• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.541-548
• /
• 2017

The smartphone operates the media server daemon to handle audio service requests. Media server daemons, running with a high privilege in the background, caused many vulnerabilities to applications most frequently used in smart devices including smartphones. Fuzzing is a popularly used methodology to find software vulnerabilities. Unfortunately, fuzzing itself is not much effective in such format-strict environments as media services. In this paper, we propose a file format-aware fuzzing in order to efficiently detect vulnerabilities of media server daemon. We acquired a remote arbitrary code execution vulnerability on iOS/tvOS/MacOS/watchOS, and we verified the effectiveness by comparing our methodology with the fuzzers FileFuzz and ZZUF.

• Journal of Internet Computing and Services
• /
• v.7 no.2
• /
• pp.161-172
• /
• 2006

As the innovative technologies related to ubiquitous computing are being rapidly developed in recent IT trend, the concern for IT dysfunction(e.g., personal information abuse, information risk, threat, vulnerability, etc.) are also increasing. In our study, we suggested how to design and implement to multiple schemes for strong authentication mechanism in real system environments. We introduce the systematic and secure authentication technologies that resolve the threats incurring from the abuse and illegal duplication of financial transaction card in the public and financial institutions. The multiple schemes for strong authentication mechanism applied to java technology, so various application programs can be embedded, Independent of different platforms, to the smartcard by applying the consolidated authentication technologies based on encryption and biometrics(e.g., finger print identification). We also introduce the appropriate guidelines which can be easily implemented by the system developer and utilized from the software engineering standpoint of view. Further, we proposed ways to utilize java card based biometrics by developing and applying the 'smartcard class library' in order for the developer and engineers involved in real system environment(Secure entrance system) to easily understand the program. Lastly, we briefly introduced the potential for its future business application.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2016.05a
• /
• pp.188-188
• /
• 2016

The Mekong which is one of the world's most significant rivers plays an extremely important role to South East Asia. Lying across six riparian countries including China, Myanmar, Thailand, Laos, Cambodia and Vietnam and being a greatly biological and ecological diversity of fishes, the river supports a huge population who living along Mekong Basin River. Therefore, much attention has been focused on the giant Mekong Basin River, particularly, the soil erosion and sedimentation problems which rise critical impacts on irrigation, agriculture, navigation, fisheries and aquatic ecosystem. In fact, there have been many methods to calculate these problems; however, in the case of Mekong, the available data have significant limitations because of large area (about 795 00 km2) and a failure by management agencies to analyze and publish of developing countries in Mekong Basin River. As a result, the Universal Soil Loss Equation (USLE) model in a GIS (Geographic Information System) framework was applied in this study. The USLE factors contain the rainfall erosivity, soil erodibility, slope length, steepness, crop management and conservation practices which are represented by raster layers in GIS environment. In the final step, these factors were multiplied together to estimate the soil erosion rate in the study area by using spatial analyst tool in the ArcGIS 10.2 software. The spatial distribution of soil loss result will be used to support river basin management to find the subtainable management practices by showing the position and amount of soil erosion and sediment load in the dangerous areas during the selected 56- year period from 1952 to 2007.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.163-170
• /
• 2008

As the degree of dependency and application of component increases, the need to strengthen security of component is also increased as well. The component gives an advantage to improve development productivity through its reusable software. Even with this advantage, vulnerability of component security limits its reuse. When the security level of a component is raised in order to improve this problem, the most problematic issue will be that it may extend its limitation on reusability. Therefore, a component model concerning its reusability and security at the same time should be supplied. We suggest a Separation of Concerns Security Model for Extension of Component Reuse which is integrated with a wrapper model and an aspect model and combined with a reuse model in order to extend its security and reusability by supplying information hiding and easy modification, and an appropriate application system to verify the model's compatibility is even constructed. This application model gives the extension of component function and easy modification through the separation of conceits, and it raise its security as doll as extends its reusability.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.11
• /
• pp.303-309
• /
• 2018

Internet of Things technology is an intelligent service that connects all objects to the Internet and interacts with them. It is a technology that can be used in various fields, such as device management, process management, monitoring of restricted areas for industrial systems, as well as for navigation in military theaters of operation. However, because all devices are connected to the Internet, various attacks using security vulnerabilities can cause a variety of damage, such as economic loss, personal information leaks, and risks to life from vulnerability attacks against medical services or for military purposes. Therefore, in this paper, a mutual authentication method and a key-generation and update system are applied by applying S/Key technology based on a hash chain in the communications process. A mutual authentication method is studied, which can cope with various security threats. The proposed protocol can be applied to inter-peer security communications, and we confirm it is robust against replay attacks and man-in-the-middle attacks, providing data integrity against well-known attacks in the IoT environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.719-728
• /
• 2019

Recently, there has been a growing market for shared mobility businesses that share 'transport' such as cars and bikes, and many operators offer a variety of services. However, if the fare can not be charged normally because of security vulnerability, the operator can not continue the business. So there should be no security loopholes. However, there is a lack of awareness and research on shared mobility security. In this paper, we analyzed security vulnerabilities exposed in application log of shared bike service in Korea. We could easily obtain the password of the bike lock and the encryption key of the AES-128 algorithm through the log, and confirmed the data generation process for unlocking using software reverse engineering. It is shown that the service can be used without charge with a success rate of 100%. This implies that the importance of security in shared mobility business and new security measures are needed.

• Journal of the Korea Convergence Society
• /
• v.10 no.5
• /
• pp.9-16
• /
• 2019

In this paper, it will analyze security problems, so technology's potential can apply to business security area. First, in order to deep learning do security tasks sufficiently in the business area, deep learning requires repetitive learning with large amounts of data. In this paper, to acquire learning ability to do stable business tasks, it must detect abnormal IP packets and attack such as normal software with malicious code. Therefore, this paper will analyze whether deep learning has the cognitive ability to detect various attack. In this paper, to deep learning to reach the system and reliably execute the business model which has problem, this paper will develop deep learning technology which is equipped with security engine to analyze new IP about Session and do log analysis and solve the problem of mathematical role which can extract abnormal data and distinguish infringement of system data. Then it will apply to business model to drop the vulnerability and improve the business performance.

• Journal of Information Technology Applications and Management
• /
• v.28 no.3
• /
• pp.49-58
• /
• 2021

Due to the increasing interest in wellness aroused by the aging population and the pursuing feature of active old age, Korean elderly set importance on long life with their healthy condition. Following the change in the paradigm of the medical delivery system from hospital-oriented, treatment-oriented to personal-centered and self-care, Service design application of Smart Healthcare for the elderly became valuable. Smart Healthcare is a healthcare service provided through the fusion of ICT technologies including mobile/wearable devices, IoT, big data, and information technology, and it is utilized to prevent diseases managing abundant health information and living habits. As a methodology for delivering such Smart Healthcare to the elderly, Service design can be adopted. Therefore, this study would like to present the perquisites of Smart Healthcare design for the elderly through analyzing the results from in-depth interview methods between the elderly and medical staff. As a result of this study, guidelines for Service design application of health vulnerability management for the elderly utilizing smart phones were presented. Therefore, this study presented four prerequisites composed of 'high level of supplementation and ethical decision making', 'improvement of inequality in accessibility and experience', 'resolving problems in policy implementation' and 'user-friendliness' for the Smart Healthcare service design for the elderly. Overall, Service design is expected to play an innovative role in improving the quality of life for the elderly through the process of collecting and delivering information on Smart Healthcare centered on the experience of the elderly.

• KIPS Transactions on Software and Data Engineering
• /
• v.11 no.10
• /
• pp.399-408
• /
• 2022

ERC-20, the standard API for Ethereum token smart contracts, was introduced to ensure compatibility among applications such as wallets and decentralized exchanges. However, many compatibility vulnerability problems have existed because there is no rigorous functional specifications for each API nor conformance review tools for the standard. In this paper, we proposed a new review procedure and a tool to perform the procedure to review if ERC-20 token smart contract programs for the Ethereum blockchain conform to the de facto standards. Based on the knowledge from an analysis on the ERC-20 API functional behavior of the top 100 token smart contract programs in the existing Ethereum blockchain, a new specification for the de facto standard for ERC-20 API was explicitly defined. The new specification enabled us to design a systematic review method for Ethereum smart contract programs. We developed a tool to support this review method and we evaluated a few benchmark programs with the tool.

• Health Policy and Management
• /
• v.33 no.1
• /
• pp.55-64
• /
• 2023

Background: Despite the various activities of the regional public hospitals, discussions are being made as to whether or not to continue due to the issue of financial deficit. Therefore, the main factors affecting the fiscal deficit were analyzed with 10-year data. Methods: This study is a panel analysis that analyzed the characteristics of 34 regional public hospitals and influencing factors on medical benefits for 10 years from 2010 to 2019. First, we analyze the determinants of medically vulnerable areas set by the government, analyze the trend of medical profit per 100 beds and medical profit rate from 2010 to 2019, and identify the factors that affect them. Results: Differences in medical profit per 100 beds and medical profit-to-medical profit rate were caused by market share representing regional characteristics, and both indicators improved as the number of outpatients increased. The important influencing variables are the number of doctors and nurses, and both indicators improve when there are specialists, but medical benefits decrease as the number of doctors increases when judged by the number of people per 100 beds. In addition, the number of nurses per 100 beds does not contribute to medical profit and has a negative effect on the medical profit ratio. Conclusion: As only regional characteristics were taken into account for medically vulnerable areas, operational characteristics need to be considered. The greatest impact on the finances of local medical centers is the proper staffing of doctors and nurses, and their efficient arrangement is the most important factor in financial stability.