• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.8
• /
• pp.1519-1527
• /
• 2007

In order to combat the security threats that sensor networks are exposed to, a cryptography protocol is implemented at sensor nodes for point-to-point encryption between nodes. Given that nodes have limited resources, symmetric cryptography that is proven to be efficient for low power devices is implemented. Data protection is integrated into a sensor's packet by the means of symmetric encryption with the Dragon stream cipher and incorporating the newly designed Dragon-MAC Message Authentication Code. The proposed algorithm was designed to employ some of the data already computed by the underlying Dragon stream cipher for the purpose of minimizing the computational cost of the operations required by the MAC algorithm. In view that Dragon is a word based stream cipher with a fast key stream generation, it is very suitable for a constrained environment. Our protocol regarded the entity authentication and message authentication through the implementation of authenticated encryption scheme in wireless sensor nodes.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.12C
• /
• pp.1188-1193
• /
• 2007

This paper proposes a secure data forwarding scheme on source routing-based ad-hoc networks. The scheme uses two hash-key chains generated from a trusted third party to generate Message Authentication Codes for data integrity The selected MAC keys are delivered to the ad-hoc node using a pre-shared secret between the trusted third party and a node. The proposed scheme does not require the PKI, or the provisioning of the pre-shared secrets among the ad-hoc nodes.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.204-207
• /
• 2018

IoT 기기 및 드론의 사용자 인증 및 기기 인증을 위해 RSA, ECDSA 등의 여러 전자서명 기법이 기본적으로 사용되고 있다. 그러나 양자 컴퓨터의 개발에 따라 Shor 알고리즘을 이용한 기존 암호 알고리즘의 공격이 가능해지고, 그에 따라 기존 암호 알고리즘의 보안성이 취약해지는 문제가 있다. 따라서 양자 내성 암호를 활용한 보안 체계의 필요성이 대두되고 있는 가운데, 본 논문에서는 양자 내성 암호인 다변수 이차식 기반의 전자서명 기법 중 Rainbow를 드론에 최적화하여 구현하기 위한 방안을 검토 및 분석하고자 한다. 그러나 기존의 Rainbow에서 사용하는 openssl 등의 오픈소스 암호 라이브러리는 PC에 맞춰 설계되었기 때문에 드론에서 난수를 생성할 때 적용이 어려운 점이 있다. 드론에는 각종 센서들이 내장되어 있으며, 센서 데이터들은 난수성을 보장하기에 용이하다. 따라서 드론의 각종 센서들을 시드로 활용하며, XOR 보정기를 통해 난수성을 해치지 않으면서 드론에서 난수를 생성할 수 있는 방안을 제안해 보고자 한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.9
• /
• pp.425-435
• /
• 2017

Structural analysis is used not only for large enterprises, but also for small and medium sized ones, as a necessary procedure for strengthening the certification process for product delivery and shortening the time in the process from concept design to detailed design. Open-source solvers that can be used atlow cost differ from commercial solvers. If there is a problem with the input data, such as with the grid, errors or failures can occur in the calculation step. In this paper, we propose a pre- and post-processor that can be easily applied to the analysis of mechanical structural problems by using the existing structural analysis open source solver (Caculix, Code_Aster). In particular, we propose algorithms for analyzing different types of data using open source solvers in order to extract and generate accurate information,such as 3D models, grids and simulation conditions, and develop and apply information analysis. In addition, to improve the accuracy of open source solvers and to prevent errors, we created a grid that matches the solver characteristics and developed an automatic healing function for the grid model. Finally, to verify the accuracy of the system, the verification and utilization results are compared with the software used.

• The KIPS Transactions:PartA
• /
• v.16A no.6
• /
• pp.453-462
• /
• 2009

Studies on software plagiarism detection, prevention and judgement have become widespread due to the growing of interest and importance for the protection and authentication of software intellectual property. Many previous studies focused on comparing all pairs of submitted codes by using attribute counting, token pattern, program parse tree, and similarity measuring algorithm. It is important to provide a clear-cut model for distinguishing plagiarism and collaboration. This paper proposes a source code clustering algorithm using a probability model on extreme value distribution. First, we propose an asymmetric distance measure pdist($P_a$, $P_b$) to measure the similarity of $P_a$ and $P_b$ Then, we construct the Plagiarism Direction Graph (PDG) for a given program set using pdist($P_a$, $P_b$) as edge weights. And, we transform the PDG into a Gumbel Distance Graph (GDG) model, since we found that the pdist($P_a$, $P_b$) score distribution is similar to a well-known Gumbel distribution. Second, we newly define pseudo-plagiarism which is a sort of virtual plagiarism forced by a very strong functional requirement in the specification. We conducted experiments with 18 groups of programs (more than 700 source codes) collected from the ICPC (International Collegiate Programming Contest) and KOI (Korean Olympiad for Informatics) programming contests. The experiments showed that most plagiarized codes could be detected with high sensitivity and that our algorithm successfully separated real plagiarism from pseudo plagiarism.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.11a
• /
• pp.987-990
• /
• 2005

프로그래밍 기술과 인터넷 통신의 발달로 인하여 보안성이 검증되지 않은 다양한 프로그램들이 생성되고 쉽게 유포되어 보안 취약성으로 인해 야기되는 다양한 문제의 심각성이 더해가고 있다. 따라서 사용자가 보안상 안전하게 사용할 수 있는 소프트웨어 인증절차가 필수적으로 요구되고 있는데, 이를 위해 정보유출, 파괴 등을 목적으로 하는 악성코드를 소프트웨어의 소스코드레벨에서 사전에 검출할 수 있는 기술이 요구된다. 따라서 본 논문에서는 정규형 오토마타 이론을 이용하여 프로그램의 흐름을 예측 및 분석하고 이에 따른 악성프로그램의 흐름을 규칙으로 정하여 이러한 흐름에 만족하는 경우 악성코드를 식별하는 기법을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1167-1170
• /
• 2002

멀티캐스트 기술은 다자간 비디오회의, 대화형 원격 강의, 소프트웨어 배포, 인터넷 게임 등 특정 사용자 그룹에게만 전송하는 효율적인 통신기술이다. 그러나, 멀티캐스트의 개방적 특성상, 언제 어디서나 임의의 그룹멤버가 메시지를 보낼 수 있다. 따라서 부적절한 데이터의 수신으로부터 그룹 멤버들을 보호하고 다양한 DOS 공격으로부터 멀티캐스트 트리를 보호하기 위해 송신자 접근통제를 수행하는 것이 중요하나 소스기반과 단일지점 또는 랑데부 지점에서 인가되거나 인증되는 연구가 진행되어 왔다. 본 논문에서는 접근권한에 따라 전송 메시지가 라우터의 임의의 지점에서 사진에 통제될 수 있는 양방향 멀티캐스트 트리에 대한 다단계 송신자 접근통제 메커니즘을 제시한다 다음으로 제시한 방식과 기존 전송 방식간의 메시지 전송 효율성 측면을 실험을 통하여 분석한다. 제안 방식이 라우터상에서 접근권한의 비교를 통하여 메시지를 사전에 걸러냄으로써 상대적으로 작은 메시지 전달 오버헤드를 갖는 것을 확인하였다.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.49 no.6
• /
• pp.473-480
• /
• 2021

In this paper, We analyze and present improvements to problems in software quality through Static Analysis for Open Source, which is widely used as the Flight Controller software for small unmanned aerial vehicle drones. MISRA coding rules, which are widely applied based on software quality, have been selected. Static analysis tools were used by LDRA tools certified international tools used in all industries, including automobiles, railways, nuclear power and healthcare, as well as aviation. We have identified some safety-threatening problems across the quality of the software, such as structure of open source modules, analysis of usage data, compliance with coding rules, and quality indicators (complexity and testability), and have presented improvements.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.17-25
• /
• 2012

SQL Injection techniques disclosed web hacking years passed, but these are classified the most dangerous attac ks. Recent web programming data for efficient storage and retrieval using a DBMS is essential. Mainly PHP, JSP, A SP, and scripting language used to interact with the DBMS. In this web environments application does not validate the client's invalid entry may cause abnormal SQL query. These unusual queries to bypass user authentication or da ta that is stored in the database can be exposed. SQL Injection vulnerability environment, an attacker can pass the web-based authentication using username and password and data stored in the database. Measures against SQL Inj ection on has been announced as a number of methods. But if you rely on any one method of many security hole ca n occur. The proposal of four levels leverage is composed with the source code, operational phases, database, server management side and the user input validation. This is a way to apply the measures in terms of why the accident preventive steps for creating a phased step-by-step response nodel, through the process of management measures, if applied, there is the possibility of SQL Injection attacks can be.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.4
• /
• pp.141-146
• /
• 2015

Data have been increased enormously due to the development of IT technology such as recent smart equipments, social network services and streaming services. To meet these environments the technologies that can treat mass data have received attention, and the typical one is Hadoop. Hadoop is on the basis of open source, and it has been designed to be used at general purpose computers on the basis of Linux. To initial Hadoop nearly no security was introduced, but as the number of users increased data that need security increased and there appeared new version that introduced Kerberos and Token system in 2009. But in this method there was a problem that only one secret key can be used and access permission to blocks cannot be authenticated to each user, and there were weak points that replay attack and spoofing attack were possible. Hence, to supplement these weak points and to maintain efficiency a protocol on the basis of group key, in which users are authenticated in logical group and then this is reflected to token, is proposed in this paper. The result shows that it has solved the weak points and there is no big overhead in terms of efficiency.