• Journal of Industrial Convergence
• /
• v.16 no.1
• /
• pp.15-20
• /
• 2018

Along with the increase of internet shopping, crimes that exploited personal information on the invoice of goods are becoming more and more advanced and becoming more and more classified from the interception of goods through voice phishing attack, injury, sexual offense. Therefore, in order to guarantee the anonymity of the customer's delivery information, there is a need for a delivery tracking prevention system which keeps the route information of the product's destination secret among delivery companies. For this purpose, We suggest that delivery tracing protect model based smart contract for guaranteed anonymity to protect the anonymity by encrypting delivery information and by separation of payment and personal information using the anonymity technique of block chain-based cryptography. Our proposed model contributes to expansion of internet shopping based on block chaining by providing information about product sales to company and guaranteeing anonymity of customer's delivery information to customer.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.7
• /
• pp.101-108
• /
• 2022

We propose an intrusion detection model that detects denial-of-service(DoS) and distributed reflection denial-of-service(DRDoS) attacks, based on the empirical data of each internet of things(IoT) device by training system and network metrics that can be commonly collected from various IoT devices. First, we collect 37 system and network metrics from each IoT device considering IoT attack scenarios; further, we train them using six types of machine learning models to identify the most effective machine learning models as well as important metrics in detecting and distinguishing IoT attacks. Our experimental results show that the Random Forest model has the best performance with accuracy of over 96%, followed by the K-Nearest Neighbor model and Decision Tree model. Of the 37 metrics, we identified five types of CPU, memory, and network metrics that best imply the characteristics of the attacks in all the experimental scenarios. Furthermore, we found out that packets with higher transmission speeds than larger size packets represent the characteristics of DoS and DRDoS attacks more clearly in IoT networks.

• Wind and Structures
• /
• v.34 no.4
• /
• pp.355-369
• /
• 2022

Section model test, as the most commonly used method to evaluate the aerostatic and aeroelastic performances of long-span bridges, may be carried out under different conditions of incoming wind speed, geometric scale and wind tunnel facilities, which may lead to potential Reynolds number (Re) effect, model scaling effect and wind tunnel scale effect, respectively. The Re effect and scale effect on aerostatic force coefficients and aeroelastic characteristics of streamlined bridge decks were investigated via 1:100 and 1:60 scale section model tests. The influence of auxiliary facilities was further investigated by comparative tests between a bare deck section and the deck section with auxiliary facilities. The force measurement results over a Re region from about 1×10⁵ to 4×10⁵ indicate that the drag coefficients of both deck sections show obvious Re effect, while the pitching moment coefficients have weak Re dependence. The lift coefficients of the smaller scale models have more significant Re effect. Comparative tests of different scale models under the same Re number indicate that the static force coefficients have obvious scale effect, which is even more prominent than the Re effect. Additionally, the scale effect induced by lower model length to wind tunnel height ratio may produce static force coefficients with smaller absolute values, which may be less conservative for structural design. The results with respect to flutter stability indicate that the aerodynamic-damping-related flutter derivatives 𝘈^*₂ and 𝐴^*₁𝐻^*₃ have opposite scale effect, which makes the overall scale effect on critical flutter wind speed greatly weakened. The most significant scale effect on critical flutter wind speed occurs at +3° wind angle of attack, which makes the small-scale section models give conservative predictions.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.61-69
• /
• 2022

When a large-scale cyber attack or terrorism occurs and the country suffers enormous damage or poses a fatal threat to security, social interest in nurturing cybersecurity workforce increases. In addition, the government often suggests policies and guideline to train cybersecurity workforce. However, the system that can systematically manage trained cyber workforce after they are employed in related organizations or companies is still weak. Software workforce has a standardized qualification level model, so appropriate jobs are set and managed for each level. Cyber workforce also need a specialized qualification level model that takes into account their career, academic background, and education&training performance. By assigning a qualification level, the duties that can be performed for each level should be set, and the position and duty of the department should also be assigned in consideration of the level. Therefore, in this paper, we propose a qualification level model for cyber security workforce.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.1073-1088
• /
• 2024

This study proposes a novel model to address the security, usability, and scalability challenges of cryptocurrency wallets. The model is implemented as a web application that combines FIDO2 (Fast Identity Online v2) with Account Abstraction (AA), offering enhanced security by storing private keys within the Trusted Execution Environment (TEE) of users' mobile devices. By utilizing two types of private keys, the model supports three account types, allowing users to flexibly select security levels and functionalities according to their needs. The research findings show that the proposed model provides strong security against various attack scenarios while also improving usability and scalability. By integrating hardware wallet-level security with the convenience of software wallets, this new paradigm for cryptocurrency wallets is expected to contribute to the widespread adoption of blockchain technology

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.64-77
• /
• 2009

A proxy re-encryption scheme allows Alice to temporarily delegate the decryption rights to Bob via a proxy. Alice gives the proxy a re-encryption key so that the proxy can convert a ciphertext for Alice into the ciphertext for Bob. Recently, ID-based proxy re-encryption schemes are receiving considerable attention for a variety of applications such as distributed storage, DRM, and email-forwarding system. And a non-interactive identity-based proxy re-encryption scheme was proposed for achieving CCA-security by Green and Ateniese. In the paper, we show that the identity-based proxy re-encryption scheme is unfortunately vulnerable to a collusion attack. The collusion of a proxy and a malicious user enables two parties to derive other honest users' private keys and thereby decrypt ciphertexts intended for only the honest user. To solve this problem, we propose two ID-based proxy re-encryption scheme schemes, which are proved secure under CPA and CCA in the random oracle model. For achieving CCA-security, we present self-authentication tag based on short signature. Important features of proposed scheme is that ciphertext structure is preserved after the ciphertext is re-encrypted. Therefore it does not lead to ciphertext expansion. And there is no limitation on the number of re-encryption.

• The KIPS Transactions:PartA
• /
• v.12A no.5 s.95
• /
• pp.395-404
• /
• 2005

There have been large concerns about survivability defined as the capability of a system to perform a mission-critical role, in a timely manner, in the presence of attacks, failures. In particular, One of the most important core technologies required for the design of the ITS(Intrusion Tolerance System) that performs continuously minimal essential services even when the computer system is partially compromised because of intrusions is the survivability one of In included the dependability analysis of a reliability and availability etc. quantitative dependability analysis of the In. In this Paper, we applied self-healing mechanism utilizing two factors of self-healing mechanism (fault model and system response), the core technology of autonomic computing to secure the protection power of the ITS and consisted of a state transition diagram of the ITS composed of a primary server and a backup server. We also defined the survivability, availability, and downtime cost of the ITS, and then performed studies on simulation experiments and two cases of vulnerability attack. Simulation results show that intrusion tolerance capability at the initial state is more important than coping capability at the attack state in terms of the dependability enhancement.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.8
• /
• pp.1581-1588
• /
• 2017

Recently, circulating ransomware is becoming intelligent and sophisticated through a spreading new viruses and variants, targeted spreading using social engineering attack, malvertising that circulate a large quantity of ransomware by hacking advertising server, or RaaS(Ransomware-as-a- Service), from the existing attack way that encrypt the files and demand money. In particular, it makes it difficult to track down attackers by bypassing security solutions, disabling parameter checking via file encryption, and attacking target-based ransomware with APT(Advanced Persistent Threat) attacks. For remove the threat of ransomware, various detection techniques are developed, but, it is very hard to respond to new and varietal ransomware. Accordingly, in this paper, find out a making Signature-based Detection Patterns and problems, and present a pattern automation model of ransomware detecting for responding to ransomware more actively. This study is expected to be applicable to various forms in enterprise or public security control center.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.2
• /
• pp.196-204
• /
• 2016

World Health Organization reported that heart-related diseases such as coronary artery stenoses show the highest occurrence rate which may cause heart attack. Using Computed Tomography angiography images will allow radiologists to detect and have intervention by creating 3D roadmapping of the vessels. However, it is often complex and difficult do reconstruct 3D vessel which causes very large amount of time and previous researches were studied to segment vessels more accurate automatically. Therefore, in this paper, Region Competition, Geodesic Active Contour (GAC), Multi-atlas based segmentation and Active Shape Model algorithms were applied to segment aortic root from CTA images and the results were analyzed by using mean Hausdorff distance, volume to volume measure, computational time, user-interaction and coronary ostium detection rate. As a result, Extracted 3D aortic model using GAC showed the highest accuracy but also showed highest user-interaction results. Therefore, it is important to improve automatic segmentation algorithm in future

• The Journal of Industrial Distribution & Business
• /
• v.11 no.2
• /
• pp.25-31
• /
• 2020

Purpose: The AEO (Authorized Economic Operator) program, created in 2001 in the United States due to 9.11 terrorist's attack, fundamentally changed the trade environment. Korea, which introduced AEO program in 2009, has become one of the world's top countries in the program by ranking 6th in the number of AEO certified companies and the world's No. 1 in MRA (Mutual Recognition Agreement) conclusions. In this paper, we examined what trade-economic and non-economic effects the AEO program and its MRA have in Korea. Research design, data and methodology: In this study we developed a model to verify the impact between utilization of AEO and trade-economic effects of the AEO and its MRA. After analyzing the validity and reliability of the model through Structural Equation Model we conducted a survey to request AEO companies to respond their experience on the effects of AEO program and MRA. As a result, 196 responses were received from 176 AEO companies and utilized in the analysis. Results: With regard to economic effects, the AEO program and the MRA have not been directly linked to financial performance, such as increased sales, increased export and import volumes, reduced management costs, and increased operating profit margins. However, it was analyzed that the positive effects of supply chain management were evident, such as strengthening self-security, monitoring and evaluating risks regularly, strengthening cooperation with trading companies, enhancing cargo tracking capabilities, and reducing the time required for export and import. Conclusions: When it comes to the trade-economic effects of AEO program and its MRA, AEO companies did not satisfy with direct effects, such as increased sales and volume of imports and exports, reduced logistics costs. However, non-economic effects, such as reduced time in customs clearance, freight tracking capability, enhanced security in supply chain are still appears to be big for them. In a rapidly changing trade environment the AEO and MRA are still useful. Therefore the government needs to encourage non-AEO companies to join the AEO program, expand MRA conclusion with AEO adopted countries especially developing ones and help AEO companies make good use of AEO and MRA.