• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.1
• /
• pp.185-194
• /
• 2018

This study investigates the limitations of blockchain technology and the ways to improve it by using Delphi technique. Limit factors and improvement measures are classified into technology, service, and legal system. First, from a technical point of view, lack of standardization of the technology, insufficiency of integration, lack of scalability, unclear cancellation or correction policy, excessive cost of transaction verification, insufficient personal information protection and not enough to respond to hacking defense were the limiting factors. In order to improve these, the followings; ensuring standardization, securing integration and scalability, establishing cancellation of each applicable data, establishment of correction policy, efficiency of verification cost, the protection of personal information and countermeasure against hacking are provided. The related technology development and countermeasures must be established to effectively introduce the blockchain technology to the market. Second, in the early stage of blockchain service, it showed lack of utilization of the blockchain, security threat, shortage of skilled workers, and lack of legal liability. As a solution to these problems, it is necessary to suggest various applications, against security threat, training professional manpower, and securing legal responsibility. It should also provide a foundation for providing institutionally stable services. Third, from as legal system point of view, inadequate legal compliance, lack of relevant regulation, and uncertainty in the regulation were the limiting factors. Therefore establishing a legal system, which is the most important area for activating the service, should be accompanied by the provision of legal countermeasures, clearness of regulations and measures to be taken by relevant governmental authorities. This study will contribute as a reference for a research, related to the blockchain.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.1-11
• /
• 2020

As an important basic building block of the smart grid environment, smart meter provides real-time electricity consumption information to the utility. However, ensuring information security and privacy in the smart meter data aggregation process is a non-trivial task. Even though the secure data aggregation for the smart meter has been a lot of attention from both academic and industry researchers in recent years, most of these studies are not secure against internal attackers or cannot provide data integrity. Besides, their computation costs are not satisfactory because the bilinear pairing operation or the hash-to-point operation is performed at the smart meter system. Recently, blockchains or distributed ledgers are an emerging technology that has drawn considerable interest from energy supply firms, startups, technology developers, financial institutions, national governments and the academic community. In particular, blockchains are identified as having the potential to bring significant benefits and innovation for the electricity consumption network. This study suggests a distributed, privacy-preserving, and simple secure smart meter data aggregation system, backed up by Blockchain technology. Smart meter data are aggregated and verified by a hierarchical Merkle tree, in which the consensus protocol is supported by the practical Byzantine fault tolerance algorithm.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.132-138
• /
• 2012

Existing network layer firewall security support is one that does not support the higher layer, the application layer of a vulnerable web application security. Under these circumstances, the vulnerability of web applications to be able to defend a Web Application Firewall is positioned as a solver to solve the important security issues of businesses spotlighted in the next generation of security systems, and a very active market in the market other than domestic is expected to be formed. However, Firewall Web has not yet proposed a standard which can be used to test the performance of the Web Application Firewall Web Application Firewall and select the products of trust hardly Companies in BMT conduct their own individual problems and the cost of performance testing technologies, there is a limit. In this study, practically usable BMT model was developed to evaluate the firewall vendor. Product ratings ISO / IEC 9126, eight product characteristics meet the performance and characteristics of a web application firewall entries are derived. This can relieve the burden on the need to be evaluated in its performance testing of Web firewall, and can enhance the competitiveness of domestic-related sectors, by restoring confidence in the product can reduce the dependence on foreign products.

• Korean Security Journal
• /
• no.51
• /
• pp.11-35
• /
• 2017

The third industrial revolution, characterized by factory automation and informatization, are moving toward the fourth industrial revolution which is the era of superintelligence and supernetworking through rapid technology innovation. The most important resources in the fourth industrial revolution are information or data since the most of industrial and economic activities will be affected by information in the fourth industrial revolution. Therefore we can expect that more information will be utilized, shared and transfered through the networks or systems in real time than before so the significance of information management and security will also increase. As the importance of information resource management and security which is the core of the fourth industrial revolution increases, the threats on information security are also growing so security incidents such as data breeches and accidents take place more often. Various and thorough solutions are highly needed to protect information resources from security risks because information accidents or breaches seriously damage brand image and cause huge financial damage to organization. The purpose of this study is to research general trends on data breaches and accident that can be serious threat of information security. Also, we will provide resonable solutions to protect data from nine attack patterns or other risk factors after figuring out each characteristic of nin attack patterns in data breaches and accidents.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.06c
• /
• pp.265-267
• /
• 2006

사용목적(Purpose)은 최근 개인 프라이버시 보호와 관련하여 데이타 수집과 수집 후 보안관리에 있어서 중요한 요소로 사용되고 있다. W3C(World Wide Web Consortium)는 데이타 제공자가 자신이 방문한 웹 사이트에 개인정보를 제공하는 것을 통제할 수 있도록 하는 표준을 제시하였다. 그러나 데이타 수집 후 유통과정에서 개인정보에 대한 보안관리에 대한 언급이 없다. 현재 히포크라테스 데이타베이스(Hippocratic Databases), 사용목적기반 접근제어(Purpose Based Access Control)등은 W3C의 데이타 수집 메커니즘을 따르고 있으며, 데이타 수집 후 보안관리에 대하여 사용목적 관리와 접근제어 기법을 사용하여 관리를 하고 있으나 사용목적에 대한 표현과 사용목적 관리의 미흡함으로 인하여 그에 따르는 개인정보의 프라이버시 보호에 있어서 효과적인 해결책을 제시하지 못하고 있다. 본 논문은 사용목적의 표현력을 향상시키면서. 사용목적의 효과적인 관리기법을 제시한다. 또한 개인의 프라이버시 보호를 위한 방법으로 사용목적의 분류화를 통해 최소권한의 원칙을 따르는 접근제어 기법을 제시한다. 본 논문에서는 사용목적을 상속적, 시간적 그리고 독립적 구조로 분류화하였으며, 이렇게 분류화된 사용목적에 대한 각기 다른 관리기법을 제시한다. 또한 접근제어의 유연성을 위해 RBAC의 역할계층 구조를 사용하였으며, 일의 최소 단위인 태스크(task)의 최소권한을 얻기 위한 조건으로 몇몇 특성의 사용목적을 사용하여 만족할 경우 태스크를 처리하기 위한 기존 모델보다 향상된 최소사용권한을 제공하는 기법을 제시한다. Interference Contrast)에 의한 내부구조 관찰이 최종 동정기준이 되어야할 것으로 나타났다.cillus로 구성되었다. 한편, DAL세균군(42균주)은 high G+C 및 low G+C gram positive 계통군 이외에도 proteobacteria -subdivision에 속하는 Afipia와 Ralstonia, proteobacteria -subdivision에 속하는 Variovorax, proteobacteria $\beta$-subdivision에 속하는Pseudomonas로 구성되어 계통학적으로 다양한 세균임이 확인되었다. 40%까지 대체가 가능하였으며, 아울러 높은 라이신 부산물의 대체 수준에 있어서 사료효율과 단백질 전환효율을 고려한다면 아미노산 첨가(라이신과 아르지닌)와 중화 효과에 좋은 결과가 있을 것으로 사료된다.의한 적정 양성수용밀도는 각고 5~6cm 크기의 경우 10~15개체가 적합하였다. 수증별 성장은 15~20 m 수층에서 빨랐으며, 성장촉진과 폐사를 줄이기 위해서는 고수온이 지속되는 7~10월에는 20~30m수층으로 채롱을 내려 양성하고 그 외 시기에는 15 m층 내외가 좋은 것으로 나타났다. 상품으로 출하 가능한 크기 인 각고 10 cm이상, 전중량 140 g 내외로 성장시 키기까지는 채묘후 22개월이 소요되었고, 출하시기는 전중량 증가가 최대에 이르는 3월에서 4월 중순이 경제적일 것으로 판단된다.er 90 % of good relative dynamic modulus of elasticity due to fineness of formation caused by the

• 전기의세계
• /
• v.18 no.1
• /
• pp.33-37
• /
• 1969

한전은 1968년 11월 3일 오전 10시 04분을 기하여 154KV 전계통의 직접접지방식 전환을 단행하였다. 종전의 P.C(소고선륜) 중성점접지방식을 직접접지방식으로 전환한것으로서 전력사상 특기 할 만한 근대화사업이며 다년간을 두고 추진해온 중요과제였다. 전력계통의 확대와 복잡화는 선진국가에서도 실시하고 있는 직접접지방식의 채택을 불가변하게 하였고 또한 1차 AID송배전차관도 이의 채택을 조건부로 승인되었던 것으로서 1968년 이후에 건설되는 송변전기기는 직접접지계에서만 운전할 수 있는 절연Level 650KV급이 도입되어 부산화력발전소 3호기가 준공되는 1968년 10월말까지는 직접접지전환이 반드시 이루어져야 하는 실정에 놓여 있었다. 그런데 직접접지방식의 단점인 인접통신선에 미치는 유도장해를 해결하는 문제가 다년간을 두고 진지하게 검토되어 왔으나 해결이 늦어지고 있었다. 사유는 154KV 계통에 인근된 통신선이라면 체신부, 내무부, 교통부, 국방부등 여러기관의 것이 있는데, 유도장해보안방법과 유도보상비문제에 대하여 전력측(상공부, 한전)과 통신측(상기의 체신부등)의 견해차가 해소되지 않기 때문이었다. 그것이 1968년 5월에 와서 전력.통신쌍방이 범국가적입장에서 제반애로를 무릅쓰고 최소한의 투자로 가능한 범위내의 보안책으로서 우선 Arrester 보안방식을 채택하기로 합의되어 경제장관회의를 거쳐 시공하기에 이른것이다. 이 란을 빌려 이 사업의 필요성과 경위및 통신선유도장해방지를 위한 보안방식내용을 간단히 소개함으로써 앞으로 이 분야의 항구적인 유도대책연구에 다소나마 참고가 된다면 다행으로 생각하겠다.면서 예측강우의 질이 저하되기 시작하였으나 QPM을 합성함으로써 생산한 BQPF는 보다 신뢰성있고 양호한 결과를 얻을 수 있었다. 이러한 결과들은 향후 정량적 분포형강우 예측을 이용한 실시간 홍수유출 예측시 댐운영자는 리드타임(홍수선행시간)을 충분히 확보함으로서 안정적이고 예측 가능한 홍수조절을 하는데 도움을 줄 수 있을 것으로 기대된다. 이와 같이 다양한 단기저수지 유입량의 예측정보 제공으로 다목적댐 저수지 운영모형의 효용성을 제고하여 향후 실제 저수지 유입량 예측에 이용함으로써 저수지 단기운영효율 개선에 기여할 수 있을 것으로 사료된다.다. 이것은 여름철 강수량이 증가하고, 호우발생빈도, 특히 8월의 강수일수가 증가하고 있다는 것과 밀접한 관련이 있다. 여름과 가을에 우리나라에 영향을 미치는 태풍의 수는 뚜렷한 추세를 보이지 않으나, 2002년 루사, 2003년 매미로 인하여 각각 6조원, 4조원 이상의 막대한 피해가 발생하였다. 태풍에 의한 피해액은 GDP 대비 약 0.9%(태풍 루사)로 최근 경제상장률과 비교해 보면, 상당한 비율을 차지한다. 우리나라에 영향을 미치는 태풍은 연근해의 해수면 온도가 높아지면 세기가 강해질 가능성이 높다. 폭설과 한파일수도 평년대비 최근 10년 감소하였고 일최저기온이 영하 $10^{\circ}C$ 이하인 날도 연간 발생일수가 감소하였다. 최근 10년간 우리나라 기후의 변화특성은 기온상승과 더불어 서리종료일이 앞당겨지고 열대야가 증가하고 폭설, 한파, 겨울철 일최저기온 영하 10도 이하인 날의 감소 등이 나타나고, 여름철 재해의 원인인 호우일수는 증가하는 추세이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.847-857
• /
• 2020

As IoT equipment is commercialized, Bluetooth or wireless networks will be built into general living devices such as IP cameras, door locks, cars and TVs. Security for IoT equipment is becoming more important because IoT equipment shares a lot of information through the network and collects personal information and operates the system. In addition, web-based attacks and application attacks currently account for a significant portion of cyber threats, and security experts are analyzing the vulnerabilities of cyber attacks through manual analysis to secure them. However, since it is virtually impossible to analyze vulnerabilities with only manual analysis, researchers studying system security are currently working on automated vulnerability detection systems, and Firm-AFL, published recently in USENIX, proposed a system by conducting a study on fuzzing processing speed and efficiency using a coverage-based fuzzer. However, the existing tools were focused on the fuzzing processing speed of the firmware, and as a result, they did not find any vulnerability in various paths. In this paper, we propose IoTFirmFuzz, which finds more paths, resolves constraints, and discovers more crashes by strengthening the mutation process to find vulnerabilities in various paths not found in existing tools.

• The KIPS Transactions:PartA
• /
• v.18A no.5
• /
• pp.193-204
• /
• 2011

Since web applications are accessed by anonymous users via web, more security risks are imposed on those applications. In particular, because security vulnerabilities caused by insecure source codes cannot be properly handled by the system-level security system such as the intrusion detection system, it is necessary to eliminate such problems in advance. In this paper, to enhance the security of web applications, we develop a static analyzer for detecting the well-known security vulnerability of PHP file inclusion vulnerability. Using a semantic based static analysis, our vulnerability analyzer guarantees the soundness of the vulnerability detection and imposes no runtime overhead, differently from the other approaches such as the penetration test method and the application firewall method. For this end, our analyzer adopts abstract interpretation framework and uses an abstract analysis domain designed for the detection of the target vulnerability in PHP programs. Thus, our analyzer can efficiently analyze complicated data-flow relations in PHP programs caused by extensive usage of string data. The analysis results can be browsed using a JAVA GUI tool and the memory states and variable values at vulnerable program points can also be checked. To show the correctness and practicability of our analyzer, we analyzed the source codes of open PHP applications using the analyzer. Our experimental results show that our analyzer has practical performance in analysis capability and execution time.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.9
• /
• pp.12-20
• /
• 2016

With the enhancements in existing major industries, cloud computing-based converging services have been created, as well as value-added industries. A variety of converging services are now provided, from personalized services up to industrial services. In Korea, they have become the driving force behind existing industries throughout the whole economy, but mainly in finance, mobile systems, social computing, and home services, based on cloud services. However, not only denial of service (DOS) and distributed DOS (DDOS) attacks have occurred, but also attack techniques targeting core data in storage servers. Even security threats that are hardly detected, such as multiple attacks on a certain target, APT, and backdoor penetration have also occurred. To supplement defenses against these, in this article, a protocol for authority management is designed to provide users with safe storage services. This protocol was studied in cases of integration between a cloud environment and big data-based technology, security threats, and their requirements. Also studied were amalgamation examples and their requirements in technology-based cloud environments and big data. With the protocol suggested, based on this, security was analyzed for attack techniques that occur in the existing cloud environment, as well as big data-based techniques, in order to find improvements in session key development of approximately 55%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.13-25
• /
• 2004

The key exchange protocols are very crucial tools to provide the secure communication in the broadband satellite access network. They should be required to satisfy various requirements such as security, key confirmation, and key freshness. In this paper, we present the guideline of security functions in BSAN(Broadband Satellite Access Network), and analyze the specification of the security primitives and the hey exchange Protocols for the authenticated key agreement between RCST(Return Channel Satellite Terminal) and NCC(fretwork Control Centre). In addition, we propose the security specification for a domestic broad satellite network based on the analysis on the analysis profile of ETSI(European Telecommunications Standards Institute) standards. The key exchange protocols proposed in ETSI standard are vulnerable to man-in-the-middle attack and they don't provide key confirmation. To overcome this shortcoming, we propose the 4 types of the key exchange protocols which have the resistant to man-in-the-middle-attack, key freshness, and key confirmation, These proposed protocols can be used as a key exchange protocol between RCST and NCC in domestic BSAN. These proposed protocols are based on DH key exchange protocol, MTI(Matsumoto, Takashima, Imai) key exchange protocol, and ECDH(Elliptic Curve Diffie-Hellman).