• Journal of Information Technology Applications and Management
• /
• v.27 no.6
• /
• pp.89-99
• /
• 2020

Cloud computing is rapidly increasing for achieving comfortable computing. Cloud computing has essentially security vulnerability of software and hardware. For achieving secure cloud computing, the vulnerabilities of cloud computing could be analyzed in a various and systematic approach from perspective of the service designer, service operator, the designer of cloud security and certifiers of cloud systems. The paper investigates the vulnerabilities and security controls from the perspective of administration, and systems. For achieving the secure operation of cloud computing, this paper analyzes technological security vulnerability, operational weakness and the security issues in an enterprise. Based on analysis, the paper suggests secure establishments for cloud computing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.177-182
• /
• 2011

This paper introduces a possibility for attackers to acquire the keyboard scan codes through using the RESEND command provided by the keyboard hardware itself, based on the PS/2 interface that is a dominant interface for input devices. Accordingly, a keyboard sniffing program using the introduced vulnerability is implemented to prove the severeness of the vulnerability, which shows that user passwords can be easily exposed. As one of the intrinsic vulnerabilities found on the existing platforms, for which there were little considerations on the security problems when they were designed, it is required to consider a hardware approach to countermeasure the introduced vulnerability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.187-194
• /
• 2008

This paper proposes an effective countermeasure to an intrinsic hardware vulnerability of the keyboard controller that causes sniffing problem on the password authentication system based on the keyboard input string. Through the vulnerability, some possible attacker is able to snoop whole the password string input from the keyboard even when any of the existing keyboard protection software is running. However, it will be impossible for attackers to gather the exact password strings if the proposed policy is applied to the authentication system though they can sniff the keyboard hardware protocol. It is expected that people can use secure Internet commerce after implementing and applying the proposed policy to the real environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.89-95
• /
• 2008

This paper analyzes the intrinsic vulnerability problems of the authentication system for Internet commerce based on the ID and password strings gathered from the computer keyboard. Through the found vulnerability, it is easy to sniff user passwords as well as any other keyboard inputs even when each of the existing keyboard protection softwares is running. We propose several countermeasures against the possible attacks to the vulnerability at both points of the hardware and the software concerns. The more secure environment for Internet commerce is highly required by implementing the proposed countermeasures.

• Journal of the Society of Disaster Information
• /
• v.3 no.1
• /
• pp.87-101
• /
• 2007

The definition and concept of disasters and their preparedness have been changing according to the modern situation. The basic change is that the concept of absolute standard and prevention of hardware damage in the past have been changing to the concept of relative standard and mitigation of direct damage to human. For achieving the purpose, advanced countries developed and used their own analysis method of hazard and vulnerability for disaster ; ASHE hazard and vulnerability evaluation method, hazard matrix method by CDC, FEMA model method and SMUG hazard priority method. Because each analysis method cannot evaluate the hazard and vulnerability for specific disaster, the advantages and disadvantages should be applied for specific situation of disaster in Korea and new analysis method should be extracted in the future.

• Convergence Security Journal
• /
• v.18 no.4
• /
• pp.11-17
• /
• 2018

Hardware Keyloggers are available in a variety of modular keylogger products with small size and Wi-Fi communication capabilities that can be concealed inside the keyboard. Such keyloggers are more likely to leak important information and sensitive information from government, military, business and individuals because they are difficult to detect if they are used by a third party for malicious purposes. However, unlike software keyloggers, research on security solutions and detection methods are relatively small in number. This paper, we investigate security vulnerability caused by hardware keylogger and existing detection methods, and improve the detection possibility of modular hardware keylogger through non-destructive measurement methods, such as power consumption of keyboard, infrared temperature, and X-ray. Furthenmore, We propose a method that can be done with experimental results.

• Journal of the military operations research society of Korea
• /
• v.22 no.2
• /
• pp.166-181
• /
• 1996

Aircraft survivability is determined by the susceptibility and the vulnerability. The aircraft susceptibility and vulnerability depend upon the hardware and software factors. Each of the hardware and software factors consisted of the qualitative and quantitative attributes varies according to the time of the mission. In order to establish the mathermatical model to analyze and evaluate the aircraft survivability, qualitative factors have to be transformed into quantitative factors. Even if many researches in the area of dynamic concept analysis and conversion of qualitative factors into the quantitative factors has been insufficient. This research enhances these insufficient area by developing a reliable aircarft survivability analysis method. The major areas of this research are as follows. First, a method for the conversion of the qualitative factors into the quantitative factors is developed by combining the Fuzzy Set Theory concept and the Delphi Technique. Second, by using the stochastic network diagram for the dynamic survivability analysis, the aircraft survivability and the probability of kill are calculated from the state probability for the situation during mission. The advantage of the analysis technique developed in this research includes ease of use and flexibility. In other words, in any given aircraft's mission execution under any variable probability density function, the developed computer program is able to analyze and evaluate the aircraft survivability.

• Journal of Environmental Policy
• /
• v.9 no.2
• /
• pp.185-205
• /
• 2010

Climate change vulnerability assessment based on local conditions is a prerequisite for establishment of climate change adaptation policies. While some studies have developed a methodology for vulnerability assessment at the national level using statistical data, few attempts, whether domestic or overseas, have been made to develop methods for local vulnerability assessments that are easily applicable to a single city. Accordingly, the objective of this study was to develop a conceptual framework for climate change vulnerability, and then develop a general methodology for assessment at the regional level applied to a single coastal city, Mokpo, in Jeolla province, Korea. We followed the conceptual framework of climate change vulnerability proposed by the IPCC (1996) which consists of "climate exposure," "systemic sensitivity," and "systemic adaptive capacity." "Climate exposure" was designated as sea level rises of 1, 2, 3, 4, and 5 meter(s), allowing for a simple scenario for sea level rises. Should more complex forecasts of sea level rises be required later, the methodology developed herein can be easily scaled and transferred to other projects. Mokpo was chosen as a seaside city on the southwest coast of Korea, where all cities have experienced rising sea levels. Mokpo has experienced the largest sea level increases of all, and is a region where abnormal high tide events have become a significant threat; especially subsequent to the construction of an estuary dam and breakwaters. Sensitivity to sea level rises was measured by the percentage of flooded area for each administrative region within Mokpo evaluated via simulations using GIS techniques. Population density, particularly that of senior citizens, was also factored in. Adaptive capacity was considered from both the "hardware" and "software" aspects. "Hardware" adaptive capacity was incorporated by considering the presence (or lack thereof) of breakwaters and seawalls, as well as their height. "Software" adaptive capacity was measured using a survey method. The survey questionnaire included economic status, awareness of climate change impact and adaptation, governance, and policy, and was distributed to 75 governmental officials working for Mokpo. Vulnerability to sea level rises was assessed by subtracting adaptive capacity from the sensitivity index. Application of the methodology to Mokpo indicated vulnerability was high for seven out of 20 administrative districts. The results of our methodology provides significant policy implications for the development of climate change adaptation policy as follows: 1) regions with high priority for climate change adaptation measures can be selected through a correlation diagram between vulnerabilities and records of previous flood damage, and 2) after review of existing short, mid, and long-term plans or projects in high priority areas, appropriate adaptation measures can be taken as per this study. Future studies should focus on expanding analysis of climate change exposure from sea level rises to other adverse climate related events, including heat waves, torrential rain, and drought etc.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.168-169
• /
• 2019

Trusted Execution Environment(TEE), such as Intel SGX, AMD Secure Processor and ARM TrustZone, has recently been a rising issue. Trusted Execution Environment provides a secure and independent code execution, hardware-based, environment for untrusted OS. In this paper, we show that Trusted Execution Environment's research trends on its vulnerability and attack models. We classify the previous attack models, and summarize mitigations for each TEE environment.

• Nuclear Engineering and Technology
• /
• v.36 no.4
• /
• pp.346-356
• /
• 2004

14 Pressurized Water Reactors (PWR) in Korea use a remote monitoring system (RMS), which have been used in Korea since 1998. A Memorandum of Understanding on Remote Monitoring, based on Enhanced Cooperation on PWRs, was signed at the 10th Safeguards Review Meeting in October 2001 between the International Atomic Energy Agency (IAEA) and Ministry Of Science and Technology (MOST). Thereafter, all PWR power plants applied for remote monitoring systems. However, the existing method is high cost (involving expensive telephone costs). So, it was eventually applied to an Internet system for Remote Monitoring. According to the Internet-based Virtual Private Network (VPN) applied to Remote Monitoring, the Korea Atomic Energy Research Institute (KAERI) came to an agreement with the IAEA, using a Member State Support Program (MSSP). Phase I is a Lab test. Phase II is to apply it to a target power plant. Phase III is to apply it to all the power plants. This paper reports on the penetration testing of Phase I. Phase I involved both domestic testing and international testing. The target of the testing consisted of a Surveillance Digital Integrated System (SDIS) Server, IAEA Server and TCNC (Technology Center for Nuclear Control) Server. In each system, Virtual Private Network (VPN) system hardware was installed. The penetration of the three systems and the three VPNs was tested. The domestic test involved two hacking scenarios: hacking from the outside and hacking from the inside. The international test involved one scenario from the outside. The results of tests demonstrated that the VPN hardware provided a good defense against hacking. We verified that there was no invasion of the system (SDIS Server and VPN; TCNC Server and VPN; and IAEA Server and VPN) via penetration testing.