• Korea Trade Review
• /
• v.43 no.6
• /
• pp.113-138
• /
• 2018

The purpose of this research is to analyze how the Chinese cosmetics certification system works as a Non-Tariff Barriers(NTBs) for Korean exporting companies to access the Chinese market. China is the largest market for Korea's cosmetic exports, but China's policy of protecting domestic industry has become a barrier to Korea's cosmetics exports to China. Therefore, this research, through the analysis of regulations of the Chinese certification system for imported cosmetics. revealed that there are such problems as ① information leakage ② duplication of inspection ③time delay. In order to verify those problems, surveys and face-to-face interviews with Korean cosmetic exporting companies to China have been conducted. In conclusion, Chinese cosmetics certification system not only protects its own industry, but also serves as a NTBs to disturb the access of imported cosmetics to the Chinese market in order to foster Chinese cosmetic industry.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2022.01a
• /
• pp.115-116
• /
• 2022

비밀번호 인증 기술에서 키보드로부터 입력되는 데이터가 노출되는 문제점으로 인하여, 이미지 기반 인증 기술이 등장하였다. 이 기술은 주로 가상 키보드를 출력하고, 특정 위치에 클릭된 마우스 정보를 비밀번호로 활용한다. 마우스 데이터의 안전성 향상을 위하여 임의의 마우스 위치를 생성하는 랜덤 마우스 데이터 생성 기술이 등장하였지만, 해당 기술의 안전성 분석에 대한 연구가 미비한 실정이다. 따라서 본 논문에서는 GetCursorPos() 함수를 활용한 공격 기술과 WM_INPUT 메시지를 활용한 공격 기술을 기반으로 랜덤 마우스 데이터 생성 기술이 적용된 사이트에서의 마우스 데이터 취약점을 분석한다.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2022.06a
• /
• pp.302-303
• /
• 2022

자율운항선박의 시대 도입을 위해 보안체계의 중요성은 더욱 커져가고 있다. 국내 및 국외 학계에서는 해양선박 보안에 관한 연구가 활발히 이루어지고 있는데 자율운항선박은 자율운행자동차와 마찬가지로 주위 환경에 대한 자동식별장치가 필요하다. 선박자동식별장치(Automatic Identification System, AIS)는 선박의 종류와 위치 관련 데이터와 인증서를 포함한 정보를 인근의 항로표지로 전달한다. 인간이 개입하지 않는 자율운항 개발 단계에서는 사용자 인증이 더욱더 중요하며, 본 논문에서는 기존 사용자 인증방식에 대한 취약점을 보완할 블록체인을 기반한 사용자 인증 시스템을 연구하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.180-182
• /
• 2023

많은 기업에서 시스템 보안 침해사고가 증가함에 따라 국내에서는 보안성 강화를 위해 정보보호 및 개인정보보호 관리체계(ISMS-P) 인증 의무대상을 확대하고 있다. 이에 중소기업에서도 ISMS-P 인증을 받기 위한 준비가 필요해졌다. 그러나 ISMS-P 인증을 위한 시스템을 구축하기 위해 많은 비용과 인력이 필요하고 이를 중소기업에서 구축하기엔 현실적으로 어려운 부분이 있다. SCAP는 정보시스템의 취약점을 보안기준에 맞춰 자동 관리하는 프로토콜이다. 본 논문에서는 ISMS-P 인증 항목 중 시스템 자동관리가 가능한 부분을 도출하여 상용 소프트웨어와 동작 방식을 비교함으로써, 중소기업에 SCAP를 적용하여 시스템을 구축하는 것이 정보보호 강화에 도움이 될 수 있음을 검증하고자 한다.

• The Journal of Bigdata
• /
• v.6 no.1
• /
• pp.179-196
• /
• 2021

With the spread of untact culture resulting from the Covid-19 pandemic, the size of the car camping market has expanded to minimize contact with others. As a result, SUVs have exceeded sales of sedans, and sales of recreational vehicles (RVs) have increased by 101% compared to the same period last year. Despite the explosive increase in demand for car camping, research on car camping has not matched this increase. Therefore, in this study, we intended to conduct a study focused on car camping users. According to a survey of Naver's famous car camping cafe, it was difficult to find articles, maps, and websites with car camping places. Analysis of car camping websites showed that most only post information about the camping itself, so details of car camping places were not available. Furthermore, according to a survey derived from related prior studies and literature surveys, most users urged solutions to the problem of unauthorized garbage dumping in the car camping locations. In addition, car camping users wanted to receive information on amenities near the car camping places. Therefore, we aimed to establish a car camping website that provides basic information on car camping places and nearby convenience facilities. Moreover, to solve the problem of garbage dumping, we provided a category wherein users can post pictures of clean camping campaigns. We also developed a business model utilizing the certification process of clean camping. The business model is designed with a structure wherein car camping users are rewarded through the clean camping certification process. Compensation for clean camping certification was proposed to be provided through partnerships with domestic automakers, Korea Tourism Organization, and Small Business Market Promotion Agency.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.4
• /
• pp.661-669
• /
• 2008

Nowadays, authentication is essential to identify the legal users in a network communication. Usually, there are few wars to achieve authentication over a publicly accessible network system in order to protect certain private data from the unauthorized users, ranging from simple ID/Password to Biometrics System. One of the most active areas in OTP(One Time Password) research today aims at exploiting OTP to provide authentication in the finance and security industry. OTP is usually discarded once it has been used. this prevents huge loophole of traditional authentication system which employs the same ID and Password every time. However this OTP system also has its weaknesses in surviving some attacks. this paper proposes an advanced OTP protocol using PingPong-128 without loop hole of pre-existing OTP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.41-47
• /
• 2008

In a network environment, when a user requests a server's service, he/she must pass an examination of user authentication. Through this process, the server can determine if the user can use the provided services and the exact access rights of this user in these services. In these authentication schemes, the security of private information became an important issue. For this reason, many suggestions have been made in order to protect the privacy of users and smart cards have been widely used for authentication systems providing anonymity of users recently. An remote user authentication system using smart cards is a very practical solution to validate the eligibility of a user and provide secure communication. However, there are no studies in attribute-based authentication schemes using smart cards so far. In this paper, we propose a novel user authentication scheme using smart cards based on attributes. The major merits include : (1) the proposed scheme achieves the low-computation requirement for smart cards; (2) user only needs to register once and can use permitted various services according to attributes; (3) the proposed scheme guarantees perfect anonymity to remote server.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.5
• /
• pp.550-558
• /
• 2019

As the scale of the Internet of Things (IoT) environment grows and develops day by day, the information collected and shared through IoT devices becomes increasingly diverse and more common. However, because IoT devices have limitations on computing power and a low power capacity due to their miniaturized size, it is difficult to apply security technologies like encryption and authentication that have been directly applied in the previous Internet environment, making the IoT vulnerable to security threats. Because of this weakness, important information that needs to be delivered safely and accurately is exposed to the threat of malicious exploitation, such as data forgery, data leakage, and infringement of personal information. In order to overcome this threat, various security studies are being actively conducted to compensate for the weaknesses in IoT environment devices. In particular, since various devices interact, and share and communicate information collected in the IoT environment, each device should be able to communicate with reliability. With regard to this, various studies have been carried out on techniques for device authentication. This study examines the limitations and problems of the authentication techniques that have been studied thus far, and proposes technologies that can certify IoT devices for safe communication between reliable devices in the Internet environment.

• The Journal of the Korea Contents Association
• /
• v.22 no.9
• /
• pp.64-75
• /
• 2022

The method of accessing multiple control systems in the OT control network centered on operation technology uses the operator authentication technology of each control system. An example is ID/PW operator authentication technology. In this case, since the OT control network is composed of multiple control systems, operator authentication technology must be applied to each control system. Therefore, the operator must bear the inconvenience of having to manage authentication information for each control system he manages. To solve these problems, SSO technology is used in business-oriented IT networks. However, if this is introduced into the OT control network as it is, the characteristics of the limited size of the OT control network and rapid operator authentication are not reflected, so it cannot be seen as a realistic alternative. In this paper, a public key-based authentication mechanism was newly proposed as an operator authentication technology to solve this problem. In other words, an integrated public key certificate that applies equally to all control systems in the OT control network was issued and used to access all control systems, thereby simplifying the authentication information management and making access to the control system more efficient and secure.

• 대한공업교육학회지
• /
• v.39 no.1
• /
• pp.164-188
• /
• 2014

The purpose of this study is to investigate the perception of undergraduates of the college of education on the importance of certification areas and factors suggested by the certification system at each department level as well as the college as a whole, in order to come up with measures for further improvement. The specific objectives of this study are first, verifying different perception on the importance of certification areas and factor per department, second, verifying different perception on the importance of certification areas and factor per grade. The population of this study is undergraduates of the college of education at A University, and the survey on the different perception on the importance was conducted on 758 students of 10 departments. Total 800 copies of survey were distributed, and 299 copies or 37.3% were retrieved. First, it was found that undergraduates of the college of education at A University highly recognize the necessity of a new system to produce excellent teachers. when it comes to different department, in the area of teaching personalities, there is difference in the importance of teaching aptitude test and completion of social intelligence development program. In the area of teaching expertise, there is different perception in the importance of completion of curriculum education subjects per major, completion of curriculum contents per major, and participation in teaching demonstration contest. In the area of student guidance expertise, there is difference by department in completion of creative character development related education programs and "teaching practice" course. In the area of communication skills in the information society, minimum score requirement for a second foreign language is considered less important than others. Second, as for grade, freshmen highly recognize the importance of validity of teaching training course, integrity of the course, validity of the teaching training course in producing excellent teachers, graduates' job performing ability development as a teacher, appropriacy of curriculum of the college of education in producing excellent teachers, compared to other grades. In particular, seniors consider the necessity of a new system to produce excellent teachers the most.