• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.53-60
• /
• 2007

In a known plaintext scenario, fast correlation attack is very powerful attack on stream ciphers. Most of fast correlation attacks consider the cryptographic problem as the suitable decoding problem. In this paper, we introduce advanced multi-pass fast correlation attack which is based on the fast correlation attack, which uses parity check equation and Fast Walsh Transform, proposed by Chose et al. and the Multi-pass fast correlation attack proposed by Zhang et al. We guess some bits of initial states of the target LFSR with the same method as previously proposed methods, but we can get one more bits at each passes and we will recover the initial states more efficiently.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.3-10
• /
• 2009

In this paper, we introduce improved differential and linear attacks on the SMS4 block cipher which is used in the Chinese national standard WAPI (WLAN Authentication and Privacy Infrastructure, WLAN - Wireless Local Area Network): First, we introduce how to extend previously known differential attacks on SMS4 from 20 or 21 to 22 out of the full 32 rounds. Second, we improve a previously known linear attack on 22-round reduced SMS4 from $2^{119}$ known plaintexts, $2^{109}$ memory bytes, $2^{117}$ encryptions to $2^{117}$ known plaintexts, $2^{l09}$ memory bytes, $2^{112.24}$ encryptions, by using a new linear approximation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.819-825
• /
• 2012

Nowadays many phishing sites contain HTTP links to victim web-site's contents such as images, bulletin board etc. to make the phishing sites look more real and similar to the victim web-site. We introduce a real-time phishing site detection system which makes use of the characteristic that the phishing sites' URLs flow into the victim web-site via the HTTP referer header field when the phishing site is visited. The detection system is designed to adopt an out-of-path network configuration to minimize effect on the running system, and a phishing site source code analysis technique to alert administrators in real-time when phishing site is detected. The detection system was installed on a company's web-site which had been targeted for phishing. As result, the detection system detected 40 phishing sites in 6 days of test period.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1375-1391
• /
• 2012

Smart grid is a next-generation intelligent power grid that applying ICT to power grid to maximize the energy efficiency ratio. Recently, technologies and standards for smart grid are being developed around the world. Information security which is an essential part of smart grid development has to be managed continuously. Information security management system certification for organizational risk management has been implemented in Korea. Although preparation for information security management system certification which is applicable to smart grid is considered, there are no specific methods. This paper is to propose core and added evaluation criteria for Korean smart grid based on K-ISMS through comparative analysis between ISMS operated in Korea and smart grid information security management system developed in the United States. Added evaluation criteria enable smart grid related business that certified existing ISMS to minimize redundant and unnecessary certification assessment work.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1119-1122
• /
• 2007

최근 전자우편이나 해킹을 통한 피싱과 파밍 등 금융 사기가 많이 발생하고 있다. 이에 이러한 피해로부터 사용자의 경제적 손실 및 개인정보 보호를 위하여 웹 사이트 인증, 전자우편 인증 등의 연구가 진행되고 있다. 기존 인증 방법에서는 WBL (Website Black-List) DB를 사용하였는데, 피싱의 짧은 생명주기(life cycle)로 인해 WBL DB의 유효성은 떨어질 뿐만 아니라, 피싱 사건 발생 후 웹 사이트가 WBL DB에 등록되기 전까지는 확인 불가능하다는 단점을 가지고 있다. 이러한 문제점을 극복하기 위해 WWL (Website White-List) DB를 이용한 연구가 진행 중이지만 아직은 미비한 편이다. 이에 본 논문에서는 기존의 WBL DB와 WWL DB를 이용한 방법이 가지고 있는 한계점을 극복하기 위해 WWL DB 항목을 정의하고, 이를 이용하여 웹사이트 보안 위험도를 정량화할 수 있는 웹사이트 위험도 산정 기법을 제안한다.

• Dementia and Neurocognitive Disorders
• /
• v.23 no.1
• /
• pp.44-53
• /
• 2024

Background and purpose: The anti-aging standard forest healing program (ASFHP), which uses forest therapy, was reported to be effective in improving psychological, physical, and cognitive functions. However, there are several challenges to directly visiting the forest. This study aimed to investigate the impact of multi-session ASFHP with forest visit on the mental and physical health of the older people with visits to forest facilities and compared them with those of the same program conducted indoors. Methods: Individuals aged over 70 years with concerns about cognitive decline were recruited at dementia relief centers and divided into control and experimental groups. A total of 33 people were administered ASFHP under the supervision of a forest therapy instructor. The control group stayed indoors, while the experimental group visited a forest healing center and repeated the program 20 weeks. Results: The multiple-session ASFHP positively affected cognitive impairment screening test (CIST) total scores (p=0.002), memory (p=0.014), Korean version of the Repeatable Battery for the Assessment of Neuropsychological Status total scores (p<0.001), immediate recall (p=0.001), visuospatial/construction (p<0.001), language (p<0.001), forest healing standard questionnaire total scores (p=0.002), and cognitive function (p=0.019), regardless of location. The forest visits during the ASFHP showed positive effects on orientation (p=0.035), delayed recall (p=0.042), emotional stability (p=0.032), physical activity (p=0.005), and health (p=0.022). The CIST scores of the memory domain were the strongest indicator of the multiple-session ASFHP effects. Conclusions: The 20-week multi-session ASFHP with forest visit showed effects on cognitive improvement and physical and emotional stability compared to indoor education.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.265-268
• /
• 2006

본 논문에서는 댁내망에서 무선 홈네트워크 기기 제어에 있어서의 트래픽 암호화 및 기기인증 등의 보안 문제 연구를 위한 플랫폼을 개발하였다. 우선 근거리 무선 통신 표준으로 자리잡고 있는 Zigbee를 적용한 도어락과 저가의 홈게이트웨이를 개발하고 다양한 암호 알고리즘을 탑재할 수 있도록 하였다. 또한 AES와 HGHT를 탑재하여 기기인증과 트래픽에 대한 암호화가 가능하도록 하였다.

• Journal of Broadcast Engineering
• /
• v.12 no.2
• /
• pp.112-119
• /
• 2007

Reversible data embedding theory has marked a new epoch for data hiding and information security. Being reversible, the original data and the embedded data as well should be completely restored. Difference expansion transform is a remarkable breakthrough in reversible data hiding scheme. The difference expansion method achieves high embedding capacity and keeps the distortion low. This paper shows that the difference expansion method with simplified location map, and new expandability and changeability can achieve more embedding capacity while keeping the distortion almost the same as the original expansion method.

• Journal of Advanced Navigation Technology
• /
• v.16 no.3
• /
• pp.510-517
• /
• 2012

Piccolo-80 is a 64-bit ultra-light block cipher suitable for the constrained environments such as wireless sensor network environments. In this paper, we propose a differential fault analysis on Piccolo-80. Based on a random byte fault model, our attack can the secret key of Piccolo-80 by using the exhaustive search of $2^{24}$ and six random byte fault injections on average. It can be simulated on a general PC within a few seconds. This result is the first known side-channel attack result on Piccolo-80.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2017.01a
• /
• pp.45-46
• /
• 2017

본 논문은 사람에 의하여 발생하는 패턴과 기계적으로 발생하는 패턴과의 차이점을 인지함으로써 BAD USB 탐지하는 방안을 제안한다. BAD USB는 펌웨어를 조작하여 악의적인 행위를 수행하는 공격으로, BAD USB를 탐지하기 위한 많은 연구가 진행되었지만, 펌웨어 내부에 존재하는 악성코드를 효과적으로 탐지하기에는 어려움이 존재한다. 따라서 본 논문에서는 사람에 의하여 나타나는 행위에 대한 패턴과 기계적으로 발생하는 패턴을 구분하여 악의적인 행위를 인지함으로써 BAD USB를 탐지하는 방안을 제안한다.