• Journal of KIISE:Software and Applications
• /
• v.31 no.9
• /
• pp.1226-1232
• /
• 2004

Biometric authentication is rising technology for the security market of the next generation. But most of biometric systems are developed using only one of various biological features. Recently, there is a vigorous research for the standardization of various biometric systems. In this paper, we propose a web-based authentication system using three other verifiers based on functional, parametric, and structural approaches for one biometrics of handwritten signature, which is conformable to a specification of BioAPI introduced by BioAPI Consortium for a standardization of biometric technology. This system is developed with a client-server structure, and clients and servers consist of three layers according to the BioAPI structure. The proposed neb-based multiple authentication system of one biometrics can be used to highly increase confidence degree of authentication without additional several biological measurements, although rejection rate is a little increased. That is, the false accept rate(FAR) decreases on the scale of about 1:40,000, although false reject rate(FRR) increases about 2.7 times in the case of combining above three signature verifiers. So the proposed approach can be used as an effective identification method on the internet of an open network. Also, it can be easily extended to a security system using multimodal biometrics.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.7
• /
• pp.303-310
• /
• 2013

As the role of software increases in computing environments, issues in software security become more important problems. Dynamic taint analysis is a technique to trace and manage tainted data originated from unreliable sources during the execution of a program. This analysis can be applied to software security verification as well as software behavior understanding, testing unexpected errors, or debugging. In the previous researches, they focussed only to show the analysis results of dynamic taint analysis, and they did not logically describe propagation process of tainted data and analysis procedures. So, there were difficulties in understanding the analysis procedures or applying to other analysis. In this paper, by theoretically describing the analysis procedure, we logically show how the propagation process of tainted data can be traced, and present a theoretical model for dynamic taint analysis. In addition, we verify the correctness of the proposed model by implementing an analyser, and show that propagation of tainted data can be traced by the model. The proposed model can be applied to understand the analysis procedures of data flows in dynamic taint analysis, and can be used as an base knowledge for designing and implementing analysis method, which applies such analysis method.

• Journal of Internet Computing and Services
• /
• v.6 no.3
• /
• pp.17-30
• /
• 2005

A PAK(Password-Authenticated Key Exchange) protocol is used as a protocol to provide both the mutual authentication and allow the communication entities to share the session key for the subsequent secure communication, using the human-memorable portable short-length password, In this paper, we propose distributed key exchange protocols applicable to a smartcard using the MTI(Matsumoto, Takashima, Imai) key distribution protocol and PAK protocol. If only one server keeps the password verification data which is used for password authentication protocol. then It could easily be compromised by an attacker, called the server-compromised attack, which results in impersonating either a user or a server, Therefore, these password verification data should be distributed among the many server using the secret sharing scheme, The Object of this paper Is to present a password-based key exchange protocol which is to allow user authentication and session key distribution, using the private key in a smartcard and a password typed by a user. Moreover, to avoid the server-compromised attack, we propose the distributee key exchange protocols using the MTI key distribution protocol, And we present the security analysis of the proposed key exchange protocol and compare the proposed protocols with the existing protocols.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.1
• /
• pp.185-191
• /
• 2015

This paper suggest the safety class communication board in order to design the safety network of the nuclear safety class controller. The reactor protection system use the digitized networks because from analog system to digital system. The communication board shall be provided to pass the required performance and test of the safety class in the digital network used in the nuclear safety class. Communication protocol is composed of physical layer(PHY), data link layer(MAC: Medium Access Control), the application layer in the OSI 7 layer only. The data link layer data package for the cyber security has changed. CRC32 were used for data quality and the using one way communication, not requests and not responses for receiving data, does not affect the nuclear safety system. It has been designed in accordance with requirements, design, verification and procedure for the approving the nuclear safety class. For hardware verification such as electromagnetic test, aging test, inspection, burn-in test, seismic test and environmental test in was performed. FPGA firmware to verify compliance with the life-cycle of IEEE 1074 was performed by the component testing and integration testing.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.20 no.6
• /
• pp.299-312
• /
• 2021

Autonomous vehicles using V2X can drive safely information on areas outside the sensor coverage of autonomous vehicles conventional autonomous vehicles. As V2X technology has emerged as a key component of autonomous vehicles, research on V2X security is actively underway research on risk analysis due to failure of V2X communication is insufficient. In this paper, the service scenario and function of autonomous driving system V2X were derived by presenting the intersection scenario of the autonomous vehicle, the malfunction was defined by analyzing the hazard of V2X. he ISO26262 Part3 process was used to analyze the risk of malfunction of autonomous vehicle V2X. In addition, a fault injection scenario was presented to verify the fail-safe of the simulation-based intersection scenario.

• Journal of Korean Society of Disaster and Security
• /
• v.12 no.3
• /
• pp.13-24
• /
• 2019

The concept of shape similarity has been applied to verify the accuracy of the SIND model, the real-time prediction model for disaster risk. However, the CRITIC method, one of the most widely used in geometric methodology, is definitely limited to apply to complex shape such as hazard map for coastal disaster. Therefore, we suggested the modified CRITIC method of which we added the shape factors such as RCCI and TF to consider complicated shapes. The matching pairs were manually divided into exact-matching pairs and mis-matching pairs to evaluate the applicability of the new method for shape similarity into hazard maps for storm surges. And the shape similarity of each matching pair was calculated by changing the weights of each shape factor and criteria. Newly proposed methodology and the calculated weights were applied to the objects of the existent hazard map and the results from SIND model. About 90% of exact-matching pairs had the shape similarity of 0.5 or higher, and about 70% of mis-matching pairs were it below 0.5. As future works, if we would calibrate narrowly and adjust carefully multi-objects corresponding to one object, it would be expected that the shape similarity of the exact-matching pairs will increase overall while it of the mis-matching pairs will decrease.

• Journal of Internet Computing and Services
• /
• v.17 no.4
• /
• pp.95-113
• /
• 2016

Personal information processing works, including resident registration number is common to be consigned by IT specialized company due to high level expertise and tremendous cost. The accident related to personal information is increasing and most of accidents are caused by the consignee's leaking information. According to the Inspection of personal information protection and the management level diagnosis of personal information protection, public Institutions need to build the consignee's accident prevention and personal information management system as soon as possible. In this paper, the efficient enhancement ways for the personal information protection is studied. We analyze the law of business consignment and select basic management items related with personal information protection, and propose a analysis scheme for management level of personal information protection and a enhancement scheme for management system of personal information protection. This paper suggests consignee's management system of personal information protection for the enhancement way and the three Strengthening ways in law. To compose the a enhancement scheme for management system of personal information protection, we conduct questionnaire survey to 30 consignees(IT maintenance, notice printing, call center, welfare center) related to typical tasks of public organizations, present reference for this scheme, and execute verification of this scheme by focus group interview of consignor and consignee.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1119-1127
• /
• 2018

Most of the cyber attacks are caused by malicious codes. The damage caused by cyber attacks are gradually expanded to IoT and CPS, which is not limited to cyberspace but a serious threat to real life. Accordingly, various malicious code analysis techniques have been appeared. Dynamic analysis have been widely used to easily identify the resulting malicious behavior, but are struggling with an increase in Anti-VM malware that is not working in VM environment detection. On the other hand, static analysis has difficulties in analysis due to various packing techniques. In this paper, we proposed malware classification techniques regardless of known packers or unknown packers through the proposed model. To do this, we designed a model of supervised learning and unsupervised learning for the features that can be used in the PE structure, and conducted the results verification through 98,000 samples. It is expected that accurate analysis will be possible through customized analysis technology for each class.

• Korean Security Journal
• /
• no.12
• /
• pp.25-50
• /
• 2006

Private detectives and investigators offer many services, including executive, corporate, and celebrity protection; pre-employment verification; and individual background profiles. They also investigate computer crimes, personal injury cases, insurance claims and fraud, child custody and protection cases, missing persons cases, and premarital screening. This paper focuses on a private detective or investigator system in most developed U.S.A, but it is not easy to describe that system. Licensing requirements vary in U.S.A. Some States have few requirements, and many other States have stringent regulations. A growing number of States are enacting mandatory training programs for private detectives and investigators. Employment and need of private detectives and investigators is expected to grow faster than the average for all occupations. Thus, it is reasonable that korean government should permit private investigation service find the way to minimize the side effects of private investigation service instead of banning the service totally.

• Korean Security Journal
• /
• no.14
• /
• pp.261-283
• /
• 2007

In recent studies for explaining the causation of crime fear shows interest and effort in studies attempting microscopical individual level and macroscopical local level of sex, age, economic level, crime damage level and etc. However, in this study, it is considered that interest and analysis of individual on characteristics of these local level may has its difference depends on crime damage experience in the past, fragility precision of crime damage and interest on crime relating information and processed positive analysis on characteristics of individual and relation of crime fear on individual level before making an attempt of connecting microscopical level and macroscopical level. Therefore, the purpose of this study is on positive verification of how people feel about crime fear depends on individual's characteristic and also how much effect would they receive. As the result of this study, it is shown that first, population statistical characteristics that crime damage experience is statistically meaningful of its difference of each group are age, status of marriage, final education status and residential area and for the fragility precision of crime damage was sex and status of marriage and for the interest about the crime relating information has meaningful difference statistically of each group depends on sex, age, final education status, income of the house and location of residential area. Second, after processing correlation analysis on individual characteristic primary factor and crime fear, the result of 3 primary factor independent variable all shows statistically meaningful correlation with crime fear and especially fragility primary factor on crime damage showed the most high correlation with crime fear. Lastly, fragility of crime damage, interest on crime information and crime damage experience has effected as characteristics of individual and especially fragility of crime damage which the person thought to be the most fragility on crime damage out of these individual characteristic primary factor showed to have the most effecting primary factor.