• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.5
• /
• pp.691-700
• /
• 2021

The IP cameras have rapidly replaced the analog CCTVs as the cameras have the advantages of not only being able to remotely monitor, but also supplying power through the UTP cable, In this paper, we introduce the protocol architecture of the ONVIF standard which is widely applied to the IP camera and other Internet protocols to support it, and implement the ONVIF Device on a commercial board. Although these functions can be controlled by the Client (PC), several functions such as privacy masks, temperature display of the thermal camera, and ROI (Region of Interest) are implemented through a web viewer on the device. Through the experiment, the functions of ONVIF Profile S and web viewer are verified through SOAP messages exchanged between Device (IP camera) and Client program and streamed images.

• Proceedings of the Korean Association of Geographic Inforamtion Studies Conference
• /
• 2007.10a
• /
• pp.169-175
• /
• 2007

고리, 월성, 울진, 영광 등4개 원전부지와 하나로 연구용 원자로 부지에 대해 방사성물질의 대기 중 누출사고 발생 시 대축척 전자지도와 연계한 사고정보 파악, 예상피해분석, 방재시설 및 소개정보 활용 등을 통해 중앙정부 및 지방자치단체가 방사능 물질 피해지역관리 및 신속하고 효율적인 주민대응조치 수립을 위한 의사 결정 지원할 수 있는 방사능방재 지리정보시스템 구축이 필요하다. 본 연구에서는 고리, 월성, 울진, 영광, 대전지역의 원자력 발전소 및 연구용 원자로 반경 40km이내 지역의 행정경계, 도로, 등고, 수계, 건물 등의 일반지형지물정보와, 비상계획구역 내 마을의 상세정보, 집결지, 대피소, 교통통제소, 환경방사능감시기, TLD등의 방재시설물 위치 및 관련 상세정보, 관공서, 경찰서, 소방서, 보건소, 학교, 병원 등의 방재관련 지형지물 위치 및 관련 상세정보, 원전부지 내 인구분포, 보유 차량 분포, 농작물 재배 현황, 축산물 재배현황 등의 방재관련 사회통계정보를 포함하는 공간 및 속성 데이터베이스는 구축하였다. 이를 기반으로 방사선 피폭영향 평가시스템(FADAS)의 예상평가결과를 전자지도 상에 표출하고, 이에 근거한 예상피해를 분석하며, 소개단계 대상 마을 검색 및 바람장 분석을 활용한 소개경로 제시 등을 통해 주민보호조치 의사결정을 지원하며, 사고대응 및 소개현황 정보를 관리하는 웹 기반의 원자력방재 지리정보시스템을 확대 개발하였다. 방재시설물 및 방재관련 지형지물, 방재관련 사회통계자료의 검색기능 및 실시간 원전 바람장 정보조회, 실시간 ERMS 수집정보 조회, 수치예보 정보 조회, 온라인DB관리 등의 확대 구현을 통해 사고대응조치 및 피해분석업무를 지원하였다. 본 연구를 통한 원자력방재 지리정보시스템 완성을 통해 방사능 비상시 중앙본부와 지역본부 및 유관기관 간에 지리정보와 연계한 정확한 사고정보 및 방재정보의 신속한 공유를 제공하고, 적절한 비상대응조치 의사결정 및 주민보조조치 수행을 지원하여 효율적인 사고지역 관리 및 인적 물적 자원의 피해를 최소화하는데 기여할 것으로 기대된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1047-1057
• /
• 2018

As the number of services offered on the Internet exponentially increases, password managers are increasing popular applications that store several passwords in an encrypted database (or password vault). Browser-integrated password managers or locally-installed password managers store the password vault on the user's device. Although a web-based password manager stores the password vault on the cloud server, a user can store the master password used to sign in the cloud server on her device. An attacker that steals a user's encrypted vault stored in the victim's device can make an offline attack and, if successful, all the passwords in the vault will be exposed to the attacker. This paper investigates the vulnerability of the password vault stored in the device and develops attack programs to verify the vulnerability of the password vault.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.559-572
• /
• 2020

As internet technology advances, users can share content online, and many sharing services exist. According to a recently published digital forensic study, when playing an online streaming service, you can restore the played video by reconstructing the Chrome cache file left on local device such as a PC. This can be seen as evidence that the user watched illegal video content. From a different point of view, copyright infringement occurs when a malicious user restores video stream and share it to another site. In this paper, we selected 23 online streaming services that are widely used both at home and abroad. After streaming videos, we tested whether we can recover original video using cache files stored on the PC or not. As a result, the paper found that in most sites we can restore the original video by reconstructing cache files. Furthermore, this study also discussed methodologies for preventing copyright infringement in online streaming service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.213-222
• /
• 2017

Online advertisement has many benefits comparing to offline advertisement but it also has many challenging problems by online ad abuses. Advertisement injection (Ad injection) is one of the threats that surreptitiously inserts advertisements without a permission of site owners. Users are exposed to additional ads and redundant web traffic by injected ads can cause a service quality problem. Moreover, advertisers can have economic loss when injected ads are different from original ones. Although ad injection leads to these problems it has not been fully studied yet. A few ad injection researches are done by online advertising providers such as Google. In this paper, we analyze ad injection activities to Korean major portal, Naver. We classify 6 types of ad injections and describe their characteristics by analyzing 27 downloaders and 199 installed programs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.963-974
• /
• 2018

With the growing interest in cryptocurrency such as bitcoin, the blockchain technology has attracted much attention in various applications as a distributed security platform with excellent security. However, Cryptojacking, an attack that hijack other computer resources such as CPUs, has occured due to vulnerability to the Cryptomining process. In particular, browser-based Cryptojacking is considered serious because attacks can occur only by visiting a Web site without installing it on a visitor's PC. The current Cryptojacking detection system is mostly signature-based. Signature-based detection methods have problems in that they can not detect a new Cryptomining code or a modification of existing Cryptomining code. In this paper, we propose a Cryptojacking detection solution using a dynamic analysis-based that uses a headless browser to detect unknown Cryptojacking attacks. The proposed dynamic analysis-based Cryptojacking detection system can detect new Cryptojacking site that cannot be detected in existing signature-based Cryptojacking detection system and can detect it even if it is called or obfuscated by bypassing Cryptomining code.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.869-878
• /
• 2018

Digital Evidence Data in cyberspace is easy to modify or delete, and changes are reflected in real time, so it is necessary to acquire evidence data quickly. Collecting evidence on the client side is advantageous in that data can be acquired without time delay due to additional administrative procedures, but collection of large data is likewise vulnerable to collection time delay problem. Therefore, this paper proposes an automated evidence collection method on the client side, focusing on the major web-based services in cyberspace, and enables efficient evidence collection for large volumes of data. Furthermore, we propose a digital evidence collection system in cyberspace that guarantees the integrity of the collected digital evidence until the court submission.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.81-90
• /
• 2003

Existing web-based system management software solutions show some limitations in time and space. Moreover, they possess such as shortcomings unreliable error message announcements and difficulties with real-time assistance suppers and emergency measures. In order to solve these deficiencies, Wireless Remote Control System was designed and implemented. Wireless Remote Control System is able to manage and monitor remote systems by using mobile communication devices for instantaneous control. The implementation of Wireless Remote Control System leads to these security Problems as well as solutions to aforementioned issues with existing web-based system management software solutions. Therefore, this paper has focused on the security matters related to Wireless Remote Control System. The designed security functions include mobile device user authentication and target system access control. For security verification of these security functions introduced CPN(Coloured Petri Nets) which is capable of expressing every possible state for each stage. And then in this paper was verified its security through PI(Place Invariant) based on CPN(Coloured Petri Nets). The CPN expression and analysis method of the proposed security function can also be a useful method for analyzing other services in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.3-11
• /
• 2004

The XML has been becoming a basis of the related application and industry standards with proliferation of electronic transactions on the web, and the standardization on XML Signature, which can be applied to the digital contents including XML objects from one or more sources, is in the progress through a joint effort of W3C(World Wide Web Consortium) and IETF(Internet Engineering Task Force). Along with this trend, the development of products implementing XML Signature has been growing, and the XML Signature products are required to implement the relevant standards correctly to guarantee the interoperability among different XML Signature products. In this paper, we propose a conformance testing method for testing the XML Signature products, which includes a testing procedure and test cases. The test cases were obtained through analysis of XML Signature standards. Finally we describe the design and uses of our XML Signature conformance testing tools which implements our testing method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.71-79
• /
• 2003

Existing web-based system management software solutions show some limitations in time and space. Moreover, hey possess such as shortcomings unreliable error message announcements and difficulties with real-time assistance supports and emergency measures. In order to solve these deficiencies, Wireless Remote Control System(W-RCS) was designed and implemented. W-RCS is able to manage and monitor remote systems by using mobile communication devices for instantaneous control. The implementation of W-RCS leads to these security problems as well as solutions to aforementioned issues with existing web-based system management software solutions. Therefore, this paper has focused on the security matters related to W-RCS. The security functions based on public key infrastructure include mobile device user authentication and target system access control. The W-RCS allows real-time user authentication, increases the flexibility of resource administrators and mobile device non, and provides not only uninterrupted services, but also safe mobile office environments.