• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.75-82
• /
• 2009

In this paper, we test for security targeting on APIs of Windows as that is used by many people worldwide. In order to test APIs in DLL fils of Windows OS, we propose Automated Windows API Fuzz Testing(AWAFT) that can execute fuzz testing automatically and implemented the practical tool for AWAFT. AWAFT focuses on buffer overflows and parsing errors of function parameters. Using the tool, we found 177 errors in the system folder of Windows XP SP2. Therefore, AWAFT is useful for security testing of Windows APIs. AWAFT can be applied to libraries of third party software in Windows OS for the security.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.33-42
• /
• 2016

Recently, the investment and study competition regarding machine running is accelerating mainly with Google, Amazon, Microsoft and other leading companies in the field of artificial intelligence. The security weakness of virtualization technology security structure have been a serious issue continuously. Also, in most cases, the internal data security depend on the virtualization security technology of platform provider. This is because the existing software, hardware security technology is hard to access to the field of virtualization and the efficiency of data analysis and processing in security function is relatively low. This thesis have applied user significant information to machine learning algorithm, created security authentication vector able to learn to provide with a method which the security authentication can be conducted in the field of virtualization. As the result of performance analysis, the interior transmission efficiency of authentication vector in virtualization environment, high efficiency of operation method, and safety regarding the major formation parameter were demonstrated.

• Journal of the Korean Institute of Telematics and Electronics T
• /
• v.36T no.4
• /
• pp.17-23
• /
• 1999

This paper described a security system using text-independent speaker recognition algorithm. Security system is based on PIC16F84 and sound card. Speaker recognition algorithm applied a k-means based model and weighted cepstrum for speech features. As the experimental results, recognition rate of the training data is 100%, non-training data is 99%. Also false rejection rate is 1%, false acceptance rate is 0% and verification mean error rate is 0.5% for registered 5 persons.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.61-70
• /
• 2007

In Windows operating system, CSPs(Cryptographic Service Providers) are provided for offering a easy and convenient way of using an various cryptographic algorithms to applications. The applications selectively communicate with various CSPs through a set of functions known as the Crypto API(Cryptographic Application Program Interface). During this process, a secure method, accessing data using a handle, is used in order to prevent analysis of the passing parameters to function between CryptoAPI and CSPs. In this paper, our experiment which is using a novel memory traceback method proves that still there is a vulnerability of private key and secret key disclosure in spite of the secure method above-mentioned.

• Review of KIISC
• /
• v.29 no.6
• /
• pp.53-58
• /
• 2019

최근 5G 네트워크의 발전으로 사물인터넷의 활용도가 커지며 시장이 급격히 확대되고 있다. 사물인터넷 기기가 급증하면서 이를 대상으로 하는 위협이 크게 늘며 사물인터넷 기기의 보안이 중요시 되고 있다. 그러나 이러한 사물인터넷 기기는 기존의 ICT 장비와는 다르게 리소스가 제한되어 있다. 본 논문에서는 이러한 특성을 갖는 사물인터넷 환경에 적합한 보안기술로 네트워크 학습을 통해 사물인터넷 기기의 이상행위를 탐지하는 경량화된 인공신경망 기술을 제안한다. 기기 별 혹은 사용자 별 네트워크 행위 패턴을 분석하여 특성 연구를 진행하였으며, 사물인터넷 기기의 정상행위를 수집하고 학습데이터로 활용한다. 이러한 학습데이터를 통해 인공신경망 기반의 오토인코더 알고리즘을 활용하여 이상행위 탐지 모델을 구축하였으며, 파라미터 튜닝을 통해 모델 사이즈, 학습 시간, 복잡도 등을 경량화 하였다. 본 논문에서 제안하는 탐지 모델은 신경망 프루닝 및 양자화를 통해 경량화된 오토인코더 기반 인공신경망을 학습하였으며, 정상 행위 패턴을 벗어나는 이상행위를 식별할 수 있었다. 본 논문은 1. 서론을 통해 현재 사물인터넷 환경과 보안 기술 연구 동향을 소개하고 2. 관련 연구를 통하여 머신러닝 기술과 이상 탐지 기술에 대해 소개한다. 3. 제안기술에서는 본 논문에서 제안하는 인공신경망 알고리즘 기반의 사물인터넷 이상행위 탐지 기술에 대해 설명하고, 4. 향후연구계획을 통해 추후 활용 방안 및 고도화에 대한 내용을 작성하였다. 마지막으로 5. 결론을 통하여 제안기술의 평가와 소회에 대해 설명하였다.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.2
• /
• pp.167-175
• /
• 2008

The current pre-distribution of secret keys uses a-composite random key and it randomly allocates keys. But there exists high probability not to be public-key among nodes and it is not efficient to find public-key because of the problem for time and energy consumption. We presents key establishment scheme designed to satisfy authentication and confidentiality, without the need of a key distribution center. Proposed scheme is scalable since every node only needs to hold a small number of keys independent of the network size, and it is resilient against node capture and replication due to the fact that keys are localized. In simulation result, we estimate process time of parameter used in proposed scheme and efficiency of Proposed scheme even if increase ECC key length.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.137-142
• /
• 2009

By known attacks against cryptographic technology and decline of security, internal and external major institutions have defined their recommendations in kinds, expiration, safe parameters of cryptographic technology and so on. Internal financial fields will change some cryptographic technology to follow these recommendations. To keep strong security of financial systems against sudden security changes of cryptographic technology, this article finds pre-steps : status of applied cryptographic technology, selection of vulnerable cryptographic technology. And plans for management of cryptographic technology in financial fields will be proposed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.3
• /
• pp.558-564
• /
• 2016

The network interference gives positive and negative effects to security and QoS simultaneously by disturbing the decoding of receiver and eavesdropper. The transmission of artificial noise enables to indirectly control these contradicting effects. This paper proposed the secrecy enhancement technique via artificial noise with protected zones of transmitter and receiver and investigated its gain by using stochastic geometry. For given arbitrary artificial noise power ratio, we first analyzed connection outage probability and secrecy outage probability for four different scenarios (separated, overlapped, included secrecy protected zones- type A, B) according to distance and size of protected zones of the transmitter and receiver. We then derive the secrecy transmission rate and find the optimal artificial noise power ratio to maximize it. Finally, with numerical examples, we investigate the effects of the system parameters such as size of protected zones of transmitter and receiver on the optimal artificial noise power ratio.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.3-10
• /
• 2019

The 5G network is a next-generation converged network that combines various ICT technologies to realize the need for high speed, hyper connection and ultra low delay, and various efforts have been made to address the security vulnerabilities of the previous generation mobile networks. However, the standards released so far still have potential security vulnerabilities, such as USIM deception and replication attack, message re-transmission attack, and race-condition attack. In order to solve these security problems, this paper proposes a new 5G-AKA protocol with PUF technology, which is a physical unclonable function. The proposed PUF-based 5G-AKA improves the security vulnerabilities identified so far using the device-specific response for a specific challenge and hash function. This approach enables a strong white-list policy through the addition of inexpensive PUF circuits when utilizing 5G networks in areas where security is critical. In addition, since additional cryptographic algorithms are not applied to existing protocols, there is relatively little burden on increasing computational costs or increasing authentication parameter storage.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.622-625
• /
• 2020

오픈 API에서는 사용자로부터 조회할 데이터를 요청을 통해 조건에 해당하는 데이터들을 선별하여 리턴하게 되는데, 현재 통용되는 방식은 다양한 조건을 설정하는 것에 있어 상당한 불편함이 따른다. 이에 따라 오픈 API에서 다양한 조건을 검색할 수 있는 방식을 제안한다. POST 메소드를 통해 숫자의 경우 원하는 검색 범위에 대한 설정을, 문자열의 경우 조건에 따라서 포함 혹은 일치하는 데이터를 검색한다. 이렇게 파라마터의 종류가 다양해짐에 따라 SQL 인젝션과 같은 보안에 대한 위험성도 커지며, 그것을 원천적으로 차단하기 위해 쿼리에 사용자로부터 받은 변수를 넣는 것이 아닌, 데이터베이스에서 얻은 데이터로부터 특정 알고리즘을 통해 사용자의 원하는 조건에 해당하는 데이터를 추출해내는 방법 또한 제안한다. 이를 통해 생산성 극대화를 기대한다.