• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.385-390
• /
• 2001

In this paper, we describe a blocking method of buffer overflow attack for secure operating system. Our team developed secure operating system using MAC and ACL access control added on Linux kernel. We describe secure operating system (SecuROS) and standardized Secure utility and library. A working prototype able to detect and block buffer overflow attack is available.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.6
• /
• pp.89-96
• /
• 2016

Damage and attack size of cyber terror is growing to the national size. Not only targeting at a certain companies or individuals but number of cyber terror targeting government bodies or unspecific people is increasing. This is because compared to traditional weapon, input cost is very cheap but ripple effect and shock are much stronger, affecting not only certain groups but also each individuals. 'Anti-terror measurement for protection of nation and public safety' passed last month is one of the renowned measurement passed regardless of objection from opposition party. The opposition party went against this through filibuster for 192 hours but this finally passed National Congress due to lack of oppositions. Korean government is taking post actions after passage of anti-terror measurement. Legislation of enforcement ordinance and regulations is due by 6th of next month. This regulation will be executed from June 4th after legislation. Whenever there is any security issues such as hacking of Korea Hydro and Nuclear Power and National Intelligence Service happens, lot of attention is made to those hackers. However, social recognition or management of those hackers need lot more improvement. Especially, as market of internet of things is increasing, there is an increased anxiety on information security. But as we only rely on security solutions, this problems are keep happening. Therefore, active investment on nurturing hackers who play the role of 'spear and shield' shall be made. Government should put more efforts to allow white hackers to show their abilities. We should have a policy for supporting high-quality programs such as BoB. To make information protection industry into future growth engine, it is necessary to nurture professionals for information protection and white hackers through special programs. Politicians should make related regulations as soon as possible to remove factors that prevent swift management of cyber attack due to lack of legislation. Government should pay lot more financial investment to nurturing professional manpower than now. Protecting life and asset of nation is responsibility and duty of our government. We all should recognize that controlling cyber attack is a part of national defense.

• Information Systems Review
• /
• v.22 no.4
• /
• pp.135-161
• /
• 2020

With the growth of blockchain and cryptocurrency-related markets, cryptocurrency exchanges are growing as a new industry. However, as the legal and regulatory definitions of cryptocurrencies are still in progress, unlike existing industrial groups, they are not under the supervision of regulatory agencies. As a result, users (i.e., cryptocurrency investors) have suffered two types of damage that could occur from hacking and other accidents on the exchanges. One type of the damage is the loss of assets caused by the extortion of personal information or account and the other is the damage from users who might be involved in external frauds. Both are analyzed in comparison with existing operators whose functions are like the exchanges. The results of this study show that membership (KYC: Know Your Client), log-in, and additional authentication in transactions are on the similar level to those of the operators while the fraud detection system (FDS) and anti-money laundering (AML) of fiat currencies and cryptocurrencies need rapid improvement.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.335-345
• /
• 2024

In the digital era, data security has become an increasingly critical issue, drawing significant attention. Particularly, anti-tampering technology has emerged as a key defense mechanism against indiscriminate hacking and unauthorized access. This paper explores case studies that exemplify the trends in the development and application of TPM (Trusted Platform Module) and software anti-tampering technology in today's digital ecosystem. By analyzing various existing security guides and guidelines, this paper identifies ambiguous areas within them and investigates recent trends in domestic and international research on software anti-tampering. Consequently, while guidelines exist for applying anti-tampering techniques, it was found that there is a lack of methods for evaluating them. Therefore, this paper aims to propose a comprehensive and systematic evaluation framework for assessing both existing and future software anti-tampering techniques. To achieve this, it using various verification methods employed in recent research. The proposed evaluation framework synthesizes these methods, categorizing them into three aspects (functionality, implementation, performance), thereby providing a comprehensive and systematic evaluation approach for assessing software anti-tampering technology in detail.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.40 no.4
• /
• pp.51-57
• /
• 2003

The development of the communication network and the other network method can generate serious social problems. So, it is highly required to control security of network. These problems related security will be developed and keep up to confront with anti-security field such as hacking, cracking. The way to preserve security from hacker or cracker without developing new cryptographic algorithm is keeping the state of anti-cryptanalysis in a prescribed time by means of extending key-length. In this paper, we proposed M3 algorithm for the reduced processing time in the montgomery multiplication part. Proposed M3 algorithm using the matrix function M(.) and lookup table perform optionally montgomery multiplication with repeated operation. In this result, modified repeated operation part produce 30% processing rate than existed montgomery multiplicator. The proposed montgomery multiplication structured unit array method in carry generated part and variable length multiplication for eliminating bottle neck effect with the RSA cryptosystem. Therefore, this proposed montgomery multiplier enforce the real time processing and prevent outer cracking.

• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.145-154
• /
• 2003

Current security efforts provided in such as firewall or IDS (intrusion detection system) of the network level suffer from many vulnerabilities in internal computing servers. Thus the necessity of secure OS is especially crucial in today's computing environment. This paper identifies secure OS requirements, analyzes tile research trends for secure Linux in terms of security kernel, and provides the descriptions of the multi-level security(MLS) Linux kernel which we have implemented. This security kernel-based Linux meets the minimum requirements for TCSEC Bl class as well providing anti-hacking, real-time audit trailing, restricting of root privileges, and enterprise suity management functions.

• Journal of the Korea Society of Computer and Information
• /
• v.6 no.2
• /
• pp.90-96
• /
• 2001

The development of network and the other communication-network can generate serious social problems. So. it is highly required to control security of network. These problems related security will be developed and keep up to confront with anti-security part such as hacking. cracking. In this paper. the proposed multiple nonlinear S-box function which is capable to cipher regardless of key distribution or key-length for these definite problem is proposed and designed in hardware. The proposed multiple nonlinear S-box function increase secret level from using a nonlinear function in multiply for key data utilized in cryptography that generates MDP and MLP in maximum is proposed to prevent cryptography analysis. The designed the multiple nonlinear S-box function in this paper performed synthesization and simulation using Synopsys Ver. 1999.10 and VHDL

• Journal of Korean Society of Disaster and Security
• /
• v.5 no.1
• /
• pp.21-28
• /
• 2012

This study can be solved a means of authentication of electronic financial transactions. We suggest that smart devices can be useful to authenticate in electronic financial transactions regardless of time and place. Our new authentication method named Lock-Unlock authentication method with smart devices. This method will be expected to reduce many kind of accidents (theft, phishing, hacking, certificates and simple certified OTP, ATM withdrawals, ARS, etc.) by account locking in electronic financial transactions. And helpful to users can effectively protect electronic financial transactions and minimize the accident during get a electronic trading.

• Journal of Korea Game Society
• /
• v.19 no.6
• /
• pp.71-82
• /
• 2019

This paper analyzes performance difference between Unreal Engine's built-in network solution and IOCP server. To do this, we developed IOCP server and 3D game with Unreal Engine 4. Also we considered the game variable obfuscation program to prevent the modification of the memory of the code-modulated game hacking program. This paper used SCUE4 Anti-Cheat Solution, which is Unreal Engine's solution, to study preventing memory modification and to analyze performance trade-offs.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.4
• /
• pp.81-87
• /
• 2015

Recently, with the development of the ICT environment, the use of the software is growing rapidly. And the number of the web server software used with a variety of users is also growing. However, There are also various damage cases increased due to a software security vulnerability as software usage is increasing. Especially web shell hacking which abuses software vulnerabilities accounts for a very high percentage. These web server environment damage can induce primary damage such like homepage modification for malware spreading and secondary damage such like privacy. Source code weaknesses checking system is needed during software development stage and operation stage in real-time to prevent software vulnerabilities. Also the system which can detect and determine web shell from checked code in real time is needed. Therefore, in this paper, we propose the system improving security for web server by detecting web shell attacks which are invisible to existing detection method such as Firewall, IDS/IPS, Web Firewall, Anti-Virus, etc. while satisfying existing secure coding guidelines from development stage to operation stage.