• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.10
• /
• pp.323-328
• /
• 2014

ZigBee based on the most vulnerable part of u-Healthcare system that uses the ZigBee communication is the wireless section. ZigBee communication sectors to identify vulnerabilities in this paper, we propose to compensate. ZigBee has been raised from the existing vulnerabilities organize and ZigBee also uses the 64bit address that uniquely identifies a vulnerability that was defined as exposure. And to prevent the exposure of a unique identifying address was used to address a temporary identification. ZigBee security services, the proposed system during the Network Key for encryption only use one mechanism of Residential Mode is used. Residential Mode on all nodes of the entire network because they use a common key, the key is stolen, your network's security system at a time are at risk of collapse. Therefore, in order to guard against these risks to the security policy Network Key updated periodically depending on the method used to. The proposed evaluation and comparative analysis of the system were exposed in the existing system can hide the address that uniquely identifies a public key Network Key also updated periodically, so that leaks can occur due to reduced risk.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.5
• /
• pp.36-46
• /
• 2019

The number of hosts connected to the Internet has increased dramatically, introducing the Domain Name System(DNS) in 1984. DNS is now an important key point for all users of the Internet by allowing them to use a convenient character address without memorizing a series of numbers of complex IP address. However, relative to the importance of DNS, there still exist many problems such as the authorization allocation issue, the disputes over public registration, security vulnerability such as DNS cache poisoning, DNS spoofing, man-in-the-middle attack, DNS amplification attack, and the need for many domain names in the age of hyper-connected networks. In this paper, to effectively improve these problems of existing DNS, we proposed a method of implementing DNS using distributed ledger technology, blockchain, and implemented using a Ethereum-based platform. In addition, the qualitative analysis performance comparative evaluation of the existing domain name registration and domain name server was conducted, and conducted security assessments on the proposed system to improve security problem of existing DNS. In conclusion, it was shown that DNS services could be provided high security and high efficiently using blockchain.

• Journal of Korea Water Resources Association
• /
• v.47 no.10
• /
• pp.891-906
• /
• 2014

This study suggests the hedging rule of MIP (Mixed Integer Programing) in counting the risk evaluation criteria of the objective function and constraints in order to provide the optimum operating rule in reservoir system as constraining water shortage as much as possible which may happen in the downstream control point of water supply in the aspect of water system management. The proposed model is applied to the Han-river reservoir system for two testing periods (Case I: Jan. 1993~Dec. 1997, Case II: Jan. 1999~Dec. 2003). The model based on the hedging rule with trigger volume, estimated in this study shows that in Case I, the monthly minimum discharge was $310.6{\times}10^6m^3$ in the single operation, $56.3{\times}10^6m^3$ in the joint operation, and $317.5{\times}10^6m^3$ in the hedging rule and also, in Case II, the monthly minimum discharge was found to be $204.2{\times}10^6m^3$ in the single operation, $111.2{\times}10^6m^3$ in the joint operation, and $243.7{\times}10^6m^3$ in the hedging rule. In conclusion, the hedging rule, proposed in this study can decrease vulnerability while guarantees reliability and resiliency.

• Journal of the Society of Disaster Information
• /
• v.13 no.2
• /
• pp.155-162
• /
• 2017

This study has some issues about the elderly, the disabled, and the vulnerable groups whose economic ability is low even if the disaster or disaster situation is not a big problem for the people. we should emphasize the necessity of disaster preparedness action manual considering the characteristics of disaster vulnerable classes and taking serious risks to them even in the same situation. We also want to conduct research only for people with disabilities who are choosing the same definition of the world among the vulnerable groups. I would like to provide a basis for developing a site action manual for people with disabilities by comparing the cases of Korea and Japan. Therefore, through the cases of Japan and Korea, it is possible to maintain the independence of everyday life during disasters, the communication function in disasters, the method of moving information and mobile information, the function of recognizing emergency response, Action Emphasize the urgency of developing action manuals. From this domestic situation, we will conclude the discussion on the disaster safety and action manual for the disabled.

• Journal of Navigation and Port Research
• /
• v.34 no.3
• /
• pp.175-180
• /
• 2010

In the almost application parts, GNSS being used the primary navigation system on world-widely. However, some of nations attempt or deliberate to enhance current Loran system, as a backup to satellite navigation system because of the vulnerability to the disturbance signal. Loran interests in supplemental navigation system by the development and enhancement, which is called eLoran, and that consists of advancement of receiver and transmitter and of differential Loran in order to increase the accuracy of current Loran-C. A significant factor limiting the ranging accuracy of the eLoran signal is the ASF in the TOAs observed by the receiver. The ASF is mostly due to the fact that the ground-wave signal is likely to propagate over paths of varying conductivity and topography. This paper presents comparison results between the predicted ASF and the measured ASF in a southern east region of Korea. For predicting ASF, the Monteath model is used. Actual ASF is measured from the legacy Loran signal transmitted Pohang station in the GRI 9930 chain. The test results showed the repeatability of the measured ASF and the consistent characteristics between the predicted and the measured ASF values.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.911-918
• /
• 2014

Over the past few years, security breaches have been consistently reported around the world. Especially, people's personal information are at risk of being breached as the firms gather and utilize the information for their marketing purposes. As an effort to revamp their data infrastructures, companies have rebuilt their system that almost every data, including the personal information, are stored within the digital database. However, this migration provides easier access to the database but it has also increased the system vulnerability. As the data can be easily exposed to the unauthorized personnel both intentionally and unintentionally, it is necessary for companies to establish a set of security protocol and operate the personal information protection system. There are two major certified security system in South Korea; PIMS from KISA and PIPL from NIA. This paper analyzes the preferences of SMEs and small business using conjoint attributes of PIMS and PIPL. The study shows that the business owners take post certification rewards as the most important factor. It also shows that the attributes that have the highest utility rates are the following; 1) KISA certification, 2) 79 points of protection counter measurements, 3) 28 items of life cycle, 3) 50 percent discount on certification fee, and 4) Reduced amount of fine for personal information leakage incident.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.145-153
• /
• 2018

SSL (Secure Socket Layer) and TLS (Transport Layer Security) are widely used protocols for secure and encrypted communication over a computer network. However, there have been reported several security vulnerabilities of SSL/TLS over the years. The vulnerabilities can let an adversary carry out critical attacks on SSL/TLS enabled servers. In this paper, we have developed a system which can periodically scan SSL/TLS vulnerabilities on internal network servers and quickly detects, reports and visualizes the vulnerabilities. We have evaluated the system on working servers of Naver services and analyzed detected vulnerabilities. 816 vulnerabilities are found on 213 internal server domains (4.2 vulnerabilities on average) and most vulnerable servers are not opened to public. However, 46 server domains have old vulnerabilites which were found 2016. We could patch and response to SSL/TLS vulnerabilites of servers by leveraging the proposed system.

• Journal of Navigation and Port Research
• /
• v.43 no.1
• /
• pp.42-48
• /
• 2019

The significance of PNT information in the fourth industrial revolution is viewed differently in relation to the past. Autonomous vehicles, autonomous vessels, smart grids, and national infrastructure require sustainable and reliable services in addition to their high precision service. Satellite navigation system, which is the most representative system for providing PNT information, receive signals from satellites outside the earth so signal reception power is low and signal structures for civilian use are open to the public. Therefore, it is vulnerable to intentional and unintentional interference or hacking. Satellite navigation systems, which can easily acquire high performance of PNT information at low cost, require alternatives due to its vulnerability to the hacking. This paper proposed R-Mode (Ranging Mode) technology that utilizes currently operated navigation and communication infrastructure in terms of Signals of OPportunity (SoOP). For this, the Nationwide Differential Global Navigation Satellite System (NDGNSS), which currently gives a service of Medium Frequency (MF) navigation signal broadcasting, was used to validate the feasibility of a backup infrastructure in domestic maritime areas through simulation analysis.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.187-196
• /
• 2020

In order to manage information security risk, various information security level evaluation and information security management system certification have been conducted on a larger scale than ever. However, there are continuous cases of infringement of information protection for companies with excellent information security evaluation and companies with excellent information security management system certification. The existing information security risk management methodology identifies and analyzes risks by identifying information assets inside the information system. Existing information security risk management methodology lacks a review of where cyber threats come from and whether security devices are properly operated for each route. In order to improve the current risk management plan, it is necessary to look at where cyber threats come from and improve the containment level for each inflow section to absolutely reduce unnecessary cyber threats. In addition, it is essential to measure and improve the appropriate configuration and operational level of security equipment that is currently overlooked in the risk management methodology. It is necessary to block and enter cyber threats as much as possible, and to detect and respond to cyber threats that inevitably pass through open niches and use security devices. Therefore, this paper proposes additional evaluation items for evaluating the containment level against cyber threats in the ISMS-P authentication items and vulnerability analysis and evaluation items for major information and communication infrastructures, and evaluates the level of security equipment configuration for each inflow.

• The Journal of the Convergence on Culture Technology
• /
• v.10 no.5
• /
• pp.189-193
• /
• 2024

As cyber threats increase in the defense sector, the security of weapon system software is becoming increasingly important. Currently, most of the embedded software installed in domestic weapon systems operates based on foreign real-time operating systems(RTOS) that have no security. As a result, the localization and security enhancement of embedded software for weapon systems have emerged as urgent tasks. This study aims to propose the application and development strategies of secure RTOS for weapon systems. To this end, we examined the technological trends of domestic and foreign RTOS and secure RTOS, and analyzed the problems of current embedded software in weapon systems. The results revealed major issues such as low localization, vulnerability to cyber attacks, difficulty in maintenance, increased costs, and loss of opportunities for accumulating technological capabilities. An investigation of the current status of embedded software applied to existing weapon systems found that embedded SW are in operation across all fields, including maneuver, firepower, protection, command and control, communication, naval vessels, and aircraft. Among them, 99% rely on foreign RTOS such as VxWorks. A review of the core functions and applicability of secure RTOS to weapon systems suggests that it can be applied to key areas requiring real-time performance and security, such as fire control, navigation devices, and flight control in existing and future weapon systems. However, ensuring performance and reliability, securing verification and compatibility, and systematic government support were raised as prerequisites.