• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.71-79
• /
• 2019

The demand of smart cars is increasing rapidly. International stand organize such as 3GPP and 5GAA are proposing standard communication protocvols for connected-car, and automotive network infrastructure. But Smart car network have many security threats and more dangerous against the existed wire communication network. Typically, peripheral devices of a smart car may disguise their identity and steal location information and personal information about the vehicle. In addition, the infrastructure elements around smart cars can conspire and put driving cars in danger, threatening lives. This is a very serious security threat. Therefore, in order to solve these problems, we proposed a system that is secure from collusion and tampering attacks using attribute-based authorize delegation method and threshold encryption algorithms. We have demonstrated using a semantic safety model that the proposed system can be safe from collusion attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.941-949
• /
• 2014

Demands for cloud computing service rapidly increased along with the expansion of supplying smart devices. Interest in cloud system has led to the question whether it is really safe. Due to the nature of cloud system, cloud service provider can get a user's private information and disclose it. There is a large range of opinion on this issue and recently many researchers are looking into fully homomorphic encryption as a solution for this problem. Fully homomorphic encryption can permit arbitrary computation on encrypted data. Many security threats will disappear by using fully homomorphic encryption, because fully homomorphic encryption keeps the confidentiality. In this paper, we research possible security threats in cloud computing service and study on the application method of fully homomorphic encryption for cloud computing system.

• Journal of the Korean Geographical Society
• /
• v.38 no.6
• /
• pp.961-970
• /
• 2003

The 1972 United Nations Conference on the Human Environment sparked off actions aimed at protecting the ocean on all scales. Physical science was essentially in the foreground, and the ecological dimension remained in the background as well. During the following two decades, ocean uses increased and spread unexpectedly, and there was an urgent need for management patterns to deal with coastal areas, regional seas, and with the ocean as a whole. Meanwhile, mainly thanks to the Man and the Biosphere (MAB) programme, the ecological dimension of the environmental issue became more evident, while the concept of sustainable development was designed by the World Commission on Environment and Development (1987). As far as the ocean is concerned, by adopting Agenda 21, the 1992 Conference on Environment and Development (UNCED) could neither embrace a wholly ecology-oriented policy, nor adopt the concept of sustainable development in its whole extent. This circumstance encourages efforts to consider the ocean from an effective ecological perspective, and to explore how cultural and ecological systems have interacted. Hence the concept of diversity becomes an increasingly key factor.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.67-74
• /
• 2011

In this paper, we presented a dynamic cyber attack tree which can describe an attack scenario flexibly for an active cyber attack model could be detected complex and transformed attack method. An attack tree provides a formal and methodical route of describing the security safeguard on varying attacks against network system. The existent attack tree can describe attack scenario as using vertex, edge and composition. But an attack tree has the limitations to express complex and new attack due to the restriction of attack tree's attributes. We solved the limitations of the existent attack tree as adding an threat occurrence probability and 2 components of composition in the attributes. Firstly, we improved the flexibility to describe complex and transformed attack method, and reduced the ambiguity of attack sequence, as reinforcing composition. And we can identify the risk level of attack at each attack phase from child node to parent node as adding an threat occurrence probability.

• Convergence Security Journal
• /
• v.14 no.6_1
• /
• pp.13-21
• /
• 2014

It is needless to say that the port security is very important owing to the geographic setting of Korea and the possibility of the provocation by North Korea. In addition, The security management is necessary for the port and the domain of maritime to block the inflow from overseas because of the increase of international crime as terrorism. The training system for port security guard should be constructed to secure the specialization of the manpower for the efficient port security management. But the training system of port security manpower is not unified and the training is not carried out, therefore it is necessary to improve the training system of port security manpower. In this study, the improvement plan of training system is suggested as follows. First, the unification of the legislation of port security should achieved to establish the guidance of training for port security guard. Second, the specialized training per activities should be done. And lastly, the qualification system should be introduced for the specialization of port security manpower.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.6
• /
• pp.1077-1082
• /
• 2019

The development of computing technology and networking has developed into a fundamental technology of the Fourth Industrial Revolution, which provides a ubiquitous environment. In the ubiquitous environment, the IoT environment has become an issue so that various devices and the things can be actively accessed and connected. Also, the RFID system using the wireless identification code attaches an RFID tag to the object, such as the production and distribution of products. It is applied to the management very efficiently. EPCglobal is conducting a research on RFID system standardization and various security studies. Since RFID systems use wireless environment technology, there are more security threats than wire problems. In particular, failure to provide confidentiality, indistinguishability, and forward safety could expose them to various threats in the Fourth Industrial Revolution. Therefore, this study analyzes the standard method of EPCgolbal and proposes RFID security method using hash code that can consider the amount of computation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.3
• /
• pp.525-532
• /
• 2013

Recently. smartphones have been popularized rapidly and now located deep in our daily life, providing a variety of services from banking, SNS (Social Network Service), and entertainment to smart-work mobile office through apps. Such smartphone apps can be easily downloaded from what is known as app store which, however, bears many security issues as software developers can just as easily upload to it. Military apps will be exposed to a myriad of security threats if distributed through internet-basis commercial app store. In order to mitigate such security concerns, this paper suggests a security guidelines for establishing a military-excusive app store and security verification system which prevent the security hazards that can occur during the process of development and distribution of military-use mobile apps.

• KEPCO Journal on Electric Power and Energy
• /
• v.2 no.2
• /
• pp.167-185
• /
• 2016

$CO_2$ 지중저장 기술은 가장 유력한 대용량 온실가스 감축기술의 하나이다. 이 기술을 적용하여 국제적으로 노르웨이, 알제리, 캐나다, 미국 등에서 이미 대규모 실증 및 상용화 사업이 수행되고 있으며, 호주, 일본, 네덜란드, 독일 등 그 밖의 여러 나라에서 다양한 내용과 규모를 갖는 중소규모 실증사업이 진행되고 있다. 한국도 소규모 육상 파일럿 저장 프로젝트와 중규모 해상 저장실증 프로젝트가 추진되어 착실하게 기술개발과 경험확보를 위해 노력하고 있다. $CO_2$ 지중저장 사업은 화석연료의 사용이 다른 에너지원으로 대체되기 전까지 지속적으로 확장될 것으로 예측되고 있으나, 온실가스 감축시장의 불안전성, 사업의 수익구조와 관련된 경제성, 누출에 대한 안전성 등의 위협요소를 갖고 있다. 따라서 이러한 위협을 극복하기 위해 많은 국가와 기업들이 저비용-고효율 지중저장 기술과 안전한 지중저장 기술의 확보를 목표로 연구개발 및 실증사업을 추진하고 있다. 한국의 경우에 저장소가 주요 포집원으로부터 상당한 거리를 갖고 있는 해저에 발달하고 있기 때문에 지중저장 사업의 경제성 확보가 매우 불리한 조건이다. 따라서 정부나 기업이 CCS 기술을 주요 온실가스 감축수단으로 채택하여 대규모 지중저장 사업을 본격적으로 착수하는 것을 주저하고 있다. 한국과 같은 불리한 조건을 갖는 국가의 경우에 특히 대규모 저장소의 확보를 포함한 저비용-고효율 지중저장 기술의 실용화가 절실하게 필요하다. 결론적으로 한국의 $CO_2$ 지중저장 사업의 성공적인 추진을 위해서는 대규모 저장소의 확보, 저비용-고효율 지중저장 기술의 개발과 실증을 통한 실용화, 중소규모 지중저장 실증사업으로 축적한 기술과 경험으로 대규모 지중저장 사업의 효율화 달성이 요구된다. 이를 위한 실천적인 로드맵과 프로그램의 작성과 착실한 이행 역시 중요하다. 이러한 기반이 착실하게 다져질 경우에 한국에서 대규모 CCS 통합실증과 $CO_2$ 지중저장 사업이 본격적으로 개시될 수 있을 것이다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.163-171
• /
• 2015

Personal Health Records(PHR) service offers patients a convenient and easy-to-use solution for managing their personal health records, crucial medical files, and emergency contacts. In spite of the indispensable advantages, PHR service brings critical challenges that cannot be avoided from consumer side if the security of the data is concerned. The problem of user's privacy infringement and leaking user's sensitive medical information is increasing with the fusion of PHR technology and healthcare. In this paper, therefore, we analyze the various security aspects that are vulnerable to the PHR service and needed to be resolved. Moreover, we analyze the security requirements from the point of view of the PHR users and application service providers and provides the PHR security mechanism for addressing PHR security threats and satisfying PHR security requirements.

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.67-72
• /
• 2005

The exponential increase of malicious and criminal activities in cyber space is posing serious threat which could destabilize the foundation of modern information society. In particular, unexpected network paralysis or break-down created by the spread of malicious traffic could cause confusion and disorder in a nationwide scale, and unless effective countermeasures against such unexpected attacks are formulated in time, this could develop into a catastrophic condition. In order to solve a same problem, this paper researched early detection techniques for only early warning of cyber threats with separate way the detection due to and existing security equipment from the large network. It researched the cyber example alert system which applies the module of based honeynet from the actual large network and this technique against the malignant traffic how many probably it will be able to dispose effectively from large network.