• Title/Summary/Keyword: 보안취약점

Search Result 1,628, Processing Time 0.025 seconds

Study on the Development of Concrete Public Sign Block (콘크리트 공공 사인 블록 개발에 대한 연구)

  • Lee, Ung-Kyun;Lee, Sung-Chul;Kim, Jong Yoon;Kim, Baek-Joong
    • Journal of the Society of Disaster Information
    • /
    • v.17 no.2
    • /
    • pp.266-274
    • /
    • 2021
  • Purpose: The purpose of this study is to develop a concrete public sign block for floors that can provide pedestrian safety and various information. Method: In order to achieve these research objectives, step-by-step block manufacturing techniques applied in relation to the development of public sign blocks were proposed, and the field applicability of the developed concrete public sign blocks was evaluated. Result: The concrete public sign block for floors developed in this study is expected to be capable of expressing public signs of various shapes and to reduce manufacturing cost. As a result of the usability evaluation for two years, no problems such as cracks, edge dropouts, discoloration, and abrasion were found, so it is judged that sufficient durability was secured. Conclusion: Based on these research results, it is expected that the concrete public sign block will be used as an alternative to secure the weaknesses such as stickers, stone and brass plates that have been used in the existing public sign for floors. It is expected that it can be applied in various fields.

Utilization and Optimized Implementation of Format Preserving Encryption Algorithm for IoT and BLE Communications (IoT와 BLE 통신상의 형태보존암호 활용 및 최적화 구현 기법)

  • Lim, Ji-hwan;Kwon, Hyuk-dong;Woo, Jae-min;An, Kyu-hwang;Kim, Do-young;Seo, Hwa-jeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1371-1378
    • /
    • 2018
  • Bluetooth is the key technology in the wireless connection of many Internet of Things (IoT) devices, especially focused on smartphones today. In addition, Bluetooth communication between the IoT device and the user is mainly performed via Bluetooth Low Energy (BLE), but as the Bluetooth technology gradually develops, the security vulnerability of the existing BLE is more prominent. Research on Bluetooth accessibility has been conducted steadily so far, but there is lack of research for data protection in Bluetooth communication. Therefore, in this paper, when sending and receiving data in BLE communication between IoT and users, we propose effective methods for communicating with each other through the Format Preserving Encryption Algorithm (FEA), not the plain text, and measures performance of FEA which is optimized in Arduino and PC.

Access Control Mechanism for Industrial Control System Based Smart Contract (스마트 컨트랙트 기반의 산업제어시스템 접근 제어 메커니즘)

  • Cho, Minjeong;Lee, Changhoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.3
    • /
    • pp.579-588
    • /
    • 2019
  • Industrial control systems consist of various physical devices such as sensors, actuators. Security Infringement such as waterworks facilities Remote Access Infringement and power control systems Infection have been occured by vulnerability of Access Control. Access control to physical devices must be fulfilled with a reliable system. However, Having a single access control system inside company can not guarantee reliability. In addition, when single access control is struggled with error or infringement, access control system is totally unavailable. so system requires a additional access control method or system. In this paper, we proposed access control mechanism for reliable and stable operation using blockchain and smart contract. Proposed Mechanism using trust score to consider resources to be consumed depending on each industrial environment in consideration of the industrial control system where availability is more important than integrity and confidentiality. Unlike other blockchain-based access control system, proposed system is designed for the currently operating industrial control system.

Design of a Secure and Fast Handoff Method for Mobile If with AAA Infrastructure (AAA 기반 Mobile IP 환경에서 안전하고 빠른 핸드오프 기법 설계)

  • 김현곤
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.1
    • /
    • pp.79-89
    • /
    • 2004
  • Mobile IP Low Latency Handoffs allow greater support for real-time services on a Mobile W network by minimizing the period of time when a mobile node is unable to send or receive IP packets due to the delay in the Mobile IP Registration process. However, on Mobile IP network with AAA servers that are capable of performing Authentication, Authorization, and Accounting(AAA) services, every Registration has to be traversed to the home network to achieve new session keys, that are distributed by home AAA server, for a new Mobile IP session. This communication delay is the time taken to re-authenticate the mobile node and to traverse between foreign and home network even if the mobile node has been previously authorized to old foreign agent. In order to reduce these extra time overheads, we present a method that performs Low Latency Handoffs without requiring funker involvement by home AAA server. The method re-uses the previously assigned session keys. To provide confidentiality and integrity of session keys in the phase of key exchange between agents, it uses a key sharing method by gateway foreign agent that Performs a ousted thirty party. The Proposed method allows the mobile node to perform Low Latency Handoffs with fast as well as secure operation

An User Authorization Mechanism using an Attribute Certificate in the IPSec-VPN System (IPSec-VPN 시스템에서의 속성 인증서를 이용한 사용자 접근 제어 방안)

  • 강명희;유황빈
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.5
    • /
    • pp.11-21
    • /
    • 2004
  • To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).

A Behavior based Detection for Malicious Code Using Obfuscation Technique (우회기법을 이용하는 악성코드 행위기반 탐지 방법)

  • Park Nam-Youl;Kim Yong-Min;Noh Bong-Nam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.3
    • /
    • pp.17-28
    • /
    • 2006
  • The appearance of variant malicious codes using obfuscation techniques is accelerating the spread of malicious codes around the detection by a vaccine. n a system does not patch detection patterns for vulnerabilities and worms to the vaccine, it can be infected by the worms and malicious codes can be spreaded rapidly to other systems and networks in a few minute. Moreover, It is limited to the conventional pattern based detection and treatment for variants or new malicious codes. In this paper, we propose a method of behavior based detection by the static analysis, the dynamic analysis and the dynamic monitoring to detect a malicious code using obfuscation techniques with the PE compression. Also we show that dynamic monitoring can detect worms with the PE compression which accesses to important resources such as a registry, a cpu, a memory and files with the proposed method for similarity.

A Study on the Multiplexing of a Communication Line for the Physical Load Balancing-Based Prevention of Infringement (물리적 부하 균형(Load-balancing) 기반의 침해방지를 위한 통신라인 다중화에 관한 연구)

  • Choi, Hee-Sik;Seo, Woo-Seok;Jun, Moon-Seog
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.1
    • /
    • pp.81-91
    • /
    • 2012
  • Presently in 2011, there are countless attacking tools oriented to invading security on the internet. And most of the tools are possible to conduct the actual invasion. Also, as the program sources attacking the weaknesses of PS3 were released in 2010 and also various sources for attacking agents and attacking tools such as Stuxnet Source Code were released in 2011, the part for defense has the greatest burden; however, it can be also a chance for the defensive part to suggest and develop methods to defense identical or similar patterned attacking by analyzing attacking sources. As a way to cope with such attacking, this study divides the network areas targeted for attack based on load balancing by the approach gateways and communication lines according to the defensive policies by attacking types and also suggests methods to multiply communication lines. The result of this paper will be provided as practical data to realize defensive policies based on high hardware performances through enhancing the price competitiveness of hardware infrastructure with 2010 as a start.

A Secure RFID Search Protocol Protecting Mobile Reader's Privacy Without On-line Server (온라인 서버가 없는 환경에서 이동형 리더의 프라이버시를 보호하는 안전한 RFID 검색 프로토콜)

  • Lim, Ji-Wwan;Oh, Hee-Kuck;Kim, Sang-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.2
    • /
    • pp.73-90
    • /
    • 2010
  • Recently, Tan et al. introduced a serverless search protocol in which a mobile reader maintains a tag authentication list and authenticates a tag using the list without connecting authentication server. A serverless RFID system is different from general RFID systems which use on-line server models. In the serverless RFID system, since the mobility of a personalized reader must be considered, we have to protect not only the privacy of a tag but also the privacy of a mobile reader. In this paper, we define new security requirements for serverless RFID search system and propose a secure serverless RFID search system. In our system, since tag authentication information maintained by a reader is updated in every session, we can provide the backward untraceability of a mobile reader. Also we use an encrypted timestamp to block a replay attack which is major weakness of search protocols. In addition, we define a new adversary model to analyze a serverless RFID search system and prove the security of our proposed system using the model.

OHDSI OMOP-CDM Database Security Weakness and Countermeasures (OHDSI OMOP-CDM 데이터베이스 보안 취약점 및 대응방안)

  • Lee, Kyung-Hwan;Jang, Seong-Yong
    • Journal of Information Technology Services
    • /
    • v.21 no.4
    • /
    • pp.63-74
    • /
    • 2022
  • Globally researchers at medical institutions are actively sharing COHORT data of patients to develop vaccines and treatments to overcome the COVID-19 crisis. OMOP-CDM, a common data model that efficiently shares medical data research independently operated by individual medical institutions has patient personal information (e.g. PII, PHI). Although PII and PHI are managed and shared indistinguishably through de-identification or anonymization in medical institutions they could not be guaranteed at 100% by complete de-identification and anonymization. For this reason the security of the OMOP-CDM database is important but there is no detailed and specific OMOP-CDM security inspection tool so risk mitigation measures are being taken with a general security inspection tool. This study intends to study and present a model for implementing a tool to check the security vulnerability of OMOP-CDM by analyzing the security guidelines for the US database and security controls of the personal information protection of the NIST. Additionally it intends to verify the implementation feasibility by real field demonstration in an actual 3 hospitals environment. As a result of checking the security status of the test server and the CDM database of the three hospitals in operation, most of the database audit and encryption functions were found to be insufficient. Based on these inspection results it was applied to the optimization study of the complex and time-consuming CDM CSF developed in the "Development of Security Framework Required for CDM-based Distributed Research" task of the Korea Health Industry Promotion Agency. According to several recent newspaper articles, Ramsomware attacks on financially large hospitals are intensifying. Organizations that are currently operating or will operate CDM databases need to install database audits(proofing) and encryption (data protection) that are not provided by the OMOP-CDM database template to prevent attackers from compromising.

Query-Efficient Black-Box Adversarial Attack Methods on Face Recognition Model (얼굴 인식 모델에 대한 질의 효율적인 블랙박스 적대적 공격 방법)

  • Seo, Seong-gwan;Son, Baehoon;Yun, Joobeom
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.6
    • /
    • pp.1081-1090
    • /
    • 2022
  • The face recognition model is used for identity recognition of smartphones, providing convenience to many users. As a result, the security review of the DNN model is becoming important, with adversarial attacks present as a well-known vulnerability of the DNN model. Adversarial attacks have evolved to decision-based attack techniques that use only the recognition results of deep learning models to perform attacks. However, existing decision-based attack technique[14] have a problem that requires a large number of queries when generating adversarial examples. In particular, it takes a large number of queries to approximate the gradient. Therefore, in this paper, we propose a method of generating adversarial examples using orthogonal space sampling and dimensionality reduction sampling to avoid wasting queries that are consumed to approximate the gradient of existing decision-based attack technique[14]. Experiments show that our method can reduce the perturbation size of adversarial examples by about 2.4 compared to existing attack technique[14] and increase the attack success rate by 14% compared to existing attack technique[14]. Experimental results demonstrate that the adversarial example generation method proposed in this paper has superior attack performance.