• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.63-69
• /
• 2017

The middleware in the IoT system is software that acts as a messenger to connect and exchange data between humans and objects, objects and objects. IoT middleware exists in various forms in all areas, including hardware, protocol, and communication of different kinds, which are different in form and purpose. However, IoT middleware exists in various forms across different areas, including hardware, protocol, and communication of different types and purposes. Therefore, even if the system is designed differently for each role, it is necessary to strengthen the security in common. In this paper, we analyze the structure of IoT middleware using Service Oriented Architecture(SOA) approach and design system security requirements based on it. It was defined: Target Of Evaluation(TOE) existing system development method and the object is evaluated by Common Criteria(CC) for verification based otherwise. The proposed middleware system will be correlated with the security problem definition and the security purpose, which will be the basis for implementing the security enhanced IoT system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.5
• /
• pp.55-62
• /
• 2018

The MTD-based approach changes various operating parameters dynamically so that the vulnerability of the system can be protected from the malicious attack. In this paper, random/serial scanning/jamming attack success probabilities have been mathematically analyzed and verified through simulation to improve the security of the wireless communication systems in which the MTD-SDR technologies are applied. As a result, for random scanning attacks, attack success probability increases as the change period of transmission channel increases, while for random jamming attacks there is no change. The attack success probability patterns for serial attacks are similar to those of random attacks, but when the change period of transmission channel approaches to the total number of transmission channels, the success probability of serial attack is getting greater than that of random attack, up to twice in jamming attacks and up to 36% in scanning attacks.

• Information Systems Review
• /
• v.14 no.3
• /
• pp.131-141
• /
• 2012

Depending on the sophistication of IT, it is increasing more and more information leaks and breaches. Accordingly the majority of companies have expand investment protection for the information. However, companies still have been exposed the vulnerability of information leakage. Especially, small IT service businesses than large corporations relatively have some limitations in the points of resources and manpower business activities. For studies on information security for small IT service companies so far, however, there have been insufficient studies considering small business scales and business characteristics of IT services. In this study, we made to design an information security management model for establishing security measures of small IT service companies which are classified SI/SM, DB, IR and IP industry that depending on how the value creation of the business. In detail, we performed an empirical analysis for small IT service business to consider business characteristics and we proposed security implementation strategies based on the analysis results.

• Structural Engineering and Mechanics
• /
• v.57 no.3
• /
• pp.569-585
• /
• 2016

This paper highlights a case study that investigates the behaviour of existing bridge, West Terrace Bridge, induced by horizontal seismic loading. Unfortunately the lack of past information related to seismic activity within the NSW region has made it difficult to understand better the capacity of the structure if Earthquake occurs. The research was conducted through the University of Western Sydney in conjunction with Railcorp Australia, as part of disaster reduction preparedness program. The focus of seismic analyses was on the assessment of stress behaviour, induced by cyclic horizontal/vertical displacements, within the concrete slab and steel truss of the bridge under various Earthquake Year Return Intervals (YRI) of 1-100, 1-200, 1-250, 1-500, 1-800, 1-1000, 1-1500, 1-2000 and 1-2500. Furthermore the stresses and displacements were rigorously analysed through a parametric study conducted using different boundary conditions. The numerical analysis of the concrete slab and steel truss were performed through the finite element software, ABAQUS. The field measurements and observation had been used to validate the results drawn from the finite element simulation. It was illustrated that under a YRI of 1/1000 the bottom chord of the steel truss failed as the stress induced surpassed the ultimate stress capacity and the horizontal displacement exceeded the allowable displacement measured in the field observations whereas the vertical displacement remained within the previously observed limitations. Furthermore the parametric studies in this paper demonstrate that a change in boundary conditions alleviated the stress distribution throughout the structure allowing it to withstand a greater load induced by the earthquake YRI but ultimately failed when the maximum earthquake loading was applied. Therefore it was recommended to provide a gap of 50mm on the end of the concrete slab to allow the structure to displace without increasing the stress in the structure. Finally, this study has proposed a design chart to showcase the failure mode of the bridge when subjected to seismic loading.

• Journal of KIISE
• /
• v.42 no.4
• /
• pp.487-495
• /
• 2015

Since most of information is computerized nowadays, it is extremely important to promote the security of the computerized information. However, the software itself can threaten the safety of information through many abusive methods enabled by coding mistakes. Even though the Secure Coding Guide has been proposed to promote the safety of information by fundamentally blocking the hacking methods, it is still hard to apply the techniques on other programming languages because the proposed coding guide is mainly written for C and Java programmers. In this paper, we reclassified the coding rules of the Secure Coding Guide to extend its applicability to programming languages in general. The specific coding guide adopted in this paper is the C Secure Coding Guide, announced by the Ministry of Government Administration and Home Affairs of Korea. According to the classification, we applied the rules of programming in Sprout, which is a newly proposed Korean programming language. The number of vulnerability rules that should be checked was decreased in Sprout by 52% compared to C.

• Smart Media Journal
• /
• v.9 no.3
• /
• pp.71-79
• /
• 2020

Mobile network is used by many users worldwide for diverse services, including phone-call, messaging and data transfer over the Internet. However, this network may experience massive damage if it is exposed to cyber-attacks or denial-of-service attacks via wireless communication interference. Because the mobile network is also used as an emergency network in cases of disaster, evaluation or verification for security and safety is necessary as an important nation-wide asset. However, it is not easy to analyze the mobile core network because it's built and serviced by private service providers, exclusively operated, and there is even no separate network for testing. Thus, in this paper, a virtual mobile network is built using OpenAirInterface, which is implemented based on 3GPP standards and provided as an open source software, and the structure and protocols of the core network are analyzed. In particular, the S1AP protocol messages captured on S1-MME, the interface between the base station eNodeB and the mobility manager MME, are analyzed to identify potential security threats by evaluating the effect of the messages sent from the user terminal UE to the mobile core network.

• The Journal of Korean Physical Therapy
• /
• v.31 no.6
• /
• pp.358-362
• /
• 2019

Purpose: We investigated the difference in injury of the corticospinal tract (CST) and the spinothalamic tract (STT) in patients with putaminal hemorrhage, using diffusion tensor tractography (DTT). Methods: Thirty one consecutive patients with PH and 34 control subjects were recruited for this study. DTT scanning was performed at early stage of PH (7-63 days), and the CST and STT were reconstructed using the Functional Magnetic Resonance Imaging of Brain (FMRIB) Software Library program. Injury of the CST and STT was defined in terms of the configuration or abnormal DTT parameters was more than 2 standard deviations lower than that of normal control subjects. Results: Among 31 patients, all 31 patients (100%) had injury of the CTS, whereas 25 patients (80.6%) had injury of the STT: the incidence of CST injury was significantly higher than that of STT (p<0.05). In detail, 20 (64.5%) of 31 patients showed a discontinuation of the CST in the affected hemisphere; in contrast, 14 patients (45.2%) of 31 patients showed a discontinuation of the STT in the affected hemisphere. Regarding the FA value, 6 (19.4%) of 31 patients and 2 (6.4%) of 31 patients were found to have injury in the CST and STT, respectively. In terms of the fiber number, the same injury incidence was observed in 11 patients (35.5%) in both the CST and STT. Conclusion: The greater vulnerability of the CST appears to be ascribed to the anatomical characteristics; the CST is located anteriorly to the center of the putamen compared with the STT.

• Journal of the Earthquake Engineering Society of Korea
• /
• v.20 no.7_spc
• /
• pp.435-441
• /
• 2016

The Korean peninsula has known as a minor-to-moderate seismic region. However, some recent studies had shown that the maximum possible earthquake magnitude in the region is approximately 6.3-6.5. Therefore, a seismic vulnerability assessment of the existing infrastructures considering ground motions in Korea is necessary. In this study, we developed seismic fragility curves for a continuous steel box girder bridge and two typical transmission towers, in which a set of seven artificial and natural ground motions recorded in South Korea is used. A finite element simulation framework, OpenSees, is utilized to perform nonlinear time history analyses of the bridge and a commercial software, SAP2000, is used to perform time history analyses of the transmission towers. The fragility curves based on Korean ground motions were then compared with the fragility curves generated using worldwide ground motions to evaluate the effect of the two ground motion groups on the seismic fragility curves of the structures. The results show that both non-isolated and base-isolated bridges are less vulnerable to the Korean ground motions than to worldwide earthquakes. Similarly to the bridge case, the transmission towers are safer during Korean motions than that under worldwide earthquakes in terms of fragility functions.

• Journal of the Korea Convergence Society
• /
• v.8 no.6
• /
• pp.17-27
• /
• 2017

Recently, as cyber attacks have been activated, many such attacks have come into contact with various media. Research on security engineering and reverse engineering is active, but there is a lack of research that integrates them and applies attack systems through cost effective attack engineering. In this paper, security - enhanced information systems are developed by security engineering and reverse engineering is used to identify vulnerabilities. Using this vulnerability, we compare and analyze lifecycle models that construct or remodel attack system through attack engineering, and specify structure and behavior of each system, and propose more effective modeling. In addition, we extend the existing models and tools to propose graphical attack specification models that specify attack methods and scenarios in terms of models such as functional, static, and dynamic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1225-1234
• /
• 2019

The security of the firmware is more important because embedded devices have become popular. Network devices such as routers can be attacked by attackers through web application vulnerabilities in embedded firmware. Therefore, they must be found and removed quickly. The Firmadyne framework proposes a dynamic analysis method to find vulnerabilities after emulating firmware. However, it only performs vulnerability checks according to the analysis methods defined in the tool, thus limiting the scope of vulnerabilities that can be found. In this paper, fuzzing is performed in emulation-based environment through fuzzing, one of the software security test techniques. We also propose a Fabfuzz tool for efficient emulation based fuzzing. Experiments have shown that in addition to the vulnerabilities identified in existing tools, other types of vulnerabilities have been found.