• Journal of the Korea Convergence Society
• /
• v.8 no.3
• /
• pp.23-30
• /
• 2017

OpenADR is a national standard communication protocol of demand response service. OpenADR uses XML message, called a payload, to support logical transaction of demand response service. For this purpose, OpenADR defines a XML element as transaction identifier which is called requestID. Unfortunately, OpenADR 2.0b profile specification describes some information about requestID but, it is not enough for understanding properly. Ambiguous definition of payload transaction makes vulnerabilities of implementing VEN & VTN and confuses mapping OpenADR 2.0b protocol into other smart grid protocols. Therefore, this paper redefines payload transaction to solve an ambiguous information of OpenADR 2.0b profile specification, proposes a model of analyzing payload transaction, and shows how to detect a payload transaction vulnerability in real-world.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.123-140
• /
• 2022

Recently, research on solving problems that have introduced the concept of smart city in countries and companies around the world is in progress due to various urban problems. A smart city converges the city's ICT, connects all the city's components with a network, collects and delivers data, and consists of a supply chain composed of various IoT products and services. The increase in various cyber security threats and supply chain threats in smart cities is inevitable, in addition to establishing a framework such as supply chain security policy, authentication of each data provider and service according to data linkage and appropriate access control are required in a Zero-Trust point of view. To this end, a smart city security model has been developed for smart city security threats in Korea, but security requirements related to supply chain security and zero trust are insufficient. This paper examines overseas smart city security trends, presents international standard security requirements related to ISMS-P and supply chain security, as well as security requirements for applying zero trust related technologies to domestic smart city security models.

• Journal of KIISE:Information Networking
• /
• v.33 no.3
• /
• pp.257-268
• /
• 2006

In this paper, we have designed and implemented mobile instant messenger which has extensible presence service capability. Most previous work on instant messaging system has some limitation with regard to interoperability and extensibility. To solve these problems, we have employed the presence service architecture of IETF. In order to provide extensible presence capability in the wireless mobile communication, we have employed the presence service attributes which are defined in OMA's IMPS architecture. In particular, we have designed and implemented the presence service libraries for manipulating the presence information in response to user's requirement. finally, we have developed the wireless E-mail service, employing the presence service architecture, to verity the extensibility.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.5C
• /
• pp.562-567
• /
• 2006

This paper extends Diameter AAA Protocol to provide secure communication channels between Mobile RFID Service Components and distinct service based on user's QoS level authorization. This paper supposes 900MHz, which is the target RF for Mobile RFID Forum and supposes RFID phone, which equitted with RFID reader. By using extended Diameter AAA server, user is authenticated, authorized and provided dynamic security associations between Mobile RFID Service components. The types of security associations are as followings:between RFID tag and RFID reader, between RFID reader(phone) and MobileRFID Service Agent, between phone and OIS, between phone and OTS and between phone and Accounting/Financial server.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.4
• /
• pp.83-89
• /
• 2024

After the end of the service of Internet Explorer, the use of ActiveX ended, and the Non-ActiveX policy spread. HTML5 is used as a standard protocol for web pages established based on the Non-ActiveX policy. HTML5, developed in the W3C(World Wide Web Consortium), provides a better web application experience through API, with various elements and properties added to the browser without plug-in. However, new security vulnerabilities have been discovered from newly added technologies, and these vulnerabilities have widened the scope of attacks. There is a lack of research to find possible security vulnerabilities in HTML5-applied websites. This paper proposes a model for detecting tags and attributes with web vulnerabilities by detecting and analyzing security vulnerabilities in web pages of public institutions where plug-ins have been removed within the last five years. If the proposed model is applied to the web page, it can analyze the compliance and vulnerabilities of the web page to date even after the plug-in is removed, providing reliable web services. And it is expected to help prevent financial and physical problems caused by hacking damage.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.1
• /
• pp.169-177
• /
• 2020

In South Korea, the results of R&D in science and technology are submitted to the National Science and Technology Information Service (NTIS) in reports that have Korea national science and technology standard classification codes (K-NSCC). However, considering there are more than 2000 sub-categories, it is non-trivial to choose correct classification codes without a clear understanding of the K-NSCC. In addition, there are few cases of automatic document classification research based on the K-NSCC, and there are no training data in the public domain. To the best of our knowledge, this study is the first attempt to build a highly performing K-NSCC classification system based on NTIS report meta-information from the last five years (2013-2017). To this end, about 210 mid-level categories were selected, and we conducted preprocessing considering the characteristics of research report metadata. More specifically, we propose a convolutional neural network (CNN) technique using only task names and keywords, which are the most influential fields. The proposed model is compared with several machine learning methods (e.g., the linear support vector classifier, CNN, gated recurrent unit, etc.) that show good performance in text classification, and that have a performance advantage of 1% to 7% based on a top-three F1 score.

• The KIPS Transactions:PartD
• /
• v.14D no.3 s.113
• /
• pp.319-328
• /
• 2007

As the coverage of Web services become wider and the number of implementation cases is growing, the importance of applying the Web services quality model to real world is increased. For maintaining the level of Web services qualify, it should be required to study on assurance method of Web services qualify level. Assurance for Web services, which is newly proposed by OASIS TC, means the totality of activities for managing the quality level of them. For managing Web service quality, Web service associates could usually use SLA(Service Level Agreement) method in which a service consumer contracts for some service level with a service provider and gives for penalty or pays incentives according to the result of evaluation of services. But, there are some difficulties in applying SLA to Web services, because Web services have publicity, multiple users, and 3rd party for management. So, we need a new assurance method for Web service by considering the characteristics of Web services. This paper provides the new concept of committed assurance level for Web services. This concept can be defined as the set of maximum level of quality expected by each user, which provide the consistent view of Web service quality. This paper presents the method for duality associates to preserve some quality level of Web service by using this concept.

• The KIPS Transactions:PartD
• /
• v.15D no.4
• /
• pp.513-522
• /
• 2008

Service-Oriented Architecture(SOA) is an method to develop applications by developing and publishing reusable services which potentially be used in various applications, and discovering and composing right services dynamically. SOA adopts a paradigm of publish-discover-invoke, which is considerably different from object-oriented and component-based development(CBD) approaches. The service in SOA is different from function in procedural programming, object in object-oriented programming, and component in CBD, and its fundamental requirement is a high level of reusability and applicability. In SOA, service providers and service consumers are loosely coupled since the providers try to develop reusable services and the consumers try to locate right services without knowing much about the providers and their published services. Moreover, the process of searching, choosing and invoking right services is not presented in conventional programming paradigms. Therefore, conventional approaches to developing user interfaces and invoking the functionality on servers through JSP, and RMI in object-oriented programming cannot well be applicable to designing clients’ programs in SOA. Therefore, there is a high demand for a practical and systematic process for developing clients’ applications, and the such a process should be devised by considering key characteristics of services and SOA. However, little work on this area is known to date, and there has not a process for client side just except few guide lines for developing service client. In this paper, we propose a practical and systematic development process for developing clients' applications in SOA. Then, we define instructions for carrying out each activity in the process. To show the applicability of the proposed work, we show the result of applying our process in developing a services application for searching and booking hotels.

• Journal of the Korea Convergence Society
• /
• v.8 no.8
• /
• pp.41-49
• /
• 2017

The 'NIST Framework and Road Map for Smart Grid Interoperability Standards' proposes an architecture framework to secure the direction of development and standard interoperability of smart grid and provides a list of identified standard, standard cyber security strategies, and certification framework. In particular, SEP 2.0 and OpenADR 2.0 are the examples. SEP 2.0 and OpenADR 2.0 can functionally link HEMS and Smart Grid, but interoperability standards between the two protocols are not planned in above document. The OpenADR Alliance also announced that work is underway to define mapping tables for interoperability between OpenADR 2.0 and SEP 2.0, but no information is yet available. Therefore, In this paper, in developing energy efficiency improvement HEMS, we propose a mapping model that supports syntactic and semantic founded interoperability between SEP 2.0 and OpenADR 2.0b for ICT grid convergence based on the standard specification document of each protocol and confirmed through an example of the semantic mapping function based on the demand response service scenario.

• Spatial Information Research
• /
• v.7 no.2
• /
• pp.175-190
• /
• 1999

Recently , as GIS technology is rapidly improved and stabilized, there are some needs to reuse pre-developed and powerful GIS technology. GIS standardization based on components and open interfaces becomes a way to solve those reusability of previous GIS technology. This GIS standardization currently focuses on building the GIS Data Infrastructure that is being deployed globally. Especially, OpenGIS consortium which is mainly made up of international GIS leading vendors is announcing some GIS abstract specifications and implementation specifications. This study focuses on how could we design and implement the OLE/COM-based data provider component based on various DBMS or file systems, how could these data provider components be used for enterprise UIS(Urban Information Systems) and how could various formatted GIS data be shared in one system. Also some problems practically caused by an implementation process of data provider component are listed up and some solutions are given. Furthermore, design and analysis of UML(Unified Modeling Language) was reformed through the data provider component development task and this UML methodology is able to indicate a standardized model for newly developed data provider component.