• The Journal of the Korea Contents Association
• /
• v.17 no.7
• /
• pp.276-282
• /
• 2017

Password-based authentication is vulnerable because of its low cost and convenience, but it is still widely used. In order to increase the security of the password-based user authentication method, the password is changed frequently, and it is recommended to use a combination of numbers, alphabets and special characters when generating the password. However, it is difficult for users to remember passwords that are difficult to create and it is not easy to change passwords periodically. Therefore, in this paper, we implemented a user authentication system that does not require a password by using the USB memory that is commonly used. Authentication data used for authentication is protected by USB data stored in USB memory using USB device information to improve security. Also, the authentication data is one-time and reusable.Based on this, it is possible to have the same security as the password authentication system and the security level such as certificate or fingerprint recognition.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.213-225
• /
• 2022

Containerization, a lightweight virtualization technology, enables agile deployments of enterprise-scale microservices in modern cloud environments. However, containerization also opens a new window for adversaries who aim to disrupt the cloud environments. Since microservices are composed of multiple containers connected through a virtual network, a single compromised container can carry out network-level attacks to hijack its neighboring containers. While existing solutions protect containers against such attacks by using network access controls, they still have severe limitations in terms of performance. More specifically, they significantly degrade network performance when processing packet payloads for L7 access controls (e.g., HTTP). To address this problem, we present BPFast, an eBPF/XDP-based payload inspection system for containers. BPFast inspects headers and payloads of packets at a kernel-level without any user-level components. We evaluate a prototype of BPFast on a Kubernetes environment. Our results show that BPFast outperforms state-of-the-art solutions by up to 7x in network latency and throughput.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.21-28
• /
• 2019

As the number of websites managed by organizations or organizations increases, so does the number of web application servers and containers. In checking the status of the web service of the web application server and the container, it is very difficult for the person to check the status of the web service after accessing the physical server at the remote site through the terminal or using other accessible software It. Previous research on crawler-related research is hard to find any reference to the processing of data from crawling. Data loss occurs when the crawler accesses the database and stores the data. In this paper, we propose a method to store the inspection data according to crawl - based web application server management without losing data.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2023.11a
• /
• pp.230-231
• /
• 2023

This study proposes a deep reinforcement learning-based algorithm to automatically generate a ship's passage plan. First, Busan Port and Gwangyang Port were selected as target areas, and a container ship with a draft of 16m was designated as the target vessel. The experimental results showed that the ship's passage plan generated using deep reinforcement learning was more efficient than the Q-learning-based algorithm used in previous research. This algorithm presents a method to generate a ship's passage plan automatically and can contribute to improving maritime safety and efficiency.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.10
• /
• pp.1397-1402
• /
• 2021

The overlay2 file system is one of the union file systems that mounts multiple directories into one. The source directory used for this overlay2 file system mount has a characteristic that it operates independently of the write-able layer after mounting, so it is often used for container platforms for application delivery. However, the overlay2 file system has a security vulnerability that the write-able layer is also modified when file in the source directory is modified. In this study, I proposed the overlay2 file system protection technology to remove the security vulnerabilities of the overlay2 file system. As a result of empirically implementing the proposed overlay2 file system protection technology and verifying the function, the protection technology proposed in this study was verified to be effective. However, since the method proposed in this study is a passive protection method, a follow-up study is needed to automatically protect it at the operating system level.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.661-670
• /
• 2023

With the emergence of serverless computing paradigm and the innovations of cloud technology, the structure of backend server infrastructure has evolved from on-premises to container-based serverless computing. However, an access control on the server still heavily relies on the traditional SSH protocol, which poses limitations in terms of security and scalability. This hampers user convenience and productivity in managing server infrastructure. A web shell is an interface that allows easy access to servers and execution of commands from any device with a web browser. While hackers often use it to exploit vulnerabilities in servers, we pay attention to the high portability of web shell technology for server management. This study proposes a novel proxy-based server management framework utilizing web shell technology. Our evaluation demonstrates that the proposed framework addresses the drawbacks of SSH without additional overhead, and efficiently operates large-scale infrastructures in diverse computing environments.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.10
• /
• pp.77-86
• /
• 2020

In this paper, we propose a technique for blockchain service replication and recovery using kubernetes(BR2K) that robustly executes blockchain services based on replication and supports systematic recovery in case of the service failure. Blockchain services are being developed and applied in various fields such as administration, finance, and medical systems based on the features of blockchain, such as decentralization, high security, and data integrity. In such areas where service continuity is important, it is necessary to provide robustness for execution of blockchain services, and a recovery plan for service failure is also required. To this end, BR2K provides an execution replication technique that systematically supports the sustainable execution of blockchain application services. Also, it introduces a robust container registry based on the blockchain service registry, systematically supporting the recovery of service failures by using it. In addition, Truffle, a blockchain service development framework, is extended to utilize the Kubernetes container management tool, and BR2K provides a technique for rapidly deploying blockchain services using the extended framwork.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.1
• /
• pp.124-130
• /
• 2007

RFID technology is considered as a promising solution to increase efficiency of port logistics. Especially active RFID technology, such as e-Seal for container security, is receiving attention nowadays. If active RFID system is combined with passive RFID and legacy bar-code system overall efficiency of port logistics can be improved However, due to the device dependent control interface of RFID readers, there are many difficulties in making active-passive combined RFID system environment. In this paper, we introduce Smart Reader Interface (SRI) system, which provides a device independent RFID reader interrace to control different kinds of RFID readers by hiding device dependent control interface through adapter architecture which is similar to device driver of conventional operating systems. The key design objectives of SRI are the followings; conformance to the related standard. efficiency in processing, easy addition of an adapter for a new RFID reader. Actually, the implemented SRI system can support various kinds of commercial RFID readers, and through the test carried out not only in laboratory but also in the container terminal in the GwangYang Port, its practicality is verified.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.901-909
• /
• 2021

Since mobile devices have limited computational resources, it tends to use the cloud to compute or store data. As real-time becomes more important due to 5G, many studies have been conducted on edge clouds that computes at locations closer to users than central clouds. The farther the user's physical distance from the edge cloud connected to base station is, the slower the network transmits. So applications should be migrated and re-run to nearby edge cloud for smooth service use. We run applications in docker containers, which is independent of the host operating system and has a relatively light images size compared to the virtual machine. Existing migration studies have been experimented by using network simulators. It uses fixed values, so it is different from the results in the real-world environment. In addition, the method of migrating images through shared storage was used, which poses a risk of packet content exposure. In this paper, Containers are migrated with Secure CoPy(SCP) method, a data encryption transmission, by establishing an edge computing environment in a real-world environment. It compares migration time with Network File System, one of the shared storage methods, and analyzes network packets to verify safety.

• The Journal of the Korea Contents Association
• /
• v.15 no.10
• /
• pp.607-615
• /
• 2015

Mosts user of internet and smart phone has certificate, and uses it when money transfer, stock trading, on-line shopping, etc. Mosts user stores certificate in a hard disk drive of PC, or the external storage medium. In particular, the certification agencies are encouraged for user to store certificate in external storage media such as USB memory rather than a hard disk drive. User think that the external storage medium is safe, but when it is connect to a PC, certificate may be copied easily, and can be exposed to hackers through malware or pharming site. Moreover, if a hacker knows the user's password, he can use user's certificate without restrictions. In this paper, we suggest secure management scheme of the private key file using a password of the encrypted private key file, and a USB Memory's hardware information. The private key file is protected safely even if the encrypted private key file is copied or exposed by a hacker. Also, if the password of the private key file is exposed, USB Memory's container ID, additional authentication factor keeps the private key file safe. Therefore, suggested scheme can improve the security of the external storage media for certificate.