• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.127-136
• /
• 2013

The study of the compatibility of EPUB DRM, granted by the Korea Copyright Commission, as a CT R & D project (Project Title: The Development of the standard reference software technology for International Standard EPUB-based eBook DRM) developed standards such as profile standards for encryption digital signature and authentication certificates and standards for technical terms of rights information. In 2012, these four standards have been established as the Korean Industrial Standards under the names of 'Encryption specification for EPUB DRM,' 'the Digital signature specification for EPUB DRM,' 'the Certificate specification for EPUB DRM,' and 'Definitions of Right Terms for EPUB DRM' through the ODPF(Open Digital Standardization Forum) and the TTA(Telecommunications Technology Association). The research project also proposed standards of ebook DRM license protocols in order for the four standards to practically apply to ebook DRM compatibility. It is necessary for technology standards to require a compatibility standard test process for testing whether implementations which were developed on the basis of the standard specification, comply with standards. This study suggests an automated compatible standard test method and a test model under the ebook DRM standard technical specification.

• The KIPS Transactions:PartC
• /
• v.17C no.1
• /
• pp.1-14
• /
• 2010

IEEE 802.15.4[1] has been standardized for the physical layer and MAC layer of LR-PANs(Low Rate-Wireless Personal Area Networks) as a technology for operations with low power on sensor networks. The standardization is applied to the variety of applications in the shortrange wireless communication with limited output and performance, for example wireless sensor or virtual wire, but it includes vulnerabilities for various attacks because of the lack of security researches. In this paper, we analyze the vulnerabilities against the denial of sleep attacks on the MAC layer of IEEE 802.15.4, and propose a detection mechanism against it. In results, we analyzed the possibilities of denial of sleep attacks by the modification of superframe, the modification of CW(Contention Window), the process of channel scan or PAN association, and so on. Moreover, we comprehended that some of these attacks can mount even though the standardized security services such as encryption or authentication are performed. In addition to, we model for denial of sleep attacks by Beacon/Association Request messages, and propose a detection mechanism against them. This detection mechanism utilizes the management table consisting of the interval and node ID of request messages, and signal strength. In simulation results, we can show the effect of attacks, the detection possibility and performance superiorities of proposed mechanism.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.2
• /
• pp.405-414
• /
• 2017

In this study, a survey for a satisfaction evaluation of the Test Report Information Service (TRIS) was conducted. A survey questionnaire on modified Information System Success Model(ISSM) of Delone and Mclean was carried out by 183 users in three groups, such as munition quality assurance agency, munition corporation, and test institute. As a survey result, training on the TRIS was in strong demand in all three groups. An understanding and proficiency of the overall system were different from the work process of each user group. In addition, the munition quality assurance agency needs to enhance the system function with its characteristics. Test institute has necessity of the linkage method with the TRIS depending on the authentication system. User groups are different in the operational method of TRIS between the contractor and cooperation. Accordingly, cooperation needs to be educated continually. This study can help in the construction of a Military Quality Integration Information System to secure the reliability of munitions.

• Journal of IKEEE
• /
• v.23 no.2
• /
• pp.438-447
• /
• 2019

As the IoT-based hyper-connected society grows, public-key cryptosystem such as RSA is frequently used for encryption, authentication, and digital signature. Public-key cryptosystem use very large (safe) prime numbers to ensure security against malicious attacks. Even though the performance of the device has greatly improved, the generation of a large (safe)prime is time-consuming or memory-intensive. In this paper, we propose ET-MR and ET-MR-MR using Euler sieve so it runs faster while using less memory. We present a running time prediction model by probabilistic analysis and compare time and memory of our method with conventional methods. Experimental results show that the difference between the expected running time and the measured running time is less than 4%. In addition, the fastest running time of ET-MR is 36% faster than that of TD-MR, 8.5% faster than that of DT-MR and the fastest running time of ET-MR-MR is 65.3% faster than that of TD-MR-MR and similar to that of DT-MR-MR. When k=12,381, the memory usage of ET-MR is 2.7 times more than that of DT-MR but 98.5% less than that of TD-MR and when k=65,536, the memory usage of ET-MR-MR is 98.48% less than that of TD-MR-MR and 92.8% less than that of DT-MR-MR.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.23-36
• /
• 2010

Signcryption is a cryptographic primitive which offers authentication and confidentiality simultaneously with a cost lower than signing and encrypting the message independently. We propose a new cryptographic notion called Identity-based online/offline signcryption. The notion of online/offline scheme can be divided into two phases, the first phase is performed offline prior to the arrival of a message to be signed or encrypted and the second phase is performed online phase after knowing the message and the public key of recipient. The Online phase does not require any heavy computations such as pairings or exponents. It is particularly suitable for power-constrained devices such as smart cards. In this paper, we propose ID-based signcryption scheme and ID-based online/offline signcryption scheme where the confidentiality and authenticity are simultaneously required to enable a secure and trustable communication environment. To our best knowledge, this is the first ID-based online/offline signcryption scheme that can be proven secure in the standard model.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.187-196
• /
• 2020

In order to manage information security risk, various information security level evaluation and information security management system certification have been conducted on a larger scale than ever. However, there are continuous cases of infringement of information protection for companies with excellent information security evaluation and companies with excellent information security management system certification. The existing information security risk management methodology identifies and analyzes risks by identifying information assets inside the information system. Existing information security risk management methodology lacks a review of where cyber threats come from and whether security devices are properly operated for each route. In order to improve the current risk management plan, it is necessary to look at where cyber threats come from and improve the containment level for each inflow section to absolutely reduce unnecessary cyber threats. In addition, it is essential to measure and improve the appropriate configuration and operational level of security equipment that is currently overlooked in the risk management methodology. It is necessary to block and enter cyber threats as much as possible, and to detect and respond to cyber threats that inevitably pass through open niches and use security devices. Therefore, this paper proposes additional evaluation items for evaluating the containment level against cyber threats in the ISMS-P authentication items and vulnerability analysis and evaluation items for major information and communication infrastructures, and evaluates the level of security equipment configuration for each inflow.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.33-40
• /
• 2021

Automatic Speech Recognition(ASR) is a technology that analyzes human speech sound into speech signals and then automatically converts them into character strings that can be understandable by human. Speech recognition technology has evolved from the basic level of recognizing a single word to the advanced level of recognizing sentences consisting of multiple words. In real-time voice conversation, the high recognition rate improves the convenience of natural information delivery and expands the scope of voice-based applications. On the other hand, with the active application of speech recognition technology, concerns about related cyber attacks and threats are also increasing. According to the existing studies, researches on the technology development itself, such as the design of the Automatic Speaker Verification(ASV) technique and improvement of accuracy, are being actively conducted. However, there are not many analysis studies of attacks and threats in depth and variety. In this study, we propose a cyber attack model that bypasses voice authentication by simply manipulating voice frequency and voice speed for AI voice recognition service equipped with automated identification technology and analyze cyber threats by conducting extensive experiments on the automated identification system of commercial smartphones. Through this, we intend to inform the seriousness of the related cyber threats and raise interests in research on effective countermeasures.

• Journal of the Korean BIBLIA Society for library and Information Science
• /
• v.33 no.1
• /
• pp.371-401
• /
• 2022

If the blockchain means storing information in a distributed environment that cannot be forged or altered, it is mentioned that this is similar to what librarians collect, preserve, and share authoritative information. In this way, this study examined blockchain technology as a way to collect and provide reliable information, increase work efficiency inside and outside the library, and strengthen cooperative networks. This study attempted to propose various ways to utilize blockchain technology in book relations based on literature surveys and case studies in other fields. To this end, this study first analyzed the field and cases of blockchain application to confirm the possibility and value of blockchain application in the library field, and proposed 12 ways to utilize it based on this. The utilization model was proposed by dividing it into operation and service sectors. In the operation sector, it is a digital identity-based user record storage and authentication function, transparent management and traceable monitoring function, voting-based personnel and recruitment system, blockchain governance-based network efficiency function, and blockchain-based next-generation device management and information integration function. The service sector includes improved book purchase and sharing efficiency due to simplification of intermediaries, digital content copyright protection and management functions, customized service provision based on customer behavior analysis, blockchain-based online learning platforms, sharing platforms, and P2P-based reliable information sharing platforms.