• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.2
• /
• pp.303-308
• /
• 2019

Spring framework is widely used as a base technology for e-government frameworks and to the extent it is a standard for web service development tools of Korean public institutions. However, recently, a remote code execution vulnerability(CVE-2018-1270) was found in an application using a spring framework. This paper proposes a method of analyzing the vulnerability experiment using a hacking scenario, Proof Of Concept(POC), in which the spring framework is a hazard to the server. We propose the patch to version 4.3.16 and version 5.0.5 or later as an ultimate response. It is also expected that the proposed experiment analysis on vulnerability of hacking scenario will be used as a data for improving performance of security programs and establishing a new authentication system.

• Journal of Digital Convergence
• /
• v.17 no.1
• /
• pp.195-201
• /
• 2019

This paper proposes a blockchain system to share Wireless Local Area Network (WLAN) that recently suffers from mutual interference among increasing devices using unlicensed bands. Blockchain technology can induce cooperation from users by incentivizing them with cryptocurrency like shown in Bitcoin example. In this paper, we describe Blockchain based access mechanism in WLAN instead of conventional authentication based access. Here, users can access any WLAN access point by paying through smart contract while they also receive payment from others. In order to support real-time transaction, we apply proof-of-authority that is realized by Byzantine fault tolerant protocol instead of well-known proof-of-work that requires huge computing power and delay.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.81-90
• /
• 2003

Existing web-based system management software solutions show some limitations in time and space. Moreover, they possess such as shortcomings unreliable error message announcements and difficulties with real-time assistance suppers and emergency measures. In order to solve these deficiencies, Wireless Remote Control System was designed and implemented. Wireless Remote Control System is able to manage and monitor remote systems by using mobile communication devices for instantaneous control. The implementation of Wireless Remote Control System leads to these security Problems as well as solutions to aforementioned issues with existing web-based system management software solutions. Therefore, this paper has focused on the security matters related to Wireless Remote Control System. The designed security functions include mobile device user authentication and target system access control. For security verification of these security functions introduced CPN(Coloured Petri Nets) which is capable of expressing every possible state for each stage. And then in this paper was verified its security through PI(Place Invariant) based on CPN(Coloured Petri Nets). The CPN expression and analysis method of the proposed security function can also be a useful method for analyzing other services in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.3-11
• /
• 2004

The XML has been becoming a basis of the related application and industry standards with proliferation of electronic transactions on the web, and the standardization on XML Signature, which can be applied to the digital contents including XML objects from one or more sources, is in the progress through a joint effort of W3C(World Wide Web Consortium) and IETF(Internet Engineering Task Force). Along with this trend, the development of products implementing XML Signature has been growing, and the XML Signature products are required to implement the relevant standards correctly to guarantee the interoperability among different XML Signature products. In this paper, we propose a conformance testing method for testing the XML Signature products, which includes a testing procedure and test cases. The test cases were obtained through analysis of XML Signature standards. Finally we describe the design and uses of our XML Signature conformance testing tools which implements our testing method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.283-293
• /
• 2012

A new type of malware that extracts personal and account data over an extended period of time and that apparently is resistant to detection by vaccines has been identified. Generally, a malware is installed on a computer through network-to-network connections by utilizing Web vulnerabilities that contain injection, XSS, broken authentication and session management, or insecure direct-object references, among others. After the malware executes registration of an arbitrary service and an arbitrary process on a computer, it then periodically communicates the collected confidential information to a hacker. This paper is a systematic approach to analyzing a new type of malware called "winweng," a kind of worm that frequently made appearances during the first half of 2011. The research describes how the malware came to be in circulation, how it infects computers, how its operations expose its existence and suggests improvements in responses and countermeasures. Keywords: Malware, Worm, Winweng, SNORT.

• Journal of The Korean Association of Information Education
• /
• v.9 no.3
• /
• pp.533-548
• /
• 2005

According to the increasing of the internet infrastructure and growth of contents technology, the users can access an education service at anytime and anywhere. In a field of English education, especially, internet technology has enabled learners to communicate with their teachers and multimedia contents technology has been able to provide learner not only lots of interests, but also good effect on English learning. In this paper, we propose a method diagnosing learner's level by using some question-items, which consist of item's type and item's function. Futhermore, the proposed system can support three devices which are PC, PDA, and Mobile Phone on wired and wireless internet communication environments. Also, the system provides multimedia contents including flash movies, image, and audio contents. We have applied the system into real classroom, and we verified that the question-items that system provides has no problem, and our method could improve each learner skill on English education. Therefore, we expect that learner who uses the proposed system will get level-based English learning service at anytime and anywhere.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.47 no.1
• /
• pp.15-21
• /
• 2010

This paper proposes the multimedia fingerprinting code insertion algorithm when video content is distributed in P2P environment, and designs the collusion codebook SRP(Small RISC Processor) embedded system for the collusion attack prevention. In the implemented system, it is detecting the fingerprinting code inserted in the video content of the client user in which it requests an upload to the web server and in which if it is certified content then transmitted to the streaming server then the implemented system allowed to distribute in P2P network. On the contrary, if it detects the collusion code, than the implemented system blocks to transmit the video content to the streaming server and discontinues to distribute in P2P network. And also it traces the colluders who generate the collusion code and participates in the collusion attack. The collusion code of the averaging attack is generated with 10% of BIBD code v. Based on the generated collusion code, the codebook is designed. As a result, when the insert quantity of the fingerprinting code is 0.15% upper in bitplane 0~3 of the Y(luminance) element of I-frame at the video compression of ASF for a streaming service and MP4 for an offline offer of video content, the correlation coefficient of the inserted original code and the detected code is above 0.15. At the correlation coefficient is above 0.1 then the detection ratio of the collusion code is 38%, and is above 0.2 then the trace ratio of the colluder is 20%.

• Journal of Internet of Things and Convergence
• /
• v.6 no.3
• /
• pp.67-73
• /
• 2020

The research status of endangered amphibians in Korea was mainly studied the life-cycle and distribution status of species from the 1980s to the early 2000s. Although a relatively diverse range of studies have been conducted on mackerels, studies on habitat prediction, analysis, change and management are insufficient. WEB, which provides biota information using location information in Korea, is a site operated by the National Bio Resource Center under the Ministry of Environment, but there is no information on endangered species and general species information has also been found to be very scantily. For this research, we secured a database of location information of Narrow-mouth frog, an endangered species, by combining literature and field research, and established a system by applying new technologies and open-based platform technologies that can be easily accessed by non-technical personnel of IT among IT technologies. The system was divided into administrator functions and user functions to prevent indiscriminate sharing of information through authentication procedures through user membership of users. The established system was authorized to show the distance between the current location and the location of the Narrow-mouth frog. Considering the ecological characteristics of the Narrow-mouth frog, which is an endangered species, a radius of 500m was marked to determine the habitat range. The system is expected to be applied to the legal system to change existing protected areas, etc. and to select new ones. It is estimated that practical reduction measures can be derived by utilizing the development plan for reviewing the natural environment. In addition, the deployed system has the advantage of being able to apply to a wide variety of endangered species by modifying the information entered.

• Geophysics and Geophysical Exploration
• /
• v.3 no.2
• /
• pp.53-60
• /
• 2000

The server/client systems using the web protocol and distribution computing environment by network was applied to the MT data processing based on the Java technology. Using this network based system, users can get consistent and stable results because the system has standard analysing methods and has been tested from many users through the internet. Users can check the MT data processing at any time and get results during exploration to reduce the exploration time and money. The pure/enterprised Java technology provides facilities to develop the network based MT data processing system. Web based socket communication and RMI technology are tested respectively to produce the effective and practical client application. Intrinsically, the interpretation of MT data performing the inversion and data process requires heavy computational ability. Therefore we adopt the MPI parallel processing technique to fit the desire of in situ users and expect the effectiveness for the control and upgrade of programing codes.

• Journal of KIISE:Computing Practices and Letters
• /
• v.11 no.5
• /
• pp.436-450
• /
• 2005

Existing B2B, B2C computer systems and applications that executed business trans-actions were the client- server based architecture which consists of heterogeneous hardware and software including personal computers and mainframes. Due to the active boom of electronic business, integration and compatibility of exchanged data, applications and hardwares have emerged as hot issue. This paper designs and implements a message transport system and a document transformation system in order to solve the interoperability problem of integrated logistics system in e-Business when doing electronic business. Message transport system integrated ebMS 2.0 which is standard business message exchange format of ebXML, the international standard electronic commerce framework, and JMS of J2EE enable to ensure reliable messaging. The document transformation system could convert non-standard XML documents into standard XML documents and provide the web services after integrating message system. Using suggested business scenario and various test data, our message oriented system preyed to be interoperable and stable. We participated ebXML messaging interoperability test organized by ebXML Asia Committee ITG in oder to evaluate and certify the suitability for message system.