• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.7C
• /
• pp.997-1006
• /
• 2004

The rapid expansion of the Internet has provided users with a diverse range of services. Most Internet users create many different IDs and passwords to subscribe to various Internet services. Thus, the SSO system has been proposed to supplement vulnerable security that may arise from inefficient management system where administrators and users manage a number of ms. The SSO system can provide heightened efficiency and security to users and administrators. Recently commercialized SSO systems integrate a single agent with the broker authentication model. However, this hybrid authentication system cannot resolve problems such as those involving user pre-registration and anonymous users. It likewise cannot provide non-repudiation service between joining objects. Consequently, the hybrid system causes considerable security vulnerability. Since it cannot provide security service for the agent itself, the user's private information and SSO system may have significant security vulnerability. This paper proposed an authentication model that integrates a broker authentication model, out of various authentication models of the SSO system, with a multi-agent system. The proposed method adopts a secure multi-agent system that supplements the security vulnerability of an agent applied to the existing hybrid authentication system. The method proposes an SSO authentication model that satisfies various security requirements not provided by existing broker authentication models and hybrid authentication systems.

• Journal of Digital Convergence
• /
• v.14 no.8
• /
• pp.163-175
• /
• 2016

The purpose of this study is to provide an efficient internal control system formation incentives for company and to confirm empirically usefulness of the internal accounting control system for financial institutions by analyzing whether the internal control vulnerabilities of companies related significantly to the classification and assessment of soundness of financial institutions. Empirical analysis covered KOSPI, KOSDAQ listed companies and unlisted companies with more than 100 billion won of assets which have trading performance with "K" financial institution from 2008 until 2013. Whereas non-internal control vulnerability reporting companies by the internal control of financial reporting received average credit rating of BBB on average, reporting companies received CCC rating. And statistically significantly, non-reporting companies are classified as "normal" and reporting companies are classified as "precautionary loan" when it comes to asset quality classification rating. Therefore, reported information of internal control vulnerability reduced the credibility of the financial data, which causes low credit ratings for companies and suggests financial institutions save additional allowance for asset insolvency prevention and require high interest rates. It is a major contribution of this study that vulnerability reporting of internal control in accordance with the internal control of financial reporting can be used as information significant for the evaluation of financial institutions on corporate soundness.

• Journal of the Korean Institute of Traditional Landscape Architecture
• /
• v.34 no.4
• /
• pp.57-65
• /
• 2016

Maeul-soop(Village forest) is a key element of Korean traditional village landscape historically and culturally. However, a number of Maeul-soops have been lost or declined due to various influences since the modern age. For this Maeul-soop that has a variety of conservation values including historical, cultural and ecological ones, attention and efforts for a systematic conservation and restoration of Maeul-soop are needed. The purpose of the present study is to provide information on ecological restoration and sustainable use and management of Maeul-soops based on component plant species, habitat and location characteristics of 499 Maeul-soops spread throughout Korea. Major six categories of threat factors to Maeul-soop ecosystem were identified and the influence of each factor was evaluated. For the evaluation of weight by threat factors for the influence on the vulnerability of Maeul-soop ecosystem, more three-dimensional analysis was conducted using Analytic Hierarchy Process (AHP) analysis method. In the results of evaluation using AHP analysis method, reduction of area, among six categories, was spotted as the biggest threat to existence of Maeul-soops. Next, changes in topography and soil environment were considered as a threat factor of qualitative changes in Maeul-soop ecosystem. Influence of vegetation structure and its qualitative changes on the loss or decline of Masul-soop was evaluated to be lower than that of changes in habitat. Based on weight of each factor, the figures were converted with 100 points being the highest score and the evaluation of vulnerability of Maeul-soop was conducted with the converted figures. In the result of evaluation of vulnerability of Maeul-soops, grade III showed the highest frequency and a normal distribution was formed from low grade to high grade. 38 Maeul-soops were evaluated as grade I which showed high naturality and 10 Maeul-soops were evaluated as grade V as their maintenance was threatened. Also in the results of evaluation of vulnerability of each Maeul-soop, restoration of Maeul-soop's own area was found as top priority to guarantee the sustainability of Maeul-soops. It was confirmed that there was a need to prepare a national level ecological response strategy for each vulnerability factor of Maeul-soop, which was important national ecological resources.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.4
• /
• pp.81-87
• /
• 2015

Recently, with the development of the ICT environment, the use of the software is growing rapidly. And the number of the web server software used with a variety of users is also growing. However, There are also various damage cases increased due to a software security vulnerability as software usage is increasing. Especially web shell hacking which abuses software vulnerabilities accounts for a very high percentage. These web server environment damage can induce primary damage such like homepage modification for malware spreading and secondary damage such like privacy. Source code weaknesses checking system is needed during software development stage and operation stage in real-time to prevent software vulnerabilities. Also the system which can detect and determine web shell from checked code in real time is needed. Therefore, in this paper, we propose the system improving security for web server by detecting web shell attacks which are invisible to existing detection method such as Firewall, IDS/IPS, Web Firewall, Anti-Virus, etc. while satisfying existing secure coding guidelines from development stage to operation stage.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.3
• /
• pp.65-74
• /
• 2012

A barcode is a representative means of cognition. It is either printed on the package of a product or attached to it as a sticker. It is used for the fast cognition of a product at a store. It is considerably cheap to make a barcode. Also, it is possible to read it fast by using a barcode reader. Because of such convenience provided by the barcode, a new system using the barcode as a means of settling payments like a currency or a credit card has been developed. However, due to its characteristics, it is easy to reduplicate, forge or falsify a barcode easily. Therefore, this study focuses on the case of applying the system using barcodes as a means of settling payments without providing solutions for the potential weaknesses. Also, this study suggests various points to consider regarding the creation of safe barcodes as one of the related measures, while providing various methods using additional means of certification other than the one of using barcodes in addition to the way of applying complexity with barcode numbers. Throughout this study, it will be possible to safely establish and operate the payment-settlement system using barcodes.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.565-574
• /
• 2003

This paper implements an intrusion detection message exchange protocol library (IDMEPL) for SDMS-RTIR, which Korea Information Security Agency (KISA) has developed to hierarchically detect and respond to network vulnerability scan attacks. The IDMEPL, based on the IDMEF and the IAP of the IDWG, enables SDMS-RTIR to interact with other intrusion detection systems (IDS) in realtime, and supports the TLS protocol to prevent security threats in exchanging messages between its server and its agents. Especially, with the protocol selection stage, the IDMEPL can support various protocols such as the IDXP besides the IAP. Furthermore, it can allow for agents to choose an appropriate security protocol for their own network, achieving security stronger than mutual authentication. With the IDMEPL, SDMS-RTIR can receive massive intrusion detection messages from heterogeneous IDSes in large-scale networks and analyze them.

• The Journal of Society for e-Business Studies
• /
• v.17 no.4
• /
• pp.1-16
• /
• 2012

Shieh and Wang [10] recently proposed an efficient mutual authentication scheme that combined the cost-effectiveness of operations of Lee et al. [6]. scheme and the security and key agreement of Chen and Yeh scheme. Shieh and Wang [10] scheme, however, does not satisfy the security requirements against a third party (the man-in the middle, attacker) that have to be considered in remote user authentication scheme using password-based smart cards. Shieh and Wang weaknesses are the inappropriateness that it cannot verify the forged message in 3-way handshaking mutual authentication, and the vulnerability that the system (server) secret key can easily be exposed. This paper investigates the problems of Shieh and Wang scheme in the verification procedure of the forged messages intercepted by the eavesdrop. An enhanced two-way remote user authentication scheme is proposed that is safe and strong against multiple attacks by adding the ability to perform integrity check on the server and proposed scheme is not expose user password information and the system's confidential information.

• Journal of Digital Convergence
• /
• v.13 no.2
• /
• pp.177-183
• /
• 2015

Cross Site Scripting enables hackers to steal other user's information (such as cookie, session etc.) or to do abnormal functions automatically using vulnerability of web application. This attack patterns of Cross Site Scripting(XSS) can be divided into two types. One is Reflect XSS which can be executed in one request for HTTP and its reply, and the other is Stored XSS which attacks those many victim users whoever access to the page which accepted the payload transmitted. To correspond to these XSS attacks, some measures have been suggested. They are data validation for user input, output validation during HTML encoding procedures, and removal of possible risk injection point to prevent from trying to insert malicious code into web application. In this paper, the methods and procedures for these two types are explained and a penetration testing is done. With these suggestions, the attack by XSS could be understood and prepared by its countermeasures.

• Korean Journal of Soil Science and Fertilizer
• /
• v.42 no.1
• /
• pp.37-45
• /
• 2009

Susceptibility assessment of groundwater contamination is a useful tool for many aspects of regional and local groundwater resources planning and management. It can be used to direct regulatory, monitoring, educational, and policy-making efforts to highly vulnerable areas. In this study, a semi process-based was proposed to evaluate relative susceptibilities to groundwater contamination by nitrate on a regional scale. Numerical simulation based on data from each soil series was done to model water flow within soil profiles that were related to groundwater contamination by nitrate. Relative vulnerability indices for each soil series were produced by manipulation of amount of leaching flux, amount of average water storage in a soil profile, and amount of average water storage change. These indices were designed to convey the trend of leaching flux and to maximize spatial resolution. The resulting vulnerability distribution map was used to locate highly vulnerable sites easily with an appropriate grouping the indices, and was then compared with those from groundwater nitrate concentrations monitored. An excellent agreement was obtained across nitrate concentrations from the highly vulnerable regions and those from the low to stable regions.

• Information Systems Review
• /
• v.19 no.1
• /
• pp.49-74
• /
• 2017

The development of smart devices has affected employees' working environments and their lives. However, using smart devices is causing employees to experience technostress. This study aims to investigate the effects of technostress in using smart devices on usage intention in an organization. Moreover, the study investigates the effect of employees' stress-coping methods on the intention to use smart devices. This study posits familiarity, use innovativeness, role ambiguity, system vulnerability, technological limitation, and ubiquity as the antecedents of technostress. Data collected from 317 users who have experience in using smart devices in organizations are empirically tested against a research model using the PLS graph. Analysis results show that role ambiguity, system vulnerability, and technological limitation significantly influence technostress. Moreover, users take up emotion-focused coping behaviors because of technostress. Emotion-focused coping behaviors affect usage intention in organizations. However, technostress and problem-focused coping behaviors do not directly affect usage intention in organizations.