• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.195-199
• /
• 2008

We present an attack which forges a credential without the help of the credential issuer in the protocol designed by Nakazato, Wang and Yamamura at ASIAN 2007 The attack avoids using the credential issuer's private key by taking advantage of the property of bilinear pairing. Implication of this collusion attack by user and verifiers also discussed.

• Journal of the Korean Society for Library and Information Science
• /
• v.41 no.2
• /
• pp.5-29
• /
• 2007

The purpose of this study is to suggest alternative credential system of librarian in Korea. For this purpose, the study analyzes various aspects of credential system in order to find out characteristics, strengths, and weaknesses. The data used in this study are drawn from current situations and problems analysis, critical literature review case study of six countries, and questionnaire survey analysis. Four different kinds of model are suggested. Those are 'Internal Competency Model', 'Minimum Credits Model', ‘Licence Examination Model', 'Graduate School Model'. This study also suggests further research to develop more adequate credential system of librarian in Korea.

• Korean Journal of Health Education and Promotion
• /
• v.15 no.2
• /
• pp.67-79
• /
• 1998

Health education is essential service of health promotion program, and health promotion is external extension of health education. However, the implementation of health education in community is not well because of lack of budget and health education specialist, deficient cognition for health promotion. Hence, introduction for the credential on health educator is to assist community and school health through the training of the specialist This study was carried out to establish the credential health educator for activation of health promotion program in Korea. In detail, this study aimed at 1) to confirm the law for health education, 2) to understand the credential on health education specialist in U. S. and the certification on other parts in Korea, 3) to establish the proper credential on health educator in Korea. Finding the results were as follows: The law on health education was Regulation on Health Promotion which has defined the health educator and responsibility of health education. In case of U. S., the credential on health education specialist has implemented since 1992, and the sort of credential on health education specialist were community health educator, public health educator, school health educator, and health promotion specialist. Therefore, major opinion to introduce the proper credential on health education in Korea were suggested: the first, establishment of educational processing on the training of specialized health educator, the second, introduction of examination on the evaluation for ability as health educator. the last. planning for application of health educator in community.

• Journal of the Korean Society of Clothing and Textiles
• /
• v.33 no.5
• /
• pp.732-740
• /
• 2009

The purpose of this study is to discuss Joseon dynastyis first perspective on the Western-style Court Costume which was newly introduced to Joseon through the problems receiving the credential that Japan had sent in new style. For this study, the records of Joseon and Japan at that period have been analyzed. The followings are the results of this research; First, a critical argument on the Western-style Court Costume occurred just before the Port Opening because whether wearing a western costume was the key factor in Joseon dynastyis receiving the credential that Japan had send in new style. Second, Japan received western costume as its domestic courtesy system by establishing the Court Costume of Civil servants in 1872 and consequently Japan established new ceremony procedure of western-style bow in 1875. Third, Joseon dynasty officially opposed to the Western-style Court Costume when Japan sent the credential, because the western costume selected by Japan had beenregarded as that of western barbarian at that time in Joseon. Accordingly, it seems reasonable that before the introduction of western costume into Joseon dynasty, an open-door policy for the West had been a prior settlement for Joseon dynasty regardless of the details of Western-style Court Costume. And also, the pride of civilization of Joseon dynasty, which has been used to express Joseon dynastyis identity as Joseon-centrism, had to be converted before the open-door policy. Ultimately, it could be inferred that the reception of the Western-style Court Costume had been raised as the political and diplomatic problems in the circumstances when the submissive relationship in the traditional Eastern- Asia had been forced to be converted to modern sovereign international relationship.

• Journal of Korean Dental Hygiene Science
• /
• v.1 no.2
• /
• pp.21-39
• /
• 2018

The purpose of this study was to examine the learning competencies of students at a college from September 1 to November 30, 2017, in an effort to provide some information on how to foster learning competencies in college years, which lay the foundation for work and social lives. 1. The learning competencies of the subjects consisted of academic vision, student identity, cognitive regulation, emotional regulation, learning management and creating learning environments. Out of five points, they scored the highest in academic vision and student identity with 3.34, followed by learning management with 3.20, creating learning environments with 3.18, emotional regulation with 3.16 and cognitive regulation with 3.14. 2. There were statistically significant differences in academic vision according to age, the area of major, the academic credential of their fathers, commuting time, military service experience and career plans. 3. There were statistically significant differences in student identity and cognitive regulation according to gender, age, the area of major, the academic credential of their fathers, commuting time, military service experience and career plans. 4. There were statistically significant differences in emotional regulation according to age, the area of major, the academic credential of their fathers, commuting time, career plans and daily mean study hours. 5. There were statistically significant differences in learning management according to gender, age, the area of major, grade point average, the academic credential of their fathers, career plans and daily mean study hours. 6. There were statistically significant differences in creating learning environments according to gender, age, the area of major, the academic credential of fathers, commuting time, career plans and daily mean study hours. As they were poorest at the cognitive regulation area among the areas of learning competencies, self-directed learning programs that deal with how to study, learning process, how to take notes and arrange them, how to link different pieces of acquired knowledge and how to map out study plans should be developed to give support to students.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2022.01a
• /
• pp.113-114
• /
• 2022

본 논문에서는 사용자 계정 탈취인 1차 공격을 통해 수행되는 2차 공격인 크리덴셜 스터핑 공격을 효과적으로 대응할 수 있는 방안을 제안한다. 사전파일을 통해 공격을 시도하는 사전 공격보다 공격 성공 확률이 더욱 높은 이 공격은 최근 다크웹에서 거래되는 사용자 계정 정보를 구매하여 공격자가 적은 노력으로 손쉽게 계정을 탈취할 수 있어 정보화 시대에서 다양한 온라인 계정을 사용하는 사용자를 위협하고 있다. 본 논문에서는 기존에 알려진 대응 방안인 2-Factor 인증, 서비스별로 다른 패스워드 사용 방식을 응용하여 사용자가 암기하기 쉬운 특정 패턴을 활용하여 시스템별 상이한 패스워드를 더욱 쉽게 설정할 수 있도록 제안하여 크리덴셜 스터핑 공격으로부터 사용자 계정을 보호할 수 있음에 더 우수함을 보인다.

• Journal of Internet Computing and Services
• /
• v.13 no.6
• /
• pp.55-62
• /
• 2012

Grid web applications by standard Web technology are increasingly used to provide grid service to users as normal Web user interface and service. It is however difficult to integrate a grid security system such as Grid Security Infrastructure (GSI) into Web applications because the delegation way of standard Web security is not the same as the one of Grid security. This can be solved by allowing Web applications to get a Grid credential by using an online credential repository system such as MyProxy. In this paper, we investigate the problem that occurs when MyProxy, which assumes mutual trust between a user and Grid web application, is adapted for achieving security integration between Web and Grid, and we propose a new Grid proxy delegation service to delegate a Grid credential to the Web without assuming mutual trust. In the service, the X.509 proxy delegation process is added to OAuth protocol for credential exchange, and authentication can be done by an external service such as OpenID. So, users can login onto the Grid web application in a single sign-on manner, and are allowed to securely delegate and retrieve multiple credentials for one or more Virtual Organizations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.61-71
• /
• 2021

Instant messengers are a means of communication for modern people and can be used with smartphones and PCs respectively or connected with each other. Messengers, which provide various functions such as message, call, and file sharing, contain user behavior information regarded as important evidence in forensic investigation. However, it is difficult to analyze as well as acquire smartphone data because of the security of smartphones or apps. However, messenger data can be extracted through PC when the messenger is used on PC. In this paper, we obtained the credential data of Wire messenger in Windows 10, and showed that it is possible to log-in from another PC without authentication. In addition, we identified and classified major artifacts generated based on user behavior.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.502-504
• /
• 2002

현재, IETF AAA 워킹 그룹에서는 기존 AAA 프로토콜인 RADIUS를 보완 및 확장하여 새로운 프로토콜인 Diameter의 표준화를 진행중이다. Diameter는 기존 전화망에서의 PPP 접속 서비스뿐만 아니라 이동 패킷 서비스를 지원하는 Mobile IP 접속 서비스를 지원하도록 설계되고 있다. AAA 서버는 인증(Authentication), 인가(Authorization) 및 과금(Accounting) 서비스를 사용자에게 제공한다. 이때 Diameter 서버는 MN이 제공하는 credential을 검증함으로써, MN에 대한 인증을 수행한다. MN은 credential을 생성하기 위해서, 홈 Diameter 서버와 MN간에 공유하는 MN-AAA 비밀키와 MAC 알고리즘을 사용한다. 상기키는 이동 가입자가 AAA 서비스를 초기에 요청할 때 발급되는 비밀키이며, Diameter 프로토콜은 상기 비밀키의 재발급 메커니즘을 제공하지 않는다. 메커니즘 부재는 키의 누출의 인한 서비스 도용이 발생한 수 있는 취약점이 있다. 본 논문에서는 키의 누출에 대비한 MN-AAA 키의 재생성 및 재분배 메커니즘을 제안한다. 이를 위해서, Mobile IP 프로토콜 및 Diameter 프로토콜을 확장 및 보완한다.

• Review of KIISC
• /
• v.14 no.2
• /
• pp.23-37
• /
• 2004

지금까지 IETF에서 공개키 기반구조에 대한 표준화 작업은 PKIX 작업반$^{[5]}$에서 주로 수행되었지만, 최근 들어 4개의 새로운 작업반이 만들어졌다. 새로 생성된 작업반은 IPSEC을 위한 공개키 기반구조 표준을 개발하는 PK14IPSEC(PKI for IPSEC) 작업반$^{[36]}$, 장기간 서명 데이터의 존재와 디지털 서명된 데이터의 타당성과 존재성을 증명하기 위한 표준을 개발하고 있는 LTANS(Long-Term Archive and Notary Service) 작업반$^{[32]}$, 공개키/개인키와 인증서 등으로 구성되는 크리덴셜(Credential)을 획득하기 위한 등록 과정에 대한 모델을 표준화하기 위한 ENROLL(Credential and Provisioning) 작업반$^{[41]}$, 그리고 안전하게 크리덴셜을 한 장치에서 다른 장치로 안전하게 전달하기 위한 표준을 개발하는 SACRED(Securely available Credentials) 작업반$^{[28]}$ 등이다. 본 논문에서는 IETF 보안영역에서 수행되고 있는 공개키 기반구조에 바탕을 둔 여러 작업반에서 최근 수행중인 표준화 동향을 분석한다.