• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.827-838
• /
• 2018

Since 2014, ease of regulations on financial institutions expanded the mobile payment market based on simple authentication, and this resulted in the emergence of various simple payment services. Although several security solutions have been used to mitigate possible security threats to payment applications, there are vulnerabilities which can still be found due to the structure in which the security solution is applied to the payment service. In this paper, we analyze the payment application and security solution from the process perspective, and prove through experimentation that verification functions of security solutions can be bypassed without detailed analysis of each security function, but by simply manipulating the verification result value. Finally, we propose methods to mitigate the bypass method presented in this paper from three different perspectives, and thereby contribute to the improvement of security level of the payment service.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2018.05a
• /
• pp.57-58
• /
• 2018

As interest in the Internet of Things increases, technologies are being studied to handle information exchanged between things using the Internet of Things. Specially, as container terminals are automated, the use of the Internet of Things in the terminals increases and varies. However, the use of the Internet of Things to enhance the efficiency of the container terminal operation is insufficient. Currently, the container terminal shows that the arrival pattern of the external truck is concentrated at a particular time. This resuls in gate congestion and affects the waiting times of the truck. The damage is caused by environmental pollution problems and social problems in neighboring port areas. Therefore, in this thesis, we will analyze the causes of the external truck's waiting time problems affecting the gate congestion at container terminals and study methods to mitigate congestion under Internet of Things environment.

• Journal of KIISE:Information Networking
• /
• v.30 no.6
• /
• pp.764-775
• /
• 2003

Previous works for the assured service in the Diffserv network have no sufficient consideration on the fairness of bandwidth share based on RTTs and the target rates of TCP flows. In this paper, in order to solve these problems, we propose a TRA3CM(Target rate and RTT Aware 3 Color Marking) mechanism. The TRA3CM mechanism provides three color marking and fair transmission rates among aggregate flows by considering RTT and target rate simultaneously. In case of higher target rate than bottleneck bandwidth, the TRA3CM mechanism is able to mitigate the RTT effect and provides fair transmission rates. In the results of comparing the performance among existing mechanisms and the TRA3CM, the TRA3CM mechanism was able to mitigate the RTT effect better than the former. The TRA3CM is shown to provide good performance for transmission rates proportional to various target rates.

• Microbiology and Biotechnology Letters
• /
• v.48 no.2
• /
• pp.99-112
• /
• 2020

Rhizoremediation, based on the ecological synergism between plant and rhizosphere microorganisms, is an environmentally friendly method for the remediation of petroleum hydrocarbon-contaminated soils. In order to mitigate global climate change, it is necessary to minimize greenhouse gas emissions while cleaning-up contaminated soils. In rhizoremediation, the main factors affecting pollutant remediation efficiency and greenhouse gas emissions include not only pollutant and soil physicochemical properties, but also plant-microbe interactions, microbial activity, and addition of amendments. This review summarizes the development in rhizoremediation technology for purifying oil-contaminated soils. In addition, the key parameters and strategies required for rhizoremediation to mitigate climate change mediation are discussed.

• 한국방재학회:학술대회논문집
• /
• 2008.02a
• /
• pp.743-746
• /
• 2008

Recently, due to the effect of global warming and extreme rainfall, the magnitude of flood disaster and the frequency of flood is rapidly increasing. In order to mitigate the damage of human and property from this kind of meteorological phenomenon and manage water resources scientifically, effective operation of dam and reservoir is very important. In case of Andong dam which was not performed a flood control function needs to develop new types of dam safety management measure because of recent extraordinary flood by typhoons. In case of Andong dam and Imha dam, I am using HEC-5 model in order to apply reservoir simulation. In this case, complex conditions among 100-year floods , 200-year floods and PMF was used. Also, I modified the maximum outflow 3,800m3/s into 3,490m3/s and applied this modified discharge in order to secure freeboard in the downstream. In an analysis that I applied modified outflow by 100-year floods and 200-year floods to, the result showed that river didn't overflow in Andong area but some other places have relatively low freeboard. In the cases that I modified maximum outflow, results showed that freeboard of levee is larger than existed simulation. In the simulation that I applied 200-year floods and PMF to and under a condition connected with PMF, results showed overflowing the levees. Because of the difference between the frequency of dam outflow and the design flood in river, it is required to improve the existed flood plan in the downstream of Andong dam. As a result of this study, the optimal operation of reservoir systems can be proposed to mitigate the flood damage in the downstream of Andong dam and also can be used to establish the flood plans.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.1
• /
• pp.81-87
• /
• 2020

Recently, the network configuration is being rapidly changed to enable easy and free network service configuration based on SDN/NFV. Despite the many advantages and applications of SDN, many security issues such as Distributed Denial of Service (DDoS) attacks are being constantly raised as research issues. In particular, the effectiveness of DDoS attacks is much faster, SDN is causing more and more fatal damage. In this paper, we propose an entropy-based technique to detect and mitigate DDoS attacks in SDN, and prove it through experiments. The proposed scheme is designed to mitigate these attacks by detecting DDoS attacks on single and multiple victim systems and using time - specific techniques. We confirmed the effectiveness of the proposed scheme to reduce packet loss rate by 20(19.86)% while generating 3.21% network congestion.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2016.05a
• /
• pp.204-204
• /
• 2016

Thailand had set the National Water Management Strategy which covered main six areas in the next 12 years, i.e., by priority: (1) water for household, (2) water for agricultural and industrial production, (3) water for flood and drought management, (4) water for quality issue, (5) water from forest conservation and soil erosion protection, (6) water resources management. However due to the climate change impact, there is a question for all strategies is whether to complete this mission under future climate change. If the impact affects our target, we have to clarify how to mitigate or to adapt with it. Vulnerability assessment was conducted under the framework of ADB's (with the parameters of exposure, sensitivity and adaptive capacity) and the assessments were classified into groups due to their different characteristic and the framework of the National Water Management Strategy, i.e., water supply (rural and urban), water for development (agriculture and others), water disasters (floods (flash, overflow), drought, water quality). The assessments identified the parameters concerned and weight factors used for each groups via expert group discussions and by using GIS mapping technology, the vulnerability maps were produced. The maps were verified with present water situation data (floods, drought, water quality). From the analysis result of this water resources management strategy, we found that 30% of all projects face the big impacts, 40% with low impact, and 30% for no impact. It is clear that water-related agencies have to carefully take care approximately 70% of future projects to meet water resources management strategy. It is recommended that additional issues should be addressed to mitigate the impact from climate risk on water resource management of the country, i.e., water resources management under new risk based on development scenarios, relationship with area-based problems, priority definition by viewpoints of risk, vulnerability (impact and occurrence probability in past and future), water management system in emergency case and water reserve system, use of information, knowledge and technology in management, network cooperation and exchange of experiences, knowledge, technique for sustainable development with mitigation and adaptation, education and communication systems in risk, new impact, and emergency-reserve system. These issues will be described and discussed.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2018.05a
• /
• pp.158-158
• /
• 2018

Drought is a recurrent natural hazard in Bangladesh. It has significant impacts on agriculture, environment, and society. Well-timed information on the onset, extent, intensity, duration, and impacts of drought can mitigate the potential drought-related losses. Thus, drought characteristics need to be explained in terms of frequency, severity, and duration. This paper aims to characterize the spatial and temporal pattern of meteorological drought using EDI and illustrated drought severity over Bangladesh. Twenty-seven (27) station-based daily rainfall data for the study period of 1981-2015 were used to calculate the EDI values over Bangladesh. The evaluation of EDI is conducted for 4 sub-regions over the country to confirm the historical drought record-developed at the regional scale. The finding shows that on average, the frequency of severe to extreme drought is approximately 0.7 events per year. As a result of the regional analysis, most of the recorded historical drought events were successfully detected during the study period. Additionally, the seasonal analysis showed that the extreme droughts were frequently hit in northwestern, middle portion of the eastern and small portion of central parts of Bangladesh during the Kharif(wet) and Rabi(dry) seasons. The severe drought was affected recurrently in the central and northern regions of the country during all cropping seasons. The study also points out that the northern, south-western and central regions in Bangladesh are comparatively vulnerable to both extreme and severe drought event. The study showed that EDI would be a useful tool to identify the drought-prone area and time and potentially applicable to the climate change-induced drought evolution monitoring at regional to the national level in Bangladesh. The outcome of the present study can be used in taking anticipatory strategies to mitigate the drought damages on agricultural production as well as human sufferings in drought-prone areas of Bangladesh.

• Computers and Concrete
• /
• v.16 no.4
• /
• pp.503-529
• /
• 2015

Traditionally, multi-story buildings are designed to provide stiffer structural support to withstand lateral earthquake loading. Introducing flexible elements at the base of a structure and providing sufficient damping is an alternative way to mitigate seismic hazards. These features can be achieved with a device known as an isolator. This paper covers the design of base isolators for multi-story buildings in medium-risk seismicity regions and evaluates the structural responses of such isolators. The well-known tower building for police personnel built in Dhaka, Bangladesh by the Public Works Department (PWD) has been used as a case study to justify the viability of incorporating base isolators. The objective of this research was to establish a simplified model of the building that can be effectively used for dynamic analysis, to evaluate the structural status, and to suggest an alternative option to handle the lateral seismic load. A finite element model was incorporated to understand the structural responses. Rubber-steel bearing (RSB) isolators such as Lead rubber bearing (LRB) and high damping rubber bearing (HDRB) were used in the model to insert an isolator link element in the structural base. The nonlinearities of rubber-steel bearings were considered in detail. Linear static, linear dynamic, and nonlinear dynamic analyses were performed for both fixed-based (FB) and base isolated (BI) buildings considering the earthquake accelerograms, histories, and response spectra of the geological sites. Both the time-domain and frequency-domain approaches were used for dynamic solutions. The results indicated that for existing multi-story buildings, RSB diminishes the muscular amount of structural response compared to conventional non-isolated structures. The device also allows for higher horizontal displacement and greater structural flexibility. The suggested isolation technique is able to mitigate the structural hazard under even strong earthquake vulnerability.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.2
• /
• pp.127-137
• /
• 2012

Recently, as modern Internet uses mashups, Web 3.0, JavaScript/AJAX widely, the rate at which new vulnerabilities are being discovered is increasing rapidly. It can subsequently introduce big security threats. In order to efficiently mitigate these web application vulnerabilities and security threats, it is needed to rank vulnerabilities based on severity and consider the severe vulnerabilities during a specific phase of software development lifecycle (SDLC) for web applications. In this paper, we have first verified whether the risk rating methodology of OWASP Top 10 vulnerabilities is a reasonable one or not by analyzing the vulnerability data of web applications in the US National Vulnerability Database (NVD). Then, by inspecting the vulnerability information of web applications based on OWASP Top-10 2010 list and CWE (Common Weakness Enumeration) directory, we have mapped the web-related entries of CWE onto the entries of OWASP Top-10 2010 and prioritized them. We have also presented which phase of SDLC is associated with each vulnerability entry. Using this approach, we can prevent or mitigate web application vulnerabilities and security threats efficiently.