Earticle

Supervisory Control and DataAcquisition systems is a computer system for gathering and analyzing real time data. SCADA systems can be relatively simple, such as one that monitors environmental conditions of a small office building, or incredibly complex, such as a system that monitors all the activity in a nuclear power plant or the activity of a municipal water system. SCADA systems are basically Process Control Systems, designed to automate systems such as traffic control, power grid management, waste processing etc. Connecting SCADA to the Internet can provide a lot of advantages in terms of control, data viewing and generation. SCADA infrastructures like electricity can also be a part of a Smart Grid. Connecting SCADA to a public network can bring a lot of security issues. In this paper, we propose a SCADA communication security solution utilizing the CC Scheme.

This paper scrutinizes an active network scenario and proposes an efficient dual authentication key exchanged. The scheme protects personal privacy of identity information. It also provides an effective method to protect against DOS attacks with the scope information of initiator’s random number table sent by the responder.

노트북, 넷북, 스마트폰 등 다양한 무선인터넷을 지원하는 각종 단말기들이 생겨나면서 무선인터넷에 관한 기술들이 많이 나오고 있다. 그리고 각종 카페와 공공장소에서도 무선인터넷을 사용가능하도록 AP(Access Point)가 설치되고 있다. 그러나 사용하기 편리한 반면 해킹의 위협은 유선인터넷보다 더 크다. 본 논문에서는 무선 환경에서 트래픽 분석을 통하여 침입을 탐지할 수 있는 트래픽 분석 기법을 제안한다.

Many technologies for wireless internet are increasing as more and more laptop computers, net books, smart phone and other terminals, which provide wireless network, are created. In addition, AP (Access Point) is being installed at cafés and public places providing wireless environment. It is more convenient to use wireless internet, however, it is more vulnerable to hacking threats. This paper suggests traffic analysis techniques which detect intrusions by analyzing the traffics in wireless environment.

A Control system is the combinations of components (electrical, mechanical, thermal, or hydraulic) that act together to maintain actual system performance close to a desired set of performance specifications. The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network Since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Control Systems through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components which extends through the internet.

The technique of secret handshake is used as a fundamental building block for anonymous peer-to-peer communications over untrusted networks. However, the fact that most existing schemes fail to meet unlinkability causes the use of schemes to limit for practical use. In this paper, we provide new constructions for unlinkable secret handshake, allowing arbitrary two communication parties with the same role in either one single group or multiple groups to privately authenticate each other. Compared to previous works, our techniques have much better performance in terms of both computational and communication cost, while they obtain good security results.

본 논문은 산업현장에서 중소기업이 프로세스 품질표준 활동을 적용하기어려운 점을 해결하기위하여 중소기업에서 공통으로 사용 가능한 핵심프로세스와 작업산출물 및 측정 메트릭스를 ISO/IEC 15504에 기초하여 제시하였다. 본 논문에서 제시한 15개의 핵심 프로세스는 국제적으로 이미 널리 알려진 ISO 12207이나 CMMI에서 정의된 프로세스와 동일하며 현재 SP인증을 수행하는데 기준이 되는 K-모델과도 매핑이 가능하다. 15개의 프로세스는 소프트웨어 개발과 관련된 엔지니어링프로세스 그룹, 관리프로세스 그룹 및 지원프로세스 그룹에서 필수 핵심프로세스로 제시하였으며 각 프로세스의 목표에 대한 활동을 측정하기위한 메트릭스도 제시하였다. 본 논문의 내용은 중소 SW개발기업을 위한 프로세스 기술서로 활용이 가능하며 산업현장에서 적용 시 프로젝트의 특성이나 조직에 따라서 내용을 일부 조정하여 사용할 수 있다.

The reason why SMEs don’t apply quality process standards, is because it does not support ‘do how’, but it just supports ‘do what’. In order to solve the problem in the view of SMEs we propose a common essential processes based on SPICE, their work products, measure factors and metrics. The essential processes are already defined by international models, ISO 12207 and CMMI, and can be mapped to K-model, SP accrediting model in Korea. The 15 processes consists of core processes of engineering, management and support process group. This paper can be used as process description of SMEs and it can be tailored depending on project characteristics.

In software engineering, a software pattern is a reusable solution to solve recurring software design problems. Traditionally, suitable patterns are identified by software designers to satisfy a set of requirements. A part of appropriate patterns is then applied to a recurring software design problem. However, the existing software patterns part has to be properly integrated to specific design problems. Therefore, the introduction of formalization is required to describe this integration accurately. In this paper, we propose a framework of UML class diagrams and software patterns integration prepared for formal specification to solve different software designer’s experiences. The integration rules in this formal framework is intended to complement existing textual and graphical descriptions.

Diseases can be prevented by proper immunization procedures, however, with most parents working in this generation and not most clinics pay much attention on the individual planning and notifications of their patients, this research will show a solution to such crucial issue. The research depicts an architectural structure using mobile computing which will plot a chart of vaccination planner synchronous with the parent’s personal planner so as to set a schedule amenable to both the parties and a notification through will be generated. This will be a tool for parents and assistance to clinics and hospitals catering vaccinations shots for children.

전쟁과 군사훈련 상황에서는 상급부대들은 하급부대들에 빠르고 정확하게 작전명령을 내려야 한다. 따라서 전술통제센터에서는 하급부대의 현재 위치를 정확하게 파악하는 것이 중요하다. 본 논문에서는 군에서의 스파이더 시스템에는 구축되어 있지 않은 하급부대의 정확한 위치를 파악하기 위해 GPS 데이터를 사용한 자동 위치추적 시스템을 구현한다. 또한 육각형 셀을 이용하여 명령을 빠르고 정확하게 전달하기 위한 명령 시스템도 개발한다. 제안된 시스템은 HSDPA 모뎀을 사용하여 하급부대의 좌표들을 상급부대에 전송하고 상황판에 그림을 그린다. 이 시스템은 디지털 지도상에 한 개 이상의 하급부대의 위치를 그릴 수 있다.

In the war and military drill situation, upper-grade units must quickly and exactly send commands to lower-grade units. So it is very important to control current location of lower-grade units at the command center. In this paper, we implement an automatic location tracking system to check the location of lower-grade units quickly and exactly by using data of GPS in battalion that not is not built in the Spider-System. We also develop a command system using hexagon cells to order command quickly and exactly. The proposed system sends coordinates of lower-grade units to upper-grade unit using HSDPA modem in real time and draws the coordinates on the map. This system can draw more than one coordinates of lower-grade units on the digital map.

최근 스마트폰의 사용이 활성화 되면서 이를 효율적 업무 환경 구축을 위해 활용하고자 하는 사회적 요구가 높아지고 있으며, 이러한 요구는 행정기관의 스마트폰 기반 업무 환경 구축으로도 이어지고 있다. 행정기관에서는 현재 모바일 단말을 이용한 전자 결재 시스템의 접근을 허용하고 있기 때문에 추후 행정기관의 스마트폰 도입이 활성화되면 전자 결재 뿐 아니라, 회계 예산과 같은 업무 지원을 위한 다양한 애플리케이션이 개발될 것으로 예상된다. 따라서 행정기관에서 지원하는 다양한 업무지원 서버를 안전하게 운영하기 위한 보안 연구가 필요하며 본 논문에서는 이러한 목적으로 행정기관에서 도입할 수 있는 세 가지 유형의 서버 구축 모델을 제시하고, 각 모델의 보안성을 논의하고자 한다.

As smartphone use is on the rise, social needs for the use of smartphone in business are increasing. Since smartphone can do much to improve work efficiency, government bodies are also interested in smartphone use. The Korean government already has an electronic approval system which allows access from mobile devices. Therefore, if the government bodies develop smartphone-based work environment, various applications that support not only electronic approval but also other works such as budget and accounting will be developed. To protect application servers against the smartphone's security threats, the government bodies should apply security techniques to the servers. In this paper, we suggest three types of server models which can be deployed in the government bodies and discuss their security issues.