• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.753-762
• /
• 2021

WebAssembly(WASM) is a low-level instruction format that can be run in a web environment. Since WASM has a excellent performance, various web applications use webassembly. However, according to our security analysis WASM has a security pitfall related to control flow integrity (CFI) for indirect calls. To address the problem in this paper we propose a new code instrumentation scheme to protect indirect calls, named WACFI. Specifically WACFI enhances a CFI technique for indirect call in WASM based on source code anlysis and binary instrumentation. To test the feasibility of WACFI, we applied WACFI to a sound-encoding application. According to our experimental results WACFI only adds 2.75% overhead on the execution time while protecting indirect calls safely.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.7
• /
• pp.1279-1284
• /
• 2009

With the advance of multimedia technology, multimedia sharing among multiple devices has become the main issue. This allows users to expect the peer-to-peer distribution of unprotected and protected contents over public network. Inevitably, this situation has caused an incredible piracy activity and Web sites have begun to provide copyrighted A/V data for free. In order to, protect the contents from illegal attacks and distribution, digital right management (DRM) is required. In this paper, we present the minimal cost scrambling scheme for securing the copyrighted multimedia using the data encryption standard (DES) encryption technique. Experimental results indicate that the proposed scrambling techniques achieve a very good compromise between several desirable properties such as speed, security, and file size.

• The Journal of the Korea Contents Association
• /
• v.9 no.2
• /
• pp.125-132
• /
• 2009

The paradigm of economy has been transformed into knowledge based economic paradigm in 21th century. Analysis of patent trend is one of the strategic methods for increasing their patent competitive power. However, this method is just presenting statistical data about patent trend or qualitative analysis about some core technology. In this paper, we forecast technology diffusion using patent information for more progressive analysis. We make an experiment with bass model and logistic model and make use of patent data about information-security technology for NCW as input data. We conclude that the logistic model is more efficient for forecasting and this technology is approaching to the age of technology maturity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.499-510
• /
• 2023

Recently, an intelligent and advanced cyber attack attacks a computer network of a public institution using a file containing malicious code or leaks information, and the damage is increasing. Even in public institutions with various information protection systems, known attacks can be detected, but unknown dynamic and encryption attacks can be detected when existing signature-based or static analysis-based malware and ransomware file detection methods are used. vulnerable to The detection method proposed in this study extracts the detection result data of the system that can detect malicious code and ransomware among the information protection systems actually used by public institutions, derives various attributes by combining them, and uses a machine learning classification algorithm. Results are derived through experiments on how the derived properties are classified and which properties have a significant effect on the classification result and accuracy improvement. In the experimental results of this paper, although it is different for each algorithm when a specific attribute is included or not, the learning with a specific attribute shows an increase in accuracy, and later detects malicious code and ransomware files and abnormal behavior in the information protection system. It is expected that it can be used for property selection when creating algorithms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1449-1461
• /
• 2018

As the number of software vulnerabilities grows year by year, attacks on software are also taking place a lot. As a result, the security administrator must identify and patch vulnerabilities in the software. However, it is important to prioritize the patches because patches for all vulnerabilities are realistically hard. In this paper, we propose a scoring system that expands the scale of risk assessment metric by taking into consideration attack patterns or weaknesses cause vulnerabilities with the vulnerability information provided by the NIST(National Institute of Standards and Technology). The proposed scoring system is expanded based on the CWSS and uses only public vulnerability information to utilize easily for any company. In this paper, we applied the automated scoring system to software vulnerabilities, and showed the expanded metrics with consideration for influence of attack pattern and weakness are meaningful.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.13-19
• /
• 2000

With the rapid development of the information communication technology, more and more distribution multimedia data and electronic publishing in the web, has created a need for the copyright protection with authentication of digital information. In this paper, we propose a multi-watermarking adding and adaptive spectral watermark algorithm well adaptive frequency domain of each hierarchical using orthogonal forward wavelet transform(FWT. Numerical test results, created watermarking image robustness not only image transform such as low-pass filtering, bluring, sharpen filtering, wavelet compression but also brightness, contrast gamma correction, histogram equalization, cropping.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1500-1503
• /
• 2008

H.264와 같은 고압축 비디오처리 기법의 등장으로 기존의 MPEG2와 같은 비디오 압축에서 H.264로의 비디오 트랜스코딩이 증가되고 있지만, 고압축 비디오 콘텐츠의 온라인과 오프라인에서 불법배포는 현재 문제가 되고 있다. 본 논문에서는 다이렉트쇼 환경 기반에서 고압축과 저작권 보호를 위한 비디오 트랜스 코딩과 워터마킹을 구현한다. 제안한 방법은 다이렉트쇼의 필터를 이용하여 MPG,WMV를 H.264로 비디오 트랜스코딩을 하고 이와 함께 비디오의 공간영역 특성을 이용하여 저작권 보호를 위한 강인한 워터마킹을 구현한다. 실험 결과 MPG,WMV를 H.264로 트랜스코딩에서 H.264의 QP(Quantization parameter)를 15로 하고 화면간 반복을 10프레임으로 하였을 경우 저작권 보호를 위하여 삽입된 워터마크는 평균 99% 검출됨을 확인하였고, 또한 트랜스코딩중 워터마크삽입에 따른 시간지연은 전체 트랜스코딩시간의 5.7%가 됨을 확인할 수 있었다. 제안한 방법은 저작권 삽입 기능가지는 트랜스코딩 소프트웨어를 필요로 하는 Digital TV방송, IPTV, DVD 사업에 사용 될 수 있을 것이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1069-1078
• /
• 2012

It is known that memory has been frequently a target threatening the computer system's security while attacks on the system utilizing the memory's weakness are actually increasing. Accordingly, various memory protection mechanisms have been studied on OS while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as attacks of Return to Library or Return-Oriented Programing and recently, a technique bypassing the countermeasure against Return-Oriented Programming proposed. Therefore, this paper is intended to suggest a detection mechanism at binary level by analyzing the procedure and features of Jump-Oriented Programming. In addition, we have implemented the proposed detection mechanism and experimented it may efficiently detect Jump-Oriented Programming attack.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1998.12a
• /
• pp.455-468
• /
• 1998

암호해독법은 암호시스템의 안전성을 논하는데 필수적이다. 본 논문에서는 ECDLP 공격법인 Pollard-$\rho$와 그 변형들간의 성능을 유한체 GF(2$^{19}$ ) ~ GF(2$^{41}$ ) 상의 타원곡선에서 측정 비교하였다. 또한 이 공격법을 네트웍을 통해 10대의 컴퓨터로 병렬처리해 공격시간을 1/10로 단축시켰으며 실험 데이타를 토대로 GF(2$^{163}$ )상에서 공격시간 및 저장용량을 예측하였다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1996.11a
• /
• pp.297-304
• /
• 1996

본 논문에서는 비동기 프로토콜 상으로 데이터를 암호화하여 전송할 때 발생하는 모의 제어문자에 대해 제어접두문자를 추가하지 않고 일정한 변환만 하여 송신하므로써 데이터의 길어짐을 방지하고 전체 통신 속도를 높이는 문자 변환 방법을 제시하였다. 이러한 변환을 위해 전송 데이터의 유효 범위를 가정하고 이 범위를 벗어나지 않도록 하였으며 실험을 통하여 이 방법이 기존의 방법에 비해 통신속도가 향상됨을 보이고 암호화된 데이터의 임의성을 확인하므로써 암호화에 문제가 없음을 보였다.