• Review of KIISC
• /
• v.31 no.3
• /
• pp.61-71
• /
• 2021

최근 블록체인 기술의 적용 범위가 전 산업으로 확대되고 있으며, 고부가가치 정보와 디지털 자산이 블록체인 분산 데이터베이스에 저장되고 관리되면서 블록체인을 대상으로 하는 보안 위협이 급격히 증가하고 있다. 특히 가용성 저하 공격, 분산 서비스 거부 공격, 비정상 거래, 악의적 거래, 51% 공격과 같이 블록체인을 대상으로 한 공격 기법이 고도화되고 피해 규모가 커지고 있다. 블록체인은 금융, 물류, 의료, 인증 등 전 산업 분야에 활용될 가능성이 높아지고 있어서 블록체인 네트워크 보안 위협을 신속하고 정확하게 탐지하는 기술에 대한 연구가 요구된다. 본 논문에서는 블록체인 네트워크 보안 위협에 대해 분석하고, 주요 위협 탐지 기술과 최신 동향을 분석한다.

• Review of KIISC
• /
• v.28 no.3
• /
• pp.26-32
• /
• 2018

최초의 암호화폐인 비트코인의 등장과 함께 그 기반기술인 블록체인에 대한 국내외의 관심이 증가하는 가운데 국외에서는 블록체인의 확장성 문제에 대한 논의가 활발히 이루어지고 있다. 블록체인은 시스템을 관리하는 중앙기관 대신 네트워크의 사용자들의 합의에 기반하여 시스템을 유지한다. 신뢰할 수 없는 사용자 간의 합의를 위해 작업증명이라는 신뢰성 보장을 위한 기술을 사용하였고 이로 인해 비트코인과 같은 퍼블릭 블록체인은 제한된 처리량을 가지게 되었다. 현재까지 알려진 대부분의 공격들이 이러한 제한된 처리량으로 인한 처리 지연으로 공격 성공률이 증가하기 때문에 확장성 문제 해결을 위한 연구가 필요한 실정이다. 본 논문에서는 현재 알려진 퍼블릭 체인에서의 보안 위협을 분석하고 확장성 문제와 함께 현재 알려진 확장성 문제 솔루션에 대한 소개 및 앞서 서술한 보안 위협과의 연관성에 대해 분석한다.

• Review of KIISC
• /
• v.33 no.2
• /
• pp.49-56
• /
• 2023

양자 컴퓨터의 기술이 발전됨에 따라 Shor 알고리즘과 Grover 알고리즘을 통해 기존의 공개키, 대칭키 및 해시 암호체계에 위협을 줄 수 있다. RSA 및 ECC 암호체계는 Shor 알고리즘에 의해 다항시간 내에 해독이 가능해진다. 이러한 보안위협의 증가로 양자내성의 성질을 지닌 양자내성암호가 주목받고 있으며 양자내성 전자서명을 블록체인의 전자서명에 적용하기 위한 다양한 연구가 진행되고 있다. 본 논문에서는 양자내성암호를 블록체인의 전자서명에 적용하는 연구동향에 대해 설명한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.309-320
• /
• 2019

Blockchain has been developed as a key technology for many cryptocurrency systems such as Bitcoin. These days, blockchain technology attracts many people to adopt it to various fields beyond cryptocurrency systems for their information sharing and processing. However, with the development and increasing adoption of the blockchain, security incidents frequently happen in the blockchain systems due to their implementation flaws. In order to solve this problem, in this paper, we analyze the software vulnerabilities of Bitcoin and Ethereum, which are the most widely used blockchain applications in real world. For that purpose, we conduct an in-depth analysis of source code of them to detect software vulnerabilities, and examine an OS command injection attack exploiting the detected ones.

• Journal of the Institute of Convergence Signal Processing
• /
• v.20 no.4
• /
• pp.218-225
• /
• 2019

Since the publication of Satoshi Nakamoto's white paper on Bitcoin in 2008, blockchain is in the spotlight as one of the core technologies of the Fouth Industrial Revolution, which can be used in various industries beyond simple cryptocurrency. various researches and developments are being conducted worldwide to utilize blockchain technology, and a global blockchain consortium is formed. In addition, attempts are being made to apply to various industries such as logistics, distribution, and medical care as well as the financial sector. However, blockchain tecnology developments still do not reach the level that meets these concerns and expectations. In this paper, we presents a comprehensive overview of blockchain technology by giving its brief concepts, consensus algorithms, standardization, and security threats.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.63-68
• /
• 2023

In this study, in relation to blockchain protocol and network security, we study the configuration of blockchain and encryption key management methods on smart contracts so that we can have a strong level of response to MITM attacks and DoS/DDoS attacks. It is expected that the use of blockchain technology with enhanced security can be activated through respond to data security threats such as MITM through encryption communication protocols and enhanced authentication, node load balancing and distributed DDoS attack response, secure coding and vulnerability scanning, strengthen smart contract security with secure consensus algorithms, access control and authentication through enhanced user authentication and authorization, strengthen the security of cores and nodes, and monitoring system to update other blockchain protocols and enhance security.

• Journal of Platform Technology
• /
• v.11 no.2
• /
• pp.15-25
• /
• 2023

This study analyzes the limitations of the insider threat datasets used for insider threat detection research and compares and analyzes the solution-based insider threat data with public insider threat data using a security solution to overcome this. Through this, we design a data format suitable for insider threat detection and implement a system that can safely share insider threat information between different institutions and companies using blockchain technology. Currently, there is no dataset collected based on actual events in the insider threat dataset that is revealed to researchers. Public datasets are virtual synthetic data randomly created for research, and when used as a learning model, there are many limitations in the real environment. In this study, to improve these limitations, a private blockchain was designed to secure information sharing between institutions of different affiliations, and a method was derived to increase reliability and maintain information integrity and consistency through agreement and verification among participants. The proposed method is expected to collect data through an outflow threat collector and collect quality data sets that posed a threat, not synthetic data, through a blockchain-based sharing system, to solve the current outflow threat dataset problem and contribute to the insider threat detection model in the future.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.11-19
• /
• 2019

The blockchain is a technique for managing transaction data in distributed computing manner without the involvement of central trust authority. The blockchain has been used in various area such as manufacturing, culture, and public as well as finance because of its advantage of the security, efficiency and applicability. In the blockchain, it was considered safe against 51% attack because the adversary could not have more than 50% hash power. However, there have been cases caused by large-scale computing attacks such as 51% and selfish mining attack, and the frequency of these attacks is increasing. In addition, since the development of quantum computers can hold exponentially more information than their classical computer, it faces a new type of threat using quantum algorithms. In this paper, we perform the security analysis of blockchain attacks composing the large computing capabilities including quantum computing attacks. Finally, we suggest the technologies and future direction of the blockchain development in order to be safe against large-scale computing attacks.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.1
• /
• pp.209-214
• /
• 2023

In the future, as autonomous vehicles become popular at home and abroad, the frequency of accidents involving autonomous vehicles is also expected to increase. In particular, when a fully autonomous vehicle is operated, various criminal/civil problems such as sexual violence, assault, and fraud between passengers may occur as well as the vehicle accident itself. In this case, forensics for accidents involving autonomous vehicles and accidents involving passengers in the vehicles are also about to change. This paper reviewed the types of security threats of autonomous vehicles, methods for maintaining the integrity of evidence data using blockchain technology, and research on digital forensics. Through this, it was possible to describe threats that would occur in autonomous vehicles using blockchain technology and forensic techniques for each type of accident in a scenario-type manner. Through this study, a block that helps forensics of self-driving vehicles before and after accidents by investigating forensic security technology of domestic and foreign websites to respond to vulnerabilities and attacks of autonomous vehicles, and research on block chain security of research institutes and information security companies. A chain method was proposed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.277-278
• /
• 2024

모바일 엣지 컴퓨팅 기술은 블록체인과 결합하여 모바일 기기의 낮은 컴퓨팅 파워를 보완함과 동시에 추적성, 무결성이 보장된 데이터베이스를 제공하기에, 미래 IoT 환경에서 중추적인 역할을 할 것으로 기대된다. 그러나 블록체인 기반 모바일 엣지 컴퓨팅을 안전하고 효율적으로 사용하기 위해 보안이 함께 동반되어야 하며, 본 논문은 이러한 보안의 하나로써 안전한 그룹 서명과 인증 체계를 위해 고려해야 하는 보안 위협을 살펴보고, 이를 완화하기 위한 보안 기술을 살펴보고자 한다.