• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1261-1266
• /
• 2021

Existing information security risk assessment methods focus on evaluating the vulnerability of information assets. However, when the form of information assets changes and new types of information assets emerge, there is a limitation in that the evaluation standards for them are also added or deleted. Existing methods have insufficient research on the path through which cyber threats are introduced. In particular, there is very little research on blocking the inflow path for web-based information systems with public IPs. Therefore, this paper introduces the main research contents of the BDLA (Blockade and Defense Level Analysis)-based information security risk assessment model. In addition, by applying the BDLA-based information security risk assessment model, the information security risk level was studied by measuring the blockade level and security equipment level of 17 public institutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.73-81
• /
• 2021

When downloading files using an app or web-based application on the user's mobile phone, the path is set to be saved in the pre-defined default directory. Many applications requiring access to storage, including file managers, require a write or read permission of storage to provide numerous functions and services. This means that the application will have direct access to the download folder where the numerous files downloaded. In this paper, to prove our feasibility of attack using the security vulnerabilities mentioned above, we developed a file hacking function disguised as an encryption function in the file management application. The file that encrypted will be sent to hackers via E-mail simultaneously on the background. The developed application was evaluated from VirusTotal, a malicious analysis engine, was not detected as a malicious application in all 74 engines. Finally, in this paper, we propose a defense technique and an algorithm based on the Trusted Execution Environment (TEE) to supplement these storage vulnerabilities.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.146-149
• /
• 2022

With internet development, many peoples use their email to exchange documents, register for web services, and much more. Some individuals/organizations (including educational institutions) use their own domain name for email instead of a domain provided by commercial email services. However, suppose the domain used for custom email expires. In that case, other individuals/organizations can reuse the domain, and the new domain owner can send and receive all emails incoming to the domain. It makes us concerned about Privacy violations. Email that new domain owners can look into also contains sensitive emails like password reset notifications, credit card statements, order history, and more. In this research, we would like to describe the privacy violations caused by the expired domain used for email that did not remove all dependencies of email users and propose a solution.

• Maritime Security
• /
• v.1 no.1
• /
• pp.215-240
• /
• 2020

In 2017, the U.S. DARPA coined 'mosaic warfare' as a new way of warfighting. According to the Timothy Grayson, director of DARPA's Strategic Technologies Office, mosaic warfare is a "system of system" approach to warfghting designed around compatible "tiles" of capabilities, rather than uniquely shaped "puzzle pieces" that must be fitted into a specific slot in a battle plan in order for it to work. Prior to cover mosaic warfare theory and recent development, it deals analyze its background and several premises for better understanding. The U.S. DoD officials might acknowledge the current its forces vulnerability to the China's A2/AD assets. Furthermore, the U.S. seeks to complete military superiority even in other nation's territorial domains including sea and air. Given its rapid combat restoration capability and less manpower casualty, the U.S. would be able to ready to endure war of attrition that requires massive resources. The core concept of mosaic warfare is a "decision centric warfare". To embody this idea, it create adaptability for U.S. forces and complexity or uncertainty for the enemy through the rapid composition and recomposition of a more disag g reg ated U.S. military force using human command and machine control. This allows providing more options to friendly forces and collapse adversary's OODA loop eventually. Adaptable kill web, composable force packages, A.I., and context-centric C3 architecture are crucial elements to implement and carry out mosaic warfare. Recently, CSBA showed an compelling assessment of mosaic warfare simulation. In this wargame, there was a significant differences between traditional and mosaic teams. Mosaic team was able to mount more simultaneous actions, creating additional complexity to adversaries and overwhelming their decision-making with less friendly force's human casualty. It increase the speed of the U.S. force's decision-making, enabling commanders to better employ tempo. Consequently, this article finds out and suggests implications for Korea armed forces. First of all, it needs to examine and develop 'mosaic warfare' in terms of our security circumstance. In response to future warfare, reviewing overall force structure and architecture is required which is able to compose force element regardless domain. In regards to insufficient defense resources and budget, "choice" and "concentration" are also essential. It needs to have eyes on the neighboring countries' development of future war concept carefully.

• Journal of The Korean Association For Science Education
• /
• v.30 no.8
• /
• pp.933-952
• /
• 2010

This study aims to characterize debate on a socio-scientific issue in the Internet and to provide implications from a postmodernist perspective. This study concentrates on disentanglement of the complex relationship among society, economy, politics and science in an issue and characterization of the given text centering on its originality, the relationship between writer and reader, and the purpose of utterance. Sixty-six most read articles on a web message board were chosen and analyzed as a typical case of a socio-scientific issue in the internet. In them, five scientific disputes were identified: the cause of mad cow disease (MCD), specified risk material and the incubation period, the cause of new variant Creutzfeld-Jakob disease (vCJD), vulnerability of vCJD and the relation of Alzheimer and vCJD in American patients. Each argument is intertwined with social, economic and political problems such as its impact on the domestic beef market, feeding environment of imported cattle and the retaliation against denial of importation. With regard to originality, it is found that the originality of an author is weakened but communal through repetitive quotation of 'Peom', cutting and pasting, and engagement of readers with their comments. Furthermore, in order to close the gap between writer and reader, identity and personal narrative of the writers are often introduced into their writing. In terms of purpose of utterance, these are intended to deliver one's feelings or facilitate human behavior rather than inform through verification of a principle.

• Korean Journal of Remote Sensing
• /
• v.36 no.3
• /
• pp.475-486
• /
• 2020

Climate change scenarios are the basis of research to cope with climate change, and consist of large-scale spatio-temporal data. From the data point of view, one scenario has a large capacity of about 83 gigabytes or more, and the data format is semi-structured, making it difficult to utilize the data through means such as search, extraction, archiving and analysis. In this study, a tool for analyzing extreme climate events based on spatial information is developed to improve the usability of large-scale, multi-period climate change scenarios. In addition, a pilot analysis is conducted on the time and space in which the heavy rain thresholds that occurred in the past can occur in the future, by applying the developed tool to the RCP8.5 climate change scenario. As a result, the days with a cumulative rainfall of more than 587.6 mm over three days would account for about 76 days in the 2080s, and localized heavy rains would occur. The developed analysis tool was designed to facilitate the entire process from the initial setting through to deriving analysis results on a single platform, and enabled the results of the analysis to be implemented in various formats without using specific commercial software: web document format (HTML), image (PNG), climate change scenario (ESR), statistics (XLS). Therefore, the utilization of this analysis tool is considered to be useful for determining future prospects for climate change or vulnerability assessment, etc., and it is expected to be used to develop an analysis tool for climate change scenarios based on climate change reports to be presented in the future.