• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.43-52
• /
• 2023

Many businesses and organizations use smartcard-based user authentication for remote access. In the meantime, through various studies, dynamic ID-based remote user authentication protocols for distributed multi-server environments have been proposed to protect the connection between users and servers. Among them, Qiu et al. proposed an efficient smart card-based remote user authentication system that provides mutual authentication and key agreement, user anonymity, and resistance to various types of attacks. Later, Andola et al. found various vulnerabilities in the authentication scheme proposed by Qiu et al., and overcame the flaws in their authentication scheme, and whenever the user wants to log in to the server, the user ID is dynamically changed before logging in. An improved authentication protocol is proposed. In this paper, by analyzing the operation process and vulnerabilities of the protocol proposed by Andola et al., it was revealed that the protocol proposed by Andola et al. was vulnerable to offline smart card attack, dos attack, lack of perfect forward secrecy, and session key attack.

• Geophysics and Geophysical Exploration
• /
• v.8 no.2
• /
• pp.156-162
• /
• 2005

Particularly in research related to seawater intrusion the change of fluid electrical conductivity is one of major concerns, and effective monitoring can help to optimize a water pumping performance in coastal areas. Special considerations should be given to the mounting of sensors at proper depth during the monitoring design since the vertical distribution of fluid electrical conductivity is sensitive to the characteristics of seawater intrusion zone. This tells us the multi-channel electrical conductivity monitoring is of paramount consequence. It, however, is a rare event when this approach becomes routinely available in that commonly used commercial stand-alone type sensors are very expensive and inadequate for a long term monitoring of electrical conductivity or water level due to their restricted storage and difficulty of real-time control. For this reason, we have developed a real-time monitoring system that could meet these requirements. This system is user friendly, cost-effective, and easy to control measurement parameters - sampling interval, acquisition range, and others. And this devised system has been utilized for the electrical conductivity monitoring in boreholes, Yeonggwang-gun, Korea. Monitoring has been consecutively executed for 24 hours, and the responses of electrical conductivity at some channels have been regularly increased or decreased while pumping up water. It, with well logging data implemented before/after pumping water, verifies that electrical conductivity changes in the specified depths originate from fluid movements through sand layer or permeable fractured rock. Eventually, the multi-channel electrical conductivity monitoring system makes an effective key to secure groundwater resources in coastal areas.

• Economic and Environmental Geology
• /
• v.40 no.1 s.182
• /
• pp.87-101
• /
• 2007

A variety of informations obtained from satellite image, digital elevation relief map (DEM), borehole logging, televiewer, geophysical prospecting, etc were synthetically analyzed to investigate subsurface geological and structural characteristics and to evaluate geohazard pertinent to fault-damage in the Busan metropolitan city. It is revealed that the geology is composed of the Cretaceous andesitic$\sim$dacitic volcanics, gabbro, and granitoid and that at least three major faults including the Dongrae fault are developed in the study area. Based on characteristics of topography, fault-fractured zone, and isobath maps of the Quaternary sediments and weathered residuals of the basement, the Dongrae fault is decreased in its width and fracturing intensity of damaged zone from south toward north, and the fault is segmented around the area between the Seomyeon and Yangieong junctions. Meanwhile, we drew a geohazard sectional map using the five major parameters that significantly suggest damage intensity of basement by fault, i.e. distance from fault core, TCR, RQD, uniaxial rock strength, and seismic velocity of S wave. The map is evaluated as a suitable method to express the geological and structural characteristics and fault-damaged intensity of basement in the study area. It is, thus, concluded that the proposed method can contribute to complement and amplify the capability of the present evaluation system of rock mass.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.115-137
• /
• 2008

As stock market gets bigger, use of HTS(Home Trading System) is getting increased in stock exchange. HTS provides lots of functions such as inquiry about stock quotations, investment counsel and so on. Thus, despite the fact that the functions fur convenience and usefulness are developed and used, security functions for privacy and trade safety are insufficient. In this paper, we analyze the security system of HTS service through the key-logging and sniffing and suggest that many private information is unintentionally exposed. We also find out a vulnerable point of the system, and show the advisable criteria of secure HTS.

• Geophysics and Geophysical Exploration
• /
• v.8 no.4
• /
• pp.237-242
• /
• 2005

A seismic refraction study in estimation of depth to the bedrock demonstrates that 1) the average velocity in the medium is about 250 m/s in the surface layer (< 4 m), 2,500 m/s in the weathered formation, and greater than 3,000 m/s in the bedrock, 2) the depth to the deepest reflector assumed to be the bedrock is about 17 m; however, according to the cores collected in a borehole in study area, the bedrock (granite) occurred at depth 25 m, 3) according to the density and velocity logging, at depth 17 m, a measurable velocity and density increase are observed, and 4) the velocity of the weathered formation is relatively high and therefore, the acquisition offsets ($70{\sim}80m$) are turned out not to be long enough to record the refracted signal from the bedrock at depth 25 m as first arrivals.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.31-40
• /
• 2014

In Korea, the Public Key Infrastructure (PKI) has been introduced. For secure information transmission and identification, the electronic signature authorization system of a certificate-based is built, and then the service provide.The certificate is stored in location what users can easily access and copy. Thus, there is a risk that can be stolen by malware or web account hacking. In addition, private key passwords can be exposed by the logging tool, after keyboard security features are disabled. Each of these security weaknesses is a potential conduit for identity theft, property/asset theft, and theft of the actual certificates. The present study proposes a method to prevent the private key file access illegally. When a certificate is stored, the private key is encrypted by the dependent element of the device, and it is stored securely. If private key leakage occurs, the retrieved key could not be used on other devices.

• Journal of the Korea Society for Simulation
• /
• v.22 no.4
• /
• pp.29-38
• /
• 2013

Modeling and simulation technology is being used in various fields. Especially in the field of military, Simulation-Based Acquisition (SBA) is recognized as a essential policy. To effectively carry out SBA, modeling and simulation techniques should be applied in the whole life-cycle for the weapon system development, and the framework and tools which can help the rapid component development and reusability are needed. In this research, we use the simulation framework based on modeling formalism for enhancement of reusability and a GUI-based modeling environment for rapid M&S component development. The Proposed framework can act as plug-in components on the basis of XML-based object model, so that the flexible design is possible for the change of the model and simulation structure. In addition, our methods are effective to implement the functions for supporting simulation such as the model data logging and communication with external systems. In this paper, we describe an architecture and functions for the framework and tools.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.4
• /
• pp.1-8
• /
• 2011

Traditional transactional memory systems are no longer able to guarantee the performance of diverse applications with overflowed transactions since there is the drawback that tracking the data for logging is difficult. Especially, this mechanism has a disadvantage of increasing communication delay for sustaining the state which is required to detect the conflict on the overflowed transactions from the first level cache in the transactional memory systems. To address this point, we have focused on the cache architecture of the systems to reduce the overhead caused by overflows and cache misses. In this paper, we present Supportive Cache which reduces additional overhead during transactions. Supportive Cache performs a parallel look-up with L1 private cache and uses the same replacement policy as L1 private cache. We evaluate the performance of the proposed design by comparing LogTM-SE with and without Supportive Cache. The simulation results show that our system improves the performance by 37% on average, compared to the original LogTM-SE which uses the same hardware resource.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.857-869
• /
• 2016

It is a well-known fact that password based authentication system has been threatened for crucial data leakage through monitoring key log. Recently, to prevent this type of attack using keystroke logging, virtual onscreen keyboards are widely used as one of the solutions. The virtual keyboards, however, also have some crucial vulnerabilities and the major weak point is that important information, such as password, can be exposed by tracking the trajectory of the mouse cursor. Thus, in this paper, we discuss the vulnerabilities of the onscreen keyboard, and present hypothetical attack scenario and a method to crack passwords. Finally to evaluate the performance of the proposed scheme, we demonstrate an example experiment which includes attacking and cracking by utilizing password dictionary and analyze the result.

• KIISE Transactions on Computing Practices
• /
• v.24 no.1
• /
• pp.33-39
• /
• 2018

For the integration test in the current field of defense simulation, each actual equipment and simulator's logging information is automated. Although the event of the integrated test system is written in the test log, it is not automated, and relies on the operator's handwriting or file creation, resulting in ineffective aspects such as low-quality record content and repetition of the same content. In this study, we propose the automatic test report recording program that solves these problems. Automatic test report recording program uses framework-based technology to receive information from the test control computer and user to record a log of the test log. Automatic test report recording program allows the user to record the repeated test content in a stable manner. Additionally, even if the number of test operators is limited, the efficiency is improved so that we can fucus on the integration test.