• 한국정보컨버전스학회:학술대회논문집
• /
• 2008.06a
• /
• pp.47-52
• /
• 2008

A radio-frequency identification(RFID) tag is a small, inexpensive microchip that emits an identifier in response to a query from a nearby reader. The price of these tags promises to drop to the range of $0.05 per unit in the next several years, offering a viable and powerful replacement for barcodes. The challenge in providing security for low-cost RFID tags is that they are computationally weak devices, unable to perform even basic symmetric-key cryptographic operations. Security researchers often therefore assume that good privacy protection in RFID tags is unattainable. In this paper, we explore a notion of minimalist cryptography suitable for RFID tags. We consider the type of security obtainable in RFID devices with a small amount of rewritable memory, but very limited computing capability. Our aim is to show that standard cryptography is not necessary as a starting point for improving security of very weak RFID devices. Our contribution is threefold: 1. We propose a new formal security model for authentication and privacy in RFID tags. This model takes into account the natural computational limitations and the likely attack scenarios for RFID tags in real-world settings. It represents a useful divergence from standard cryptographic security modeling, and thus a new view of practical formalization of minimal security requirements for low-cost RFID-tag security. 2. We describe protocol that provably achieves the properties of authentication and privacy in RFID tags in our proposed model, and in a good practical sense. Our proposed protocol involves no computationally intensive cryptographic operations, and relatively little storage. 3. Of particular practical interest, we describe some reduced-functionality variants of our protocol. We show, for instance, how static pseudonyms may considerably enhance security against eavesdropping in low-cost RFID tags. Our most basic static-pseudonym proposals require virtually no increase in existing RFID tag resources.

• Journal of the Korean Society for Railway
• /
• v.12 no.3
• /
• pp.376-381
• /
• 2009

While applying the systems engineering (SE) in systems development, a series of technical reviews play a critical role and is intended to monitor the status of the progress and outcomes of the project for which appropriate technical plans prepared earlier should be executed. It is noted however that during the technical review executed as planned, a lot of problems usually come out. Included are the ambiguity in the reports of the progress status and outcomes, discrepancies among the opinions from different participants, and the delay in carrying out the tasks. To solve those problems in an early stage, informal reviews are usually adopted before the formal technical reviews are held. A type of the informal reviews is the peer review. This paper is concerned with the peer review process model to make the later technical reviews more effective. Specifically, we first review the necessity and meaning of the peer reviews. We then study a model for the peer review process. To model the process, the methods of an IDEF modeling and schema definition have been applied using a computer-aided SE tool, Cradle(R), in the environment of the national research and development project. As a result, the implemented process model can show hew the peer review process is designed and managed to be utilized in the technical review. The documents related with the peer review process can also be generated automatically from the developed model Database. Finally, a general misunderstanding about the peer review and its improvement plan have also been mentioned.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.3
• /
• pp.57-63
• /
• 2008

As diverse memory cards based on NAND flash memory are getting popularity with consumer electronics such as digital camera, camcorder and MP3 player the compatibility problems between a newly developed memory card and existent host systems have become a main obstacle to time-to-market delivery of product. The common practice for memory card compatibility test is to use a real host system as a test bed. As an improved solution, an FPGA-based prototyping board can be used for emulating host systems. However, the above approaches require a long set-up time and have limitations in representing various host and device systems. In this paper, we propose a co-validation environment for compatibility test between memory card and host system using formal modeling based on Esterel language and co-simulation methodology. Finally, we demonstrate the usefulness of the proposed environment with a case study of real memory card development.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.805-808
• /
• 2013

As the development type of domestic technology on information & communications have changed from following development to leading devalopment, developing new technology and creating new market through securing basic technology and IPR has been more essential than ever before. At the same time, it is required to increase the possibility of commercialization on developed technology. Therefore, it is necessary to formulate the consensus on the value and function of project at project planning phase for creative & innovative idea to be adopted into project and to be performed successfully. Accordingly, this paper proposes use case developing methodology adopted to creative & innovative project by analysing use case developing method in software engineering. Also, new methodology is appled to LASA display developing project to prove the reliability. Since the demands on new technology is henceforth expected to increase gradually, it is necessary to continue to study on the methodology of being more formal and logically related between phases as well as on that of analysing relationship among use cases and proving logical reliability of use case.

• The KIPS Transactions:PartD
• /
• v.8D no.5
• /
• pp.516-572
• /
• 2001

Geographic Information System(CIS) deal with data which can potentially be useful for a wide range of applications. The information needed by each application can be vary, specially in resolution, detail level, application view, and representation style, as defined in the modeling phase of the geographic database design. To be able to deal with such diverse needs, GIS must offer features that allow multiple representation for each geographic entity of phenomenon. This paper addresses on the problem of formal definition of the objects and their relationships on the geographical information systems. The geographical data is divided into two main classes : geo-objects and geo-fields, which describe discrete and continuous representations of spatial reality. I studied the attributes and the relationship roles over geo-object and nongeo-object. Therefore, this paper contributed on the efficient design of geographical class hierarchy schema by means of formalizing attribute-domains of classes.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.38 no.6
• /
• pp.1-17
• /
• 2001

Nowadays, spatiotemporal data models deal with objects which can be potentially useful for wide range applications in order to describe complex objects with spatial and/or temporal facilities. However, the information needed by each application usually varies, specially in the geographic information which depends on the kind of time oriented views, as defined in the modeling phase of the spatiotemporal geographic data design. To be able to deal with such diverse needs, geographic information systems must offer features that manipulate geometric, space-dependent(i.e, thematic), and spatial relationship positions with multiple time oriented views. This paper addresses problems of the formal definition of relationships among spatiotemporal objects and their properties on geographic information systems. The geographical data are divided in two main classes : geo-objects and geo-fields, which describe discrete and continuous representations of the spatial reality. I study semantics and syntax about the temporal changes of attributes and the relationship roles on geo-objects and non-geo-objects, This result will contribute on the design of object oriented spatiotemporal data model which is distinguishied from the recent geographic information system of the homogeneously anchored spatial objects

• Journal of Korean Institute of Industrial Engineers
• /
• v.39 no.6
• /
• pp.486-497
• /
• 2013

In this paper, we first present an in-depth survey of the research on Verification, Validation and Accreditation (VV&A) applied in various areas. Then we introduce the characteristics of the military and defense Modeling and Simulation (M&S) and propose the direction of method for VV&A with the identified characteristics. The M&S has been widely used in many different applications in the military and defense area including training, analysis, and acquisition. Methods and processes of VV&A have been proposed by researchers and M&S practitioners to guarantee the correctness of the M&S. The idea of applying the formal credibility assessment in VV&A is originated from the Software Engineering Reliability Test and Systems Engineering Development Process. However, the current VV&A techniques and processes proposed in the research community have not utilized the military-and-defense specific characteristics. We identify the characteristics and issues that can be found in the military and defense M&S. Then propose the direction of techniques and methods for VV&A considering the characteristics and issues. Also, possible research direction on the development of VV&A is proposed.

• Journal of Digital Convergence
• /
• v.17 no.11
• /
• pp.233-240
• /
• 2019

In order to predict and respond to cyber attacks, a number of security companies quickly identify the methods, types and characteristics of attack techniques and are publishing Security Intelligence Reports(SIRs) on them. However, the SIRs distributed by each company are huge and unstructured. In this paper, we propose a framework that uses five analytic techniques to formulate a report and extract key information in order to reduce the time required to extract information on large unstructured SIRs efficiently. Since the SIRs data do not have the correct answer label, we propose four analysis techniques, Keyword Extraction, Topic Modeling, Summarization, and Document Similarity, through Unsupervised Learning. Finally, has built the data to extract threat information from SIRs, analysis applies to the Named Entity Recognition (NER) technology to recognize the words belonging to the IP, Domain/URL, Hash, Malware and determine if the word belongs to which type We propose a framework that applies a total of five analysis techniques, including technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1243-1252
• /
• 2012

Due to the widespread use of smart devices, threats of direct observation attacks such as shoulder surfing and recording attacks, by which user secrets can be stolen at user interfaces, are increasing greatly. Although formal security models are necessary to evaluate the possibility of and security against those attacks, such a model does not exist. In this paper, based on the previous work in which a HCI cognitive model was firstly utilized for analyzing security, we propose STM-GOMS model as an improvement of GOMS-based model with regard to memory limitations. We then apply STM-GOMS model for analyzing usability and security of a password entry scheme commonly used in smart devices and show the scheme is vulnerable to the shoulder-surfing attack. We finally conduct user experiments to show the results that support the validity of STM-GOMS modeling and analysis.

• International conference on construction engineering and project management
• /
• 2009.05a
• /
• pp.622-627
• /
• 2009

Business process engineering (BPE) is a top-down management approach for increasing efficiency and productivity through radical and fundamental changes to the business processes of the organization. BPE requires firms to initially develop a model of the existing business processes of the firm to distinguish functional tasks from processes used for coordinating inputs, activities and outputs. The model is used for understanding the business processes in the organization and to simulate the effect of changes to the processes. The model can also be used to justify business processes, which involves assessing whether the business process provides value to the customer in its current configuration. Justification requires a careful examination of the key business processes used by the firm to identify systemic shortcomings in the process and to create a new business process to produce greater efficiency. BPE also considers automating as many business processes as possible to increase operational efficiency and the integration of business process tasks. The construction industry has been slow to adopt BPE because of its project approach in which a major firm contracts with various functional service providers and regards each project as unique. The industry focuses on functional task efficiency rather than business process efficiency. There is no formal methodology or criteria for determining whether a business process is effective for a construction firm in its current configuration. The use of performance measures such as costs, task duration times or other metrics can be useful in evaluating the effectiveness of an existing business process and for modeling the possible outcome of a fundamental and radical change to the process.