• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1105-1119
• /
• 2016

Android includes SEAndroid as a core security feature. SELinux is applied to Android OS as a SEAndroid, because there exists structural differences between Linux and Android. Since the security of SEAndroid depends on the reliable policy if the policy is tampered by the attacker, the serious security problems can be occurred. So we must protect policies which are the most important thing in SEAndoroid. In this paper, we analyze the process of SEAndroid policy updating to find out vulnerabilities and study the attack points on policy tampering. And we propose the SPPA to detect whether the policy is modified by an attacker. Moreover, we prove the performance and the effect of our proposed method on mobile device.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1519-1534
• /
• 2017

Data de-identification is the one of the technique that preserves individual data privacy and provides useful information of data to the analyst. However, original de-identification techniques like k-anonymity have vulnerabilities to background knowledge attacks. On the contrary, differential privacy has a lot of researches and studies within several years because it has both strong privacy preserving and useful utility. In this paper, we analyze various models based on differential privacy and formalize a differentially private model on financial data. As a result, we can formalize a differentially private model on financial data and show that it has both security guarantees and good usefulness.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.11
• /
• pp.1983-1988
• /
• 2006

There are gradually built on electronic commerce and business information system for the effective and automated use of internet while the mainstream of industry moves on information. It is necessary that a company should develop a electronic approval system because the business documents have application to an electronic commerce, business information system as well Currently, electronic approval system on groupware is using the way of inserting the image of an approval signature, which is vulnerable on a security by attacks of fraudulent use of electrical signature and eavesdropping on electronic documents. In this paper, we implementation XML form generator based on DTD having business documents structure for creating a valid business XML documents. we designed electronic approval system based on secured XML which transfers encrypted documents. For the security issues of written XML business documents, it makes use of the crypto algorithm having high performance transaction by the interchange of public key between a server and a client.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.3
• /
• pp.943-950
• /
• 2010

A secure entrance system is complicated because it should have various functions like monitoring, logging, tracing, authentication, authorization, staff locating, managing staff enter-and-leave, and gate control. In this paper, we built and applied a secure entrance system for a domestic nuclear plant using Aspect Oriented Programming(AOP) and design pattern. Using AOP has an advantage of clearly distinguishing the role for each functional module because building a system separated independently from the system's business logic and security logic is possible. It can manage system alternation flexibility by frequent change of external environment, building a more flexible system based on increased code reuse, efficient functioning is possible which is an original advantage of AOP. Using design pattern enables to design by structuring the complicated problems that arise in general software development. Therefore, the safety of the system can also be guaranteed.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.4
• /
• pp.148-159
• /
• 2005

We propose a technique for finding the worst case response time (WCRT) of a DMA request that is needed in the schedulability analysis of a whole real-time system. The technique consists of three steps. In the first step, we find the worst case bus usage pattern of each CPU task. Then in the second step, we combine the worst case bus usage pattern of CPU tasks to construct the worst case bus usage pattern of the CPU. This second step considers not only the bus requests made by CPU tasks individually but also those due to preemptions among the CPU tasks. finally, in the third step, we use the worst case bus usage pattern of the CPU to derive the WCRT of DMA requests assuming the fixed-priority bus arbitration protocol. Experimental results show that overestimation of the DMA response time by the proposed technique is within $20\%$ for most DMA request sizes and that the percentage overestimation decreases as the DMA request size increases.

• Journal of the Korean Society for Nondestructive Testing
• /
• v.28 no.4
• /
• pp.352-357
• /
• 2008

The detection of micro cracks in materials at the early stage of fracture is important in many structural safety assurance problems. The nonlinear ultrasonic technique (NUT) has been considered as a positive method for this, since it is more sensitive to micro crack than conventional linear ultrasonic methods. The basic principle is that the waveform is distorted by nonlinear stress-displacement relationship on the crack interface when the ultrasonic wave transmits through, and resultantly higher order harmonics are generated. This phenomenon is called the contact acoustic nonlinearity (CAN). The purpose of this paper is to prove the applicability of CAN experimentally by detection of micro fatigue crack artificailly initiated in Aluminum specimen. For this, we prepared fatigue specimens of Al6061 material with V-notch to initiate the crack, and the amplitude of second order harmonic was measured by scanning along the crack direction. From the results, we could see that the harmonic amplitude had good correlation with COD and it can be used to detect the crack depth in more accurately than the common 6 dB drop echo method.

• The Journal of the Korea Contents Association
• /
• v.9 no.9
• /
• pp.9-17
• /
• 2009

RFID (Radio Frequency Identification) is a next generation technology that will replace barcode. RFID can identify an object by reading ID inside a RFID tag using radio frequency. However, because a RFID tag replies its unique ID to the request of any reader through wireless communication, it is vulnerable to attacks on security or privacy through wiretapping or an illegal reader's request. The RFID authentication protocol has been studied actively in order to solve security and privacy problems, and is used also in tag search. Recently, as the number of tags is increasing in RFTD systems and the cost of data collection is also rising, the importance of effective tag search is increasing. This study proposed an efficient search method that solved through ta9 group the problem of large volume of database computation in Miyako Ohkubo's hash chain mechanism, which meets requirements for security and privacy protection. When we searched first the group of tags with access rate of 5 or higher in a database with 100,000 records, search time decreased by around 30%.

• The KIPS Transactions:PartD
• /
• v.17D no.6
• /
• pp.431-442
• /
• 2010

Because embedded system is combined system of hardware and software, we should design by considering elements such as real-time, reactive, small size, low weight, safe, reliable, harsh environment, low cost, and so on. However, those are poorly reflected on current embedded system development. Especially, there is few existed framework-based embedded system development. As a result, there are many internal codes which is not related with system operation in currently developed embedded system, and reusability or variability is not considered into embedded system development. Therefore we propose a formal specification technique using Z language to guarantee completeness or consistency of design of reusability framework proposed for improving reusability of embedded system. Also we assure correctness of framework design by checking Z model through Z-Eves Tool.

• Journal of Convergence for Information Technology
• /
• v.9 no.11
• /
• pp.15-21
• /
• 2019

Allowing only authorized users to record and inquire in the ledger, private blockchain technology is attracting attention from institutions and companies. Based on distributed ledger technology, records are immutable. Because news via the Internet can be easily modified, the possibility of manipulation is high. Some false communication report systems are designed to prevent such harm. However, during the gap between the false communication report and verification time, contents on the website can be modified, or false evidence can be submitted intentionally. We propose a system that collects evidence using a headless browser for more accurate false communication management, and securely preserves evidence through a private blockchain and prevents possibilities of manipulation. The proposed system downloads original HTML, captures the website as an image, stores it in a transaction along with the report, and stores it in a private blockchain to ensure the integrity from acquisition to preservation of evidence.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.05a
• /
• pp.293-297
• /
• 2009

This paper describes a real-time reliable measurement and analysis system for ubiquitous healthcare based on IEEE802.15.4 standard. In order to obtain and monitor physiological body signals continuously, wearable pulse oximeter is designed in wrist that could used to measure oxygen saturation of a patient unobtrusively. The measured data was transferred to a central PC or server by using wireless sensor nodes via a wireless sensor network for storage and analysis purposes. LabVIEW server program was designed to monitor and process the measured photoplethysmogram(PPG) to accelerated plethysmogram(APG) by appling second order derivatives in server PC. These experimental results demonstrate that APG can precisely describe the features of an individual's PPG and be used as estimation of vascular elasticity for blood circulation.