• Journal of Korean Society of Forest Science
• /
• v.100 no.3
• /
• pp.315-326
• /
• 2011

In recent years, domestic and international interests focus on climate change, and importance of forest as carbon sink have been also increased. Particularly REDD+ mechanism expanded from REDD (Reduced Emissions from Deforestation and Degradation) is expected to perform a new mechanism for reducing greenhouse gas in post 2012. To conduct this mechanism, countries which try to get a carbon credit have to certify effectiveness of their activities by MRV (Measuring, Reporting and Verification) system. This study analyzed the approaches for detecting land cover change and estimating carbon stock by remote sensing technology which is considered as the effective method to develop MRV system. The most appropriate remote sensing for detection of land cover change is optical medium resolution sensors and satellite SAR (Synthetic Aperture Radar) according to cost efficiency and uncertainty assessment. In case of estimating carbon stock, integration of low uncertainty techniques, airborne LiDAR (Light Detection and Ranging), SAR, and cost efficient techniques, optical medium resolution sensors and satellite SAR, could be more appropriate. However, due to absence of certificate authority, guideline, and standard of uncertainty, we should pay continuously our attention on international information flow and establish appropriate methods. Moreover, to apply monitoring system to developing countries, close collaboration and monitoring method reflected characteristics of each countries should be considered.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.4
• /
• pp.769-776
• /
• 2016

TELNET is vulnerable to network attack because it was designed without considering security. SSL/TLS and SSH are used to solve this problem. However it needs additional secure protocol and has no backward compatibility with existing TELNET in this way. In this paper, we have suggested STELNET(Secured Telnet) which supports security functionalities internally so that has a backward compatibility. STELNET supports a backward compatibility with existing TELNET through option negotiation. On STELNET, A client authenticates server by a certificate or digital signature generated by using ECDSA. After server is authenticated, two hosts generate a session key by ECDH algorithm. And then by using the key, they encrypt data with AES and generate HMAC by using SHA-256. After then they transmit encrypted data and generated HMAC. In conclusion, STELNET which has a backward compatibility with existing TELNET defends MITM(Man-In-The-Middle) attack and supports security functionalities ensuring confidentiality and integrity of transmitted data.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.3
• /
• pp.654-660
• /
• 2004

In this paper, we define that pervasive home network, which provides necessary services for user properties and removes distractions to improve the quality of human life. So, user can enjoy home network technology including devices and softwares at any place with no knowledge of networked home, devices, and softwares. In this home network, a mobile agent, called LAFA, can migrate to unfamiliar home network and control the necessary devices. For this environment, we design security management module for authenticating user and home server that access some other home networks, and for protecting text, multimedia data, and mobile agent that are transferred between home networks. The security management module is composed of a key exchange management module and an access control management module, for key exchange management module, we propose a key exchange protocol, which provides multimode of authentication mode and key exchange mode. One of these two modes is selected according to the data type.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.8
• /
• pp.1977-1985
• /
• 2009

An e-Seal is an active RFID device that was set on the door of a container. e-Seal provides both the state of the seal and the remote control of the device automatically. But it has vulnerabilities like eavesdrop and impersonate because of using RFID system. A secure e-Seal authentication protocol must use PRF for encryption/decryption of reader and e-Seal. The existing PRF uses simple hash function such as MD5 or SHA which is not available for e-Seal. It is required to use strong hash functions. The hash function is a essential technique used for data integrity, message authentication and encryption in the mechanism of information security. Therefore, in this paper, we propose more secure and effective hash function based on polynomial for e-Seal authentication protocol.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.4
• /
• pp.677-684
• /
• 2017

Smart devices are used in a variety of industries, because applications for them are easy to develop and portable. However, industrial equipment can cause security problems for information and accidents when controlling the actuator of the equipment at a remote location. In this paper, we studied methods of solving these problems and the advantages of applying smart control systems to industrial equipment. We propose a manual manipulation method using queries and a smart control access procedure for controlling equipment using a smart device. In addition, we propose a data transmission method employing multiple encryption protocols and a user authentication method using unique information from the smart device and Q & A as the communication data protection and user authentication methods, respectively. In order to evaluate its performance, an operation test of the smart control system and user authentication comparison experiment were performed. In order to understand the advantages of applying the smart control system to the equipment, we conducted a comparative experiment with a teach pendant and evaluated its reaction time in case of error.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.12
• /
• pp.1898-1903
• /
• 2021

Recently, the need to be wary of internal access such as internal access as well as external attackers' access to work has increased due to network expansion, cloud infrastructure expansion, and changes in working patterns due to COVID-19 situations. For this reason, a new network security model called Zero Trust is drawing attention. Zero Trust has a key principle that a trusted network does not exist, and in order to be allowed access, it must be authenticated first, and data resources can only be accessed by authenticated users and authenticated devices. In this paper, we will explain these zero trust and zero trust architectures and examine new security application strategies applicable to various companies using zero trust and the process of building a new security system based on the zero trust architecture model.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.99-107
• /
• 2022

The use of smart home appliances and Internet of Things (IoT) devices is growing, enabling new interactions and automation in the home. This technology relies heavily on mobile services which leaves it vulnerable to the increasing threat of hacking, identity theft, information leakage, serious infringement of personal privacy, abnormal access, and erroneous operation. Confirming or proving such security breaches have occurred is also currently insufficient. Furthermore, due to the restricted nature of IoT devices, such as their specifications and operating environments, it is difficult to provide the same level of internet security as personal computers. Therefore, to increase the security on smart home IoT devices, attention is needed on (1) preventing hacking and user authority theft; (2) disabling abnormal manipulation; and (3) strengthening audit records for device operation. In response to this, we present a plan to build a cloud security authentication platform which features security authentication management functionality between mobile terminals and IoT devices.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.05a
• /
• pp.899-902
• /
• 2009

As computer network and wireless technology continue to grow rapidly, a wide range of remote application has been applied to medical field such as remote medical consulting and remote patient monitoring. This research aims to design RF telecommunication-based healthcare application to collect and manage patient's physiological data, and describe the overall procedure of experiment. MySQL database is designed to record patient's physiological data including temperature, blood pressure and heart rate and save information about medical behaviors such as doctor's prescription for patients. Therefore, users approved by healthcare application can query patient's data and collected data can be used to reorganize data for clinical test. As a result, temperature and humidity of patient's room which must be checked frequently can be processed automatically through ubiquitous sensor network. The information entered from mobile phones or web is saved in database, ensuring systematical management through computer. Moreover, patient's family members can easily access hospital data, improving their experience with medical service.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.2
• /
• pp.303-308
• /
• 2019

Spring framework is widely used as a base technology for e-government frameworks and to the extent it is a standard for web service development tools of Korean public institutions. However, recently, a remote code execution vulnerability(CVE-2018-1270) was found in an application using a spring framework. This paper proposes a method of analyzing the vulnerability experiment using a hacking scenario, Proof Of Concept(POC), in which the spring framework is a hazard to the server. We propose the patch to version 4.3.16 and version 5.0.5 or later as an ultimate response. It is also expected that the proposed experiment analysis on vulnerability of hacking scenario will be used as a data for improving performance of security programs and establishing a new authentication system.

• Proceedings of the IEEK Conference
• /
• 2001.06c
• /
• pp.51-54
• /
• 2001

Recently Hwang and Li［1］ proposed a remote user authentication scheme using smart cards. Their scheme is based on the ElGamal public key cryptosystem and does not need to maintain a password table for verifying the legitimacy of the login users. In this paper, we proposed an advanced user authentication scheme using smart cards. Unlike Hwang and Li's scheme, smart card contains a pair of public parameters(h, P) where h is a hash function which is used in login phase. In result, we reduce one exponential computation frequency in login phase and two exponential computation frequencies in authentication phase with comparing the Hwang and Li's scheme. The proposed scheme not only provides the advantages as security of Hwang and Li's scheme, but also reduces computation cost.