• Journal of Korea Multimedia Society
• /
• v.12 no.9
• /
• pp.1309-1315
• /
• 2009

This research goal of developing and producing a tool that finds security weakness that may happen when a usual program is executed. The analyzing tool for security weakness has the major functions as follows. In case that a part of anticipated security weakness are in execution, it traces a machine language to a part in execution. And Monitoring System calls and DLL(API) calls when a program is in execution. The result of this study will enable to contribute to use as educational materials for security service in companies and related agencies and to prevent from hacking of external information invaders in the final analysis.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.85-91
• /
• 2016

Block cipher is one of the prominent and important elements in cryptographic systems and study on the minimal construction is a major theme in the cryptographic research. Even and Mansour motivated by the study suggested a kind of block cipher called the Even-Mansour scheme in the early 1990s. It is a very simple cipher with one permutation and two secret keys. There have been many studies on the Even-Mansour scheme and security analysis of the scheme. We explain the Even-Mansour scheme and simplify those attacks on the Even-Mansour scheme with mathematical language. Additionally, we show that Pollard's rho attack to the discrete logarithm problem can be used to attack the Even-Mansour scheme with the same complexity of the Pollard's rho attack.

• Convergence Security Journal
• /
• v.10 no.1
• /
• pp.55-61
• /
• 2010

It is of great practical interest to deciding when to stop testing a software system in development phase and transfer it to the user. This decision problem called an optimal release policies. In this paper, because of the possibility of introducing new faults when correcting or modifying the software, we were researched release comparative policies which based on infinite failure NHPP model and types of interval failure times. The policies which minimize a total average software cost of development and maintenance under the constraint of satisfying a software reliability requirement can optimal software release times. In a numerical example, applied data which were patterns, if intensity function constant or increasing, decreasing, estimated software optimal release time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1131-1139
• /
• 2016

In the Hive file format, the sk(Security Key) cell provides access control to registry key. An attacker can figure out secret information on registry or change the security set-up if she could apply modified hive files on system. This paper presents various methods to change access control of registry key by modifying or replacing cell on hive file. We also discuss threats by access control modification and signs of attacks analysis by modified hive files.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.103-114
• /
• 2008

Single Sign-On is an authentication scheme that enables a user to authenticate once and then to access to the resources of multiple software systems without re-authentication. As web services are being integrated into a single groupware, more web sites are adopting for user convenience. However, these Single Sign-On services are very dependent upon the cookies and thus, simple eavesdropping enables attackers to hiject the user's session. Even worse, the attacker who hijacked one session can move to another site through the Single Sign-On. In this paper, we show the vulnerabilities of the top ranked sites regarding this point of view and also propose a way to protect a user's session.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.139-149
• /
• 2023

CBDC has characteristics similar to e-payments in which all records are kept by logs, so it is difficult to satisfy the anonymity level of cash. Therefore, in this study, the CBDC model that encrypts all transaction contents using the Diffie-Hellman key sharing algorithm was presented to enhance anonymity. The proposed model provides unlinkability anduntraceability. In addition, a CBDC certificate that uses pseudonym is used. Through this certificate, illegal transactions that require tracking can be tracked later by authorized institutions.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1477-1480
• /
• 2008

주민번호대체수단은 주민번호를 대체하기 위한 본인확인정보로서, 5 개의 민간기업이 운영하는 민간 i-PIN과 행정안전부가 운영하는 공공 i-PIN이 서비스를 제공하고 있다. 하지만 주민번호대체수단이 더욱 활성화되기 위해서는 기존에 제시된 보안성, 편의성 문제를 해결해야 한다. 본 논문은 신원 선택기를 추가하여, i-PIN의 프로토콜을 변경하지 않는 범위 이내에서 i-PIN의 단점으로 지적되는 로그인 번거로움, i-PIN 사이트 기억 문제, 피싱을 비롯한 보안 문제를 해결하는 방안을 제시하였다. 제안하는 방법은 사용자가 가입한 i-PIN 제공자에 접근하는 단계, i-PIN 제공자에 id 와 비밀번호를 입력하는 단계를 없애고, 신원 선택기를 통해 사용할 신원 정보를 선택하는 것만으로 처리되도록 하였다. 본 기술은 ETRI 에서 개발중인 전자 ID 지갑 솔루션을 통해 구현되었으며, 해당 서비스는 2009 년 중에 민간 i-PIN 제공자를 통해 시범 도입될 예정이다.

• The KIPS Transactions:PartC
• /
• v.9C no.1
• /
• pp.9-16
• /
• 2002

As existing analog video surveillance systems could save and retrieve data only in a limited space within short distance, it had many constraints in developing into various application systems. However, on the back of development of the Internet and computer technologies, digital video surveillance systems can be controlled from a remote location by web browser without space limits. Moreover, data compression and management technologies with Index Search algorithm make it possible to efficiently handling, storing, and retrieving a large amount of data and further motion detection algorithm enhances a recording speed and efficiency for a practical application, that is, a practical remote recordable video surveillance system using our efficient algorithms as mentioned, called WebCam. The WebCam server system can intelligently record and save video images digitized through efficient database management, monitor and control cameras in a remote place through user authentication, and search logs.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.11
• /
• pp.427-432
• /
• 2014

The Purpose of local system attacks is to acquire administrator's(root) privilege shell through the execution of the malicious program or change the flow of the program. This acquiring shell through attack is still valid approach method and it is difficult to cope with improving each of vulnerability because the attacker can select various forms of attack. Linux allocate a set of credentials when login, in order to manage user permissions. Credentials were issued and managed by the kernel directly, and also the kernel ensures that any change cannot be occurred outside of kernel. But, user's credentials that acquired root privilege through system attacks occurs a phenomenon that does not remain consistent. In this paper we propose a security module to detect a security threats that may cause to users and tasks by analysis user task execution and inconsistency credentials.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.11
• /
• pp.1544-1553
• /
• 2018

Recently internal information leakage in industries is severely increasing in spite of industry security policy. Thus, it is essential to prepare an information leakage prevention measure by industries. Most of the leaks result from the insiders, not from external attacks. In this paper, a real-time internal information leakage prevention system via both storage and network is implemented in order to protect confidential file leakage. In addition, a Hadoop-based user behavior analysis and statistics system is designed and implemented for storing and analyzing information log data in industries. The proposed system stores a large volume of data in HDFS and improves data processing capability using RHive, consequently helps the administrator recognize and prepare the confidential file leak trials. The implemented audit system would be contributed to reducing the damage caused by leakage of confidential files inside of the industries via both portable data media and networks.