• Journal of Korea Society of Industrial Information Systems
• /
• v.29 no.3
• /
• pp.23-40
• /
• 2024

Hardware attacks involve physical reverse engineering efforts to steal sensitive information, such as encryption keys and circuit designs. Encryption and obfuscation are representative countermeasures, but they are nullified if adversaries manage to find the key. To address this issue, we propose e-Cryptex, which utilizes a Physically Unclonable Function (PUF) as an anti-tampering shield. PUF acts as a random number generator and relies on unique physical variants that cannot be replicated or restored to enhance anti-tampering mechanisms. e-Cryptex uses PUF as a shield to protect the system's structure and generate the key. Tampering with the shield will result in the destruction of the key. This paper demonstrates that e-Cryptex meets PUF security requirements and is effective in detecting of tampering attempts that pierce or completely destroy the shield. Each board consistently generates the same key under normal conditions, while also showing key uniqueness across different boards.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.265-272
• /
• 2003

RBAC is an Access Control Mechanism for security administration of system resource and technique attracting in commercial fields because of reducing cost and complexity of security administration in large network. Many RBAC's research is progressive but several problems such as the delegation of role have been pointed out concerning the mechanism. It is necessary that a person's role delegate someone with reliability by reasons of a leave of absence, sick leave and the others. But the existing RBAC standards don't give definition of the delegation of roles. In this paper, we propose RBAC model that delegator can delegate subset of role and permission to a delegatee so that more efficient access control may be available.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.9
• /
• pp.2040-2048
• /
• 2010

In contemporary society, though convenience and efficiency of work using information system is growing high, adverse effect problems of malignant code, system hacking, information leak by insiders due to the development of the network are raising their head daily. Because of this, enormous work forces and expenses for the recovery and management of system is needed. The existing system can be divided into two aspects: security solution which surveils and treats virus and malignant codes, and network management solution which observes the system of computer, and practices maintenance and repair such as management, recovery, backup. This treatise applied Active Write Filter mechanism and the technology based on NFS and complemented the maintenance problems of user data of the existing system and designed the system which enables solving problems of intellectual property right such as information protection and illegal work.

• Journal of the Korean Geophysical Society
• /
• v.4 no.4
• /
• pp.239-249
• /
• 2001

NAT (Network Address Translation) is an IP address modification protocol that translates private IP addresses into authentic Internet addresses. The main features of NAT are to improve network security and to save IP addresses. Generally speaking, in order to perform its functionality. NAT uses the address informaiton in the packet header. Certain application protocols, however, use the information in the packet data as well as the imformation in the packet header to perform end-to-end communication. Therefor, to support these types of application protocols, NAT should be able to perform appropriate translation of protocol information in the packet data. In this thesis, we design and implement a method which translates virtual IP information in the packet data into real IP information by using port proxy server.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 1999.05a
• /
• pp.91-96
• /
• 1999

Role-Based Access Control(RBAC) is an access control mechanism that reduce the cost of administering access control policies. The Admin Tool developed for RBAC Model manages relationship informations of user and role. In order to maintain the consistency of the information for these relationships, a set of properties defining consistency of the relationship informations is required. When it will be designed security systems applying RBAC policy on the Linux server system environments, this paper described consistency properties of relationship informations for information management of user and role relationships. It leads us to the development of minimal set obtainable the equivalent results of consistency properties for a more efficient Admin Tool implementation.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.2
• /
• pp.279-285
• /
• 2012

Most national critical key infrastructure, such like electricity, nuclear power plant, and petroleum is run on SCADA (Supervisory Control And Data Acquisition) system as the closed network type. These systems have treated the open protocols like TCP/IP, and the commercial operating system, which due to gradually increasing dependence on IT(Information Technology) is a trend. Recently, concerns have been raised about the possibility of these facilities being attacked by cyber terrorists, hacking, or viruses. In this paper, the method to minimize threats and vulnerabilities is proposed, with the virtual honeynet system architecture and the attack detection algorithm, which can detect the unknown attack patterns of Zero-Day Attack are reviewed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1103-1106
• /
• 2005

IPv4 프로토콜의 주소 고갈 문제를 해결하기 위하여 IPv6 프로토콜이 제안되었고 한국전산원의 발표에 의하면 2010년 이후에는 IPv6 프로토콜이 광범위하게 사용될 것이라고 한다. 이러한 IPv6 프로토콜은 IPv4 프로토콜의 단점들을 해결하기 위하여 ND(Neighbor Discovery) 메커니즘, 주소자동설정, IPsec 등의 기술을 지원하며, 특히 IPv6 프로토콜은 보안 문제를 해결하기 위해서 인증, 데이터 무결성 보호를 위한 IPsec 기술을 사용한다. 이러한 IPsec 기술은 패킷 정보를 보호하기 위한 목적으로 사용되기 때문에 불특정 다수의 사용자를 대상으로 하는 네트워크에 행해지는 분산 서비스 거부 공격과 같은 비정상 대용량 트래픽에 대한 탐지 및 차단에 어려움이 있다. 현재 IPv6 프로토콜을 지원하는 네트워크 공격 대응 기술로 IPv6 네트워크용 방화벽/침입탐지 시스템이 개발되어 제품으로 판매되고 있지만, 대용량의 비정상 트래픽 대응 기술을 탐지하고 차단하기에는 한계가 있다. 본 논문에서는 IPv6 네트워크 환경에서 이러한 대용량의 비정상 트래픽을 제어할 수 있는 프레임워크를 제시한다.

• Explosives and Blasting
• /
• v.26 no.1
• /
• pp.49-55
• /
• 2008

Mechanical excavation techniques employing tunnel boring machines (TBM) and rock splitters have been proposed to minimize rock damage for tunnel and underground waste repository facilities. Such a mechanical excavation, however, is extremely expensive and not applicable in all cases. For these reasons, controlled blasting using notched charge holes have been suggested to achieve crack growth along specific directions and inhibit growth along other directions. This study introduces a dynamic fracture process analysis code to simulate fracture processes of rock which has a notched charge hole.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.11A
• /
• pp.1047-1055
• /
• 2005

One of major characteristics in wireless LAN is terminal's frequent mobility, so it makes many overheads in the process of authentications repeatedly at each handoffs. So I propose IAPP(Inter Access Point Protocol) of IEEE 802.11f, modified context block and 4 way handshake of IEEE 802.11i, in order to implement secure and rapid handoff. The context block. I proposed, doesn't makes any communication with RADIUS server at handoff period. Therefore, it guarantee higher efficiency than existing handoff mechanisms. Also it can improve security vulnerability by padding authentication field in the context block for providing in advance against Replay and DoS(Denial of Service) attacks.

• The Journal of the Korea Contents Association
• /
• v.13 no.4
• /
• pp.17-22
• /
• 2013

Impersonation attack, based on vulnerable security of SIP, facilitate a intruder to take malicious actions such as toll fraud and session hijacking. This paper suggests a new technique for a countermeasure. When receiving a register request message, registrar checks whether the value of Form header or the value of Call-ID header is stored in location server or not. If the record containing either of them are stored and periodically updated, we regard that message as impersonation attack and discard it. Since this technique uses the information stored in server instead of adding encryption mechanism for user authentication, it can easily build securer SIP environment.