• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.5-15
• /
• 2015

Electronic transactions have been increasing with the development of the high-speed Internet and wireless communication. However, in recent years financial corporations and mobile carriers were attacked by hackers. And large numbers of privacy information have been leaked. In particular, in the case of credit card information can be misused in the online transaction, and the damage of this given to cardholder. To prevent these problems, it has been proposed to use a virtual card number instead of the actual card number. But it has security vulnerability and requires additional security infrastructure. In this paper, we analyzed the proposed virtual card number schemes. and we propose a new virtual credit card number scheme. In the newly proposed scheme, cardholder generates a key pair (public key/private key) and pre-register public key to the issuer. then, cardholder can pay no additional security infrastructure while still efficiently satisfy the security requirements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.397-405
• /
• 2018

Blacklist-based tools are most commonly used to effectively detect suspected malicious processes. The blacklist-based tool compares the malicious code extracted from the existing malicious code with the malicious code. Therefore, it is most effective to detect known malicious codes, but there is a limit to detecting malicious code variants. In order to solve this problem, the necessity of a white list-based tool, which is the opposite of black list, has emerged. Whitelist-based tools do not extract features of malicious code processes, but rather collect reliable processes and verify that the process that checks them is a trusted process. In other words, if malicious code is created using a new vulnerability or if variant malicious code appears, it is not in the list of trusted processes, so it can effectively detect malicious code. In this paper, we propose a method for effectively building a whitelist through research that collects reliable processes in the macOS operating system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.417-428
• /
• 2018

The intelligent video surveillance environment is a system that extracts various information about a video object and enables automated processing through the analysis of video data collected in CCTV. However, since the privacy exposure problem may occur in the process of intelligent video surveillance, it is necessary to take a security measure. Especially, video metadata has high vulnerability because it can include various personal information analyzed based on big data. In this paper, we propose a COP-Transformation scheme to protect video metadata. The proposed scheme is advantageous in that it greatly enhances the security and efficiency in processing the video metadata.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1393-1400
• /
• 2017

As the number of smartphone users increases, vulnerability to privacy protection is increasing. This is because personal information is stored on various servers connected to the Internet and the user is authenticated using the same ID and password. Authentication methods such as OTP, FIDO, and PIN codes have been introduced to solve traditional authentication methods, but their use is limited for authentication that requires sharing with other users. In this paper, we propose the authentication method that is needed for the management of shared information such as hospitals and corporations. The proposed algorithm is an algorithm that can authenticate users in the same place in real time using smart phone IMEI, QR code, BLE, push message. We propose an authentication algorithm that can perform user authentication through mutual cooperation using a smart phone and can cancel realtime authentication. And we designed and implemented a mutual authentication system using proposed algorithm.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.481-492
• /
• 2008

With the advancement of the Internet and networks, the combination of wired/wireless technologies is spreading rapidly since it enables the creation of new services and provides new features to both users and service providers. In such wired/wireless integrated services, network integration is very important because such systems are integrated by a linkage between heterogeneous networks and they involve an integration of transmission technologies across networks. In this situation, existing security and communication technologies are unsuitable since the network are integrated with heterogeneous networks. The network may also have several security vulnerability. Also, form of service that users offer will be service for roaming user. In these service, we must provide fast authentication and security at roaming. Therefore in this paper we proposed roaming and AAA mechanism in heterogeneous network environment. Our system provides secure communication and efficiency.

• Earthquakes and Structures
• /
• v.10 no.4
• /
• pp.939-963
• /
• 2016

According to the new directives about the rational and efficient use of energy, thermal bridges in buildings have to be avoided, and the thermal insulation (TI) layer should run without interruptions all around the building - even under its foundations. The paper deals with the seismic response of multi-storeyed reinforced concrete (RC) frame building structures founded on an extruded polystyrene (XPS) layer placed beneath the foundation slab. The purpose of the paper is to elucidate the problem of buildings founded on a TI layer from the seismic resistance point of view, to assess the seismic behaviour of such buildings, and to search for the critical parameters which can affect the structural and XPS layer response. Nonlinear dynamic and static analyses were performed, and the seismic response of fixed-base (FB) and thermally insulated (TI) variants of nonlinear RC building models were compared. Soil-structure interaction was also taken into account for different types of soil. The results showed that the use of a TI layer beneath the foundation slab of a superstructure generally induces a higher peak response compared to that of a corresponding system without TI beneath the foundation slab. In the case of stiff structures located on firm soil, amplification of the response might be substantial and could result in exceedance of the superstructure's moment-rotation plastic hinge capacities or allowable lateral roof and interstorey drift displacements. In the case of heavier, slenderer, and higher buildings subjected to stronger seismic excitations, the overall response is governed by the rocking mode of oscillation, and as a consequence the compressive strength of the XPS could be insufficient. On the other hand, in the case of low-rise and light-weight buildings, the friction capacity between the layers of the applied TI foundation set might be exceeded so that sliding could occur.

• The Journal of the Korea Contents Association
• /
• v.18 no.9
• /
• pp.141-148
• /
• 2018

Currently, the user authentication technology used by users to access multiple applications within an organization is being applied with ID/PW-based SSO technology. These user authentication methods have the fundamental disadvantages of ID/PW and SSO. This means that security vulnerabilities in ID/PW can lead to periodic changes in PWs and limits on the number of incorrect PW inputs, and SSO adds high cost of the SSO server, which centrally stores the authentication information, etc. There is also a fundamental vulnerability that allows others to freely use other people's applications when they leave the portal application screen with SSO. In this paper, we proposed an app-based 2-channel authentication scheme to fundamentally eliminate problems with existing ID/PW-based SSO user authentication technologies. To this end, it distributed centralized user authentication information that is stored on SSO server to each individual's smartphone. In addition, when users access a particular application, they are required to be authenticated through their own smartphone apps.

• Journal of Advanced Navigation Technology
• /
• v.21 no.6
• /
• pp.633-637
• /
• 2017

Cyber attacks on aircraft and aeronautical networks are not much different from cyber attacks commonly found in the ground industry. Air traffic management infrastructure is being transformed into a digital infrastructure to secure air traffic. A wide variety of communication environments, information and communications, navigation, surveillance and inflight entertainment systems are increasingly threatening the threat posed by cyber terrorism threats. The emergence of unmanned aircraft systems also poses an uncontrollable risk with cyber terrorism. We have analyzed cyber security standards and response strategies in developed countries by recognizing the vulnerability of cyber threats to aircraft systems and aviation infrastructure in next generation data network systems. We discussed comprehensive measures for cybersecurity policies to consider in the domestic aviation environment, and discussed the concept of security environment and quick response strategies.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.42 no.4
• /
• pp.1-7
• /
• 2019

The customer of massage chair is expanding day by day from middle age to all ages. In 2018, the market size was 700 billion KRW, an increase of 30 times over 10 years. However, most related SMEs suffer from excessive competition by the market monopoly of some major companies. In this situation, in order for a related company to survive, it is necessary to steadily research and develop new products. Founded in 2009, company L produces massage chairs for health and relaxation of customers. L's products use a sound wave vibration module that is favorable for human body, unlike other products that use vibration motor type. However, frequent breakdowns of massage chair due to the vulnerability of plate (leaf) springs, which play an important role in sound wave vibration modules, made sap its competitiveness. In this paper, we propose a method to design desirable plate spring structure by sequentially experimenting with five different plate springs. The results of this study are expected to contribute to improve the quality of plate spring and the reliability of sound wave vibration module. In the future, it is necessary to find a way to use it in the development of foot massage or scalp management device as well as continuous research to find optimal plate spring structure through various analysis.

• Journal of Digital Contents Society
• /
• v.19 no.3
• /
• pp.521-528
• /
• 2018

Data visualization has become a useful tool to effectively communicate information and is widely used not only by experts but also at a general level. However, it is dangerous that it is as efficient as it is to transmit false information. All data visualizations have hidden intent with powerful messages by editor. Building a system that grasps these intentions helps to understand the thoughts of groups and individuals. Most of the existing research focuses on effective data visualization methods and methods of expression. The more various visualization methods, the more likely the data will be distorted. In this paper, we present an analysis of deceptive data visualization in a goal-oriented environment. Based on the vulnerability of human cognitive processing, we classify the attack types and identify what tricks occur in the context of data visualization. This study suggests the first step in studying the case of aggressive visualization and opens the way for further research.