• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.4
• /
• pp.226-238
• /
• 2010

OpenSSL is an open-source library implementing SSL that is a secure communication protocol. However, the library has a severe vulnerability that its security information can be easily exposed to malicious software when the library is used in a form of shared library on Linux and UNIX operating systems. We propose a scheme to attack the vulnerability of the OpenSSL library. The scheme injects codes into a running client program to execute the following attacks on the vulnerability in a SSL handshake. First, when a client sends a server a list of cryptographic algorithms that the client is willing to support, our scheme replaces all algorithms in the list with a specific algorithm. Such a replacement causes the server to select the specific algorithm. Second, the scheme steals a key for data encryption and decryption when the key is generated. Then the key is sent to an outside attacker. After that, the outside attacker decrypts encrypted data that has been transmitted between the client and the server, using the specified algorithm and the key. To show that our scheme is realizable, we perform an experiment of collecting encrypted login data that an ftp client using the OpenSSL shared library sends its server and then decrypting the login data.

• The KIPS Transactions:PartD
• /
• v.8D no.6
• /
• pp.665-672
• /
• 2001

ITA (Information Technology Architecture) satisfies the requirements of information system, supports the information used in the institution's business to guarantee the interoperability and security, and analyzes the components of information system. ITA consists of EA (Enterprise Architecture), TRM (Technical Reference Manual) and SP (Standard Profile). The SP, one of the major components of ITA, is a set of information technology standards. In this paper, to construct and utilize the ITA, we mention the applications of information technology about the SP system implementation based on the TRM. The SP management system implemented in this paper is the first trial in Korea, and designs the software with object oriented programming languages such as JSP and Java. Moreover the basic and detailed specification based on the UML notation, system design using the component and system design pattern consisting of software architectures enhance the software reusability. And the constructed system in this paper shows less maintenance cost by using the public softwares such as Linux system, Korean DBMS, Apache and Tomcat, etc. Finally, the system includes the SP reference system which is used in the other institutions and cannot be found in other institutions. Also it includes the additional diverse service modules which support the subsequent processing for the establishment and revision of standards via internet.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.4
• /
• pp.50-55
• /
• 2019

Recently Ransomware attacks are continuously increasing, and new Ransomware, which is difficult to detect just with a basic vaccine, continuously has its upward trend. Various solutions for Ransomware have been developed and applied. However, due to the disadvantages and limitations of existing solutions, damage caused by Ransomware has not been reduced. Ransomware is attacking various platforms no matter what platform it is, such as Windows, Linux, servers, IoT devices, and block chains. However, most existing solutions for Ransomware are difficult to apply to various platforms, and there is a limit that they are dependent on only some specific platforms while operating. This study analyzes the problems of existing Ransomware detection solutions and proposes the onboard module based Ransomware detection system; after the system defines the function of necessary elements through analyzing requirements that can actually reduce the damage caused by the Ransomware from the viewpoint of users, it supports various OS without pre-installation and is able to restore data even after being infected. We checked the feasibility of each function of the proposed system through the analysis of the existing technology and verified the suitability of the proposed techniques to meet the user's requirements through the questionnaire survey of a total of 264 users of personal and corporate PC users. As a result of statistical analysis of the questionnaire results, it was found that the score of intent to introduce the system was at 6.3 or more which appeared to be good, and the score of intent to change from existing solution to the proposed system was at 6.0 which appeared to be very high.

• Radiation Oncology Journal
• /
• v.21 no.4
• /
• pp.291-298
• /
• 2003

Purpose: We report upon a web-based system for Patterns of Care Study (PCS) devised for Korean radiation oncology. This PCS was designed to establish standard tools for clinical quality assurance, to determine basic parameters for radiation oncology processes, to offer a solid system for cooperative clinical studies and a useful standard database for comparisons with other national databases. Materials and Methods: The system consisted of a main server with two back-ups in other locations. The program uses a Linux operating system and a MySQL database. Cancers with high frequencies in radiotherapy departments in Korea from 1998 to 1999 were chosen to have a developmental priority. Results: The web-based clinical PCS .system for radiotherapy in www.pcs.re.kr was developed in early 2003 for cancers of the breast, rectum, esophagus, larynx and lung, and for brain metastasis. The total number of PCS study items exceeded one thousand. Our PCS system features user-friendliness, double entry checking, data security, encryption, hard disc mirroring, double back-up, and statistical analysis. Alphanumeric data can be input as well as image data. In addition, programs were constructed for IRB submission, random sampling of data, and departmental structure. Conclusion: For the first time in the field of PCS, we have developed a web-based system and associated working programs. With this system, we can gather sample data in a short period and thus save, cost, effort and time. Data audits should be peformed to validate input data. We propose that this system should be considered as a standard method for PCS or similar types of data collection systems.