• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.199-202
• /
• 2023

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of this technique. Additionally, CRLF injection can be used by an attacker to exploit other vulnerabilities, such as cross-site scripting (XSS). Email injection, also known as email header injection, is another way that can be used to modify the behavior of emails. The Open Web Application Security Project (OWASP) is an organization that studies vulnerabilities and ranks them based on their level of risk. According to OWASP, CRLF vulnerabilities are among the top 10 vulnerabilities and are a type of injection attack. Automated testing can help to quickly identify CRLF vulnerabilities, and is particularly useful for companies to test their applications before releasing them. However, CRLF vulnerabilities can also lead to the discovery of other high-risk vulnerabilities, and it fosters a better approach to mitigate CRLF vulnerabilities in the early stage and help secure applications against known vulnerabilities. Although there has been a significant amount of research on other types of injection attacks, such as Structure Query Language Injection (SQL Injection). There has been less research on CRLF vulnerabilities and how to detect them with automated testing. There is room for further research to be done on this subject matter in order to develop creative solutions to problems. It will also help to reduce false positive alerts by checking the header response of each request. Security automation is an important issue for companies trying to protect themselves against security threats. Automated alerts from security systems can provide a quicker and more accurate understanding of potential vulnerabilities and can help to reduce false positive alerts. Despite the extensive research on various types of vulnerabilities in web applications, CRLF vulnerabilities have only recently been included in the research. Utilizing automated testing as a recurring task can assist companies in receiving consistent updates about their systems and enhance their security.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2017.07a
• /
• pp.419-420
• /
• 2017

착용센서가 스포츠, 복지, 건강 등 다양한 분야에서 널리 연구되고 있다. 착용센서 시스템은 일반적으로 데이터획득, 데이터전처리, 특징값 추출 그리고 분석 단계로 구성된다. 본 연구는 착용센서 시스템 각 단계별 연구 현황과 착용센서 활용 연구현황을 살펴본다.

• Kyungpook Mathematical Journal
• /
• v.28 no.1
• /
• pp.45-50
• /
• 1988

Circulant and multiblock circulant matrices have many important applications, and therefore their inverses are of considerable interest. A simple recursive algorithm is presented to compute the inverse of a multiblock circulant matrix. The algorithm only uses complex variables, roots of unity and normal matrix/vector operations.

• Journal of Korea Multimedia Society
• /
• v.14 no.10
• /
• pp.1335-1347
• /
• 2011

The dissemination and use of mobile applications have been rapidly expanding these days. And in such a situation, the security of mobile applications has emerged as a new issue. Although the safety of general software such as desktop and enterprise software is systematically achieved from the development phase to the verification phase through secure coding, there have been not sufficient studies on the safety of mobile applications yet. This paper deals with deriving weakness enumeration specialized in mobile applications and implementing a tool that can automatically analyze the derived weakness. Deriving the weakness enumeration can be achieved based on CWE(Common Weakness Enumeration) and CERT(Computer Emergency Response Team) relating to the event-driven method that is generally used in developing mobile applications. The analysis tool uses the dynamic tests to check whether there are specified vulnerabilities in the source code of mobile applications. Moreover, the derived vulnerability could be used as a guidebook for programmers to develop mobile applications.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.1
• /
• pp.101-115
• /
• 2011

PECOLE (Peer-to-Peer Collaborative Environment) is a P2P-based multimedia distributed collaborative environment supporting a collaborative workspace which is composed of a variety of collaborative applications such as multi-chat, video conferencing, screen sharing and etc. Unfortunately, due to the PECOLE's simple group management, it is impossible to perform collaboration activities while joining multiple groups. In this paper, we present the design and implementation of PECOLE+ which is an extension of PECOLE. PECOLE+ resolves the drawback of PECOLE by providing the Group Management Service and the Workspace Management Service. The Group Management Service provides functionalities such as creating groups, joining multiple groups, and searching groups, and etc. The Workspace Management Service provides each group with an associated workspace, supporting the execution of collaborative applications over the workspace. In addition, any collaborative applications with the provided plug-in interfaces can be executed over the workspace as a PECOLE+ collaborative application.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.250-260
• /
• 2022

Mobile Banking Applications (MBAPs) is one of the recent fads in mobile trading applications (Apps). MBAPs permit users to execute exchanges of money and many more whenever it might suit them; however, the primary issue for mobile banking Apps is usability. Hardly any investigation analyzes usability issues dependent on user's age, gender, exchanging accomplices, or experience. The purpose of this study is to determine the degree of usability issues, and experience of mobile banking users. The survey employs a quantitative method and performs user experiment on 240 participants with six different tasks on the application's interface. The post experiment survey is done with concerning participants. On the other hand, banking experts and Information Technology (IT) expert's group is also involved after the experiment. Expert's opinions about existing mobile banking Apps and suggestions for improving usability of MBAPs are collected through physical means (like questionnaire and interview) and online means like Google form. After that comparison of the opinions of users and experts about MBAPs is performed. The experimentation measures the tasks usability of various mobile banking apps with respect to its effectiveness, efficiency, trustfulness, learnability, memorability and satisfaction. The usability testing was led at different Universities and the outcomes acquired show that there are privacy and trust issues with their mobile banking apps. There is also a gap between users and experts which should be minimized by applying customized usability models, modes concept like other application software and also by adding complete features of banking in MBAPs. It will benefit mobile banking apps users, developers and usability engineers by providing user-friendly which are up to the mark of user's requirements.

• Journal of electromagnetic engineering and science
• /
• v.17 no.3
• /
• pp.126-132
• /
• 2017

In this study, we designed, measured, and analyzed a rearranged L-shape magnetic resonance coupling wireless power transfer (MR-WPT) system for practical applications with laptops. The typical four resonator MR-WPT (Tx part: source loop and Tx coil; Rx part: Rx coil and load loop) is difficult to apply to small-sized stationary and mobile applications, such as laptop computers, tablet-PCs, and smartphones, owing to the large volume of the Rx part and the spatial restrictions of the Tx and Rx coils. Therefore, an L-shape structure, which is the orthogonal arrangement of the Tx and Rx parts, is proposed for indoor environment applications, such as at an L-shaped wall or desk. The relatively large Tx part and Rx coil can be installed in the wall and the desk, respectively, while the load loop is embedded in the small stationary or mobile devices. The transfer efficiency (TE) of the proposed system was measured according to the transfer distance (TD) and the misaligned locations of the load loop. In addition, we measured the TE in the active/non-active state and monitor-open/closed state of the laptop computer. The overall highest TE of the L-shape MR-WPT was 61.43% at 45 cm TD, and the TE decreased to 27.9% in the active and monitor-open state of the laptop computer. The conductive ground plane has a much higher impact on the performance when compared to the impact of the active/non-active states. We verified the characteristics and practical benefits of the proposed L-shape MR-WPT compared to the typical MR-WPT for applications to L-shaped corners.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.3
• /
• pp.277-288
• /
• 2002

In this paper, we describe a design and implementation method of a smart card operating system for multi applications. A smart card is the independent computing system and is able to be used in multi applications such as the electronic commerce and the electronic cash. Smart card operation system(SCOS) provides a basis of smart card booting, and controls and manages application programs. SCOS can produce and control a file system to support multi applications in EEPROM, communicate commands and messages with outside devices, process a command, produce a reply message, and provide security functions of file security in EEPROM, and communication security. Therefor, in this paper, we design and implement SCOS system that provides the authentication between a card and a terminal, the session authentication for multi applications, the processing of commands, and the maintenance of the security.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.10
• /
• pp.1216-1227
• /
• 2019

We propose TITAN (Tool for IoT ApplicatioN testing), a developer support tool that enables efficient testing of IoT applications. TITAN is designed to allow IoT application developers to run their applications under the development environment without being restricted by physical environments and users' behaviors required to test application logic being developed. Using TITAN, IoT application developers can save the time and effort needed to repeatedly perform the testing of application logic while they develop their applications. In this paper, we present the system architecture of TITAN and its current prototype implementation. We evaluate the usefulness and usability of TITAN through a small user study with two example IoT applications. The study participants show their positive perception about the usefulness of TITAN. We further discuss the limitations of the current study and future research directions.

• Proceedings of the Korean Magnestics Society Conference
• /
• 2008.06a
• /
• pp.98-99
• /
• 2008