• Journal of Korea Water Resources Association
• /
• v.49 no.2
• /
• pp.95-106
• /
• 2016

Water Management Resilience Index (WMRI) was developed as a policy measure of adaptability to withstand water stresses and to set up water management strategies mainly in mid-small scale tributaries, and then evaluated on 117 sub-basins in South Korea. The index consists of 3 sub-indices such as vulnerability, robustness and redundancy sub-indices, each including indicators of 3 sectors: water use, flood mitigation, and river environment. Total number of indicators selected for the index was 31. Taking into account the stream order and control capability of river flow discharge, sub-basins were categorized into 3: 1 for mainstreams of lower large dams, 2 and 3 for tributaries, respectively without and with flow discharge regulation. As a result of the evaluation, resilience index scores in Category 2 and 3 are much lower than that of Category 1, especially with very poor score of redundancy. Although there was no significant difference between mainstream and tributaries in vulnerability and robustness sub-indices, results of redundancy sub-index in tributaries were lower than those in mainstream. Thus, it is conceived that the variety of water management schemes should be considered to improve their resilience in the face of future uncertainty. Addressing comprehensive stability of river basin against internal and external impacts, WMRI in this study can also be used for the prioritization of water management plans.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.377-384
• /
• 2013

In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.

• Journal of Positioning, Navigation, and Timing
• /
• v.2 no.1
• /
• pp.75-80
• /
• 2013

This article presents the design of long range navigation (LORAN)-disciplined oscillator (LDO), employing the timing information of the LORAN system, which was developed as a backup system that corrects the vulnerability of the global positioning system (GPS)-based timing information utilization. The LDO designed on the basis of hardware generates a timing source synchronized with reference to the timing information of the LORAN-C receiver. As for the LDO-based timing information measurement, the Kalman filter was applied to estimate the measurement of which variance was minimized so that the stability performance could be improved. The oven-controlled crystal oscillator (OCXO) was employed as the local oscillator of the LDO. The controller was operated by digital proportional-integral-derivative (PID) controlling method. The LDO performance evaluation environment that takes into account the additional secondary factor (ASF) of the LORAN signals allows for the relative ASF observation and data collection using the coordinated universal time (UTC). The collected observation data are used to analyze the effect of ASF on propagation delay. The LDO stability performance was presented by the results of the LDO frequency measurements from which the ASF was excluded.

• Proceedings of the Computational Structural Engineering Institute Conference
• /
• 2004.04a
• /
• pp.479-486
• /
• 2004

The purpose of this study is to practical use with increase safety, usablility and economical. In this study, the property of fatigue behavior was tested by comparing reinforced concrete and steel fiber reinforced concrete. The basic test, the static test and fatigue test were used as the research methods. Basic on the test, the material compressive strength test and split tensile strength test ware conducted 7 days and 28 days after the concrete was poured. In the static test, there ware four types of experimental variables of the steel fiber mixing ratio : 0.00%, 0.75%, 1.00%, and 1.25%. The ultimate load initial diagonal tension crack, and initial load of flexural cracking were all observed by static test. A methodology for the probabilistic assement of steel fiber reinforced concrete(SFRC) which takes into account material variability, confinement model uncertainty and the uncertainty in local and globa failure criteria is applied for the derivation of vulnerability curves for the serviceability and ultimate limit states, the reliability of SFRC using the proposed practical linear limit state model is evaluated by using the AFOSM(Advanced First Order Second Moment) method and MCS(monte-Calrosimulation) method.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.12
• /
• pp.937-943
• /
• 2013

Internet Explorer is the popular internet browser the most in domestic. In some version of Internet Explorer, user information could be leaked cause CORS(Cross-Origin Resource Sharing) Internet Explorer support. Different before, without setup a malicious program, attacker can get the user information even account information, credit card usage list and user information with SNS or internet portal site logged in regardless of secure program. Not only Internet Explorer but also mobile browser, it could be. In this paper, we make study of the potential disclosure of user information by attack using CORS, second attack and the way to improvement of vulnerability of CORS.

• Computers and Concrete
• /
• v.19 no.3
• /
• pp.283-291
• /
• 2017

A large number of residential buildings in regions subjected to severe earthquakes do not have enough load carrying capacity. The most of them have been constructed without receiving any structural engineering attention. It is practically almost impossible to perform detailed experimental evaluation and analytical analysis for each building to determine their seismic vulnerability, because of time and cost constraints. This fact points to a need for a simple evaluation method that focuses on selection of buildings which do not have the life safety performance level by adopting the main requirements given in the seismic codes. This paper deals with seismic assessment of existing reinforced concrete residential buildings and contains an alternative simplified procedure for seismic evaluation of buildings. Accuracy of the proposed procedure is examined by taking into account existing 250 buildings. When the results of the proposed procedure are compared with those of the detailed analyses, it can be seen that the results are quite compatible. It is seen that the accuracy of the proposed procedure is about 80% according to the detailed analysis results of existing buildings. This accuracy percentage indicates that the proposed procedure in this paper can be easily applied to existing buildings to predict their seismic performance level as a first approach before implementing the detailed and complex analyses.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.1
• /
• pp.7-18
• /
• 2016

Several authentication methods have been developed to make use of tokens in the mobile networks and smart payment systems. Token used in smart payment system is genearated in place of Primary Account Number. The use of token in each payment transaction is advantageous because the token authentication prevents enemy from intercepting credit card number over the network. Existing token authentication methods work together with the cryptogram, which is computed using the shared key that is provisioned by the token service provider. Long lifetime and repeated use of shared key cause potential brawback related to its vulnerability against the brute-force attack. This paper proposes a per-transaction shared key mechanism, where the per-transaction key is agreed between the mobile device and token service provider for each smart payment transaction. From server viewpoint, per-transaction key list is easy to handle because the per-transaction key has short lifetime below a couple of seconds and the server does not need to maintain the state for the mobile device. We analyze the optimum size of the per-transaction shared key which satisfy the requirements for transaction latency and security strength for secure payment transactions.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.170-173
• /
• 2019

Windows는 UAC(User Account Control)를 통해 사용자의 동의를 얻은 프로세스에게만 관리자 권한을 부여한다. 관리자 권한을 부여받은 프로세스는 시스템 파일 변경, 환경 변수 변경 등 표준 권한을 가진 프로세스가 수행하지 못하는 작업을 수행할 수 있다. 일부 악성코드들은 사용자 동의 없이 관리자 권한을 획득하기 위해 UAC Bypass 기법을 이용한다. 그러나 UACMe에 공개된 56개의 UAC Bypass 기법 중 20개의 기법에 대한 보안 패치가 현재까지 이루어지지 않고 있다. 따라서 본 논문에서는 현재 Windows 시스템의 UAC Bypass에 대한 안전성 수준을 분석하기 위해 시스템 디렉터리 내부 82개의 프로그램을 대상으로 UAC Bypass가 가능한 DLL Hijacking 취약점을 분석한다. 또한 UAC Bypass에 악용 가능한 50개의 신규 취약점을 발견하고 악용 시나리오에 따른 공격가능성을 보인다.

• Journal of Industrial Convergence
• /
• v.17 no.2
• /
• pp.1-7
• /
• 2019

The Kakao bank can be conveniently used if there are only smartphones, identity cards, and bank accounts. However, a few days before the inauguration of Kakao Bank, the company opened an account for receiving loans from other people. In order to avoid such cases, the financial transactions will be detected if the SDS is withdrawn at a short interval of time. The detection system of FDS has four functions which are monitoring and auditing, collection, analysis, and response. There are security problems of the cocoa banks in various directions. The Kakao bank has a way to respond to the problem using FDS.: Keywords : Cocoa bank, security issues, information protection, FDS

• Earthquakes and Structures
• /
• v.20 no.2
• /
• pp.175-185
• /
• 2021

This study strives to highlight the importance of considering the vertical ground motions (VGM) in the seismic evaluation of RC buildings. To this aim, IDA (Incremental Dynamic Analysis) is conducted on three code-based designed high-rise RC frame-core wall buildings using a suite of earthquake records comprising of significant VGMs. To unravel the significance of the VGM inclusion on the performance of the buildings, IDAs are conducted in two states (with and without the vertical component), and subsequently based on each analysis, fragility curves are developed. Non-simulated collapse criteria are used to determine the collapse state drift ratio and the area under the velocity spectrum (SIm) is taken into account as the intensity measure. The outcome of this study delineates that the inclusion of VGM leads to the increase in the collapse vulnerability of the structures as well as to the change in the pattern of inter-story drifts and failure mode of the buildings. The results suggested that it would be more conservative if the VGM is included in the seismic assessment and the fragility analysis of RC buildings.