경문제 해결에 기여할 수 있으리라 판단된다.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.229-236
• /
• 2008

In this paper, re proposed scheme that it safely exchange encrypted keys without Trust Third Party(TTP) and Pre-distributing keys in ubiquitous environments. Existing paper assume that exist a TTP or already pre-distributed encrypted keys between nodes. However, there methods are not sufficient for wireless environments without infrastructure. Some existing paper try to use the Diffie-Hellman algorithm for the problem, but it is vulnerable to Replay and Man-in-the middle attack from the malicious nodes. Therefore, Authentication problem between nodes is solved by modified the Diffie-Hellman algorithm using ${\mu}TESLA$. We propose safe, lightweight, and robust pair-wise agreement algorithm adding. One Time Password(OTP) using timestamp to modified the Diffie-Hellman in ubiquitous environments, and verify a safety about proposed algorithm.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2022.05a
• /
• pp.105-105
• /
• 2022

섬진강댐은 100년빈도 홍수에 대응토록 설계되어 홍수조절 능력이 타 다목적댐 대비 상대적으로 취약함에 따라 댐운영 체계 개선이 필요하다. 이에따라 K-water는 홍수시 피해를 최소화 할 수 있도록 댐운영과 관련한 홍수대응 체계를 개선하였다. 주요 개선대책은 섬진강 홍수조절용량 추가확보, 홍수기 강우특성을 고려한 홍수조절, 하류주민 및 기관과 소통에 기반한 정보 공유체계 확립, 디지털 트윈 기반 댐 운영 의사결정시스템 구축이다. 섬진강댐의 건설홍수조절용량은 3천만m³으로, 타 다목적댐 설계빈도인 200년 대비 홍수대응 능력이 미흡하다. 이에따라, 섬진강댐은 '21.1월부터 '22.12월까지 홍수기 제한수위를 기존 197.7m에서 2.5m 낮춘 194.0m로 시범운영하고 있다. 이를통해 기존 3천만m³에서 9천만m³까지 6천만m³의 홍수조절용량을 추가 확보하였다. 이와 연계하여 홍수기 동안 섬진강댐 운영수위 기준을 별도 수립하여 홍수기 전·후반으로 나누었으며, 전반기(~7/31)는 '20년 홍수상황에서 발생한 더블피크 집중호우(360mm)에 대응가능한 홍수조절능력을 확보하고, 후반기(8/1~)는 홍수조절능력을 최대한 확보함과 동시에 차년도 용수공급을 대비할 수 있도록 운영수위를 개선하였다. 그간 수문방류 정보는 '댐 관리규정'에 따라 방류개시 3시간 전까지 방류계획을 하류지역의 지자체 및 주민에게 통보하였으나, 하류주민들이 충분히 사전준비하기에 시간적으로 부족하다는 의견을 제시함에 따라 수문방류 24시간전 사전 안내토록 '수문방류 예고제'를 도입, 시행하였다. '댐 홍수관리 소통회의'를 통해 댐 운영기관-정부기관-주민이 댐 운영에 대한 전반에 대해 함께 공유하고 운영 제약사항 및 개선사항을 공동 발굴하여 대책을 마련하는 체계를 구축하였다. 댐 운영 개선사항과 더불어 댐방류 의사결정시, 실시간 하류하천 상황에 대한 확인이 어려움에 따라, 3D기반 의사결정 지원시스템인 Digita Twin Platform을 개발 및 구축하여 '22년부터 섬진강댐 운영에 시범적용을 추진하고자 한다.

• Journal of Advanced Navigation Technology
• /
• v.26 no.6
• /
• pp.528-535
• /
• 2022

Although the domestic aviation industry has made rapid progress with the development of aircraft manufacturing and transportation technologies, aviation safety accidents continue to occur. The supervisory agency classifies hazards and risks based on risk-based aviation safety data, identifies safety trends for each air transportation operator, and conducts pre-inspections to prevent event and accidents. However, the human classification of data described in natural language format results in different results depending on knowledge, experience, and propensity, and it takes a considerable amount of time to understand and classify the meaning of the content. Therefore, in this journal, the fine-tuned KoBERT model was machine-learned over 5,000 data to predict the classification value of new data, showing 79.2% accuracy. In addition, some of the same result prediction and failed data for similar events were errors caused by human.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.4
• /
• pp.207-215
• /
• 2014

Password based authentication systems are most widely used for user convenience in web services. However such authentication systems are known to be vulnerable to various attacks such as password guessing attack, dictionary attack and key logging attack. Besides, many of the web systems just provide user authentication in a one-way fashion such that web clients cannot verify the authenticity of the web server to which they set access and give passwords. Therefore, it is too difficult to protect against DNS spoofing, phishing and pharming attacks. To cope with the security threats, web system adopts several enhanced schemes utilizing one time password (OTP) or long and strong passwords including special characters. However there are still practical issues. Users are required to buy OTP devices and strong passwords are less convenient to use. Above all, one-way authentication schemes generate several vulnerabilities. To solve the problems, we propose a multi-channel, multi-factor authentication scheme by utilizing QR-Code. The proposed scheme supports both user and server authentications mutually, thereby protecting against attacks such as phishing and pharming attacks. Also, the proposed scheme makes use of a portable smart device as a OTP generator so that the system is convenient and secure against traditional password attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1025-1036
• /
• 2016

The conversion of the international standard web utilization HTML5 technology is being developed for improvement of the internet environment based on nonstandard technology like ActiveX. Hyper Text Markup Language 5 (HTML5) of basic programming language for creating a web page is designed to consider the security more than HTML4. However, the range of attacks increased and a variety of security threats generated from HTML4 environment inherited by new HTML5 API. In this paper, we focus on the script-based attack such as CSRF (Cross-Site Request Forgery), Cookie Sniffing, and HTML5 API such as CORS (Cross-Origin Resource Sharing), Geolocation API related with the infringement of the personal information. We reproduced the infringement cases actually and embodied a detection module of a Plug-in type diagnosed based on client. The scanner allows it to detect and respond to the vulnerability of HTML5 previously, thereby self-diagnosing the reliability of HTML5-based web applications or web pages. In a case of a new vulnerability, it also easy to enlarge by adding another detection module.