• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.9
• /
• pp.1227-1233
• /
• 2021

QR Code has been used in various forms such as simple business cards and URLs. Recently, the influence of Corona 19 Fundemik has led to the use of QR Codes to track travel routes through visits and entry / exit records, and QR Code usage has skyrocketed. In this way, most people have come to use it in the masses and are constantly under threat. In the case of QR Code, you do not know what you are doing until you execute it. Therefore, if you undoubtedly execute a QR Code with a malicious URL inserted, you will be directly exposed to security threats. Therefore, this paper provides a cloud-based malware QR Code detection system that can make a normal connection only when there is no abnormality after determining whether it is a malicious QR Code when scanning the QR Code.

• Journal of Internet Computing and Services
• /
• v.23 no.4
• /
• pp.73-85
• /
• 2022

In the era of the 4th industrial revolution, where automation and connectivity are maximized with artificial intelligence, the importance of data collection and utilization for model update is increasing. In order to create a model using artificial intelligence technology, it is usually necessary to gather data in one place so that it can be updated, but this can infringe users' privacy. In this paper, we introduce federated learning, a distributed machine learning method that can update models in cooperation without directly sharing distributed stored data, and introduce a study to optimize distributed consensus among participants without an existing server. In addition, we propose a pattern and group-based distributed consensus optimization algorithm that uses an algorithm for generating patterns and groups based on the Kirkman Triple System, and performs parallel updates and communication. This algorithm guarantees more privacy than the existing distributed consensus optimization algorithm and reduces the communication time until the model converges.

• Journal of Korea Multimedia Society
• /
• v.13 no.1
• /
• pp.133-142
• /
• 2010

As the ubiquitous technology has penetrated into almost every aspect of modern life, the research of the security technology to solve the weakness of security in the ubiquitous environment is received much attention. Because, however, today's security systems are usually based on the fixed rules, many security systems can not handle diverse situations in the ubiquitous environment appropriately. Although many existing researches on context aware security service are based on ACL (Access Control List) or RBAC (Role Based Access Control), they have an overhead in the management of security policy and can not manipulate unexpected situations. Therefore, in this paper, we propose a context-aware security service providing multiple authentications and authorization from a security level which is decided dynamically in a context-aware environment using FCM (Fuzzy C-Means) clustering algorithm and Fuzzy Decision Tree. We show proposed model can solve typical conflict problems of RBAC system due to the fixed rules and improve overhead problem in the security policy management. We expect to apply the proposed model to the various applications using contextual information of the user such as healthcare system, rescue systems, and so on.

• Convergence Security Journal
• /
• v.11 no.1
• /
• pp.39-48
• /
• 2011

QoS(Quality of Service) is defined "The collective effect of service performance which determines the degree of satisfaction of a user of the service" by ITU-T Rec. E.800. The final goal of information system is to secure the performance efficiency within the required time. The security QoS framework is the modeling of the QoS measurement metrics, the measurement time schedule, instrument, method of measurement and the series of methodology about analysis of the result of measurement. This paper relates to implementing issue and performance measuring about blended mechanism between networking technology and security technology. We got more effectiveness in overall network security, when applying and composing amalgamated security mechanism between network technology and security technology. In this paper, we suggest techniques being used on infrastructure system and also offers a security QoS methodology as a model of more effective way. Methodology proposed in this research has proven that it is possible to measure response time through the scheduled method.

• Convergence Security Journal
• /
• v.5 no.3
• /
• pp.87-92
• /
• 2005

The performance of a cryptographic module is the most important thing to achieve a high performance VPN system which realizes information security by encrypting and decrypting all the communicating data packets. However the cryptographic operations require much computation power and software cryptographic systems reveal bad performance. Thus, it is strongly recommended to develop a VPN system employing hardware component. This paper introduces a case study of developing a PCI add-on card which supports several block cipher algorithms such as DES, 3DES, AES, and SEED. The performance of them was measured by embedding the card in a commercial VPN system.

• Journal of Auto-vehicle Safety Association
• /
• v.13 no.1
• /
• pp.31-37
• /
• 2021

SCMS is a security credential management system for V2X communication, which performs generation/ provision/validation of device's security certificates. In this paper, we will explain about the main functions of SCMS and the role of each institution, and propose the following improvement measures in the process of establishing the Korean V2X security certification system. First, connection scheme of ERA (Enrollment certificate RA) between SCMS and Vehicle Manager Information System (VIMS) will be proposed. Second part is the problem of certificate revocation and proposal of improvements.

• Annual Conference of KIPS
• /
• 2024.10a
• /
• pp.208-211
• /
• 2024

오류 주입 공격(Fault Injection Attack)은 시스템에 의도적으로 오류를 주입하여 취약점을 드러내는 강력한 공격 기법으로, 공격에 사용되는 매개변수 탐색 최적화는 제한된 시간 내 성공적인 공격을 위해 필수적인 기술이다. 본 논문에서는 인공지능(Artificial Intelligence) 기반 알고리즘, 특히 유전 알고리즘(Genetic Algorithm, GA)과 미메틱 알고리즘(Memetic Algorithm, MA)이 오류 주입 매개변수 탐색 최적화에 어떻게 적용되었는지 사례를 통해 살펴보고, 이러한 기법들이 기존의 무작위 탐색(Random Search, RS) 방법에 비해 높은 탐색 효율성과 성공률을 어떻게 달성했는지 분석한다. 또한, 각 알고리즘의 장단점을 비교하여 평가하고, 오류 주입 공격의 정밀도와 효율성을 더욱 향상시키기 위한 추가 연구 방향을 제안한다.

• Spatial Information Research
• /
• v.21 no.4
• /
• pp.15-24
• /
• 2013

Recently, as the spatial information and various multimedia are fused together, the demand for the high value-added spatial information contents and the necessity of technology for spatial information security are increasing. However, since the current security policy is being managed independently by each system, there is a problem with unreliable or costly to modify or revise the security policy. Such problems occur frequently in the process of coordination or integration of the spatial information management systems that are used in public institutions and private companies. Therefore, in this paper, the access control system that could provide an integrated security policy for many spatial platforms and systems with expandable grammar and semantics was designed and implemented based on GeoXACML proposed by OGC. As the GeoXACML-based access control system designed and implemented in this paper follows the international standard specifications, it provides high portability and interoperability. Finally, in this paper, the efficiency of the system was proved by applying it to a virtual scenario on the military area requiring the access control.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2023.05a
• /
• pp.202-203
• /
• 2023

The Ministry of Oceans and Fisheries is providing maritime safety services through the operation of the Korean e-Navigation service, and research is continuously needed to improve reliability and quality to secure the competitiveness of the system. In order to secure such competitiveness, we presented the basic design for the big-data maritime information gateway system for minimizes thereal-time operation impact of the Korean e-Navigation service, and a theoretical hardware structure diagram including pseudonymization procedures to implement the overall system and solve privacy security issues. However, the proposed structure diagram and design include only the overall concept, to link real-time maritime information, required detailed privacy security method to satisfy the Privacy Act of the Republic of Korea. To solve this problem, this study will identify factors to violate the Privacy Act within the real-time maritime information(privacy of shipowner, shipping company, captain, navigator, fisherman, etc.) linked by the big-data maritime information gateway system, and research the method to link the secured information to other institutions by encrypting identified the factors.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.49 no.9
• /
• pp.215-224
• /
• 2012

Using password on system is easy to build and shorten the access time to authorize user, which is high in use for vary system that requires users' authorization. Many input device are able to perform the password system easily, such as PC, smart-phone, tablet PC, etc. Beside the high usability of password, physical attack occurs when user put their password on the device, known as Shoulder Surfing attack. It used to be formed in numbers, characters or mix of different kinds, but new kind of password arose. Exploiting image or making scenarios are those kinds which are able to reflect users' intentions. Not many estimation exists for new password, so there's need to be standard for those new password for highlighting usability and accessability. In this paper, we propose password system with simple image and switching key-board to test statistical method to estimate usability on the password.