• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제18권2호
• /
• pp.139-150
• /
• 2008

Recently, financial institutes and industrial companies are adopted to security token such as OTP, smart card, and USB authentication token and so on for secure system management and user authentication. However, some research institutes have been introduced security weaknesses and problems in security tokens. Therefore, in this paper, we analyses of security functions and security requirements in security token performed by analyses of standardization documents, trends, security problems, attack methods for security tokens. Finally, we propose a CC v.3.1 based security token protection profile.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제18권4호
• /
• pp.187-194
• /
• 2008

This paper proposes an effective countermeasure to an intrinsic hardware vulnerability of the keyboard controller that causes sniffing problem on the password authentication system based on the keyboard input string. Through the vulnerability, some possible attacker is able to snoop whole the password string input from the keyboard even when any of the existing keyboard protection software is running. However, it will be impossible for attackers to gather the exact password strings if the proposed policy is applied to the authentication system though they can sniff the keyboard hardware protocol. It is expected that people can use secure Internet commerce after implementing and applying the proposed policy to the real environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제12권6호
• /
• pp.29-46
• /
• 2002

We generally use SSL/TLS protocol utilizing X.509 v3 certificates so as to provide a secure means in establishment an confidential communication and the support of the authentication service. SPKI/SDSI was motivated by the perception that X.509 is too complex and incomplete. This thesis focuses on designing a secure server and an implementation of the prototype which has two main modules, one is to support secure communication and RBAC, not being remained in the SPKI/SDSI server which was developed by the existing Geronimo project and the other is to wholly issue name-certificate and authorization-cerificate. And the demonstration embodied for our sewer is outlined hereafter.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제15권6호
• /
• pp.49-58
• /
• 2005

In this paper, we have proposed a secure dynamic ID allocation protocol using mutual authentication on the RFID tag. Currently, there are many security protocols focused on the low-price RFID tag. The conventional low-price tags have limitation of computing power and rewritability of memory. The proposed secure dynamic ID allocation protocol targets to the high-performance RFID tags which have more powerful performance than conventional low-price tag by allocating dynamic ID to RFID using mutual authentication based on symmetric encryption algorithm. This protocol can be used as a partial solution for ID tracing and forgery.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제16권5호
• /
• pp.25-34
• /
• 2006

Previous binding update protocols for Mobile IPv6 repeats the same protocol each time a mobile node moves to a foreign link Moreover, mobile nodes repeats the same protocol whenever the lifetime of the current binding update expires. To improve the efficiency of binding updates, we Propose a ticket-based binding update protocol for MIPv6. Our protocol minimizes the binding update cost using a ticket issued by the corresponding node. We have analyzed our protocol security against the security requirements of MIPv6 and existing attacks. Furthermore, we have also compared our protocol against previous binding update protocols.

• Journal of the Society of Naval Architects of Korea
• /
• 제59권6호
• /
• pp.372-384
• /
• 2022

Total shipping accounts for 2.9 % of the annual average percentage of global anthropogenic GHG emissions. The International Maritime Organization implements EEDI (Energy Efficiency Design Index), Energy Efficiency eXisting-ship Index (EEXI), and Carbon Intensity Indicator (CII) as regulatory frameworks for shipping decarbonization. The Republic of Korea has enforced the Act on Development and Popularization of Greenship from 2020 and publicly announced the 1st national plan which was named 『2030 Greenship-K Promotion Strategy』 for the activation of a greenship market. The Greenship Certification Scheme is going on for the sustainability of Korean shipbuilding and shipping industries, to secure clean maritime environments, as well as to contribute to the national economy. Greenship Certification guarantees the credit of such eco-friendly technologies and products for shipping. The certification is going to be the basis of industrial competitiveness in coastal and international shipping. This study investigates an existing certification process, identifies the limitations, and proposes the process improved with several case studies. The improved certification scheme may have rationality for Net-zero with regard to climate alignment.

• Review of KIISC
• /
• 제32권4호
• /
• pp.7-17
• /
• 2022

운전자 보조 시스템을 통한 차량의 전자적인 제어를 위하여, 최근 차량에 탑재된 전자 제어 장치 (ECU; Electronic Control Unit)의 개수가 급증하고 있다. ECU는 효율적인 통신을 위해서 차량용 내부 네트워크인 CAN(Controller Area Network)을 이용한다. 하지만 CAN은 기밀성, 무결성, 접근 제어, 인증과 같은 보안 메커니즘이 고려되지 않은 상태로 설계되었기 때문에, 공격자가 네트워크에 쉽게 접근하여 메시지를 도청하거나 주입할 수 있다. 악의적인 메시지 주입은 차량 운전자 및 동승자의 안전에 심각한 피해를 안길 수 있기에, 최근에는 주입된 메시지를 식별하기 위한 침입 탐지 시스템(IDS; Intrusion Detection System)에 대한 연구가 발전해왔다. 특히 최근에는 AI(Artificial Intelligence) 기술을 이용한 IDS가 다수 제안되었다. 그러나 제안되는 기법들은 특정 공격 데이터셋에 한하여 평가되며, 각 기법에 대한 탐지 성능이 공정하게 평가되었는지를 확인하기 위한 평가 프레임워크가 부족한 상황이다. 따라서 본 논문에서는 machine learning/deep learning에 기반하여 제안된 차랑용 IDS 5가지를 선정하고, 기존에 공개된 데이터셋을 이용하여 제안된 기법들에 대한 비교 및 평가를 진행한다. 공격 데이터셋에는 CAN의 대표적인 4가지 공격 유형이 포함되어 있으며, 추가적으로 본 논문에서는 메시지 주기 유형을 활용한 공격 유형을 제안하고 해당 공격에 대한 탐지 성능을 평가한다.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• 제5권4호
• /
• pp.667-674
• /
• 2015

Internet of things (IoT) has been a focus of research and widespread. Security and privacy are the key issues for IoT applications, and still faced with some enormous challenges. In order to facilitate this emerging domain, we analyzed the research progress of IoT, and pay attention to the security. By means of deeply analyzing the security architecture and features, the security requirements are required. And, we surveyed the demands and requirements.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 한국컴퓨터정보학회 2021년도 제63차 동계학술대회논문집 29권1호
• /
• pp.299-300
• /
• 2021

이른 새벽, 건설업 일용직 근로자들은 '오늘 일을 할 수 있을까?'란 불안감과 COVID-19의 감염 위험을 안고 인력사무소에 출근한다. 새벽 건설업 시장은 높은 업무 강도와 비효율적인 구인/구직 프로세스로 인해 진입장벽이 높고, 건설기능인력의 고령화로 불법체류 근로자 고용 등의 난항을 겪고 있다. 이에 따라 본 연구에서는 건설업 시장의 구인/구직 정보를 제공하여 앱 내에서 근로자 채용을 가능하게 하고, 외부 API를 사용하여 출퇴근 관리, 안전 이수증 촬영을 통한 인증 등 근로자와 구인자를 위한 비대면 구인/구직 앱 '인력거'를 개발하였다. '인력거' 앱을 통해 간소화된 구인/구직 프로세스 등을 통해 건설업에서 청년 일자리 증대가 기대된다.

• Journal of Korea Entertainment Industry Association
• /
• 제13권8호
• /
• pp.525-530
• /
• 2019

Electroencephalography(EEG) studies that have been in clinical research since the discovery of brainwave have recently been developed into brain-computer interface studies. Currently, research is underway to manipulate robot arms and drones by analyzing brainwave. However, resolution and reliability of EEG information is still limited. Therefore, it is required to develop various technologies necessary for measuring and interpreting brainwave more accurately. Pioneering new applications with these technologies is also important. In this paper, we propose development of a personal authentication system fit for lifecaretainment based on EEG. The proposed system guarantees the resolution and reliability of EEG information by using the Electrooculogram and Electromyogram(EMG) together with EEG.