• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.437-447
• /
• 2018

Virtual Reality (VR) is becoming a new standard in the game industry. PokeMon GO is a representative example of VR technology. The day after the launch of PokeMon Go in the U.S, It has achieved the highest number of iOS App Store downloads. This is an example of the power of VR. VR comprises gyroscopes, acceleration, tactile sensors, and so on. This allow users could be immersed in the game. As new technologies emerge, new and different threats are created. So we need to research the security of VR technology and game system. In this paper, we conduct a threat analysis for information assurance of VR device (Oculus Rift) and game system (Quake). We systematically analyze the threats (STRIDE, attack library, and attack tree). We propose security measures through DREAD. In addition, we use Visual Code Grepper (VCG) tool to find out logic errors and vulnerable functions in source code, and propose a method to solve them.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.6
• /
• pp.2576-2590
• /
• 2020

The fundamental reason why most SQL injection detection methods are difficult to use in practice is the low reusability of the implementation code. This paper presents a reusable SQL injection detection method for Java Web applications based on AOP (Aspect-Oriented Programming) and dynamic taint analysis, which encapsulates the dynamic taint analysis processes into different aspects and establishes aspect library to realize the large-grained reuse of the code for detecting SQL injection attacks. A metamodel of aspect library is proposed, and a management tool for the aspect library is implemented. Experiments show that this method can effectively detect 7 known types of SQL injection attack such as tautologies, logically incorrect queries, union query, piggy-backed queries, stored procedures, inference query, alternate encodings and so on, and support the large-grained reuse of the code for detecting SQL injection attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.117-125
• /
• 2019

Deep Learning, which is being used in various fields recently, is being threatened with Adversarial Attack. In this paper, we experimentally verify that the classification accuracy is lowered by adversarial samples generated by malicious attackers in image classification models. We used MNIST dataset and measured the detection accuracy by injecting adversarial samples into the Autoencoder classification model and the CNN (Convolution neural network) classification model, which are created using the Tensorflow library and the Pytorch library. Adversarial samples were generated by transforming MNIST test dataset with JSMA(Jacobian-based Saliency Map Attack) and FGSM(Fast Gradient Sign Method). When injected into the classification model, detection accuracy decreased by at least 21.82% up to 39.08%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.657-673
• /
• 2019

As various IT and OT systems such as Electronic Chart Display and Information System and Automatic Identification System are used for ships, security elements that take into account even the ship's construction and navigation environment are required. However, cyber security research on the ship and shipbuilding ICT equipment industries is still lacking, and there is a lack of systematic methodologies through threat modeling. In this paper, the Data Flow Diagram was established in consideration of stakeholders approaching the ship system. Based on the Attack Library, which collects the security vulnerabilities and cases of ship systems, STRIDE methodologies and threat modeling using the Attack Tree are designed to identify possible threats from ships and to present ship cyber security measures.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.23-32
• /
• 2010

In this paper, we first propose the security enhancing of authentication protocol for Hash based RFID tag, and then a digital Codec for RFID tag is designed based on the proposed authentication protocol. The protocol is based on a three-way challenge response authentication protocol between the tags and a back-end server. In order to realize a secure cryptographic authentication mechanism, we modify three types of the protocol packets which defined in the ISO/IEC 18000-3 standard. Thus active attacks such as the Man-in-the-middle and Replay attacks can be easily protected. In order to verify effectiveness of the proposed protocol, a digital Codec for RFID tag is designed using Verilog HDL, and also synthesized using Synopsys Design Compiler with Hynix $0.25\;{\mu}m$ standard-cell library. Through security analysis and comparison result, we will show that the proposed scheme has better performance in user data confidentiality, tag anonymity, Man-in-the-middle attack prevention, replay attack, forgery resistance and location tracking.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.927-947
• /
• 2024

Due to the global low birth rate and aging population, there is a growing interest in utilizing robot technology as a solution to address labor shortages. Specifically, mobile robots, which are growing rapidly, have become intelligent enough to recognize their environment and avoid obstacles to carry out tasks. However, the integration of IT technology into these robots has led to an increase in potential security vulnerabilities, and security research has been conducted to prepare countermeasures. However, research to examine the security threats of mobile robots in general is insufficient. To enhance the overall security of robot systems, it is imperative to systematically identify security threats starting from the design phase. In this paper, we identify security threats within the mobile robot delivery service environment using a structured approach that involves Data Flow Diagram and STRIDE threat modeling. Additionally, we visualize vulnerabilities and attack techniques through Attack Tree based on the Attack Library, and a Check List has finally been created to derive security requirements. We have been conducted this study with the hope that the results derived from this study will be utilized in establishing guidelines and policies related to robot security and contribute to the establishment of a safe robot foundation.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.385-390
• /
• 2001

In this paper, we describe a blocking method of buffer overflow attack for secure operating system. Our team developed secure operating system using MAC and ACL access control added on Linux kernel. We describe secure operating system (SecuROS) and standardized Secure utility and library. A working prototype able to detect and block buffer overflow attack is available.

• Journal of IKEEE
• /
• v.27 no.3
• /
• pp.239-245
• /
• 2023

Whitelist-based ransomware solution is known as being vulnerable to false impersonation attack using DLL injection attack. To solve this problem, it is proposed to monitor DLL injection attack and to integrate the monitoring result to ransomware solutions. In this paper, we show that attackers can easily bypass the monitoring mechanism and then illegally access files of a target system. It means that whitelist-based ransomware solutions are still vulnerable.

• KLA journal
• /
• v.17 no.2
• /
• pp.3-8
• /
• 1976

We sampled the fungi on the grounds of the floor and books in the library for the purpose of attack the fungi in the traditional library. We cultured it on the Sabouraud Dextrose Agar(Baltimore Biological Laboratory) and was obtained the fungi of six species, Here irradiated the ultra violet lamp(100V, 15W, 253Å), which was occurred to the colony after 24 hours. And irradiation by 2hrs/day for 2days here. The other method, we were sterilized test by the methanal fumigation The following results were obtained 1. All rearing is suspensed the result of the ultra violet rays irradiation, but the colony that is gained from the grounds of the floor in the library is not sterilized. 2. The result of air tight box to methanal 14ℊ/㎥ for the 24hours fumigation, each test group(the fungi of six species) is all sterilized.

• Journal of Internet Computing and Services
• /
• v.14 no.4
• /
• pp.43-51
• /
• 2013

User authentication and access control are two important components in high security applications. Recently, Chen and Yeh proposed a method to integrate both of them seamlessly. However, Chen-Yeh's scheme is vulnerable to a stolen verifier attack, since it maintains a smart card identifier table in a remote server. Therefore, this paper modifies Chen-Yeh's scheme and propose a new integrated authentication and access control scheme that is resilient to the stolen verifier attack while inheriting all the merits of Chen-Yeh's scheme. Security analysis shows that the proposed scheme withstands well-known security attacks and exhibits many good features.