• Journal of the Korea Convergence Society
• /
• v.9 no.7
• /
• pp.241-249
• /
• 2018

The military purpose vehicles are developed by using the platform of civil vehicles according to the commercial vehicle expansion plan and military supplied product commercialization policy. But the information related to the military purpose vehicle which adopts the same platform with the civil vehicle is forced to be exposed because its information is revealed by containing into the maintenance manual and electric circuit diagram. Especially, the information disclosure should be blocked by reviewing the application of technology protection because the military vehicle becomes combating purposed mixed equipment when the missile and radar are mounted. The mixed equipment means the one configured with more than 2 types of equipment, and it is categorized into the main and sub equipment. This study was performed to derive the problems in Korean system for vehicle part test evaluation on the mixed equipment and the defense industry technology protection system, and to derive the methods for improving through interviews with the specialists. The conflicts between the civil laws and army regulation were reduced by adding a clause that the engine reflected with the newest emission gas standard should be mounted based on the time of force integration, and the commercialized military supplies were designated as element technology of defense industry technology in consideration of its roles and functions.

• The KIPS Transactions:PartA
• /
• v.19A no.1
• /
• pp.51-60
• /
• 2012

IC(Integrated circuits)card, generally be named smard card, embedded MPU(Micro Processor Unit) of small-size, memory, EEPROM, Card Operating System(COS) and security algorithm. The IC card is used in almost all industry such as a finance(credit, bank, stock etc.), a traffic, a communication, a medical, a electronic passport, a membership management and etc. Recently, a application field of IC card is on the increase by method for payments of T-commerce, as T-commerce is becoming a new growth engine of the broadcating industry by trend of broadcasting and telecommunication convergence, smart mechanization of TV. For example, we can pay in IC credit card(or IC cash card) on T-Commerce. or we can be provided TV banking service in IC cash card such as ATM. However, so far, T-commerce payment services have weakness in security such as storage and disclosure of card information as well as dropping sharply about custom ease because of taking advantage of card information input method using remote control. To solve this problem, This paper developed processing payment module for implementing TV electronic payment system using IC credit card payment standard, EMV.

• Journal of Korean Society of Disaster and Security
• /
• v.14 no.2
• /
• pp.13-23
• /
• 2021

This study intended to assess the reliability of topographic data using satellite imaging data. The topographical data using actual instrumentation data and satellite image data were established and applied to the rainfall-leak model, S-RAT, and the topographical data and outflow data were compared and analyzed. The actual measurement data were collected from the Water Resources Management Information System (WAMIS), and satellite image data were collected from MODIS observation sensors mounted on Terra satellites. The areas subject to analysis were selected for two rivers with more than 80% mountainous areas in the Han River basin and one river basin with more than 7% urban areas. According to the analysis, the difference between instrumentation data and satellite image data was up to 50% for peak floods and up to 17% for flood totals in rivers with high mountains, but up to 13% for peak floods and up to 4% for flood totals. The biggest difference in the video data is Landuse, which shows that MODIS satellite images tend to be recognized as cities up to 60% or more in urban streams compared to WAMIS instrumentation data, but MODIS satellite images are found to be less than 5% error in forest areas.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.48 no.2
• /
• pp.105-115
• /
• 2011

User authentication service is an absolutely necessary condition while securely implementing an IT service system. It allows for valid users to securely log-in the system and even to access valid resources from database. For efficiently and securely authenticating users, smart-card has been used as a popular tool because of its convenience and popularity. Furthermore the smart-card can maintain its own power for computation and storage, which makes it easier to be used in all types of authenticating environment that usually needs temporary storage and additional computation for authenticating users and server. First, in 1981, Lamport has designed an authentication service protocol based on user's smart-card. However it has been criticized in aspects of efficiency and security because it uses hash chains and the revealment of server's secret values are not considered. Over the years, many smart-card based authentication service protocol have been designed. Very recently, Xu, Zhu, Feng have suggested a provable and secure smart-card based authentication protocol. In this paper, first, we define all types of attacks in the smart-card based authentication service. According to the defined attacks, however, the protocol by Xu, Zhu, Feng is weak against an attack that an attacker with secret values of server is able to impersonate a valid user without knowing password and secret values of user. An efficient and secure countermeasure is suggested, then the security is analyzed.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.2
• /
• pp.246-250
• /
• 2008

This paper presents the design of network vulnerability analysis system which can integrate various vulnerability assessment tools to improve the preciseness of the vulnerability scan result. Manual checking method performed by a security expert is the most precise and safe way. But this is not appropriate for the large-scale network which has a lot of systems and network devices. Therefore automatic scanning tool is recommended for fast and convenient use. The scanning targets may be different according to the kind of vulnerability scanners, or otherwise even for the same scanning target, the scanning items and the scanning results may be different by each vulnerability scanner, Accordingly, there are the cases in which various scanners, instead of a single scanner, are simultaneously utilized with the purpose of complementing each other. However, in the case of simultaneously utilizing various scanners on the large-scale network, the integrative analysis and relevance analysis on vulnerability information by a security manager becomes time-consumable or impossible. The network vulnerability analysis system suggested in this paper provides interface which allows various vulnerability assessment tools to easily be integrated, common policy which can be applied for various tools at the same time, and automated integrative process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.573-586
• /
• 2016

With the adoption of cloud computing, the number of companies that take advantage of cloud computing has increased. Additionally, various of existing service providers have moved their service onto the cloud and provided user with various cloud-based service. The management of user authentication and authorization in cloud-based service technology has become an important issue. This paper introduce a new technique for providing authentication and authorization with other inter-cloud IAM (Identity and Access Management). It is an essential and easy method for data sharing and communication between other cloud users. The proposed system uses the credentials of a user that has already joined an organization who would like to use other cloud services. When users of a cloud provider try to obtain access to the data of another cloud provider, part of credentials from IAM server will be forwarded to the cloud provider. Before the transaction, Access Agreement must be set for granting access to the resource of other Organization. a user can access the resource of other organization based on the control access configuration of the system. Using the above method, we could provide an effective and secure authentication system on the cloud.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1235-1241
• /
• 2016

Personalized App recommendation system is recently famous since the number of various apps that can be used in smart phones that increases exponentially. However, the site users using google play site with malwares have experienced severe damages of privacy exposure and extortion as well as a simple damage of satisfaction descent at the same time. In addition, Sybil attack (Sybil) manipulating the score (rating) of each app with falmay also present because of the social networks development. Up until now, the sybil detection studies and malicious apps studies have been conducted independently. But it is important to determine finally the existence of intelligent attack with Sybil and malware simultaneously when we consider the intelligent attack types in real-time. Therefore, in this paper we experimentally evaluate the relationship between malware and sybils based on real cralwed dataset of goodlplay. Through the extensive evaluations, the correlation between malware and sybils is low for malware providers to hide themselves from Anti-Virus (AV).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.901-909
• /
• 2021

Since mobile devices have limited computational resources, it tends to use the cloud to compute or store data. As real-time becomes more important due to 5G, many studies have been conducted on edge clouds that computes at locations closer to users than central clouds. The farther the user's physical distance from the edge cloud connected to base station is, the slower the network transmits. So applications should be migrated and re-run to nearby edge cloud for smooth service use. We run applications in docker containers, which is independent of the host operating system and has a relatively light images size compared to the virtual machine. Existing migration studies have been experimented by using network simulators. It uses fixed values, so it is different from the results in the real-world environment. In addition, the method of migrating images through shared storage was used, which poses a risk of packet content exposure. In this paper, Containers are migrated with Secure CoPy(SCP) method, a data encryption transmission, by establishing an edge computing environment in a real-world environment. It compares migration time with Network File System, one of the shared storage methods, and analyzes network packets to verify safety.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.3
• /
• pp.23-32
• /
• 2001

Since the LILI-128 cipher is a clock-controlled keystream generator, the speed of the keystream data is degraded in a clock-synchronized hardware logic design. Basically, the clock-controlled $LFSR_d$ in the LILI-128 cipher requires a system clock that is 1 ~4 times higher. Therefore, if the same clock is selected, the system throughput of the data rate will be lowered. Accordingly, this paper proposes a 4-bit parallel $LFSR_d$, where each register bit includes four variable data routines for feed feedback of shifting within the $LFSR_d$ . Furthermore, the timing of the propose design is simulated using a $Max^+$plus II from the ALTERA Co., the logic circuit is implemented for an FPGA device (EPF10K20RC240-3), and the throughput stability is analyzed up to a late of 50 Mbps with a 50MHz system clock. (That is higher than the 73 late at 45 Mbps, plus the maximum delay routine in the proposed design was below 20ns.) Finally, we translate/simulate our FPGA/VHDL design to the Lucent ASIC device( LV160C, 0.13 $\mu\textrm{m}$ CMOS & 1.5v technology), and it could achieve a throughput of about 500 Mbps with a 0.13$\mu\textrm{m}$ semiconductor for the maximum path delay below 1.8ns.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.41-53
• /
• 2002

Role Based Access Control (RBAC), which is a method, using role as an access control, has been popular with users and it is recognized as an effective method to replace the Discretionary Access Control and the Mandatory Access Control However, the existing Role Based Access Control Models have only been limited to the bureaucracy organization in which a distinctive hierarchy system was used, incorporating a stable structure and a standardized work system. Only in some parts, some access control models have been used, which supports 'Team' concept, such as Team Based Access Control Model. However, it did not incorporate the characteristics of the adhocracy organization, which is similar to the company's task force team, whose characteristics are organic, temporary, no standardized operation procedures, and many frequent changes. In this study, we have discussed the characteristics of the adhocracy organization which is different from the existing bureaucracy organization, and we have also discussed the problems related to when the existing access control models are used as the access control model for the adhocracy organization due to its characteristics. In addition, based on the problems, we have suggested an improved role based access control model for the adhocracy organization, and have come up with the solutions when any problems occur in the access control system.