• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.377-384
• /
• 2013

In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.963-974
• /
• 2018

With the growing interest in cryptocurrency such as bitcoin, the blockchain technology has attracted much attention in various applications as a distributed security platform with excellent security. However, Cryptojacking, an attack that hijack other computer resources such as CPUs, has occured due to vulnerability to the Cryptomining process. In particular, browser-based Cryptojacking is considered serious because attacks can occur only by visiting a Web site without installing it on a visitor's PC. The current Cryptojacking detection system is mostly signature-based. Signature-based detection methods have problems in that they can not detect a new Cryptomining code or a modification of existing Cryptomining code. In this paper, we propose a Cryptojacking detection solution using a dynamic analysis-based that uses a headless browser to detect unknown Cryptojacking attacks. The proposed dynamic analysis-based Cryptojacking detection system can detect new Cryptojacking site that cannot be detected in existing signature-based Cryptojacking detection system and can detect it even if it is called or obfuscated by bypassing Cryptomining code.

• Journal of Industrial Technology
• /
• v.25 no.B
• /
• pp.211-220
• /
• 2005

The wireless sensor network consists of a number of sensor nodes which have physical constraints. Each sensor node senses surrounding environments and sends the sensed information to Sink. The inherent vulnerability in security of the sensor nodes has promoted the needs for the lightweight security protocol. In this paper, we propose a non-hierarchical sensor network and a security protocol that is suitable for monitoring the man-made objects such as bridges. Furthermore, we present the efficient way of setting the routing path by storing IDs, MAC(message authentication code) and the location information of the nodes, and taking advantage of the two node states, Sleep and Awake. This also will result in the reduced energy consuming rate.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.13 no.3
• /
• pp.199-206
• /
• 2007

In analyzing the security threats and their management system and making questions on security awareness to the concerned parties in the field of coastal passenger ship, we draw its security vulnerability and the features of security threats. The countermeasures and security system are proposed in order to response the diverse security threats and to set up the security culture of coastal passenger ship.

• Proceedings of the KSR Conference
• /
• 2004.10a
• /
• pp.733-738
• /
• 2004

Recently continuous welded rail is generally used to ensure running performances and to overcome the problems such as structural vulnerability and fastener damage at the rail expansion joint. Though the use of continuous welded rail on bridge has the advantage of decreasing the vibration and damage of rail, it still the risk of buckling and breaking of rail due to change of temperature, starting and/or breaking force, axial stress concentration and so on. So, VIC code and many methods has been developed by researchers considering rail-bridge interaction. Although there are many research concerning stability of continuous welded rail about temperature change on bridge and starting and/or breaking force, the study of continuous welded mil for earthquake load is still unsufficient. In this study, the nonlinear seismic response analysis of continuous welded rail on bridge considering soil-structure interaction, geotechnical characteristic of foundation and earthquake isolation equipment has been performed to examine the stability of continuous welded rail.

• Journal of Industrial Technology
• /
• v.25 no.A
• /
• pp.31-38
• /
• 2005

Recent earthquakes have shown that near-field earthquakes can produce spectral demands significantly larger than those considered in current design code. International Atomic Energy Agency (IAEA) has recently initiated a coordinated research program on safety significance of near-field earthquakes. The purpose of this program is to focus on the assessment of vulnerability of nuclear facility structures by using and adapting the best available engineering practices appropriate to evaluate the effects of near-field earthquakes. The objective of this paper is to evaluate of seismic responses of a shear building test specimen subjected to near-filed earthquakes. To achieve the objective, the seismic responses of the test specimen, evaluated by the Displacement Coefficient Method (DCM) and Nonlinear Dynamic Analysis (NDA), are compared with those by the experimental tests.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.07a
• /
• pp.75-76
• /
• 2015

본 논문에서는 S/W 개발 보안 지침을 알려준다. S/W 개발 보안에서 S/W의 보안 취약점 유형에 대하여 설명한다. S/W 보안 취약점 유형인 입력 데이터 검증 및 표현, API 악용, 보안 특성, 시간 및 상태, 에러처리 코드품질, 그리고 캡슐화에 대하여 설명하도록 한다. 즉, 본 논문에서는 보안 취약점에 대한 소스코드 레벨에서의 대응조치에 대한 가이드를 제시하고자 한다.

• Earthquakes and Structures
• /
• v.8 no.3
• /
• pp.801-820
• /
• 2015

The seismic sequence which hit the Northern Italian territory in 2012 produced extensive damage to reinforced concrete (RC) precast buildings typically adopted as industrial facilities. The considered damaged buildings are constituted by one-storey precast structures with RC columns connected to the ground by means of isolated socket foundations. The roof structural layout is composed of pre-stressed RC beams supporting pre-stressed RC floor elements, both designed as simply supported beams. The observed damage pattern, already highlighted in previous earthquakes, is mainly related to insufficient connection strength and ductility or to the absence of mechanical devices, being the connections designed neglecting seismic loads or neglecting displacement and rotation compatibility between adjacent elements. Following the vulnerabilities emerged in past seismic events, the paper investigates the seismic performance of industrial facilities typical of the Italian territory. The European building code seismic assessment methodologies are presented and discussed, as well as the retrofit interventions required to achieve an appropriate level of seismic capacity. The assessment procedure and retrofit solutions are applied to a selected case study.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.21 no.3
• /
• pp.266-273
• /
• 2015

Keeping in mind that there are only limited social, economic and administrative resources for reducing marine casualties, the result of statistical survey showed the loopholes of safe maritime transport system, and rendered that most casualties occurred in coastal waters by human errors. When the IMO Marine Casualty Investigation Code was utilized to reveal any structural vulnerability of the international measures, IMO was required to expand its roles to enhance the interface between Liveware and Environment of SHEL model. So, several risk assessment models were studied and found that Maritime Safety Audit System of the Republic of Korea could be a good example of enhancing safe interface between navigators (Liveware) and the navigational circumstances (Environment). It could be dealt with at IMO level as a tool for applying at human error enforcing waters. International cooperative research for upgrading risk assessment modes should also be future terms of reference.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.794-796
• /
• 2015

본 연구는 소프트웨어의 소스코드를 대상으로 보안 취약성을 자동으로 평가할 수 있는 방안을 연구하여 소프트웨어 취약점 관리의 자동화 기술 아키텍처를 제안한다. IT가 생활환경의 기반기술로 보급화 되며 소프트웨어시장이 가파르게 성장하고 있다. 영리 소프트웨어의 경우 개발기관에서 관리 및 지원을 하지만, 오픈소스 소프트웨어는 비영리 목적과 개발환경으로 인해 체계적으로 관리되기가 어려워 취약점이 발생하기 쉽다. 그럼에도 비용과 효율의 문제로 오픈소스가 광범위하게 활용되고 있어, 오픈 소스 소프트웨어를 도입한 기관 및 단체에 침해를 유발하고, 보안수준을 악화시키고 있다. 이에 오픈 소스 소프트웨어는 소스코드가 공개되는 소프트웨어라는 점을 활용하여 소스코드 수준에서의 취약점 관리 자동화를 지원함으로써, 오픈소스 소프트웨어를 활용하는 분야의 보안 환경을 안전하게 향상시킬 수 있다.