• Journal of the Korea Society of Computer and Information
• /
• v.24 no.1
• /
• pp.107-113
• /
• 2019

Along with the development of IOT, the number of people using IOT devices has enormously increased and the IOT era has come. Especially, people using the IP cameras among Internet devices have been drastically increasing. It is because the IP cameras are well networked and comparatively cheap compared with CCTVs, and they can also be monitored and controlled in real time through PCs and smart phones for the purposes of general theft prevention and shop surveillance. However, due to the user's serious lack of security awareness and the fact that anyone can easily hack only with simple hacking tools and hacking sites information, security crimes that exploit those have been increasing as well. Therefore, this paper describes how easily the IP cameras can be hacked in the era of IOT, what kind of security incidents occurred, and also suggests possible government measures and new technical solutions to those problems.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.441-442
• /
• 2009

RFID 시스템의 적용범위가 증가함에 따라 실시간으로 처리해야 하는 태그의 정보도 급격하게 증가하고 있다. 따라서 불필요한 태그정보를 제거하고 정제하여 클라이언트로 전달하는 RFID 미들웨어의 역할이 증가하고 있다. 미들웨어에서 태그정보를 필터링 하기 위한 Brute force 방법은 대용량의 태그정보의 필터링에는 비효율적이며 미들웨어의 성능을 저하시키는 원인이 된다. 본 논문은 빠른 시간에 효과적인 필터링을 위해 미들웨어 표준인 EPCglobal ALE의 ECSpec에 정의된 필터 패턴들 사이의 연관 관계를 구성하여 패턴의 비교 횟수를 감소시키고, 표준에서 정의한 EPC 태그형식의 특징을 해싱 알고리즘에 적용하여 빠른 검색을 수행함으로써 효율적인 RFID 미들웨어의 필터링 알고리즘을 구현하였다.

• International Journal of Computer Science & Network Security
• /
• v.23 no.3
• /
• pp.161-168
• /
• 2023

It is a common practice to use a password in order to restrict access to information, or in a general sense, to assets. Right selection of the password is necessary for protecting the assets more effectively. Password finding/cracking try outs are performed for deciding which level of protection do used or prospective passwords offer, and password cracking algorithms are generated. These algorithms are becoming more intelligent and succeed in finding more number of passwords in less tries and in a shorter duration. In this study, the performances of possible password finding algorithms are measured, and a hybrid algorithm based on the performances of different password cracking algorithms is generated, and it is demonstrated that the performance of the hybrid algorithm is superior to the base algorithms.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.97-99
• /
• 2022

대규모 양자컴퓨터가 등장하면 기존 암호체계가 더 이상 안전하지 않을 것이라 예상한다. 양자 알고리즘인 Grover's brute-force 알고리즘은 대칭키 암호에 대한 attack을 가속화 시켜 보안강도를 감소시킨다. 따라서 양자컴퓨터의 가용 자원이 암호공격에 필요한 자원에 도달했을 때, 공격 대상 암호가 깨지는 시점으로 보고 있다. 많은 선행 연구들은 암호를 양자회로로 구현하여 공격에 필요한 자원을 추정하고 암호에 대한 양자 강도를 확인하였다. 본 논문에서는 이러한 연구동기로 ARX 구조의 SIMECK 경량암호에 대한 양자회로를 처음으로 제안한다. 우리는 SIMECK 양자회로에 대한 최적의 양자회로 구현을 제시하고 각 함수의 동작을 설명한다. 마지막으로 SIMECK 양자회로에 대한 양자자원을 추정하고 SIMON 양자회로와 비교하여 평가한다.

• Journal of Digital Contents Society
• /
• v.18 no.8
• /
• pp.1593-1601
• /
• 2017

In a big data platform, association rule mining applications could bring some benefits. For instance, in a agricultural big data platform, the association rule mining application could recommend specific products for farmers to grow, which could increase income. The key process of the association rule mining is the frequent itemsets mining, which finds sets of products accompanying together frequently. Former researches about this issue, e.g. Apriori, are not satisfying enough because huge possible sets can cause memory to be overloaded. In order to deal with it, SON algorithm has been proposed, which divides the considered set into many smaller ones and handles them sequently. But in a single machine, SON algorithm cause heavy time consuming. In this paper, we present a method to find association rules in our Hadoop based big data platform, by parallelling SON algorithm. The entire process of association rule mining including pre-processing, SON algorithm based frequent itemset mining, and association rule finding is implemented on Hadoop based big data platform. Through the experiment with real dataset, it is conformed that the proposed method outperforms a brute force method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.781-793
• /
• 2014

A Public Key Infrastructure (PKI) is security standards to manage and use public key cryptosystem. A PKI is used to provide digital signature, authentication, public key encryption functionality on insecure channel, such as E-banking and E-commerce on Internet. A soft-token private key in PKI is leaked easily because it is stored in a file at standardized location. Also it is vulnerable to a brute-force password attack as is protected by password-based encryption. In this paper, we proposed a new method that detects private key compromise and is probabilistically secure against a brute-force password attack though soft-token private key is leaked. The main idea of the proposed method is to use a genuine signature key pair and (n-1) fake signature key pairs to make an attacker difficult to generate a valid signature with probability 1/n even if the attacker found the correct password. The proposed method provides detection and notification functionality when an attacker make an attempt at authentication, and enhances the security of soft-token private key without the additional cost of construction of infrastructure thereby extending the function of the existing PKI and SSL/TLS.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.6
• /
• pp.181-188
• /
• 2023

Block cipher is not expected to be safe for quantum computer, as Grover's algorithm reduces the security strength by accelerating brute-force attacks on symmetric key ciphers. So it is necessary to check the post-quantum security strength by implementing quantum circuit for the target cipher. In this paper, we propose the optimal quantum circuit implementation result designed as a technique to minimize the use of quantum resources (qubits, quantum gates) for SIMECK lightweight cryptography, and explain the operation of each quantum circuit. The implemented SIMECK quantum circuit is used to check the estimation result of quantum resources and calculate the Grover attack cost. Finally, the post-quantum strength of SIMECK lightweight cryptography is evaluated. As a result of post-quantum security strength evaluation, all SIMECK family cipher failed to reach NIST security strength. Therefore, it is expected that the safety of SIMECK cipher is unclear when large-scale quantum computers appear. About this, it is judged that it would be appropriate to increase the block size, the number of rounds, and the key length to increase the security strength.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.43-53
• /
• 2015

Password-based authentication schemes for server-client system are convenient to use, but vulnerable to dictionary attack or brute-force attack. To solve this vulnerability, Cryptographic secret key is used for security, but difficult to memorize. So, for the first time, Das proposed a biometric-based authentication scheme to solve various problems but it has various vulnerabilities. Afterwards, Jiping et al. improved Das's scheme, but some vulnerabilities remain. In this paper, we analyze the cryptanalysis of Jiping et al.'s authentication scheme and then propose improved biometric based user authentication scheme to resolve the analyzed problem. Moreover, we conduct a security analysis for the proposed scheme and make a comparison between the proposed scheme and other biometric based user authentications.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.9
• /
• pp.65-71
• /
• 2017

This paper proposes a smart phone authentication method based on user's behavior and habit that is an authentication method against shoulder surfing attack and brute force attack. As smart phones evolve not only storage of personal data but also a key means of financial services, the importance of personal information security in smart phones is growing. When user authentication of smart phone, pattern authentication method is simple to use and memorize, but it is prone to leak and vulnerable to attack. Using the features of the smart phone pattern method of the user, the pressure applied when touching the touch pad with the finger, the size of the area touching the finger, and the time of completing the pattern are used as feature vectors and applied to user authentication security. First, a smart phone user models and stores three parameter values as prototypes for each section of the pattern. Then, when a new authentication request is made, the feature vector of the input pattern is obtained and compared with the stored model to decide whether to approve the access to the smart phone. The experimental results confirm that the proposed technique shows a robust authentication security using subjective data of smart phone user based on habits and behaviors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1085-1095
• /
• 2015

In music theory, the triton is defined as a musical interval composed of three adjacent whole tones(or six semitones), which generates a harmonic and melodic dissonance. The triton paradox is an auditory illusion which is heard as ascending by some people and as descending by others. In this paper we examine an emerging non-static biometric technique that aims to identify users based on analyzing uniqueness and consistency through the user experiences. We also propose some authentication schemes which provides protection against key logging, shoulder surfing, and brute force attacks.