• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.3
• /
• pp.111-118
• /
• 2023

Cyber attacks are increasing worldwide, and attacks on personal privacy such as CCTV and IP camera hacking are also increasing. If you search for IP camera hacking methods in spaces such as YouTube, SNS, and the dark web, you can easily get data and hacking programs are also on sale. If you use an IP camera that has vulnerabilities used by hacking programs, you easily get hacked even if you change your password regularly or use a complex password including special characters, uppercase and lowercase letters, and numbers. Although news and media have raised concerns about the security of IP cameras and suggested measures to prevent damage, hacking incidents continue to occur. In order to prevent such hacking damage, it is necessary to identify the cause of the hacking incident and take concrete measures. First, we analyzed weak account settings and web server vulnerabilities of IP cameras, which are the causes of IP camera hacking, and suggested solutions. In addition, as a specific countermeasure against hacking, it is proposed to add a function to receive a notification when an IP camera is connected and a function to save the connection history. If there is such a function, the fact of damage can be recognized immediately, and important data can be left in arresting criminals. Therefore, in this paper, we propose a method to increase the safety from hacking by using the connection notification function and logging function of the IP camera.

• Informatization Policy
• /
• v.31 no.2
• /
• pp.82-104
• /
• 2024

Smart home services are growing rapidly as the development of the Internet of Things (IoT) opens the era of the so-called "Connected Living." Although personal information leaks through smart home cameras are increasing, however, users-while concerned-tend to take passive measures to protect their personal information. This study theoretically explained and verified how to design effective software update notification messages for smart home cameras to ensure that users comply with the recommended security behavior (i.e., update installation). In a survey experiment participated in by 120 actual users, the effectiveness of both emotional appeals (i.e., security breach warning images for fear appeals) and rational appeals (i.e., loss-framed messages emphasizing the negative consequences of not installing the updates) were confirmed. The results of this study provide theoretical interpretations and practical guidelines on the message design features that are effective for threat appraisals (i.e., severity, vulnerability) of smart home camera users and their protection motivation.

• Journal of the Economic Geographical Society of Korea
• /
• v.22 no.4
• /
• pp.438-457
• /
• 2019

The main purpose of this paper is to identify the entry types and locational determinants of North Korean workers in cross-border regions between North Korea and China. More specifically, the paper has attempted to divide the entry type of them in the regions into two; 1) entry via transactions between Chinese traders with North Korea and North Korea trade companies, and 2) entry via transactions between Korean-Chinese middlemen and North Korean trade companies. Also, it has analyzed main factors of their locational determinants in the spatial contexts of the regions. There have been changes in two perspectives in terms of the entry paths and types of them in accordance with the transformation of characteristics of United Nations sanction against North Korea from 'call-upon' to 'decide' after UN Security Council Resolution 2094 in 2013. Firstly, main agents who have dealing with North Korean trade companies which have right to dispatch North Korean workers have been changed from Chinese traders into Korean-Chinese brokers who are specialized in the introduction of North Korean workers with one-stop service from visa administrative to labor managements. Secondly, there has been a transfer of North Korean workers in the regions from formal to informal workers who has been admitted into China with a short stay or a tourist visa, and then remained illegally to be employed in China. Therefore, as demands on service which is able to guarantee the security of North Korean informal workers and their managements have increased, Korean-Chinese brokers have been stimulated in the regions after the operation of real international sanctions against overseas North Korean workers. In addition, the main factors of their locational determinants in cross-border regions between North Korea and China are could be analyzed in three perspectives; 1) an increase in real wages in accordance with the reform of the Chinese social insurance system after 2011, 2) the structural vulnerability of labor markets in the regions, 3) the utilization of stable and manageable workers.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.79-90
• /
• 2014

User authentication based on ID and PW has been widely used. As the Internet has become a growing part of people' lives, input times of ID/PW have been increased for a variety of services. People have already learned enough to perform the authentication procedure and have entered ID/PW while ones are unconscious. This is referred to as the adaptive unconscious, a set of mental processes incoming information and producing judgements and behaviors without our conscious awareness and within a second. Most people have joined up for various websites with a small number of IDs/PWs, because they relied on their memory for managing IDs/PWs. Human memory decays with the passing of time and knowledges in human memory tend to interfere with each other. For that reason, there is the potential for people to enter an invalid ID/PW. Therefore, these characteristics above mentioned regarding of user authentication with ID/PW can lead to human vulnerabilities: people use a few PWs for various websites, manage IDs/PWs depending on their memory, and enter ID/PW unconsciously. Based on the vulnerability of human factors, a variety of information leakage attacks such as phishing and pharming attacks have been increasing exponentially. In the past, information leakage attacks exploited vulnerabilities of hardware, operating system, software and so on. However, most of current attacks tend to exploit the vulnerabilities of the human factors. These attacks based on the vulnerability of the human factor are called social-engineering attacks. Recently, malicious social-engineering technique such as phishing and pharming attacks is one of the biggest security problems. Phishing is an attack of attempting to obtain valuable information such as ID/PW and pharming is an attack intended to steal personal data by redirecting a website's traffic to a fraudulent copy of a legitimate website. Screens of fraudulent copies used for both phishing and pharming attacks are almost identical to those of legitimate websites, and even the pharming can include the deceptive URL address. Therefore, without the supports of prevention and detection techniques such as vaccines and reputation system, it is difficult for users to determine intuitively whether the site is the phishing and pharming sites or legitimate site. The previous researches in terms of phishing and pharming attacks have mainly studied on technical solutions. In this paper, we focus on human behaviour when users are confronted by phishing and pharming attacks without knowing them. We conducted an attack experiment in order to find out how many IDs/PWs are leaked from pharming and phishing attack. We firstly configured the experimental settings in the same condition of phishing and pharming attacks and build a phishing site for the experiment. We then recruited 64 voluntary participants and asked them to log in our experimental site. For each participant, we conducted a questionnaire survey with regard to the experiment. Through the attack experiment and survey, we observed whether their password are leaked out when logging in the experimental phishing site, and how many different passwords are leaked among the total number of passwords of each participant. Consequently, we found out that most participants unconsciously logged in the site and the ID/PW management dependent on human memory caused the leakage of multiple passwords. The user should actively utilize repudiation systems and the service provider with online site should support prevention techniques that the user can intuitively determined whether the site is phishing.

• Korean Journal of Agricultural Science
• /
• v.31 no.2
• /
• pp.135-148
• /
• 2004

Rice is not only main food but also key farm income source of Korean farmers. In spite of the above facts, rice productivity was decreased on account of drought in every 2 or 3 years interval owing to the vulnerability of irrigation facilities throughout Korea in the past decades. As an context of the first five year economic development plan, all weather farming programme including 4 big river basin comprehensive development projects and large and medium sized irrigation water development projects were carried out successfully. Therefore the area of irrigated paddy were increased from 58% in 1970 to 76.2% in 1999. In the past decades, the Government had invested heavy financial funds to develop irrigation water but as an factor share analysis, the contribution rates of irrigation water and investment for farmland base development project have not been identified yet in national agricultural economic level. It is very scarce to find out the papers concerned to macro-economic factor share analysis or contribution rates of water and investment cost to rice production value in Korea considering the production function of the quantity of irrigation water and investment cost as independent variables. Accordingly this paper covered and aimed at identifying (1) derivation of rice production function with the time serial data from 1965 to 1999 and the contribution rates of irrigation water and total investment cost for farmland base development project. The analytical model of the contribution rates was adapted the famous Cobb-Douglass production function. According to the model analysis, the contribution rate of irrigation water to rice production in Korea was shown 37.8% which was equivalent to 0.28 of the production elasticity of water. The contribution rate of farmland base development project cost was revealed 22% and direct production cost of rice was contributed 60% in the growth of rice production and farm mechanization costs contributed to 18% of it respectively. The two contribution rates comparing with the direct production cost were small but without irrigation water and farmland base development, application of high-pay off inputs and farm mechanization might be impossible. Considering the food security and to cope with the frequent drought, rice farming and investment for the irrigation water development should be continued even in WTO system.

• Journal of the Korean Society of Hazard Mitigation
• /
• v.10 no.4
• /
• pp.63-68
• /
• 2010

Utility-Pipe Conduit is, Housing and city effectively accommodate what they absolutely need power, communications, gas, pipeline, water supply, drainage, energy facilities etc, according to expansion of urban infrastructure are derived, several ways to solve problems in, collection facilities in place are maintained and managed facility. If Utility-Pipe Conduit is damaged, as well as national security, because their impact on society as a whole, by introducing large vulnerability in the fire prevention activities and suppression measures and disaster for our situation by introducing measures, comprehensive analysis of the fire risk, it shall establish fire prevention activities and suppression through analysis of Utility-Pipe Conduit design, institutional issues, the problem of fire protection facilities, fire spread phenomenon etc. Because of Utility-Pipe Conduit is an enclosed place, so incomplete combustion due to lack of oxygen supply that there are problem such dark smoke, carbon monoxide etc, toxic combustion products and heat generation and visual impairment is an issue difficult to enter. As well as fire prevention activities, the fire In light of the particularity of the under ground than above ground fire, so this phenomenon is weak fire fighting that fire to become effective fire fighting tactics, basically it is necessary difficulty softening, non-burn softening and prevent combustion expansion of the cable is installed on the Utility-Pipe Conduit, having to considering the specificity of the response command system and relevant organizations to establish an on-site, Structural identification and other information gathering required to record of Response agencies, keep air conditioning system 24 hours and strengthening Virtual Total Training of Response agen

• The KIPS Transactions:PartA
• /
• v.15A no.1
• /
• pp.45-52
• /
• 2008

In this paper we define a vulnerable code to symbolic link exploit and propose a technique to detect this using program analysis. The existing methods to solve symbolic link exploit is for protecting it, on accessing a temporary file they should perform an investigation whether the file is attacked by symbolic link exploit. If programmers miss the investigation, the program may be revealed to symbolic link exploit. Because our technique detects all the vulnerable codes to symbolic link exploit, it helps programmers keep the program safety. Our technique add two type qualifiers to the existing type system to analyze vulnerable codes to symbolic link exploit, it detects the vulnerable codes using type checking including the added type qualifiers. Our technique detects all the vulnerable codes to symbolic link exploit automatically, it has the advantage of saving costs of modifying and of overviewing all codes because programmers apply the methods protecting symbolic link exploit to only the detected codes as vulnerable. We experiment our analyzer with widely used programs. In our experiments only a portion of all the function fopen() is analyzed as the vulnerabilities to symbolic link exploit. It shows that our technique is useful to diminish modifying codes.

• Journal of Convergence for Information Technology
• /
• v.10 no.11
• /
• pp.55-63
• /
• 2020

The IoT technology is a field that applies and converges the technologies in the existing industrial environment, instead of new technologies. The IoT technology is releasing various application services converged with other industries such as smart home, healthcare, construction, and automobile, and it is also possible to secure the work efficiency and convenience of users of IoT-based technologies. However, the security threats occurring in the IoT-based technology environment are succeeding to the vulnerability of the existing wireless network environment. And the occurrence of new and variant attacks in the combination with the ICT convergence environment, is causing damages. Thus, in the IoT technology-based environment, it would be necessary to have researches on the safe transmission of messages in the communication environment between user and device, and device and device. This thesis aims to design a safe communication protocol in the IoT-based technology environment. Regarding the suggested communication protocol, this thesis performed the safety analysis on the attack techniques occurring in the IoT technology-based environment. And through the performance evaluation of the existing PKI-based certificate issuance system and the suggested communication protocol, this thesis verified the high efficiency(about 23%) of communication procedure. Also, this thesis verified the reduced figure(about 65%) of the issued quantity of certificate compared to the existing issuance system and the certificate management technique.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.10
• /
• pp.67-76
• /
• 2023

Although deep learning models are making innovative achievements in the field of computer vision, the problem of vulnerability to adversarial examples continues to be raised. Adversarial examples are attack methods that inject fine noise into images to induce misclassification, which can pose a serious threat to the application of deep learning models in the real world. In this paper, we propose a model that detects adversarial examples using differences in predictive values between edge-learned classification models and underlying classification models. The simple process of extracting the edges of the objects and reflecting them in learning can increase the robustness of the classification model, and economical and efficient detection is possible by detecting adversarial examples through differences in predictions between models. In our experiments, the general model showed accuracy of {49.9%, 29.84%, 18.46%, 4.95%, 3.36%} for adversarial examples (eps={0.02, 0.05, 0.1, 0.2, 0.3}), whereas the Canny edge model showed accuracy of {82.58%, 65.96%, 46.71%, 24.94%, 13.41%} and other edge models showed a similar level of accuracy also, indicating that the edge model was more robust against adversarial examples. In addition, adversarial example detection using differences in predictions between models revealed detection rates of {85.47%, 84.64%, 91.44%, 95.47%, and 87.61%} for each epsilon-specific adversarial example. It is expected that this study will contribute to improving the reliability of deep learning models in related research and application industries such as medical, autonomous driving, security, and national defense.

• Maritime Security
• /
• v.1 no.1
• /
• pp.215-240
• /
• 2020

In 2017, the U.S. DARPA coined 'mosaic warfare' as a new way of warfighting. According to the Timothy Grayson, director of DARPA's Strategic Technologies Office, mosaic warfare is a "system of system" approach to warfghting designed around compatible "tiles" of capabilities, rather than uniquely shaped "puzzle pieces" that must be fitted into a specific slot in a battle plan in order for it to work. Prior to cover mosaic warfare theory and recent development, it deals analyze its background and several premises for better understanding. The U.S. DoD officials might acknowledge the current its forces vulnerability to the China's A2/AD assets. Furthermore, the U.S. seeks to complete military superiority even in other nation's territorial domains including sea and air. Given its rapid combat restoration capability and less manpower casualty, the U.S. would be able to ready to endure war of attrition that requires massive resources. The core concept of mosaic warfare is a "decision centric warfare". To embody this idea, it create adaptability for U.S. forces and complexity or uncertainty for the enemy through the rapid composition and recomposition of a more disag g reg ated U.S. military force using human command and machine control. This allows providing more options to friendly forces and collapse adversary's OODA loop eventually. Adaptable kill web, composable force packages, A.I., and context-centric C3 architecture are crucial elements to implement and carry out mosaic warfare. Recently, CSBA showed an compelling assessment of mosaic warfare simulation. In this wargame, there was a significant differences between traditional and mosaic teams. Mosaic team was able to mount more simultaneous actions, creating additional complexity to adversaries and overwhelming their decision-making with less friendly force's human casualty. It increase the speed of the U.S. force's decision-making, enabling commanders to better employ tempo. Consequently, this article finds out and suggests implications for Korea armed forces. First of all, it needs to examine and develop 'mosaic warfare' in terms of our security circumstance. In response to future warfare, reviewing overall force structure and architecture is required which is able to compose force element regardless domain. In regards to insufficient defense resources and budget, "choice" and "concentration" are also essential. It needs to have eyes on the neighboring countries' development of future war concept carefully.