• Journal of Internet Computing and Services
• /
• v.23 no.1
• /
• pp.49-68
• /
• 2022

The operation system of a shipping company is still maintaining the mainframe based terminal access environment or the client/server based environment. Nowadays shipping companies that try to migrate it into a web-based environment are increasing. However, in the transition, if the design is processed by the old configuration and knowledge without considering the characteristics of the web-based environment and shipping business, various security vulnerabilities will be revealed at the actual system operation stage, and system maintenance costs to fix them will increase significantly. Therefore, in the transition to a web-based environment, a security design must be carried out from the design stage to ensure system safety and to reduce security-related maintenance costs in the future. This paper examines the characteristics of various threat modeling techniques, selects suitable modeling technique for the operation system of a shipping company, applies data flow diagram and STRIDE threat modeling technique to shipping business, derives possible security threats from each component of the data flow diagram in the attacker's point of view, validates the derived threats by mapping them with attack library items, represents the attack tree having various attack scenarios that attackers can attempt to achieve their final goals, organizes into the checklist that has security check items, associated threats and security requirements, and finally presents 23 security requirements that can respond to threats. Unlike the existing general security requirements, the security requirements presented in this paper reflect the characteristics of shipping business because they are derived by analyzing the actual business of a shipping company and applying threat modeling technique. Therefore, I think that the presented security requirements will be of great help in the security design of shipping companies that are trying to proceed with the transition to a web-based environment in the future.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.7
• /
• pp.779-789
• /
• 2014

Utilizing smart phones based on android applications in the field of FA(Factory Automation) or PA(Production Automation) is being deployed actively. In general, MDM(Mobile Device Management) is a crucial infra-structure to build such a FA or PA environment. In this paper, we suggest an open mobile device management platform and implement its prototype. The developed prototype consists of three modules such as DMS(Device Management Server), FUMO(Firmware Update Management Object) and SCOMO(Software Component Management Object). In addition, we suggest a security module based on the concept of the EAP (Extensible Authentication Protocol) and the AES (Advanced Encryption Standard). The suggested security module's prototype is applied to guarantee the data integrity in the process of communicating among DMS, FUMO and SCOMO for the purpose of utilizing smart phones based on android applications in a FA field. We also evaluate the performance of the implemented security prototype. According to our simulation results, the implemented prototype has a good performance in a FA environment and can be utilized in the other FA, PA or OA(Office Automation) environment with guaranteeing the security.

• Journal of Broadcast Engineering
• /
• v.13 no.4
• /
• pp.528-543
• /
• 2008

Internet Protocol Television (IPTV) provides an interactive and personalized service for realizing integrated broadcasting and telecommunication services. Set-top box (SIB) connected to TV is an essential component required for IPTV and has a unique hardware identifier used in identification and authentication. It means that subscriber authentication based on box-level identification is inconsistent with IPTV's main intention of providing personalized services. The proposed solution is to provide an opportunity to use the flexible user-centric authentication mechanism through Java Card applets in IPTV application server and 3G networks. This paper suggests personalized services by moving the user's private data and authentication management beyond the STB to a truly personalized device, the ubiquitous mobile phone. In addition, this paper presents effectiveness and security analysis for verifying the proposal.

• The KIPS Transactions:PartD
• /
• v.9D no.6
• /
• pp.1063-1070
• /
• 2002

With a remarkable growth and expansion of Internet, the security issues emerged from intrusions and attacks such as computer viruses, denial of services and hackings to destroy information have been considered as serious threats for Internet and the private networks. To protect networks from intrusions and attacks, many vendors have developed various security systems such as firewalls and intrusion detection systems. However, managing these systems individually demands too much work and high cost. Thus, integrated and autonomous security management for various security products has become more important. In this paper, we present the architecture of the WISMSF (Web-based Integrated Security Management System for Firewalls) and the merits of centralized approach for managing heterogeneous firewalls and implement the prototype of the central policy database that is a component of the WISMSF engine. The WISMSF engine supports an integrated view for policies, the integrity of polities and the easy recovery and addition of policies. And also, we define the policy conflicts of WISMSF and present the policy recovery process to support to the policies consistence.

• Journal of the Korean Society of Systems Engineering
• /
• v.14 no.2
• /
• pp.73-82
• /
• 2018

In this work, a hardware based cryptographic module for the cyber security of nuclear power plant is developed using a system engineering approach. Nuclear power plants are isolated from the Internet, but as shown in the case of Iran, Man-in-the-middle attacks (MITM) could be a threat to the safety of the nuclear facilities. This FPGA-based module does not have an operating system and it provides protection as a firewall and mitigates the cyber threats. The encryption equipment consists of an encryption module, a decryption module, and interfaces for communication between modules and systems. The Advanced Encryption Standard (AES)-128, which is formally approved as top level by U.S. National Security Agency for cryptographic algorithms, is adopted. The development of the cyber security module is implemented in two main phases: reverse engineering and re-engineering. In the reverse engineering phase, the cyber security plan and system requirements are analyzed, and the AES algorithm is decomposed into functional units. In the re-engineering phase, we model the logical architecture using Vitech CORE9 software and simulate it with the Enhanced Functional Flow Block Diagram (EFFBD), which confirms the performance improvements of the hardware-based cryptographic module as compared to software based cryptography. Following this, the Hardware description language (HDL) code is developed and tested to verify the integrity of the code. Then, the developed code is implemented on the FPGA and connected to the personal computer through Recommended Standard (RS)-232 communication to perform validation of the developed component. For the future work, the developed FPGA based encryption equipment will be verified and validated in its expected operating environment by connecting it to the Advanced power reactor (APR)-1400 simulator.

• Journal of Korea Multimedia Society
• /
• v.19 no.12
• /
• pp.1951-1959
• /
• 2016

In this paper, we propose a two-scale fusion method for infrared and visible images using saliency and variance. The images are separated into two scales respectively: a base layer of low frequency component and a detailed layer of high frequency component. Then, these are synthesized using weight. The saliencies and the variances of the images are used as the fusion weights for the two-scale images. The proposed method is tested on several image pairs, and its performance is evaluated quantitatively by using objective fusion metrics.

• Journal of Electrical Engineering and Technology
• /
• v.12 no.4
• /
• pp.1657-1662
• /
• 2017

Facial expression recognition systems using video devices have emerged as an important component of natural human-machine interfaces which contribute to various practical applications such as security systems, behavioral science and clinical practices. In this work, we present a new method to analyze, represent and recognize human facial expressions using a sequence of facial images. Under our proposed facial expression recognition framework, the overall procedure includes: accurate face detection to remove background and noise effects from the raw image sequences and align each image using vertex mask generation. Furthermore, these features are reduced by principal component analysis. Finally, these augmented features are trained and tested using Hidden Markov Model (HMM). The experimental evaluation demonstrated the proposed approach over two public datasets such as Cohn-Kanade and AT&T datasets of facial expression videos that achieved expression recognition results as 96.75% and 96.92%. Besides, the recognition results show the superiority of the proposed approach over the state of the art methods.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.12
• /
• pp.21-28
• /
• 2015

In this paper, we propose a method of glasses detection in facial image. we develop a detection method of glasses with a weighted sum of the results that detected by facial element detection and glasses frame candidate region. Component of the face detection method detects the glasses, by defining the detection probability of the glasses according to the detection of a face component. Method using the candidate region of the glasses frame detects the glasses, by defining feature of the glasses frame in the candidate region. finally, The results of the combined weight of both methods are obtained. The proposed method in this paper is expected to increase security system's recognition on facial accessories by raising detection performance of glasses or sunglasses for using ATM.

• Journal of Korea Multimedia Society
• /
• v.16 no.1
• /
• pp.1-10
• /
• 2013

This paper presents an approach for detecting and measuring human skin pigmentation. In the proposed scheme, we extract a skin area by a Gaussian skin color model that is estimated from the statistical analysis of training images and remove tiny noises through the morphology processing. A skin area is decomposed into two components of hemoglobin and melanin by an independent component analysis (ICA) algorithm. Then, we calculate the intensities of hemoglobin and melanin by using the location histogram and determine the existence of skin pigmentation according to the global and local distribution of two intensities. Furthermore, we measure the area and density of the detected skin pigmentation. Experimental results verified that our scheme can both detect the skin pigmentation and measure the quantity of that and also our scheme takes less time because of the location histogram.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.1189-1192
• /
• 2005

본 논문에서는 스케치 연산자를 적용하여 견실한 얼굴인식 방법을 제안한다. 제안된 방법은 인식 대상의 중요한 특성인 에지(edge), 벨리(valley) 및 질감(texture) 성분을 효과적으로 표현하기 위한 방법으로써, BDIP(block difference of inverse probabilities)를 사용하여 얼굴의 특징을 스케치 영상과 같이 나타내는 얼굴 영상을 획득한다. 그리고, BDIP 처리된 얼굴 영상은 입력 데이터의 차원 축소 및 얼굴 특징 벡터의 추출을 위해 PCA(Principal Component Analysis)를 수행한 후, Nearest Neighbor 분류기를 통해 인식을 수행한다. 제안된 방법의 성능을 평가하기 위하여, 일반적으로 많이 사용되는 HE(Histogram equalization)을 사용한 얼굴 인식 방법과의 비교를 수행한다. 실험결과, 본 논문에서 제안한 방법이 고유값이 적은 경우에 가장 높은 인식률을 나타내는 것을 알 수 있었다.