• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.1
• /
• pp.147-153
• /
• 2014

The numerous improved schemes of remote user authentication based on password have been proposed in order to overcome the security weakness in user authentication process. Recently, some of biometric-based user authentication schemes to use personal biometric information have been introduced and they have shown the relatively higher security and the enhanced convenience as compared to traditional password-based schemes. These days wireless sensor network is a fundamental technology in face of the ubiquitous era. The wireless sensor networks to collect and process the data from sensor nodes in increasing high-tech applications require important security issues to prevent the data access from the unauthorized person. Accordingly, the research to apply to the user authentication to the wireless sensor networks has been under the progress. In 2010, Yuan et al. proposed a biometric-based user authentication scheme to be applicable for wireless sensor networks. Yuan et al. claimed that their scheme is effectively secure against the various security flaws including the stolen verifier attack. In this paper, author will prove that Yuan et al.'s scheme is still vulnerable to the password guessing attack, user impersonation attack and the replay attack, by analyzing their security weakness.

• Journal of the Korean association of regional geographers
• /
• v.21 no.4
• /
• pp.751-763
• /
• 2015

Both the selection of indicators and weights for them are critical issues in the vulnerability assessment. This study is to assess the air pollution vulnerability focused on ozone for 249 local jurisdictions using weights calculated by the entropy methodology and then examine the applicability of the methodology. We selected indicators for air pollution vulnerability assessment and standardized them. Subsequently, we calculated weights of each indicator using the entropy method and then integrated them into the vulnerability index. The exposure indicators consider meteorological and air pollution factors and the sensitivity of the local jurisdiction include variables on vulnerable areas and environments. The adaptive capacity contains socio-economic characteristics, health care capacities and air pollution managemental factors. The results show that Hwaseong-si, Gwangjin-gu, Gimpo-si, Gwangju-si, Gunpo-si are among the highest vulnerabilities based on the simple aggregation of indicators. And vulnerability-resilience (VRI) aggregation results indicates the similar spatial pattern with the simple aggregation outcomes. This article extends current climate change vulnerability assessment studies by adopting the entropy method to evaluate relative usefulness of data. In addition, the results can be used for developing customized adaptation policies for each jurisdiction reflecting vulnerable aspects.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.21 no.1
• /
• pp.12-22
• /
• 2018

In order to improve the vulnerability of current cities due to climate change, the disaster vulnerability analysis manual for various disasters is provided. Depending on the spatial units, the disaster vulnerability levels, and the conditions of the climatic factors, the results of the disaster vulnerability analysis will have a significant impact. In this study, relative assessments are conducted by adding the eup, myeon and dong unit in addition to census output area unit to analyze the impact on the spatial unit, and relative changes are analyzed according to the classification stages by expanding the natural classification, which is standardized at level four stage, to level two, four and six stage. The maximum rainfalls(10min, 60min, 24hr) are added for the two limited rainfall characteristics to determine the relativity of disaster vulnerable districts by index. The relative assessment results of heavy rainfall vulnerability index showed that the area ratio of disaster areas by spatial unit was different and the correlation analysis showed that the space analysis between the eup, myeon and dong unit in addition to census output area unit was not consistent. And it can be seen that the proportion of disaster vulnerable districts is relatively different a lot due to indexes of rainfall characteristics, spatial unit analysis and disaster vulnerability level stage. Based on the above results, it can be seen that the ratios of disaster vulnerable districts differ relatively significantly due to the level of the disaster vulnerability class, and the indexes of rainfall characteristics. This suggests that the impact of the disaster vulnerable districts depending on indexes is relatively large, and more detailed indexes should be selected when setting up the disaster vulnerabilities analysis index.

• Journal of the Korean Society of Environmental Restoration Technology
• /
• v.9 no.5
• /
• pp.32-40
• /
• 2006

This study's objects are to suggest effective forest community-level management measures by identifying the vulnerable forest vegetation communities types to climate change through a comparative analysis with present forest communities identified and delineated in the Actual Vegetation Map. The methods of this study are to classify the climatic life zones based on the correlative climate-vegetation relationship for each forest vegetation community, the Holdridge Bio-Climate Model was employed. This study confirms relationship between forest vegetation and environmental factors using Pearson's correlation coefficient analysis. Then, the future distribution of forest vegetation are predicted derived factors and present distribution of vegetation by utilizing the multinomial logit model. The vulnerability of forest to climate change was evaluated by identifying the forest community shifts slower than the average velocity of forest moving (VFM) for woody plants, which is assumed to be 0.25 kilometers per year. The major findings in this study are as follows : First, the result of correlative analysis shows that summer precipitation, mean temperature of the coldest month, elevation, soil organic matter contents, and soil acidity (pH) are highly influencing factors to the distribution of forest vegetation. Secondly, the result of the vulnerability assessment employing the assumed velocity of forest moving for woody plants (0.25kmjyear) shows that 54.82% of the forest turned out to be vulnerable to climate change. The sub-alpine vegetations in regions around Mount Jiri and Mount Seorak are predicted to shift the dominance toward Quercus mongolica and Pinus densiflora communities. In the identified vulnerable areas centering the southern and eastern coastal regions, about 8.27% of the Pinus densiflora communities is likely to shift to sub-tropical forest communities, and 3.38% of the Quercus mongolica communities is likely to shift toward Quercus acutissima communities. In the vulnerable areas scattered throughout the country, about 8.84% of the Quercus mongolica communities is likely to shift toward Pinus densiflora communities due to the effects of climate change. The study findings concluded that challenges associated with predicting the future climate using RCM and the assessment of the future vulnerabilities of forest vegetations to climate change are significant.

• Review of Korean Society for Internet Information
• /
• v.14 no.3
• /
• pp.78-85
• /
• 2013

The revelations made possible by Edward Snowden, a contractor of the US intelligence service NSA, are a sobering reminder that the Internet is not an 'anonymous' means of communication. In fact, the Internet has never been conceived with anonymity in mind. If anything, the Internet and networking technologies provide far more detailed and traceable information about where, when, with whom we communicate. The content of the communication can also be made available to third parties who obtain encryption keys or have the means of exploiting vulnerabilities (either by design or by oversight) of encryption software. Irrebuttable evidence has emerged that the US and the UK intelligence services have had an indiscriminate access to the meta-data of communications and, in some cases, the content of the communications in the name of security and protection of the public. The conventional means of judicial scrutiny of such an access turned out to be ineffectual. The most alarming attitude of the public and some politicians is "If you have nothing to hide, you need not be concerned." Where individuals have nothing to hide, intelligence services have no business in the first place to have a peek. If the public espouses the groundless assumption that State organs are benevolent "( they will have a look only to find out whether there are probable grounds to form a reasonable suspicion"), then the achievements of several hundred years of struggle to have the constitutional guarantees against invasion into privacy and liberty will quickly evaporate. This is an opportune moment to review some of the basic points about the protection of privacy and freedom of individuals. First, if one should hold a view that security can override liberty, one is most likely to lose both liberty and security. Civilized societies have developed the rule of law as the least damaging and most practicable arrangement to strike a balance between security and liberty. Whether we wish to give up the rule of law in the name of security requires a thorough scrutiny and an informed decision of the body politic. It is not a decision which can secretly be made in a closed chamber. Second, protection of privacy has always depended on human being's compliance with the rules rather than technical guarantees or robustness of technical means. It is easy to tear apart an envelope and have a look inside. It was, and still is, the normative prohibition (and our compliance) which provided us with protection of privacy. The same applies to electronic communications. With sufficient resources, surreptitiously undermining technical means of protecting privacy (such as encryption) is certainly 'possible'. But that does not mean that it is permissible. Third, although the Internet is clearly not an 'anonymous' means of communication, many users have a 'false sense of anonymity' which make them more vulnerable to prying eyes. More effort should be made to educate the general public about the technical nature of the Internet and encourage them to adopt user behaviour which is mindful of the possibilities of unwanted surveillance. Fourth, the US and the UK intelligence services have demonstrated that an international cooperation is possible and worked well in running the mechanism of massive surveillance and infiltration into data which travels globally. If that is possible, it should equally be possible to put in place a global mechanism of judicial scrutiny over a global attempt at surveillance.

• Journal of Korea Water Resources Association
• /
• v.49 no.8
• /
• pp.685-692
• /
• 2016

This study aimed to develop the indicator-based approach to assess water use vulnerability in watersheds and applied to the unit watershed within the Han River watershed. Vulnerability indices were comprised of three sub-components (exposure, sensitivity, adaptive capacity) with respect to water use. The indicators were made up of 16 water use indicators. Then we estimated vulnerability indices using the Technique for Order of Preference by Similarity to Ideal Solution approach (TOPSIS). We collected environmental and socio-economic data from national statistics database, and used them for simulated results by the Soil and Water Assessment Tool (SWAT) model. For estimating the weighted values for each indicator, expert surveys for subjective weight and data-based Shannon's entropy method for objective weight were utilized. With comparing the vulnerability ranks and analyzing rank correlation between two methods, we evaluated the vulnerabilities for the Han River watershed. For water use, vulnerable watersheds showed high water use and the water leakage ratio. The indices from both weighting methods showed similar spatial distribution in general. Such results suggests that the approach to consider different weighting methods would be important for reliably assessing the water use vulnerability in watersheds.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.8
• /
• pp.5294-5302
• /
• 2014

The development of public-key-based technique that enables a variety of services(E-government, e-banking, e-payment, etc.) evaluated as having complete safety. On the other hand, vulnerabilities(e.g, heartbleed bug, etc.) are constantly being discovered. In this paper, a public key infrastructure to verify the safety and reliability, the collision rate using OpenSSL key pair was analyzed. the experiment was performed using the following procedure. Openssl was used to create five private certification agencies, and each of the private certificate authority certificates to create 2 million, generating a total of 10 million by the certificate of the key pair conflicts analysis. The results revealed 35,000 in 1 million, 0.35% chance of a public key, a private key conflict occurred. This is sufficient in various fields(E-payment, Security Server, etc.). A future public-key-based technique to remove the threat of a random number generator, large minority issues, in-depth study of selection will be needed.

• Smart Media Journal
• /
• v.7 no.1
• /
• pp.37-44
• /
• 2018

Utilizing sequence control and numerical computing, embedded devices are used in a variety of automated systems, including those at industrial sites, in accordance with their control program. Since embedded devices are used as a control system in corporate industrial complexes, nuclear power plants and public transport infrastructure nowadays, deliberate attacks on them can cause significant economic and social damages. Most attacks aimed at embedded devices are data-coded, code-modulated, and control-programmed. The control programs for industry-automated embedded devices are designed to represent circuit structures, unlike common programming languages, and most industrial automation control programs are designed with a graphical language, LAD, which is difficult to process static analysis. Because of these characteristics, the vulnerability analysis and security related studies for industry automation control programs have only progressed up to the formal verification, real-time monitoring levels. Furthermore, the static analysis of industrial automation control programs, which can detect vulnerabilities in advance and prepare for attacks, stays poorly researched. Therefore, this study suggests a method to present a discussion on an industry automation control program designed to represent the circuit structure to increase the efficiency of static analysis of embedded industrial automation programs. It also proposes a medium term translation technology exploiting LLVM IR to comprehensively analyze the industrial automation control programs of various manufacturers. By using LLVM IR, it is possible to perform integrated analysis on dynamic analysis. In this study, a prototype program that converts to a logical expression type of medium language was developed with regards to the S company's control program in order to verify our method.

• Journal of Digital Convergence
• /
• v.14 no.8
• /
• pp.163-175
• /
• 2016

The purpose of this study is to provide an efficient internal control system formation incentives for company and to confirm empirically usefulness of the internal accounting control system for financial institutions by analyzing whether the internal control vulnerabilities of companies related significantly to the classification and assessment of soundness of financial institutions. Empirical analysis covered KOSPI, KOSDAQ listed companies and unlisted companies with more than 100 billion won of assets which have trading performance with "K" financial institution from 2008 until 2013. Whereas non-internal control vulnerability reporting companies by the internal control of financial reporting received average credit rating of BBB on average, reporting companies received CCC rating. And statistically significantly, non-reporting companies are classified as "normal" and reporting companies are classified as "precautionary loan" when it comes to asset quality classification rating. Therefore, reported information of internal control vulnerability reduced the credibility of the financial data, which causes low credit ratings for companies and suggests financial institutions save additional allowance for asset insolvency prevention and require high interest rates. It is a major contribution of this study that vulnerability reporting of internal control in accordance with the internal control of financial reporting can be used as information significant for the evaluation of financial institutions on corporate soundness.

• Journal of Korea Water Resources Association
• /
• v.46 no.10
• /
• pp.977-987
• /
• 2013

This study aims to develop a multiple criteria decision making (MCDM) approach for flood vulnerability assessment which considers uncertainty. The flood vulnerability assessment procedure consists of three steps: (1) use the Delphi process to determine the criteria and their corresponding weights-the adopted criteria represent the social, economic, and environmental circumstances related to floods, (2) construct a fuzzy data matrix for the flood vulnerability criteria using fuzzification and standardization, and (3) set priorities based on the number of assessed vulnerabilities. This study uses a modified fuzzy TOPSIS method based on ${\alpha}$-level sets which considers various uncertainties related to weight derivation and crisp data aggregation. Further, Spearman's rank correlation analysis is used to compare the rankings obtained using the proposed method with those obtained using fuzzy TOPSIS with fuzzy data, TOPSIS, and WSM methods with crisp data. The fuzzy TOPSIS method based on ${\alpha}$-cut level sets is found to have a higher correlation rate than the other methods, and thus, it can reduce the difference of the rankings which uses crisp and fuzzy data. Thus, the proposed flood vulnerability assessment method can effectively support flood management policies.