• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.145-153
• /
• 2020

The aviation safety policy master plan is promoting the development of aviation safety management technology applying the 4th industrial revolution technology with the goal of establishing a flawless aviation safety management system and establishing a future aviation safety infrastructure. The master plan includes the establishment of various aviation safety management systems such as aircraft fault management using AI & Big data and flight training system using VR/AR. Currently, the Air Force is promoting a flight safety management system using new technology under the goal of building smart air force. Therefore, this study intends to apply the 4th Industrial Revolution technology to the aircraft condition check system that finally checks the safety of the aircraft before flight. The Air Force conducts airframe flaw checks and pre-flight aircraft check. In this study, we architect the airframe flaw check system using AI and drones, and the pre-flight aircraft condition check system using the IoT and big data for more precise and detailed check of aircraft condition and flawlessness check.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.280-286
• /
• 2022

Facial recognition system is a biometric manipulation. Its applicability is simpler, and its work range is broader than fingerprints, iris scans, signatures, etc. The system utilizes two technologies, such as face detection and recognition. This study aims to develop a facial recognition system to recognize person's faces. Facial recognition system can map facial characteristics from photos or videos and compare the information with a given facial database to find a match, which helps identify a face. The proposed system can assist in face recognition. The developed system records several images, processes recorded images, checks for any match in the database, and returns the result. The developed technology can recognize multiple faces in live recordings.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.9
• /
• pp.464-472
• /
• 2017

In the ICT (Information and Communication Technology) convergence security environment, a lot of companies use an external public web system for the external disclosure and sharing of product information, manufacturing technology, service manualsand marketing materials. In this way, the web system disclosed on the Internet is an important aspect of cyber security management and has an always-on vulnerability requiringan information protection solution and IT vulnerability checks. However, there are limits to vulnerability detection management in anexternal environment. In this study, in order to solvethese problems, we constructed a system based on digital forensics and conducted an empirical study on the detection of important information in enterprises by using forensic techniques. It was found thatdue to the vulnerability of web systems operated in Korea and overseas, important information could be revealed,such as the companies' confidential data and security management improvements. In conclusion, if a system using digital forensic techniques is applied in response to theincreasing number of hacking incidents, the security management of vulnerable areas will be strengthened and the cyber security management system will be improved.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.975-985
• /
• 2014

As financial transactions with a smartphone has become increasing, a myriad of security threats have emerged against smartphones. Among the many types of security threats, Smishing has evolved to be more sophisticated and diverse in design. Therefore, financial institutions have recommended that users doesn't install applications with setting of "Unknown sources" in the system settings menu and install application which detects Smishing. Unfortunately, these kind of methods come with their own limitations and they have not been very effective in handling Smishing. In this paper, we propose a systematic method to detect Smishing, in which the RIL(Radio Interface Layer) collects a text message received and then, checks if message databases stores text message in order to determine whether Smishing malware has been installed on the system. If found, a system call (also known as a hook) is used to block the outgoing text message generated by the malware. This scheme was found to be effective in preventing Smishing as found in our implementation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.255-266
• /
• 2022

Messenger applications applied end-to-end encryption on their own to prevent message exposure to servers. Standardization of a group messaging protocol called Message Layer Security (MLS) with end-to-end encryption is being discussed for secure and efficient message communication. This paper performs safety checks based on the operation process and security requirements of MLS. Confidentiality to a middleman server, which is an essential security requirement in messenger communication, can be easily violated by a server administrator. We define a server administrator who is curious about the group's communication content as a curious admin and present an attack in which the admin obtains a group key from MLS. Reminds messenger application users that the server can view your communication content at any time. We discuss ways to authenticate between users without going through the server to prevent curious admin attacks.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.2
• /
• pp.49-54
• /
• 2016

In this paper, we propose an Arduino-based effective home security monitoring system. Proposed home security monitoring system consists of arduino which is inexpensive main processor, ultrasonic sensor and human body detection sensor to detect whether someone breaks into home. Data from ultrasonic sensor and human body detection sensor are transmitted to web server via ethernet shield connected to arduino. Web server checks whether someone breaks into home by using stored data from ultrasonic sensor and human body detection sensor. Snapshot is photographed via webcam connected by using JQuery. Photographed snapshot is stored in web server as image file. A user can monitor in web or smart device environment by using HTML5, CSS and Canvas. When examining efficiency of proposed home security monitoring system, it was found that proposed system is easier to be made than existing home security system and is cost effective by using arduino and is efficient and convenient and stable as it enables a user to handle an error in person and it uses reliable data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.345-352
• /
• 2014

As the utilization rate of smart device increases, various applications for smart device have been developed. Since these applications can contain important data related to user behaviors in digital forensic perspective, the analysis of them should be conducted in advance. However, lots of applications get to have new data format or type when they are updated. Therefore, whether the applications are updated or not should be checked one by one, and if they are, whether their data are changed should be also analyzed. But observing application data repeatedly is a time-consuming task, and that is why the effective method for dealing with this problem is needed. This paper suggests the automatic system which gets updated information and checks changed data by collecting application information.

• Korean Security Journal
• /
• no.47
• /
• pp.7-36
• /
• 2016

The security providers industry, often referred to as an industry with unconfined growth ceiling, has entered a remarkable mass-growth phase since the 1980. In the modern era, private-sector security increasingly cover functions relating to general security awareness (including counter-terrorism) in partnership with State bodies, and the scale of operations continue to accelerate, relative to the expanding roles. In the era of pluralisation of policing, there has been widening efforts pursued to develop a range of regulatory strategies internationally in order to manage such growth and development. To date, in South Korea, a diverse set of industry review studies have been conducted. However, the analyses have been conventionally confined to North America, Britain, Germany and Japan, while developments in other world regions remain unassessed. This article is intended to inform the drivers and determinants of regulatory reforms in Australia, and examine the effectiveness of the main pillars of licensing innovations. Over the past decades, the Australian regime has undergone a wave of reforms in response to emerging issues, and in recognition of the industry as a 'public good' due to underpopulation density and the resulting security challenges. The focus of review in this study was on providing a detailed review of the regulatory approach taken by Australia that has expanded police-private security co-operation since the 1980s. The emphasis was on examining the core pillars of risk management strategies and oversight practices progressed to date and evaluating areas of possible improvement in regulation relative to South Korea. Overall, this study has identified three key features of Australian regime: (1) close checks on questionable close associates (including fingerprinting), (2) power of inspection and seizure without search warrant, (3) the 'three strikes' scheme. The rise of the private security presence in day-to-day policing operations means that industry warrant some intervening government-sponsored initiative. The overall lessons learnt from the Australian case was taken into account in determining the following checks and balances that would provide the ideal setting for the best-practice arrangement: (1) regulatory measure should be evaluated against a set of well-defined indicators, such as the merits of different enforcement tools for each given risk, (2) information about regulatory impacts should be analysed by a specialist research institute, (3) regulators should be innovative in applying a range of strategies available to them by employing a mixture of compliance promotional strategies, and adjust the mix as required.

• Journal of KIISE
• /
• v.43 no.10
• /
• pp.1154-1164
• /
• 2016

To prevent the use of one's smartphone by another user, the authentication checks the owner in several ways. However, whenever the owner does use his/her smartphone, this authentication requires an unnecessary action, and sometimes he/she finally decides not to use an authentication method. This can cause a fatal problem in the smartphone's security. We propose a sustainable android platform-based authentication mode to solve this security issue and to facilitate secure authentication. In the proposed model, a smartphone identifies the current situation and then performs the authentication. In order to define the risk of the situation, we conducted a survey and analyzed the survey results by age, location, behavior, etc. Finally, a demonstration program was implemented to show the relationship between risk and security authentication methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1225-1234
• /
• 2019

The security of the firmware is more important because embedded devices have become popular. Network devices such as routers can be attacked by attackers through web application vulnerabilities in embedded firmware. Therefore, they must be found and removed quickly. The Firmadyne framework proposes a dynamic analysis method to find vulnerabilities after emulating firmware. However, it only performs vulnerability checks according to the analysis methods defined in the tool, thus limiting the scope of vulnerabilities that can be found. In this paper, fuzzing is performed in emulation-based environment through fuzzing, one of the software security test techniques. We also propose a Fabfuzz tool for efficient emulation based fuzzing. Experiments have shown that in addition to the vulnerabilities identified in existing tools, other types of vulnerabilities have been found.