• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.4
• /
• pp.207-215
• /
• 2014

Password based authentication systems are most widely used for user convenience in web services. However such authentication systems are known to be vulnerable to various attacks such as password guessing attack, dictionary attack and key logging attack. Besides, many of the web systems just provide user authentication in a one-way fashion such that web clients cannot verify the authenticity of the web server to which they set access and give passwords. Therefore, it is too difficult to protect against DNS spoofing, phishing and pharming attacks. To cope with the security threats, web system adopts several enhanced schemes utilizing one time password (OTP) or long and strong passwords including special characters. However there are still practical issues. Users are required to buy OTP devices and strong passwords are less convenient to use. Above all, one-way authentication schemes generate several vulnerabilities. To solve the problems, we propose a multi-channel, multi-factor authentication scheme by utilizing QR-Code. The proposed scheme supports both user and server authentications mutually, thereby protecting against attacks such as phishing and pharming attacks. Also, the proposed scheme makes use of a portable smart device as a OTP generator so that the system is convenient and secure against traditional password attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.8
• /
• pp.1551-1559
• /
• 2015

Recently, the performance of smart devices is almost similar to that of the existing PCs, thus the users of smart devices can perform similar works such as messengers, SNSs(Social Network Services), smart banking, etc. originally performed in PC environment using smart devices. Although the development of smart devices has led to positive impacts, it has caused negative changes such as an increase in security threat aimed at mobile environment. Specifically, the threats of mobile devices, such as leaking private information, generating unfair billing and performing DDoS(Distributed Denial of Service) attacks has continuously increased. Over 80% of the mobile devices use android platform, thus, the number of damage caused by mobile malware in android platform is also increasing. In this paper, we propose android based malware detection mechanism using time-series analysis, which is one of statistical-based detection methods.We use auto-regressive moving-average model which is extracting accurate predictive values based on existing data among time-series model. We also use fast and exact malware detection method by extracting possible malware data through Z-Score. We validate the proposed methods through the experiment results.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.9
• /
• pp.458-465
• /
• 2020

Technological advances in artificial intelligence are affecting many industries, such as telecommunications, logistics, security, and healthcare, and research and development related to economic, efficiency, linkage with commercial technologies are the current focus. Predicting the changes in the future battlefield environment and ways of conducting war from a strategic point of view, as well as designing/planning the direction of military development for a leading response is not only a basic element to prepare for comprehensive future threats but also an indispensable factor that can produce an optimal effect over a limited budget/time. From this perspective, this study was conducted as part of a technology-driven plan to discover potential future technologies with high potential for use in the defense field and apply them to R&D. In this study, based on research data collected in a defense future technology investigation, the future new technology that requires further research was predicted by considering the redundancy with existing defense research projects and the feasibility of technology. In addition, an empirical study was conducted to verify the significance between the future new defense technology and the evaluation indicators in the AI field.

• Korean Journal of Remote Sensing
• /
• v.34 no.2_2
• /
• pp.307-311
• /
• 2018

It is necessary to establish wide integrated surveillance system of marine territory to reduce damage caused by maritime security threats, marine pollution and accidents for safe and clean marine use and efficient development of marine resources. For marine surveillance, the information characteristics of space-time specific, accuracy and operability are required, and real-time information about the wide area should be provided at all times. This special issue has been published to identify the characteristics of each platform, evaluate its usability for the establishment of a wide integrated surveillance system, and present the direction for future convergence studies between platforms. Since 2015, KIOST and cooperative research team have been performing the project, "Base research for building wide integrated surveillance system of marine territory using multi-platform" that detect vessels and red tide etc. near real time by using satellite, UAV and HF Ocean Radar. The objective of this special issue is to introduce the significance for an integrated system for maritime surveillance and to create a forum for discussion on recent advances in remote sensing technology and applications for marine disasters, pollution, and accident surveillance.

• Journal of Convergence for Information Technology
• /
• v.10 no.7
• /
• pp.20-32
• /
• 2020

This study is to develop and provide a personal information protection framework that enables IoT service providers to safely and systematically operate personal information of IoT service subjects in the overall process of providing IoT devices and services. To this end, a framework for personal information framework was derived through literature survey, and FGI with experts, it was divided into three stages, each of three stages: IoT service provision process and IoT personal information processing process. The study conducted an e-mail survey of related experts using AHP techniques to determine the importance of the components of the selected personal information protection framework. As a result, in the IoT service provision process, the IoT product and service design and development stage (0.5413) is the most important, and in the IoT personal information processing process, personal information protection in the collection and retention of personal information (0.5098) is the most important. Therefore, based on this research, as the IoT service is spreading, it is expected that a safe personal information protection framework will be realized by preventing security threats and personal information infringement accidents.

• Journal of Convergence for Information Technology
• /
• v.10 no.11
• /
• pp.55-63
• /
• 2020

The IoT technology is a field that applies and converges the technologies in the existing industrial environment, instead of new technologies. The IoT technology is releasing various application services converged with other industries such as smart home, healthcare, construction, and automobile, and it is also possible to secure the work efficiency and convenience of users of IoT-based technologies. However, the security threats occurring in the IoT-based technology environment are succeeding to the vulnerability of the existing wireless network environment. And the occurrence of new and variant attacks in the combination with the ICT convergence environment, is causing damages. Thus, in the IoT technology-based environment, it would be necessary to have researches on the safe transmission of messages in the communication environment between user and device, and device and device. This thesis aims to design a safe communication protocol in the IoT-based technology environment. Regarding the suggested communication protocol, this thesis performed the safety analysis on the attack techniques occurring in the IoT technology-based environment. And through the performance evaluation of the existing PKI-based certificate issuance system and the suggested communication protocol, this thesis verified the high efficiency(about 23%) of communication procedure. Also, this thesis verified the reduced figure(about 65%) of the issued quantity of certificate compared to the existing issuance system and the certificate management technique.

• Journal of Digital Convergence
• /
• v.15 no.4
• /
• pp.285-293
• /
• 2017

They are rapidly evolving malicious attacks on smart devices, and to timely protect the smart devices from these attacks has become a very important issue. In particular, smishing attack has emerged as one of the most important threats on the smartphone. In this paper, we propose the cloud service that can fundamentally protect the user from the risk of smishing attack. The proposed scheme provides cloud messaging service that can filter text messages including URLs in the user's smart device, view and manage them through a virtual machine provided by a cloud server. The existing techniques for preventing smshing attacks protect only malicious code of a known pattern and there is the possibility of error such as FP(False Positive) or FN(False Negative). However, since the proposed method automatically filters all text messages including URLs, storing, viewing, and managing them in their own storage space on the cloud server, it can completely block the installation of malwares(malicious codes) on the user's smart device through smishing attacks.

• Korea and Global Affairs
• /
• v.3 no.2
• /
• pp.87-130
• /
• 2019

This paper aims to analyze the recent progress(current situation) and tasks of arms control in North and South Korea. To this end the paper is composed of 5 chapters titled instruction; recent progress(current situation) of arms control in South and North Korea; constraints and tasks of arms control on the Korean peninsula; and conclusion. One of the most important tasks for the establishment of a peace structure for the coexistence of the Korean people in the 21st century is the realization of military control in order to resolve the acute military confrontation situation and mutual threats. With the 2018 PyeongChang Winter Olympics, the North-South summit and the subsequent talks for peace and denuclearization on the Korean Peninsula, the North Korea-US summit, and subsequent talks are creating conditions for trust building and arms control between the two Koreas. The military trust between the two Koreas and operational arms control are being achieved through the declaration of the April 27 Panmunjom and the 'Military Agreement for the Implementation of the Panmunjom Declaration.' However, since there are constraints on the control of arms control, such as the persistence of hostility and distrust of the two Koreas, the defense treaty between the two Koreas and neighboring countries, the competition of neighboring countries and the complex interests of the Korean peninsula, Trust Building is important. We should resolve the issue of arms control between the two Koreas, taking into account the trend of international arms control over the internal and external dynamics of the Korean peninsula gradually and carefully, with a vision of long-term unification security.

• Journal of Platform Technology
• /
• v.9 no.3
• /
• pp.3-17
• /
• 2021

Advanced persistent threat (APT) attacks are attacks aimed at a particular entity as a set of latent and persistent computer hacking processes. These APT attacks are usually carried out through various methods, including spam mail and disguised banner advertising. The same name is also used for files, since most of them are distributed via spam mail disguised as invoices, shipment documents, and purchase orders. In addition, such Infostealer attacks were the most frequently discovered malicious code in the first week of February 2021. CDR is a 'Content Disarm & Reconstruction' technology that can prevent the risk of malware infection by removing potential security threats from files and recombining them into safe files. Gartner, a global IT advisory organization, recommends CDR as a solution to attacks in the form of attachments. There is a program using CDR techniques released as open source is called 'Dangerzone'. The program supports the extension of most document files, but does not support the extension of HWP files that are widely used in Korea. In addition, Gmail blocks malicious URLs first, but it does not block malicious URLs in mail systems such as Naver and Daum, so malicious URLs can be easily distributed. Based on this problem, we developed a 'Dangerzone' program that supports the HWP extension to prevent APT attacks, and a Chrome extension that performs URL checking in Naver and Daum mail and blocking banner ads.

• Maritime Security
• /
• v.1 no.1
• /
• pp.311-343
• /
• 2020

Because of the global warming, the Arctic Ocean is expected to be ice-free by the year 2035. When the Arctic Ocean will be opened, a number of national interests will become more salient as experiencing a shortened sailing distance and decreasing navigation expense, possibility of natural resources transport by sea from Arctic Circle, and indirect-profit making by building a herb port in Asia. To secure the national interests and support the free activities of people in this region, R.O.K government is trying to make advanced policies. In order to carry out the naval tasks in the Arctic Ocean, using the operational characteristics(mobility, flexibility, sustainability, presence of capabilities, projection) is necessary. To this end, ROK Navy should analyze the operational environment (O.E.) by its capability(weakness and strength), opportunity, and threat. R.O.K. Navy should make an effort over the following issues to implement the tasks in the Arctic Ocean: first, Navy needs to map out her own plan (Roadmap) under the direction of government policies and makes crews participate in the education·training programs in home and abroad for future polar experts. Third, to develop the forces and materials for the tasks in cold, far operations area, Navy should use domestic well-experienced shipbuilding skills and techniques of the fourth industrial revolution. Next, improving the combined operations capabilities and military trust with other countries in the Arctic region to cover the large area with lack of forces' number and to resolve the ports of call issues. Lastly, preparation in advance to execute a variety of missions against military and non-traditional threats such as epidemics, HA/DR, SOLAS, in the future operation area is required.