• Journal of Korea Multimedia Society
• /
• v.14 no.10
• /
• pp.1335-1347
• /
• 2011

The dissemination and use of mobile applications have been rapidly expanding these days. And in such a situation, the security of mobile applications has emerged as a new issue. Although the safety of general software such as desktop and enterprise software is systematically achieved from the development phase to the verification phase through secure coding, there have been not sufficient studies on the safety of mobile applications yet. This paper deals with deriving weakness enumeration specialized in mobile applications and implementing a tool that can automatically analyze the derived weakness. Deriving the weakness enumeration can be achieved based on CWE(Common Weakness Enumeration) and CERT(Computer Emergency Response Team) relating to the event-driven method that is generally used in developing mobile applications. The analysis tool uses the dynamic tests to check whether there are specified vulnerabilities in the source code of mobile applications. Moreover, the derived vulnerability could be used as a guidebook for programmers to develop mobile applications.

• Journal of Advanced Navigation Technology
• /
• v.22 no.1
• /
• pp.13-19
• /
• 2018

In this paper, we classified a flight pattern of unmanned aerial vehicle(UAV) which will be operating in UTM system and analyzed its flight pattern by purpose of use. Flight patterns of UAV are sorted into three patterns which are circling, monitoring and delivery. We considered four cases of industry areas using UAV which are agriculture, infrastructure monitoring, public safety & security(p.s.s) and delivery. It is necessary to build a simulation model as a verification tool for applying the flight pattern according to the use of UAV to the real UTM system. Therefore, we propose the simulation model of UAV with updating states over time. We applied simulation to UAV monitoring flight pattern, and confirmed that the flight was done by the given input data. The simulation model will be used in the future to verify that the UAV has various flight patterns and can operate safely and efficiently for the intended use.

• Journal of Advanced Navigation Technology
• /
• v.24 no.2
• /
• pp.134-141
• /
• 2020

Telemetry system is a communication system that measures and transmits various signals in the aircraft to the ground for collecting and monitoring flight data during the development of unmanned air vehicle and satellite launch vehicles. With the recent development of wireless communication technology, it is becoming important to apply encryption of telemetry system to prepare with security threats that may occur during flight data transmission. In this paper, we suggested and implemented the application method of ARIA-256, Korean standard encryption algorithm, to apply encryption to telemetry system. In consideration of the block error propagation and the telemetry frame characteristics, frame is encrypted using the CTR mode and can apply the Reed-solomon codes recommended by CCSDS. ARIA algorithm and cipher frame are implemented in FPGA, and simulation and hardware verification system confirmed continuous frames encryption.

• Journal of KIISE:Information Networking
• /
• v.37 no.3
• /
• pp.187-197
• /
• 2010

The fusion stream of recent broadcasting and communication make multimedia content served in the area of broadcasting into IPTV service which transmits it through high-speed internet, cable TV net and satellite net in realtime. However, as the digital broadcasting service is extended to various media, the security of IPTV service content provided to users by service provider is not fully supported by CAS(Conditional Access System) provided by existing broadcasting system. This paper proposes interactive certification protocol which can efficiently distinguish the receiving-qualification of user between Set-Top Box and Smart Card which are parts of configurations for IPTV system. The proposed protocol uses hash function to make Set-Top Box transmit receiving-qualification about the channel fee which user pays more properly than existing protocol. Also, the proposed protocol uses session key generated between receiver and smart card through inter certification process and encrypts EMM not the service to be used by anyone illegally.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2276-2291
• /
• 2017

Data protection of removable storage devices is an important issue in information security. Unfortunately, most existing data protection mechanisms are aimed at protecting computer platform which is not suitable for ultra-low-power devices. To protect the flash disk appropriately and efficiently, we propose a trust based USB flash disk, named UTrustDisk. The data protection technologies in UTrustDisk include data authentication protocol, data confidentiality protection and data leakage prevention. Usually, the data integrity protection scheme is the bottleneck in the whole system and we accelerate it by WH universal hash function and speculative caching. The speculative caching will cache the potential hot chunks for reducing the memory bandwidth pollution. We adopt the symmetric encryption algorithm to protect data confidentiality. Before mounting the UTrustDisk, we will run a trusted virtual domain based lightweight virtual machine for preventing information leakage. Besides, we prove formally that UTrustDisk can prevent sensitive data from leaking out. Experimental results show that our scheme's average writing throughput is 44.8% higher than that of NH scheme, and 316% higher than that of SHA-1 scheme. And the success rate of speculative caching mechanism is up to 94.5% since the access pattern is usually sequential.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.2
• /
• pp.293-298
• /
• 2009

In this contribution, a 193-bit elliptic curve cryptography coprocessor was implemented on an FPGA board. Optimized algorithms and numerical expressions which had been verified through C program simulation, should be analyzed again with HDL (hardware description language) such as Verilog, so that the verified ones could be modified to be applied directly to hardware implementation. The reason is that the characteristics of C programming language design is intrinsically different from the hardware design structure. The hardware IP which was double-checked in view of hardware structure together with algoritunic verification, was implemented on the Altera CycloneII FPGA device equipped with ARM9 microprocessor core, to a real chip prototype, using Altera embedded system development tool kit. The implemented finite field calculation IPs can be used as library modules as Elliptic Curve Cryptography finite field operations which has more than 193 bit key length.

• The Journal of Korean Association of Computer Education
• /
• v.13 no.3
• /
• pp.55-63
• /
• 2010

In order to solve the problems of maintenance and security for information-infrastructure, public organizations and some of leading companies adopted Server Based Computing(SBC) infrastructure. The effectiveness and possibility of SBC has become focused with the Cloud-Computing infrastructure, which is a extended concept of SBC, as it is being magnified as a main part among the internet business models for the next generation. The purpose of this study was to analyze its probability in elementary and secondary school and find out its effectiveness. In order to do this, three model schools have been selected from GyeongBuk, ChungNam, ChungBuk province and they were managed by SBC infrastructure. And We conducted analysis of satisfaction for teachers and students, interview with teachers and classroom observation as a effectiveness verification. As the results of the analysis, First, we can find out which part we should consider more when we are to adopt SBC infrastructure. Second, the level of satisfaction for teachers is 3.45 and students is 3.2. Therefore, this study was concluded to contribute to find directions what should be considered when setting the SBC infrastructure in elementary and secondary schools.

• The Journal of Society for e-Business Studies
• /
• v.24 no.4
• /
• pp.135-149
• /
• 2019

Accounts receivable insurance is a system in which small and medium-sized enterprises insure the accounts receivables acquired by the purchasing company, and the insurance company pays when the purchaser fails to pay the debts. Accounts receivable insurance is a very effective means of eliminating the risk of loss due to the counterparty default, and it is economically effective to protect the domestic industry by preventing the bankruptcy of one company leading to a chain bankruptcy of other companies. In this study, we constructed a business model of the accounts receivable insurance, by building an infrastructure based on a private blockchain in activating the accounts receivable insurance accounts. The accounts receivable insurance platform using these blockchain technologies not only addressed the problem of document and reliability verification for insurance, but also sought ways to facilitate accounts receivable insurance by small businesses through rapid transaction rates, easy network expansion and access management based on private blockchain.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.77-82
• /
• 2013

PKMv2 security protocol was adopted by the WiMax2 mobile internet communication standard. A base station and a mobile station protect communication data using key based encryption according to the PKMv2 protocol. Consequently, each development of a base station and/or mobile station includes implement of the PKMv2 protocol, and the station must qualifies various interoperable tests. Furthermore, communication bandwidth of the station can be limited by the encryption module when the station implemented based on a low-performance processor. Thus, a correspondence measurement of the encryption module must be carried on the target processor. In this paper, we implement a testbed which affords throughput measurement as well as the interoperable tests by PKMv2.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.201-208
• /
• 2020

Recently, the application of personal proofing service based on social security number(SSN) replacement means for verifying identity in non-face-to-face transactions is increasing. In this paper, we propose a method of applying differentiated personal proofing service on whether identity verification is necessary in the online service provided by ISP and if it is appropriate to apply a certain level of assurance. By analyzing the requirements related to personal proofing required by current ISPs, we analyze the risks for each of the requirements and propose a method of applying differentiated personal proofing service according to the level of identity assurance guarantee to minimize the risks. In applying the proposed method to online service provision, it is possible to reduce user's unnecessary authentication cost by minimizing the application of personal proofing service based on alternative means, and to help protect user personal information by minimizing excessively collected personal information.