• Journal of Korea Society of Industrial Information Systems
• /
• v.15 no.4
• /
• pp.53-60
• /
• 2010

Biometrics are methods of recognizing a person based on the physiological or behavioral characteristics of his of her body. They are highly secure with little risk of loss or falsification by others. This paper has designed and implemented a security system of biometrics by precisely measuring heartbeat signals at two fingertips and using a photoplethysmogram, which is applicable to biometrics. A performance evaluation has led to the following result. The security system of biometrics for personal authentication which has been designed and implemented by this study has achieved a recognition rate of 90.5%. The security system of biometrics suggested here has merits of time saving and easy accessibility. The system is touch-based and collects the necessary biometrics information by simply touching the machine with fingers, so anyone can utilize the system without any difficulty.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.113-116
• /
• 2011

최근 IT 기술의 급격한 발전으로 개인정보, 환경 등 다양한 정보를 수시로 수집 및 관리하면서 사용자가 원할시 즉각적인 정보서비스를 제공하고 있다. 그러나 유 무선상의 데이터 전송은 정보의 도청, 메시지의 위 변조 및 재사용, DoS(Denial of Service)등 외부의 공격으로부터 쉽게 노출된다. 이러한 외부 공격은 개인 프라이버시를 포함한 정보서비스 시스템 전반에 치명적인 손실을 야기 시킬 수 있기 때문에 정보보호 시스템의 필요성은 갈수록 그 중요성이 부각되고 있다. 현재까지 정보보호 시스템은 소프트웨어(S/W), 하드웨어(ASIC), FPGA(Field Progr- ammable Array) 디바이스를 이용하여 구현되었으며, 각각의 구현방법은 여러 가지 문제점이 있으며 그에 따른 해결방법이 제시되고 있다. 본 논문에서는 다양한 환경에서의 정보보호 서비스를 제공하기 위한 재구성형 SoC 구조를 제안한다. 제안된 SoC는 비밀키 암호알고리즘(AES), 암호학적 해쉬(SHA-256), 공개키 암호알고리즘(ECC)을 수행 할 수 있으며, 마스터 콘트롤러에 의해 제어된다. 또한 정보보호 시스템이 요구하는 다양한 제약조건(속도, 면적, 안전성, 유연성)을 만족하기 위해 S/W, ASIC, FPGA 디바이스의 모든 장점을 최대한 활용하였으며, MCU와의 효율적인 통신을 위한 I/O 인터페이스를 제안한다. 따라서 제안된 정보보호 시스템은 기존의 시스템보다 다양한 정보보호 알고리즘을 지원할 뿐만 아니라 속도 및 면적에 있어 상충 관계를 개선하였기 때문에 저비용 응용뿐만 아니라 고속 통신 장비 시스템에도 적용이 가능하다.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.1
• /
• pp.121-130
• /
• 2024

In this paper, we propose an installation approach for Naval Combat Management System(CMS) software that identifies potential data anomalies during installation. With the popularization of wireless communication methods, such as Low Earth Orbit(LEO) satellite communications, various utilization methods using wireless networks are being discussed in CMS. One of these methods includes the use of wireless network communications for installation, which is expected to enhance the real-time performance of the CMS. However, wireless networks are relatively more vulnerable to security threats compared to wired networks, necessitating additional security measures. This paper presents a method where files are transmitted to multiple nodes using encryption, and after the installation of the files, a validity check is performed to determine if there has been any tampering or alteration during transmission, ensuring proper installation. The feasibility of applying the proposed method to Naval Combat Systems is demonstrated by evaluating transmission performance, security, and stability, and based on these evaluations, results sufficient for application to CMS have been derived.

• The Journal of the Acoustical Society of Korea
• /
• v.28 no.8
• /
• pp.768-773
• /
• 2009

This paper demonstrates the digital communication in air using the parametric array. The stepped-plate transducer which is suitable for high-power and high-efficient radiation is used to generate the difference frequency wave with the parametric array. The primary frequencies are selected to 83 kHz and 122 kHz and the resulting difference frequency wave at the frequency of 39 kHz is used for the communication. The modulation method is selected to On-Off Keying method. The waveform and signal-to-noise ratio (SNR) is measured and analyzed to see the characteristics of the digital communication using the parametric array. The proper distance for the communication using parametric array is about 3 m. The measured beam width of the 3dB SNR reduction was $14^{\circ}$. The possibility of the communication in air using the parametric array is confirmed and the high directional characteristic of the communication using the parametric array is expected to have the advantages for the multi path and the security problems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.743-755
• /
• 2013

In recent years, the malicious apps with malicious code in normal apps are increasingly redistributed in Android market, which may incur various problems such as the leakage of authentication information and transaction information and fraudulent transactions when banking apps to process the financial transactions are exposed to such attacks. Thus the financial authorities established the laws and regulations as an countermeasures against those problems and domestic banks provide the integrity verification functions in their banking apps, yet its reliability has not been verified because the studies of the safety of the corresponding functions have seldom been conducted. Thus this study suggests the vulnerabilities of the integrity verification functions of banking apps by using Android reverse engineering analysis techniques. In case the suggested vulnerabilities are exploited, the integrity verification functions of banking apps are likely to be bypassed, which will facilitate malicious code inserting attacks through repackaging and its risk is very high as proved in a test of this study. Furthermore this study suggests the specific solutions to those vulnerabilities, which will contribute to improving the security level of smartphone financial transaction environment against the application forgery attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.123-133
• /
• 2018

Cyber-Physical System (CPS) is a system in which a physical system and a cyber system are strongly integrated. In order to operate the target physical system stably, the CPS constantly monitors the physical system through the sensor and performs control using the actuator according to the current state. If a malicious attacker performs a forgery attack on the measured values of the sensors in order to conceal their attacks, the cyber system operated based on the collected data can not recognize the current operation status of the physical system. This causes the delay of the response of the automation system and the operator, and then more damage will occur. To protect the CPS from increasingly sophisticated and targeted attacks, countermeasures must be developed that can detect stealthy deception attacks. However, in the CPS environment composed of various heterogeneous devices, the process of analyzing and demonstrating the vulnerability to actual field devices requires a lot of time. Therefore, in this study, we propose a method of constructing the experiment environment of the PLCitM (PLC in the middle) which can verify the performance of the techniques to detect the CPS stealthy deception attack and present the experimental results.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.10
• /
• pp.1-6
• /
• 2019

As mobile technologies such as Internet of Things (IoT)-based smart homes and financial technologies (FinTech) are developed, authentication by smart devices is used everywhere. As a result, presence-based biometric authentication using smart devices has become a new mainstream in knowledge-based authentication methods like the existing passwords. The electrocardiogram (ECG) is less prone to forgery, and high-level personal identification is its unique feature from among various biometric authentication methods, such as the pulse, fingerprints, the face, and the iris. Biometric authentication using an ECG is receiving a great deal of attention due to its uses in healthcare and FinTech. In this study, we implemented an ECG authentication system that allows users to easily measure and authenticate their ECG waveforms using a miniaturized wearable device, rather than a large and expensive measurement device. The implemented ECG authentication system identifies ECG features through P-Q-R-S-T feature point identification, and was user-certified under the proposed authentication protocols. Finally, assessment of measurements in a majority of adult males showed a relatively low false acceptance rate of 1.73%, and a low false rejection rate of 4.14%, in a stable normal state. In a high-activity state, the false acceptance rate was 13.72%, and the false rejection rate was 21.68%. In a high-heart rate state, the false acceptance rate was 10.48%, and the false rejection rate was 11.21%.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.19-31
• /
• 2018

As the ICT technologies advance, the unprecedently large amount of digital data is created, transferred, stored, and utilized in every industry. With the data scale extension and the applying technologies advancement, the new services emerging from the use of large scale data make our living more convenient and useful. But the cybercrimes such as data forgery and/or change of data generation time are also increasing. For the data security against the cybercrimes, the technology for data integrity and the time verification are necessary. Today, public key based signature technology is the most commonly used. But a lot of costly system resources and the additional infra to manage the certificates and keys for using it make it impractical to use in the large-scale data environment. In this research, a new and far less system resources consuming signature technology for large scale data, based on the Hash Function and Merkle tree, is introduced. An improved method for processing the distributed hash trees is also suggested to mitigate the disruptions by server failures. The prototype system was implemented, and its performance was evaluated. The results show that the technology can be effectively used in a variety of areas like cloud computing, IoT, big data, fin-tech, etc., which produce a large-scale data.

• Journal of Korea Entertainment Industry Association
• /
• v.14 no.3
• /
• pp.163-171
• /
• 2020

Currently, most of the mobile game market releases games through Google play and App Store, which have a high share. Because it uses a third-party platform, only the payment API system provided must be used, and third-party platform pays the game company after excluding certain fees. Because game companies do not know whether or not to refund items and cannot get back items through third party transactions, users and professional websites are continuously appearing that exploit refunds. In this thesis, after analyzing problems of existing payment method and presenting a payment model using blockchain smart contract, we analyzed differences from existing model in terms of transparency, decentralization(fee), efficiency, and as a result, payment model using smart contract has low commission through P2P transaction without third parties and transparent transaction record, preventing item forgery and refund. Later, the proposed payment model would lead to the culling of companies acting on behalf of refunds for words that deviate from moral ethics such as "Refund OK even with items" and resolve the problem of unreasonable fees that arise through third-party platforms.

• The Journal of Korean Society for Radiation Therapy
• /
• v.24 no.1
• /
• pp.1-10
• /
• 2012

Purpose: To evaluate dose distribution differences when the dose rates are randomly changed in intensity-modulated radiation therapy using a dynamic multileafcollimator. Materials and Methods: Two IMRT treatment plans including small-field and large-field plans were made using a commercial treatment planning system (Eclipse, Varian, Palo Alto, CA). Each plan had three sub-plans according to various dose rates of 100, 400, and 600 MU/min. A chamber array (2D-Array Seven729, PTW-Freiburg) was positioned between solid water phantom slabs to give measurement depth of 5 cm and backscattering depth of 5 cm. Beam deliveries were performed on the array detector using a 6 MV beam of a linear accelerator (Clinac 21EX, Varian, Palo Alto, CA) equipped with 120-leaf MLC (Millenium 120, Varian). At first, the beam was delivered with same dose rates as planned to obtain reference values. After the standard measurements, dose rates were then changed as follows: 1) for plans with 100 MU/min, dose rate was varied to 200, 300, 400, 500 and 600 MU/min, 2) for plans with 400 MU/min, dose rate was varied to 100, 200, 300, 500 and 600 MU/min, 3) for plans with 600 MU/min, dose rate was varied to 100, 200, 300, 400 and 500 MU/min. Finally, using an analysis software (Verisoft 3.1, PTW-Freiburg), the dose difference and distribution between the reference and dose-rate-varied measurements was evaluated. Results: For the small field plan, the local dose differences were -0.8, -1.1, -1.3, -1.5, and -1.6% for the dose rate of 200, 300, 400, 500, 600 MU/min, respectively (for 100 MU/min reference), +0.9, +0.3, +0.1, -0.2, and -0.2% for the dose rate of 100, 200, 300, 500, 600 MU/min, respectively (for 400 MU/min reference) and +1.4, +0.8, +0.5, +0.3, and +0.2% for the dose rate of 100, 200, 300, 400, 500 MU/min, respectively (for 600 MU/min reference). On the other hand, for the large field plan, the pass-rate differences were -1.3, -1.6, -1.8, -2.0, and -2.4% for the dose rate of 200, 300, 400, 500, 600 MU/min, respectively (for 100 MU/min reference), +2.0, +1.8, +0.5, -1.2, and -1.6% for the dose rate of 100, 200, 300, 500, 600 MU/min, respectively (for 400 MU/min reference) and +1.5, +1.9, +1.7, +1.9, and +1.2% for the dose rate of 100, 200, 300, 400, 500 MU/min, respectively (for 600 MU/min reference). In short, the dose difference of dose-rate variation was measured to the -2.4~+2.0%. Conclusion: Using the Varian linear accelerator with 120 MLC, the IMRT dose distribution is differed a little <(${\pm}3%$) even though the dose-rate is changed.