• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.941-949
• /
• 2014

Demands for cloud computing service rapidly increased along with the expansion of supplying smart devices. Interest in cloud system has led to the question whether it is really safe. Due to the nature of cloud system, cloud service provider can get a user's private information and disclose it. There is a large range of opinion on this issue and recently many researchers are looking into fully homomorphic encryption as a solution for this problem. Fully homomorphic encryption can permit arbitrary computation on encrypted data. Many security threats will disappear by using fully homomorphic encryption, because fully homomorphic encryption keeps the confidentiality. In this paper, we research possible security threats in cloud computing service and study on the application method of fully homomorphic encryption for cloud computing system.

• The KIPS Transactions:PartC
• /
• v.12C no.3 s.99
• /
• pp.369-378
• /
• 2005

War simulation system is a virtual space that my tactical simulation exercise is held. The data used in this system are considered sensitive and needs to be protected. But suity vulnerabilities and possible security loopholes were not considered when designing the war game simulation system. So currently the systemis highly vulnerable against hackers and data leakages. This paper proposed a security system for war game simulation system based on considering the currently vulunerabilities and possible suity leakages. The proposed security system supports security patches. In this paper, we analyze vulunerabilities of the running environment of current system and we design and implement the security system that is consisted of three components : Authentication System, Encryption System and Network Security System. The security patches are safe and there are no negative effects on the system's performance. The patches are proved to be effective and very reliable towards solving the security vulnerabilities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.267-277
• /
• 2022

Due to the increasing proportion of cloud and remote working environments, various information security incidents are occurring. Insider threats have emerged as a major issue, with cases in which corporate insiders attempting to leak confidential data by accessing it remotely. In response, insider threat detection approaches based on machine learning have been developed. However, existing machine learning methods used to detect insider threats do not take biases and variances into account, which leads to limited performance. In this paper, boosting-type ensemble learning algorithms are applied to verify the performance of malicious insider detection, conduct a close analysis, and even consider the imbalance in datasets to determine the final result. Through experiments, we show that using ensemble learning achieves similar or higher accuracy to other existing malicious insider detection approaches while considering bias-variance tradeoff. The experimental results show that ensemble learning using bagging and boosting methods reached an accuracy of over 98%, which improves malicious insider detection performance by 5.62% compared to the average accuracy of single learning models used.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.451-461
• /
• 2024

Recently, various AI chatbots based on large language models have been released. Chatbots have the advantage of providing users with quick and easy information through interactive prompts, making them useful in various fields such as question answering, writing, and programming. However, a vulnerability in chatbots called "prompt injection attacks" has been proposed. This attack involves injecting instructions into the chatbot to violate predefined guidelines. Such attacks can be critical as they may lead to the leakage of confidential information within large language models or trigger other malicious activities. However, the vulnerability of Korean prompts has not been adequately validated. Therefore, in this paper, we aim to generate malicious Korean prompts and perform attacks on the popular chatbot to analyze their feasibility. To achieve this, we propose a system that automatically generates malicious Korean prompts by analyzing existing prompt injection attacks. Specifically, we focus on generating malicious prompts that induce harmful expressions from large language models and validate their effectiveness in practice.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.7
• /
• pp.85-92
• /
• 2020

Following the development of Internet of Things (IoT) technology, the scope of application of IoT technology is expanding to industrial safety areas that detect and prevent possible risks in outdoor environments in advance, away from improving the convenience of living in indoor environments. Although this expansion of IoT service provides many advantages, it also causes security problems such as data leakage and modulation, so research on security response strategies is being actively carried out. In this paper, the IoT-based road construction risk management system in outdoor environment is proposed as a research subject. As a result of investigating the security vulnerabilities of the low-power wide-area (LPWA, BLE) communication protocol applied to the research targets, the security vulnerabilities were identified in terms of confidentiality, integrity, and availability, which are the three major elements of information security, and countermeasures for each vulnerability were proposed. This study is meaningful in investigating and analyzing possible vulnerabilities in the operation of the IoT-based risk management system and proposing practical security guidelines for each vulnerability.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.3
• /
• pp.7-13
• /
• 2015

Generally, watermarking can be used copyright for contents such as audios, videos, images, and texts. With the development of Internet, many malicious attackers illegally copy relational databases synchronized applications Therefore, it is needed for the protection of databases copyright, because databases involve various sensitive information such as personal information, information industry, and secret national intelligence. Thus, the protection of relational databases is a major research field in the databases research topics. In this paper, we will review previous researches related the protection of relational databases and propose new method for relational data. Especially, we propose watermarking scheme for databases using reversible method in this paper. As an experimental result, the proposed scheme is very strong to malicious attacks. In addition, we proved our proposed scheme is to apply real application.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.242-245
• /
• 2015

Recently due to large-scale data spread in digital economy, the era of big data is coming. Through big data, unstructured text data consisting of technical text document, confidential document, false information documents are experiencing serious problems in the runoff. To prevent this, the need of art to sort and process the document consisting of unstructured text data has increased. In this paper, we propose a novel text classification scheme which learns some data sets and correctly classifies unstructured text data into two different categories, True and False. For the performance evaluation, we implement our proposed scheme using $Na{\ddot{i}}ve$ Bayes document classifier and TF-IDF modules in Python library, and compare it with the existing document classifier.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.5
• /
• pp.171-176
• /
• 2015

Because the specific security technology alone can not cope with sophisticated attacks, various security management models are applied. But, they do not focus on the vulnerability of the highest part because they offer so many common security management criteria. By analyzing the main information and confidential leakage cases inflicting enormous damage to our society, we found that attackers are using mainly an interface vulnerabilities - the paths that connect the internal and external of the organization, such as e-mail, web server, portable devices, and subcontractor employees. Considering the reality that time and resources to invest in security domain are limited, we point out the interface security vulnerabilities the possibility of attackers to exploit and present a convergence method of security measures. Finally, based of ROI(Return on Investment), we propose the real-time security management system through the intensive and continuous management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.13-26
• /
• 2006

RFID technology is evaluated as one of core technologies for ubiquitous environment, because of its various characteristics which barcode systems don't have. However, RFID systems have consumer's privacy infringement problems, such like information leakage and location tracing. We need RFID privacy protection protocols, that satisfy three essential security requirements; confidentiality, indistinguishability and forward security, in order to protect consumer's privacy perfectly. The most secure protocol, that satisfies all of the three essential security requirements, among existing protocols, is the hash-chain based protocol that Ohkubo proposed. Unfortunately this protocol has a big disadvantage that it takes very long time to identify a tag in the back-end server. In this paper, we propose a scheme to keep security just as it is and to reduce computation time for identifying a tag in back-end server. The proposed scheme shows the results that the identification time in back-end server is reduced considerably compared to the original scheme of Ohkubo protocol.

• Journal of Internet Computing and Services
• /
• v.23 no.3
• /
• pp.21-33
• /
• 2022

This paper is to suggest the secure secret sharing system in order to outstandingly reduce the damage caused by the leakage of the corporate secret. This research system is suggested as efficient P2P distributed system kept from the centrally controlled server scheme. Even the bitcoin circulation system is also based on P2P distribution scheme recenly. This research has designed the secure circulation of the secret shares produced by Threshold Shamir Secret Sharing scheme instead of the shares specified in the torrent file using the simple, highly scalable and fast transferring torrent P2P distribution structure and its protocol. In addition, this research has studied to apply both Shamir Threshold Secret Sharing scheme and the securely strong multiple user authentication based on Collaborative Threshold Autentication scheme. The secure transmission of secret data is protected as using the efficient symmetric encryption with the session secret key which is safely exchanged by the public key encryption. Also it is safer against the leakage because the secret key is effectively alive only for short lifetime like a session. Especially the characteristics of this proposed system is effectively to apply the threshold secret sharing scheme into efficient torrent P2P distributed system without modifying its architecture of the torrent system. In addition, this system guaranttes the confidentiality in distributing the secret file using the efficient symmetric encryption scheme, which the session key is securely exchanged using the public key encryption scheme. In this system, the devices to be taken out can be dynamically registered as an user. This scalability allows to apply the confidentiality and the authentication even to dynamically registerred users.