• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.285-296
• /
• 2016

Recently, as the widespread use of Facebook through a smartphone or tablet PC, it has increased the threat that contains the malicious code to post a social attacks and comments that use personal information that has been published of Facebook. To solve these problems, Facebook is, by providing a security function, but would like to address these threats, in setting the security function, the security function of the user's convenience is not considered a properly there is a problem that is not in use. Thus, in this paper, on the basis of the information obtained via the cogTool, on Facebook security features, the user experience by presenting a method that can be quantitatively measured by this, the user convenience It classifies about Facebook security features to decrease.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.309-320
• /
• 2019

Blockchain has been developed as a key technology for many cryptocurrency systems such as Bitcoin. These days, blockchain technology attracts many people to adopt it to various fields beyond cryptocurrency systems for their information sharing and processing. However, with the development and increasing adoption of the blockchain, security incidents frequently happen in the blockchain systems due to their implementation flaws. In order to solve this problem, in this paper, we analyze the software vulnerabilities of Bitcoin and Ethereum, which are the most widely used blockchain applications in real world. For that purpose, we conduct an in-depth analysis of source code of them to detect software vulnerabilities, and examine an OS command injection attack exploiting the detected ones.

• Journal of Korea Society of Industrial Information Systems
• /
• v.14 no.3
• /
• pp.1-14
• /
• 2009

In this paper, we propose a feature vector and its applying method which can be utilized for the extraction of the car license plate region. The proposed feature vector is extracted from direction code histogram of edge direction of gradient vector of image. The feature vector extracted is forwarded to the MLP classifier which identifies character and garbage and then the recognition of the numeral and the location of the license plate region are performed. The experimental results show that the proposed methods are properly applied to the identification of character and garbage, the rough location of license plate, and the recognition of numeral in license plate region.

• Journal of Korea Multimedia Society
• /
• v.8 no.7
• /
• pp.898-905
• /
• 2005

Iris recognition Is that identifies a user based on the unique iris muscle patterns which has the functionalities of dilating or contracting pupil region. Because it is reported that iris recognition is more accurate than other biometries such as face, fingerprint, vein and speaker recognition, iris recognition is widely used in the high security application domain. However, if unnecessary information such as eyelid and eyelash is included in iris region, the error for iris recognition is increased, consequently. In detail, if iris region is used to generate iris code including eyelash and eyelid, the iris codes are also changed and the error rate is increased. To overcome such problem, we propose the method of detecting eyelid by using pyramid searching parabolic deformable template. In addition, we detect the eyelash by using the eyelash mask. Experimental results show that EER(Equal Error Rate) for iris recognition using the proposed algorithm is lessened as much as $0.3\%$ compared to that not using it.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.21-29
• /
• 2017

Accurate encoding of local patterns is a very important factor in texture classification. However, LBP based methods w idely studied have fundamental problems that are vulnerable to noise. Recently, LDP method using edge response and dire ction information was proposed in facial expression recognition. LDP is more robust to noise than LBP and can accommod ate more information in it's pattern code, but it has drawbacks that it is sensitive to rotation transforms that are critical to texture classification. In this paper, we propose a new local pattern coding method called Rotation Invariant Local Direc tional Pattern, which combines rotation-invariant transform to LDP. To prove the texture classification performance of the proposed method in this paper, texture classification was performed on the widely used UIUC and CUReT datasets. As a result, the proposed RILDP method showed better performance than the existing methods.

• Smart Media Journal
• /
• v.13 no.6
• /
• pp.9-15
• /
• 2024

In recent trends, there has been an increase in 'Qshing' attacks, a hybrid form of phishing that exploits fake QR (Quick Response) codes impersonating government agencies to steal personal and financial information. Particularly, this attack method is characterized by its stealthiness, as victims can be redirected to phishing pages or led to download malicious software simply by scanning a QR code, making it difficult for them to realize they have been targeted. In this paper, we have developed a classification technique utilizing machine learning algorithms to identify the maliciousness of URLs embedded in QR codes, and we have explored ways to integrate this with existing QR code readers. To this end, we constructed a dataset from 128,587 malicious URLs and 428,102 benign URLs, extracting 35 different features such as protocol and parameters, and used AutoML to identify the optimal algorithm and hyperparameters, achieving an accuracy of approximately 87.37%. Following this, we designed the integration of the trained classification model with existing QR code readers to implement a service capable of countering Qshing attacks. In conclusion, our findings confirm that deriving an optimized algorithm for classifying malicious URLs in QR codes and integrating it with existing QR code readers presents a viable solution to combat Qshing attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.05a
• /
• pp.131-132
• /
• 2018

오픈소스는 소스코드를 무료로 공개하여 누구나 쉽게 사용하고 공유 할 수 있도록 만든 소프트웨어 이다. 누구나 열람할 수 있는 오픈소스의 특성상 보안에 취약하고 소프트웨어의 구조적 오류가 발생 할 수 있다. 필요한 기능을 손쉽고 편리하게 사용할 수 있다는 장점이 있지만, 검증되지 오픈소스는 해커와 같은 외부 공격에 취약점을 노출시킬 수 있다. 본 논문에서는 이러한 오픈소스의 취약점을 Adobe Flash Player의 사례를 통해 알아보고 취약점 해결방안을 고찰해 봄으로써 오픈소스를 사용하면서 발생할 수 있는 문제점을 보완하고자 하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.67-81
• /
• 2011

In recently years, there are cyber-weapon aim to national infrastructure such as 'stuxnet'. Security experts of the world are paying attention to this phenomenon. The networks which controls traffic, subway, waterworks of the city are safe from threats such as computer virus, malware, because the networks were built on closed-networks. However, it's about time to develop countermeasure for the cyber-weapon. In this paper, we review status-quo of the control systems for metropolitan infrastructure and analyze the risk of industrial control system in SCADA(Supervisory Control And Data Acquisition) network. Finally, we propose a security model for control systems of metropolitan infrastructure.

• Journal of the Korea Convergence Society
• /
• v.10 no.12
• /
• pp.63-69
• /
• 2019

Using a smartphone allows quick and easy authentication and payment. However, smartphone security threats are evolving into a variety of new hacking technologies, and are changing to attacks specific to the mobile environment. Therefore, there is a demand for an authentication method suitable for a mobile environment. In order to solve security weaknesses in knowledge-based authentication, many companies provide two-step authentication services such as OTP(One Time Password) to provide authentication services such as finance, games, and login. Although OTP service is easy to use, it is easy to duplicate random number table and has a disadvantage that can be reused because it is used as valid value within time limit. In this paper, we propose a mechanism that enables users to quickly and easily authenticate with high security using the authentication method that recognizes special characters through smartphone's dedicated application.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.248-250
• /
• 2024

해제 후 재사용 (Use-After-Free, UAF)는 오랜 시간 동안 소프트웨어 보안에서 중요한 문제로 인식되어 왔다. 이 문제를 해결하기 위해 다양한 완화 방법과 방어 연구가 활발히 진행되고 있다. 이러한 연구들은 대부분 기존 벤치마크 성능과 비교했을 때 낮은 성능을 보인다. 이는 메타 데이터와 코드 계측 정보가 증가하여 포인터를 많이 사용하는 벤치마크의 메모리 사용량이 증가하기 때문이다. 이 연구는 SVF를 활용하여 스택에서만 메모리 할당자 호출 지점을 분석한다. 추후 이 분석 정보를 여러 UAF 연구에 적용하여 런타임 오버헤드를 줄이는 것을 목표로 한다.