• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.37-48
• /
• 2010

Designated verifier signatures allow a signer to prove the validity of a signature to a specifically designated verifier. The designated verifier can be convinced but unable to prove the source of the message to a third party. Unlike conventional digital signatures, designated verifier signatures make it possible for a signer to repudiate his/her signature against anyone except the designated verifier. Recently, two designated verifier signature schemes, Zhang et al.'s scheme and Kang et al.'s scheme, have been shown to be insecure by concrete attacks. In this paper, we find the essential reason that the schemes open attacks while those were given with its security proofs, and show that Huang-Chou scheme and Du-Wen scheme have the same problem. Indeed, the security proofs of all the schemes reflect no message attackers only. Next, we show that Huang-Chou scheme is insecure by presenting universal forgery attack. Finally, we show that Du-Wen scheme is, indeed, secure by completing its defective security proof.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.533-544
• /
• 2021

Using Shor algorithm, factoring and discrete logarithm problem can be solved effectively. The public key cryptography, such as RSA and ECC, based on factoring and discrete logarithm problem can be broken in polynomial time using Shor algorithm. NIST has been conducting a PQC(Post Quantum Cryptography) standardization process to select quantum-resistant public key cryptography. The multivariate quadratic based signature scheme, which is one of the PQC candidates, is suitable for IoT devices with limited resources due to its short signature and fast sign and verify process. We analyzes classic attacks and quantum attacks for Rainbow which is the only multivatiate quadratic based signature scheme to be finalized up to the round 3. Also we compute the attack complexity for the round 3 Rainbow parameters, and analyzes the security level of Rainbow, one of the PQC standardization candidates.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1141-1149
• /
• 2020

Most of the industrial control network is an independent closed network, which is operated for a long time after installation, and thus the OS is not updated, so security threats increase and security vulnerabilities exist. The zero-day attack defense must be applied with the latest patch, but in a large-scale industrial network, it requires a higher level of real-time and non-disruptive operation due to the direct handling of physical devices, so a step-by-step approach is required to apply it to a live system. In order to solve this problem, utility-specific patch impact assessment is required for reliable patch application. In this paper, we propose a method to test and safely install the patch using the regression analysis technique and show the proven results. As a patch impact evaluation methodology, the maximum allowance for determining the safety of a patch was derived by classifying test types based on system-specific functions, performance, and behavior before and after applying the patch. Finally, we report the results of case studies applied directly to industrial control networks, the OS patch has been updated while ensuring 99.99% availability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1189-1206
• /
• 2020

Recently, ICT companies do not directly design, develop, produce, operate, maintain, and dispose of products and services, but are outsourced or outsourced companies are increasingly in charge. Attacks arising from this are also increasing due to difficulties in managing vulnerabilities for products and services in the process of consignment and re-consignment. In order to respond to this, standards and systems for security risk management of ICT supply chain are being established and operated overseas, and various case studies are being conducted. In addition, research is being conducted to solve supply chain security problems such as Software Bill of Materials (SBOM). International standardization organizations such as ISO have also established standards and frameworks for security of ICT supply chain. In this paper, we presents ICT supply chain security management items suitable for domestic situation by comparing and analyzing ICT supply chain security standards and systems developed as international standards with major countries such as the United States and EU, and explains the necessity of cyber security framework for establishing ICT supply chain security system.

• Journal of the Korea Society for Simulation
• /
• v.30 no.1
• /
• pp.1-9
• /
• 2021

In actual battlefield environment, the naval ships which have specific missions have to respond to the attack of hostile forces. Especially, in modern warfare, the importance of the survivability of naval ships are increasing due to the high lethality of armaments. Naval ship survivability is generally considered to encompass three constituents, susceptibility, vulnerability and recoverability. Recently, among these three constituents, many researches on vulnerability have been conducted. However, for the vulnerability of naval ships, most of researches are aimed towards the detailed design stages where implementing changes is heavily constrained or even impractical. In this paper, vulnerability assessment model for naval ships on a theater engagement is developed by using M&S technique. By using this model, the characteristics of platform and armaments are reflected on the damage of naval ship. The basic logic of damage assessment is also considered in detail. The damage status of the naval ship is quantified by defining a representative state index of onboard equipment for each system.

• Parasites, Hosts and Diseases
• /
• v.60 no.4
• /
• pp.255-259
• /
• 2022

Heliminthic paramyosin is a multifunctional protein that not only acts as a structural protein in muscle layers but as an immune-modulatory molecule interacting with the host immune system. Previously, we found that paramyosin from Clonorchis sinensis (CsPmy) is bound to human complement C9 protein (C9). To analyze the C9 binding region on CsPmy, overlapping recombinant fragments of CsPmy were produced and their binding activity to human C9 was investigated. The fragmental expression of CsPmy and C9 binding assays revealed that the C9 binding region was located at the C-terminus of CsPmy. Further analysis of the C-terminus of CsPmy to narrow the C9 binding region on CsPmy indicated that the region flanking ⁷³¹Leu-⁷⁸⁰Leu was a potent C9 binding region. The CsPmy fragments corresponding to the region effectively inhibited human C9 polymerization. These results provide a precise molecular basis for CsPmy as a potent immunomodulator to evade host immune defenses by inhibiting complement attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.869-879
• /
• 2022

Through this study, we discovered that among three types of compressed data blocks generated through the Deflate algorithm, No-Payload Non-Compressed Block type (NPNCB) which has no literal data can be randomly generated and inserted between normal compressed blocks. In the header of the non-compressed block, there is a data area that exists only for byte alignment, and we called this area as DBA (Disposed Bit Area), where an attacker can hide various malicious codes and data. Finally we found the vulnerability that hides malicious codes or arbitrary data through inserting NPNCBs with infected DBA between normal compressed blocks according to a pre-designed attack scenario. Experiments show that even though contaminated NPNCB blocks were inserted between normal compressed blocks, commercial programs decoded normally contaminated zip file without any warning, and malicious code could be executed by the malicious decoder.

• Journal of the Korea Institute of Building Construction
• /
• v.22 no.5
• /
• pp.425-430
• /
• 2022

Concrete used for the foundation of high-rise buildings is often placed through in an integrated pouring to ensure construction efficiency and quality. However, if concrete is placed integrally, there is a high risk of temperature cracking during the hydration reaction, and it is necessary to determine the optimal mixing design of high-performance, high-durable concrete through the replacement of the admixture. In this study, experiments on salt damage, carbonation, and sulfate were conducted on the specimen manufactured from the optimal high-performance low-heating concrete combination determined in the author's previous study. The resistance of the cement matrix to chlorine ion diffusion coefficient, carbonation coefficient, and sulfate was quantitatively evaluated. In the terms of compression strength, it was measured as 141% compared to the structural design standard of KCI at 91 days. Excellent durability was expressed in carbonation and chlorine ion diffusivity performance evaluation. In particular, the chlorine ion diffusion coefficient, which should be considered the most strictly in the marine environment, was measured at a value of 4.09×E-12m²/y(1.2898×E-10m²/s), and is expected to be used as a material property value in salt damage durability analysis. These results confirmed that the latent hydroponics were due to mixing of the admixture and high resistance was due to the pozzolane reaction.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.391-404
• /
• 2022

Aron Gohr proposed a cryptanalysis method based on deep learning technology for the lightweight block cipher Speck. This is a method that enables a chosen plaintext attack with higher accuracy than the classical differential cryptanalysis. In this paper, by using the probability distribution, we analyze the mechanism of such deep learning based cryptanalysis and propose the results applied to the lightweight block cipher Simon. In addition, we examine that the probability distributions of the predicted values of the neural networks within the cryptanalysis working processes are different depending upon the characteristics of round functions of Speck and Simon, and suggest a direction to improve the efficiency of the neural distinguisher which is the core technology of Aron Gohr's cryptanalysis.

• Journal of Chest Surgery
• /
• v.55 no.6
• /
• pp.462-469
• /
• 2022

Background: Carotid endarterectomy (CEA) is used to treat carotid stenosis, which is associated with cerebral infarction and may result in neurologic deficits such as stroke, transient ischemic attack (TIA), and local nerve injury. To decrease surgery-related complications and improve patient satisfaction with esthetic outcomes, efforts have been made to minimize incision size instead of using a standard longitudinal incision. Methods: We performed a retrospective analysis of 151 cases of CEA, of which 110 used conventional incisions and 41 used high mini-skin incisions (HMIs), from March 2015 to December 2021 at a single institution. Short-term (30-day) postoperative results were evaluated for rates of mortality, stroke, TIA, and cranial/cervical nerve injuries. Risk factors for nerve injury were also assessed. Results: The HMI group showed significantly (p<0.01) shorter operative and clamp times than the conventional group. The HMI group also had significantly shorter incision lengths (5.3±0.9 cm) than the conventional group (11.5±2.8 cm). The rates of stroke, TIA, and death at 30 days were not significantly different between the 2 groups. There was no significant difference in the rate of cranial and cervical nerve injuries, and all injuries were transient. A high lesion level (odds ratio [OR], 9.56; 95% confidence interval [CI], 3.21-28.42; p<0.01) and the clamp time (OR, 1.07; 95% CI, 1.03-1.12; p<0.01) were found to be risk factors for nerve injuries. Conclusion: Use of the HMI in CEA for carotid stenosis was advantageous for its shorter operative time, shorter internal carotid artery clamp time, reduced neurologic complications, and improved esthetics.