• Journal of the Korea Convergence Society
• /
• v.7 no.4
• /
• pp.39-44
• /
• 2016

Due to the dazzling development of IT in this IT-oriented era, information delivering technology among objects, between objects and humans, and among humans has been actively performed. As information delivery technology has been actively performed, IoT became closely related to our daily lives and ubiquitous at any time and place. Therefore, IoT has become a part of our daily lives. CoAp, a web-based protocol, is mostly used in IoT environment. CoAp protocol is mostly used in the network where transmission speed is low along with the huge loss. Therefore, it is mostly used in IoT environment. However, there is a weakness on IoT that it is weak in security. If security issue occurs in IoT environment, there is a possibility for secret information of individuals or companies to be disclosed. If attackers infect the targeted device, and infected device accesses to the wireless frequently used in public areas, the relevant device sends arp spoofing to other devices in the network. Afterward, infected devices receive the packet sent by other devices in the network after occupying the packet flow in the internal network and send them to the designated hacker's server. This study suggests counter-attacks on this issues and a method of coping with them.

• Journal of Korean Society of Disaster and Security
• /
• v.12 no.3
• /
• pp.13-24
• /
• 2019

The concept of shape similarity has been applied to verify the accuracy of the SIND model, the real-time prediction model for disaster risk. However, the CRITIC method, one of the most widely used in geometric methodology, is definitely limited to apply to complex shape such as hazard map for coastal disaster. Therefore, we suggested the modified CRITIC method of which we added the shape factors such as RCCI and TF to consider complicated shapes. The matching pairs were manually divided into exact-matching pairs and mis-matching pairs to evaluate the applicability of the new method for shape similarity into hazard maps for storm surges. And the shape similarity of each matching pair was calculated by changing the weights of each shape factor and criteria. Newly proposed methodology and the calculated weights were applied to the objects of the existent hazard map and the results from SIND model. About 90% of exact-matching pairs had the shape similarity of 0.5 or higher, and about 70% of mis-matching pairs were it below 0.5. As future works, if we would calibrate narrowly and adjust carefully multi-objects corresponding to one object, it would be expected that the shape similarity of the exact-matching pairs will increase overall while it of the mis-matching pairs will decrease.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.3
• /
• pp.879-890
• /
• 2000

Designing a multilevel database application is a complex process, and the entities and their associated security levels must be represented using an appropriate model unambiguously. It is also important to capture the semantics of a multilevel databse application as accurate and complete as possible. Owing to the focus of the IDEA Methodology for designing the non-secure database applications on the data-intensive systems, the Object Model describes the static structure of the objects in an application and their relationships. That is, the Object Model in the IDEA Methodology is an extended Entity-Relationship model giving a static description of objects. The IDEA Methodology has not been developed the multilevel secure database applications, but by using an existing methodology we could take advantage of the various techniques that have already been developed for that methodology. That is, this way is easier to design the multilevel secure schema than to develop a new model from scratch. This paper adds the security features 새？ Object Model in the IDEA Methodology, and presents the transformation from this model to a multilevel secure object oriented schema. This schema will be the preliminary work which can be the general scheme for the automatic mapping to the various commercial multilevel secure database management system such as Informix-Online/Secure, Trusted ORACLE, and Sybase Secure SQL Server.

• Korean Security Journal
• /
• no.57
• /
• pp.177-203
• /
• 2018

Police Assigned to Special Guard Act was legislated in 1962 to solve issues regarding the protection of various staple industrial installations, and in 2001, the Security Services Industry Act was revised to establish an effective security system for important national facilities. Thereby the Special Guards System was instituted. The current law has two parts, with the Police Assigned to Special Guard System and Special Guards System, and many scholars have actively discussed the appropriateness of the integration of both systems to solve problems caused by a bimodal system. However, in spite of these discussions taking place in the academic world, the idea of unification lost its power when the guarantee of status regulation was established for the police assigned to special guard. Strictly speaking, police assigned to special guard is a self-guard, and a special guard is a contractual guard. So, both of them have pros and cons. Thus, it would be desirable to give a legal, constitutional guarantee for both systems by strengthening each of them and making up for the weakness of each of them rather than trying to unify police assigned to special guard and special guard. To begin this process, we need to revise unreasonable legal provisions of Security Services Industry Act and Police Assigned to Special Guard Act as below. First, since the actual responsibilities of special guards and police assigned to special guard duty are the same, we need to make the facilities which they use equal. Second, legal provisions need to be revised so that a special guard may perform the duties of a police officer, according to the Act on the Performance of Duties by Police Officers, within the facility that needs to be secured in order to prevent any vacancy in the guarding of an important national facility. Third, disqualifications for the special guards need to be revised to be the same as the disqualifications for the police assigned to special guard duty. Fourth, it is reasonable to unify the training institution for special guards and for police assigned to special guard duty, and it should be the training institution for police. On-the-job education for a security guard needs to be altered to more than 4 hours every month just like the one for police assigned to special guard duty. Fifth, for a special guard, it is not right to limit the conditions in their using weapons to 'use of weapon or explosives' only. If one possesses 'dangerous objects such as weapon, deadly weapon, and so on' and resists, a special guard should be able to use their weapon against that person. Thus, this legal provision should be revised. Sixth, penalty, range of fines, and so on for police assigned to special guard duty need to be revised to be the same as the ones for a special guard. If we revise these legal provisions, we can correct the unreasonable parts of Security Services Industry Act and Police Assigned to Special Guard Act without unifying them. Through these revisions, special guards and police assigned to special guard duty may develop the civilian guard industry wholesomely under the law, and the civilians would have a wider range of options to choose from to receive high quality security service.

• The Journal of Society for e-Business Studies
• /
• v.13 no.1
• /
• pp.21-32
• /
• 2008

RFID systems provide technologies of automatic object identification through wireless communications in invisible ranges and adaptability against various circumstances. These advantages make RFID systems to be applied in various fields of industries and individual life. However, it is difficult to use tags with distinction as tags are increasingly used in life because a tag usually stores only one object identifier in common RFID applications. In addition, RFID systems often make serious violation of privacy caused by various attacks because of their weakness of radio frequency communication. Therefore, information sharing methods among applications are necessary for expansive development of RFID systems. In this paper, we propose efficient RFID scheme. At first, we design a new RFID tag structure which supports many object identifiers of different applications in a tag and allows those applications to access them simultaneously. Secondly, we propose an authentication protocol to support the proposed tag structure. The proposed protocol is designed by considering of robustness against various attacks in low cost RFID systems. Especially, the proposed protocol is focused on efficiency of authentication procedure by considering security levels of applications. In the proposed protocol, each application goes through one of different authentication procedures according to their security levels. Finally, we prove efficiency of th proposed scheme compared with the other schemes through experiments and evaluation.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.391-398
• /
• 2001

To design and develop secure operating systems, the BLP (Bell-La Padula) model that represents the MLP (Multi-Level Policy) has been widely adopted. However, user\`s security level in the most developed systems based on the BLP model is inherited to a process that is actual subject on behalf of the user, regardless whatever the process behavior is. So, there could be information disclosure threat or modification threat by malicious or unreliable processes even though the user is authorized in the system. These problems can be solved by defining the subject as (user, process) ordered pair and by defining the process reliability. Moreover, when the leveled programs which exist as objects in a disk are executed by a process and have different level from the process level, the security level decision problem occurs. This paper presents an extended BLP (E-BLP) model in which process reliability is considered and solves the security level decision problem. And this model is implemented into the Linux kernel 2.4.7.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.731-751
• /
• 2021

The Internet of Things is a huge group of devices communicating each other and the interconnection of objects in the network is a basic requirement. Choosing a reliable device is critical because malicious devices can compromise networks and services. However, it is difficult to create a trust management model due to the mobility and resource constraints of IoT devices. For the centralized approach, there are issues of single point of failure and resource expansion and for the distributed approach, it allows to expand network without additional equipment by interconnecting each other, but it has limitations in data exchange and storage with limited resources and is difficult to ensure consistency. Recently, trust management models using fog nodes and blockchain have been proposed. However, blockchain has problems of low throughput and delay. Therefore, in this paper, a trust management model for selecting reliable devices in a fog-based IoT environment is proposed by applying IOTA, a blockchain technology for the Internet of Things. In this model, Directed Acyclic Graph-based ledger structure manages trust data without falsification and improves the low throughput and scalability problems of blockchain.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.6
• /
• pp.1191-1196
• /
• 2017

Lately, the three mobile telecom companies in Korea are competing for the launch of Internet of Things services for using home. Typical launched services are in the smart home related fields. However, Internet of Things as mobile telecom based are at an early stage, expected that various services will be started continuously. At this point, we have been planning to analyze the preference of Internet of Things for objects based on the services already launched. In order to apply the analytic hierarchy method, the first stage factors were designed as Safety, Security, Health care, Intelligence and Home appliances. In addition, the second stage factors were organized into 18 detailed services presented in the conceptual model. As a result, Health care (23.2%) was the most preferred priority. These results can be interpreted as the result of interest in health by improving income. We presented the theoretical and practical implications of these results.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.6
• /
• pp.1121-1126
• /
• 2017

Recently, the importance of smart gateways that link these with the big data and the development of the Internet of things is getting bigger. The smart gateway includes a network function such as a router and a router, and a sensor network function that links various objects such as a sensor. As the internet market has expanded, network stability and security problems have arisen and VPN technology has been proposed as one of the ways to solve these security problems. Efficient design is needed to implement VPN in low-end smart gateway and SOHO-level Internet environment with poor line quality. In this paper, we propose the concept and principle of VPN tunneling implementation and real - time traffic shaping method according to internet line condition in the Smart Gateway that supports IOT developed based on OpenWRT, the implementation and measured performance indicators are presented.

• Journal of Korean Society of societal Security
• /
• v.2 no.2
• /
• pp.49-54
• /
• 2009

High incident of accidents in construction jobsite became a social problem. According to the International Labour Organization (ILO), more than 60,000 fatal accidents occur each year in construction workplace worldwide. This number of accidents accounts for about 17 percent of all fatal workplace accidents. Especially, accidents from struck-by and falls comprise of over 60 percent of construction fatalities. This paper introduces a prototype of a received signal strength index (RSSI)-based safety monitoring to mitigate the potential accidents caused by falls and struck-by. Correlation between signal strength and noise index is examined to create the distance profile between a transmitter and a receiver. Throughout the distributed sensor nodes attached on potential hazardous objects, the proposed prototype envisions that construction workers with a tracker-tag can identify and monitor their current working environment in construction workplace, and early warning system can reduce the incidents of fatal accident in construction job site.